[英]Best way to handle authentication in Zend Framework 2
I'm new to Zend Framework 2 and I was wondering what is the best way to handle authentication. 我是Zend Framework 2的新手,我想知道什么是处理身份验证的最佳方法。 My current (working) login code is :
我当前的(有效的)登录代码为:
public function loginAction()
{
$message = '';
$message_type = '';
$form = new UserForm();
$form->get('submit')->setValue('login');
$request = $this->getRequest();
if($request->isPost())
{
$data = $request->getPost();
$user = $this->getUserTable()->getUser($data['username']);
$bcrypt = new Bcrypt();
if($bcrypt->verify($data['password'], $user->password))
{
$message = 'successfully logged in as ' . $user->username;
$message_type = 'success';
}
else
{
$message = 'invalid password or username';
$message_type = 'danger';
}
}
return new ViewModel(array(
'form' => $form,
'message' => $message,
'message_type' => $message_type,
));
}
Now I know I'm not using the ZF2 Authentication module but I can't get it to work with Bcrypt. 现在,我知道我没有使用ZF2身份验证模块,但无法使其与Bcrypt一起使用。 Is my method safe enough or should I use Zend\\Authentication ?
我的方法是否足够安全,还是应该使用Zend \\ Authentication?
EDIT 编辑
Alright I managed to get it to work somehow, here's the new code : 好吧,我设法使其正常工作,这是新代码:
public function loginAction()
{
$message = '';
$message_type = '';
$form = new UserForm();
$form->get('submit')->setValue('login');
$request = $this->getRequest();
if($request->isPost())
{
$user = new User();
$form->setInputFilter($user->getInputFilter());
$form->setValidationGroup('username', 'password');
$form->setData($request->getPost());
if($form->isValid())
{
$user->exchangeArray($form->getData());
$data = $this->getUserTable()->getUser($user->username);
$bcrypt = new Bcrypt();
if($bcrypt->verify($user->password, $data->password))
{
$dbAdapter = $this->getServiceLocator()->get('Zend\Db\Adapter\Adapter');
$authService = new CredentialTreatmentAdapter($dbAdapter, 'user', 'username', 'password');
$authService->setIdentity($user->username);
$authService->setCredential($data->password);
if($authService->authenticate()->isValid())
{
$message = 'successfully logged in as ' . $user->username;
$message_type = 'success';
}
else
{
$message = 'invalid password or username';
$message_type = 'danger';
}
}
}
}
It uses BCrypt and Zend\\Authentication and it seems to work fine. 它使用BCrypt和Zend \\ Authentication,它似乎工作正常。
" but I can't get it to work with Bcrypt " “ 但我无法使其与Bcrypt一起使用 ”
(It will simply compare the strings.) (它将仅比较字符串。)
" Is my method safe enough or should I use Zend\\Authentication " If you store your password crypted (as you do), I do not see any problem with your code. “ 是我的方法是否足够安全,还是应该使用Zend \\ Authentication? ”(如果您将密码存储为加密方式)(如您所做的那样),我的代码不会出现任何问题。
Nevertheless, I would use Zend Authentication: Zend\\Authentication , as it gives much more. 不过,我将使用Zend Authentication: Zend \\ Authentication ,因为它提供了更多功能。
It is working for me with out session storage 它对我来说没有会话存储
public function login($credential)
{
$bcrypt = new Bcrypt();
$user = new User();
$user->exchangeArray($credential);
$password = $user->password;
$data = $this->getUserTable()->selectUser($user->username);
if (!$data)
{
$message = 'Username or password not correct!';
} else {
if ($bcrypt->verify($password, $data->password)) {
$sm = $this->getServiceLocator();
$dbAdapter = $sm->get('Zend\Db\Adapter\Adapter');
$authAdapter = new AuthAdapter(
$dbAdapter,
'user',
'username',
'password'
);
$authAdapter -> setIdentity($user->username) -> setCredential($data->password);
$auth = new AuthenticationService();
$result = $auth->authenticate($authAdapter);
//success
switch ($result->getCode()) {
case Result::FAILURE_IDENTITY_NOT_FOUND:
// do stuff for nonexistent identity
$message = "FAILURE_IDENTITY_NOT_FOUND";
break;
case Result::FAILURE_CREDENTIAL_INVALID:
// do stuff for invalid credential
$message = "FAILURE_CREDENTIAL_INVALID";
break;
case Result::SUCCESS:
$message = "you are logged in succesfully";
break;
default:
// do stuff for other failure
//$message = "you are logged in succesfully";
break;
//$message = "Login succesfull.Welcome ".$auth->getIdentity();
}
} else {
$message = 'Username or password not correct';
}
}
return new ViewModel(array("message" =>$message));
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.