CakePHP的2：覆盖AuthComponent的＆QUOT;密码＆QUOT;方法 [英] CakePHP 2: Override AuthComponent's "password" method

问题描述

我的目标是为每个用户的唯一盐，而不是仅仅使用配置::阅读（'Security.salt'）为每一位用户。

My goal is to have a unique salt for each user rather than just using Configure::read('Security.salt') for every user.

我知道，CakePHP的2.x的不再自动散列密码。这让我对执行密码模型验证，这是非常好的。不过，我没有看到一个方式，我可以覆盖AuthComponent的密码的方法。因此，即使我可以控制它们如何被保存到数据库之前的密码散列，我可以执行实际登录的时候无法控制密码哈希如何。从食谱：

I know that CakePHP 2.x no longer hashes passwords automatically. This allows me to perform model validation on passwords, which is very nice. However, I don't see a way that I can override the AuthComponent's "password" method. So even though I can control how passwords are hashed before they are saved to the database, I cannot control how passwords are hashed when performing the actual login. From the cookbook:

您不必致电前，哈希密码
   $这个 - ＆GT; Auth-方式＆gt;登录（）

You don’t need to hash passwords before calling $this->Auth->login().

我能做些什么，使 $这个 - ＆GT; Auth-＆GT;登录（）使用密码哈希的自定义方法

What can I do to make $this->Auth->login() use a custom method of password hashing?

感谢。

更新：我结束了博士汉尼拔的回答会（创建自定义的验证对象）。以下是如何做到这一点：

UPDATE: I ended up going with dr Hannibal Lecter's answer (creating a custom authentication object). Here's how to do it:

旧code：

$this->Auth->authenticate = array('Form' => array('fields' => array('username' => 'email')));

新的code（变形到自定义）：

New code (change "Form" to "Custom"):

$this->Auth->authenticate = array('Custom' => array('fields' => array('username' => 'email')));

创建应用程序/控制器/组件/认证/ CustomAuthenticate.php，并使它看起来像这样：

Create "app/Controller/Component/Auth/CustomAuthenticate.php" and make it look like this:

<?php
App::uses('FormAuthenticate', 'Controller/Component/Auth');

class CustomAuthenticate extends FormAuthenticate {
}

复制_findUser，并从LIB /蛋糕/控制器/组件/认证/ BaseAuthenticate.php_password的方法，并将其粘贴到CustomAuthenticate级。然后进行以下两处修改_findUser的方法：

Copy the "_findUser" and "_password" methods from "lib/Cake/Controller/Component/Auth/BaseAuthenticate.php" and paste them into the "CustomAuthenticate" class. Then make the following two modifications to the "_findUser" method:

1. 从$条件数组删除此行： $模式。 '。 。 $域['密码'] =＆GT; $这个 - ＆GT; _password（$密码）

修改如果（空（$结果）||空（$结果[$模式]））{到如果（空（$结果）||空（$结果[$模式]）|| $结果[$模型] [$域['密码'] = $这个 - ＆GT;！_password（$的密码，$结果[$型号] ['身份证']））{

然后进行以下两处修改_password的方法：

Then make the following two modifications to the "_password" method:

1. 创建通过更改保护功能_password（$密码）{到保护功能_password（$密码的$ id参数，的$ id）{

通过改变更新盐值返回安全::哈希（$的密码，空，真）; 到返回安全::哈希（$的密码，空，配置::阅读（'Security.salt'）的$ id）;

最后，更新 AuthComponent ::密码使用的所有实例安全::哈希通过相同的逻辑以上。

Lastly, update all occurrences of AuthComponent::password to use Security::hash with the same logic as above.

推荐答案

您也许可以创建一个<一个href=\"http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#creating-custom-authentication-objects\"相对=nofollow>自定义的身份验证对象并散列但是你喜欢的密码。看看在现有的权威性对象到得到它们是如何工作的总体思路。

You could probably create a custom auth object and hash the password however you like. Take a look at the existing auth objects to get the general idea of how they work.

这篇关于CakePHP的2：覆盖AuthComponent的＆QUOT;密码＆QUOT;方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！