通过额外的数据来寻人AUTH [英] Pass extra data to finder auth
问题描述
我从验证
取景器有我需要访问条件 $这个 - >请求
,但我不吨有关于该访问 UsersTable
。
My finder from Auth
has conditions that I need to access $this->request
but I don't have access for that on UsersTable
.
的AppController ::初始化
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'finder' => 'auth',
]
]
]);
UsersTable
public function findAuth(Query $query, array $options)
{
$query
->select([
'Users.id',
'Users.name',
'Users.username',
'Users.password',
])
->where(['Users.is_active' => true]); // If i had access to extra data passed I would use here.
return $query;
}
我需要传递一个额外的数据FOM AppController的
到取景器
AUTH
,因为我没有存取权限 $这个 - >请求 - 方式>数据
在 UsersTable
I need pass an extra data fom AppController
to finder
auth
since I dont have acces to $this->request->data
on UsersTable
.
更新
人们说在评论这是一个糟糕的设计,所以我会正是我需要解释一下。
People are saying on comments that is a bad design so I will explain exactly what I need.
我有一个表用户
但每个用户都属于某个健身房
。
在的用户名(电子邮件)
是独一无二的只对特定的健身房
这样我就可以有一个例子@ domain.com
从 gym_id 1
和另一个 example@domain.com
从 gym_id 2
。
在登录页面我有 gym_slug
来告诉 AUTH取景器
至极健身房
用户用户名
我provied属于
I have a table users
but each user belongs to a gym
.
The username(email)
is unique only to a particular gym
so I can have a example@domain.com
from gym_id 1
and another example@domain.com
from gym_id 2
.
On login page I have the gym_slug
to tell to auth finder
wich gym
the user username
that I provied belongs.
推荐答案
据我所知,没有办法通过将其插入配置在3.1这样做。这可能是一个好主意,在CakePHP的混帐作为枢纽功能要求提交。
To my knowledge, there is no way to do this by passing it into the configuration in 3.1. This might be a good idea submit on the cakephp git hub as a feature request.
有办法通过创建一个扩展基地认证新的认证对象做到这一点,然后覆盖_findUser和_query。事情是这样的:
There are ways to do it by creating a new authentication object that extends base authenticate and then override _findUser and _query. Something like this:
class GymFormAuthenticate extends BaseAuthenticate
{
/**
* Checks the fields to ensure they are supplied.
*
* @param \Cake\Network\Request $request The request that contains login information.
* @param array $fields The fields to be checked.
* @return bool False if the fields have not been supplied. True if they exist.
*/
protected function _checkFields(Request $request, array $fields)
{
foreach ([$fields['username'], $fields['password'], $fields['gym']] as $field) {
$value = $request->data($field);
if (empty($value) || !is_string($value)) {
return false;
}
}
return true;
}
/**
* Authenticates the identity contained in a request. Will use the `config.userModel`, and `config.fields`
* to find POST data that is used to find a matching record in the `config.userModel`. Will return false if
* there is no post data, either username or password is missing, or if the scope conditions have not been met.
*
* @param \Cake\Network\Request $request The request that contains login information.
* @param \Cake\Network\Response $response Unused response object.
* @return mixed False on login failure. An array of User data on success.
*/
public function authenticate(Request $request, Response $response)
{
$fields = $this->_config['fields'];
if (!$this->_checkFields($request, $fields)) {
return false;
}
return $this->_findUser(
$request->data[$fields['username']],
$request->data[$fields['password']],
$request->data[$fields['gym']],
);
}
/**
* Find a user record using the username,password,gym provided.
*
* Input passwords will be hashed even when a user doesn't exist. This
* helps mitigate timing attacks that are attempting to find valid usernames.
*
* @param string $username The username/identifier.
* @param string|null $password The password, if not provided password checking is skipped
* and result of find is returned.
* @return bool|array Either false on failure, or an array of user data.
*/
protected function _findUser($username, $password = null, $gym = null)
{
$result = $this->_query($username, $gym)->first();
if (empty($result)) {
return false;
}
if ($password !== null) {
$hasher = $this->passwordHasher();
$hashedPassword = $result->get($this->_config['fields']['password']);
if (!$hasher->check($password, $hashedPassword)) {
return false;
}
$this->_needsPasswordRehash = $hasher->needsRehash($hashedPassword);
$result->unsetProperty($this->_config['fields']['password']);
}
return $result->toArray();
}
/**
* Get query object for fetching user from database.
*
* @param string $username The username/identifier.
* @return \Cake\ORM\Query
*/
protected function _query($username, $gym)
{
$config = $this->_config;
$table = TableRegistryget($config['userModel']);
$options = [
'conditions' => [$table->aliasField($config['fields']['username']) => $username, 'gym' => $gym']
];
if (!empty($config['scope'])) {
$options['conditions'] = array_merge($options['conditions'], $config['scope']);
}
if (!empty($config['contain'])) {
$options['contain'] = $config['contain'];
}
$query = $table->find($config['finder'], $options);
return $query;
}
}
有关详细信息,请参阅本:<一href=\"http://book.cakephp.org/3.0/en/controllers/components/authentication.html#creating-custom-authentication-objects\"相对=nofollow>创建自定义的验证对象
For more information see this: Creating Custom Authentication Objects
这篇关于通过额外的数据来寻人AUTH的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!