通过额外的数据来寻人AUTH [英] Pass extra data to finder auth

问题描述

我从验证取景器有我需要访问条件 $这个 - ＆GT;请求，但我不吨有关于该访问 UsersTable 。

My finder from Auth has conditions that I need to access $this->request but I don't have access for that on UsersTable.

的AppController ::初始化

$this->loadComponent('Auth', [
        'authenticate' => [
            'Form' => [
                'finder' => 'auth',
            ]
        ]
    ]);

UsersTable

public function findAuth(Query $query, array $options)
{
    $query
        ->select([
            'Users.id',
            'Users.name',
            'Users.username',
            'Users.password',
        ])
        ->where(['Users.is_active' => true]); // If i had access to extra data passed I would use here.

    return $query;
}

我需要传递一个额外的数据FOM AppController的到取景器 AUTH ，因为我没有存取权限 $这个 - ＆GT;请求 - 方式＆gt;数据在 UsersTable

I need pass an extra data fom AppController to finder auth since I dont have acces to $this->request->data on UsersTable.

更新

人们说在评论这是一个糟糕的设计，所以我会正是我需要解释一下。

People are saying on comments that is a bad design so I will explain exactly what I need.

我有一个表用户但每个用户都属于某个健身​​房。
在的用户名（电子邮件）是独一无二的只对特定的健身​​房这样我就可以有一个例子@ domain.com 从 gym_id 1 和另一个 example@domain.com 从 gym_id 2 。
在登录页面我有 gym_slug 来告诉 AUTH取景器至极健身​​房用户用户名我provied属于

I have a table users but each user belongs to a gym. The username(email) is unique only to a particular gym so I can have a example@domain.comfrom gym_id 1 and another example@domain.com from gym_id 2. On login page I have the gym_slug to tell to auth finder wich gym the user username that I provied belongs.

推荐答案

据我所知，没有办法通过将其插入配置在3.1这样做。这可能是一个好主意，在CakePHP的混帐作为枢纽功能要求提交。

To my knowledge, there is no way to do this by passing it into the configuration in 3.1. This might be a good idea submit on the cakephp git hub as a feature request.

有办法通过创建一个扩展基地认证新的认证对象做到这一点，然后覆盖_findUser和_query。事情是这样的：

There are ways to do it by creating a new authentication object that extends base authenticate and then override _findUser and _query. Something like this:

class GymFormAuthenticate extends BaseAuthenticate
{

 /**
  * Checks the fields to ensure they are supplied.
  *
  * @param \Cake\Network\Request $request The request that contains login information.
  * @param array $fields The fields to be checked.
  * @return bool False if the fields have not been supplied. True if they exist.
  */
 protected function _checkFields(Request $request, array $fields)
 {
     foreach ([$fields['username'], $fields['password'], $fields['gym']] as $field) {
         $value = $request->data($field);
         if (empty($value) || !is_string($value)) {
             return false;
         }
     }
     return true;
 }

 /**
  * Authenticates the identity contained in a request. Will use the `config.userModel`, and `config.fields`
  * to find POST data that is used to find a matching record in the `config.userModel`. Will return false if
  * there is no post data, either username or password is missing, or if the scope conditions have not been met.
  *
  * @param \Cake\Network\Request $request The request that contains login information.
  * @param \Cake\Network\Response $response Unused response object.
  * @return mixed False on login failure.  An array of User data on success.
  */
 public function authenticate(Request $request, Response $response)
 {
     $fields = $this->_config['fields'];
     if (!$this->_checkFields($request, $fields)) {
         return false;
     }
     return $this->_findUser(
         $request->data[$fields['username']],
         $request->data[$fields['password']],
         $request->data[$fields['gym']],
     );
 }

/**
  * Find a user record using the username,password,gym provided.
  *
  * Input passwords will be hashed even when a user doesn't exist. This
  * helps mitigate timing attacks that are attempting to find valid usernames.
  *
  * @param string $username The username/identifier.
  * @param string|null $password The password, if not provided password checking is skipped
  *   and result of find is returned.
  * @return bool|array Either false on failure, or an array of user data.
  */
 protected function _findUser($username, $password = null, $gym = null)
 {
     $result = $this->_query($username, $gym)->first();

     if (empty($result)) {
         return false;
     }

     if ($password !== null) {
         $hasher = $this->passwordHasher();
         $hashedPassword = $result->get($this->_config['fields']['password']);
         if (!$hasher->check($password, $hashedPassword)) {
             return false;
         }

         $this->_needsPasswordRehash = $hasher->needsRehash($hashedPassword);
         $result->unsetProperty($this->_config['fields']['password']);
     }

     return $result->toArray();
 }

/**
  * Get query object for fetching user from database.
  *
  * @param string $username The username/identifier.
  * @return \Cake\ORM\Query
  */
 protected function _query($username, $gym)
 {
     $config = $this->_config;
     $table = TableRegistryget($config['userModel']);

     $options = [
         'conditions' => [$table->aliasField($config['fields']['username']) => $username, 'gym' => $gym']
     ];

     if (!empty($config['scope'])) {
         $options['conditions'] = array_merge($options['conditions'], $config['scope']);
     }
     if (!empty($config['contain'])) {
         $options['contain'] = $config['contain'];
     }

     $query = $table->find($config['finder'], $options);

     return $query;
 }
 }

有关详细信息，请参阅本：<一href=\"http://book.cakephp.org/3.0/en/controllers/components/authentication.html#creating-custom-authentication-objects\"相对=nofollow>创建自定义的验证对象

For more information see this: Creating Custom Authentication Objects

这篇关于通过额外的数据来寻人AUTH的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！