Yii2:用户身份验证究竟是如何工作的? [英] Yii2: How exactly does user authentication works?

问题描述

我不懂Yii2 中的Authentication.在 Yii 1 中有一个身份类，我们需要使用 authentication() 方法并调用 CWebUser::login() 来实现我们的目标.

Yii 2 的主要认证流程是什么?它究竟是如何工作的?

请您解释一下:

• 完成身份验证所需的所有步骤.
• 必需的数据库字段或架构.
• 如何对多种用户类型进行身份验证.
• 我还需要考虑哪些其他事项?

解决方案

要回答你的问题，需要了解一件事 - Yii2 提供了一些 helper 类/开发人员可以轻松实现用户身份验证的接口，但并不总是需要遵循或使用它们中的任何一个.所以我下面的回答只是解释了某些类的默认行为.

并且查看 Yii2 高级模板 和源代码以了解框架的工作流程始终是一个很好的起点，在我看来，它非常容易阅读.>

-它是如何工作的

Yii2 框架在其静态上下文中提供了许多 核心 组件，您可以随时通过 Yii::$app->.其中一个核心组件是user，它实际上是yii\web\User 的一个实例，所有default 魔法都在这个类中.

不仅user，您可能还需要使用其他核心组件.我不确定你想了解它的工作方式有多深，如果我没有给你足够深入的解释，我强烈建议你阅读源代码.一旦你做了composer install，你就会手头有源代码，或者去他们的github进行代码跟踪 - https://github.com/yiisoft/yii2/tree/master/framework

- 完成身份验证所需的所有步骤.

首先，你应该有一个 User 类，它实现了 IdentityInterface 并扩展了 ActiveRecord，请参阅 Advance 模板中的示例:https://github.com/yiisoft/yii2-app-高级/blob/master/common/models/User.php .

并在您的配置中，将user 组件的$identityClass 设置为上述自定义User 类.这是User 的最小设置.

接下来，您必须有一个控制器，其方法映射到请求 url，例如/login".在此方法中，您应该使用您的方式提取 User 实例 - $u.这是您应该进行身份验证的位置.

然后就可以调用Yii::$app->user->login($u)登录；Yii::$app->user->logout() 退出.

登录后，您可以通过Yii::$app->user->identity在任何地方获取当前用户实例.

- 必需的数据库字段或架构.

这取决于您，具体取决于您的需要.该模板只是让您了解如何设计 User ActiveRecord 类，但不受其限制 - username 和 passwordHash 是非常常见的东西，但您始终可以拥有自己的架构.

- 如何验证多种用户类型.

我不太明白这个问题.希望其他人可以提供帮助.

- 我还需要考虑哪些其他事项?

如果您决定使用框架支持的 RESTful，请记住在您的 User 类中实现 findIdentityByAccessToken()，详情请参见 http://www.yiiframework.com/doc-2.0/guide-rest-authentication.html

暂时想到一个，以后再补充.

I don't understand Authentication in Yii2. In Yii 1 there was an identity class where we need to work with the authentication() method and call CWebUser::login() to achieve our goals.

What are the main processes of authentication in Yii 2? And how does it work exactly?

Can you please explain the following:

• All the steps required to complete authentication.
• Required database fields or schema.
• How to authenticate multiple user types.
• What may be a few other things I need to consider?

解决方案

To answer your questions, it is needed to understand one thing - Yii2 provides some helper classes / interfaces for developers to implement user authentication easily, but it is not always required to follow or use any of them. So my following answer is just explaining the default behavior of some classes.

And it is always a good starting point to look at the Yii2 Advanced template and the source code to understand the workflow of the framework, it is surprisingly easy to read, in my opinion.

- how does it work exactly

Yii2 framework provides a number of core components in its static context, you can always call them through Yii::$app->. One of the core components is user, it is actually an instance of yii\web\User and all the default magic are inside this class.

Not only user, you may also need to use other core components as well. I am not sure how deep you want to understand the way it works, if I don't give you a deep enough explanation, I strongly suggest you to read source code. You will have the source code on your hand once you did composer install, or go to their github to have a code tracing - https://github.com/yiisoft/yii2/tree/master/framework

- All the steps required to complete authentication.

Firstly, you should have a User class which implements IdentityInterface and extends ActiveRecord, please see the example in Advance template: https://github.com/yiisoft/yii2-app-advanced/blob/master/common/models/User.php .

And in your configuration, set the $identityClass of user component to the above custom User class. This is the minimal setup for User.

Next, you must have a controller with a method mapped to a request url such as "/login". In this method, you should use your way to extract the User instance - $u. This is the location where your authentication should be.

Then you can call Yii::$app->user->login($u) to login; Yii::$app->user->logout() to logout.

After you login, you can get the current user instance anywhere through Yii::$app->user->identity.

- Required database fields or schema.

It is up to you, depending on your need. The template just gives you an idea on how to design the User ActiveRecord class but not bounded by it - username and passwordHash are something very common but you can always have your own schema.

- How to authenticate multiple user types.

I don't quite understand the problem. Hope others could help.

- What may be a few other things I need to consider?

If you decide to use RESTful supported by the framework, remember to implement findIdentityByAccessToken() in your User class, see details in http://www.yiiframework.com/doc-2.0/guide-rest-authentication.html

I can think of one at this moment, may add other things later.

这篇关于Yii2:用户身份验证究竟是如何工作的?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！