Zend Framework 2中处理身份验证的最佳方法

Question

I'm new to Zend Framework 2 and I was wondering what is the best way to handle authentication. 我是Zend Framework 2的新手，我想知道什么是处理身份验证的最佳方法。 My current (working) login code is : 我当前的（有效的）登录代码为：

public function loginAction()
{
    $message = '';
    $message_type = '';

    $form = new UserForm();
    $form->get('submit')->setValue('login');

    $request = $this->getRequest();
    if($request->isPost())
    {
        $data = $request->getPost();
        $user = $this->getUserTable()->getUser($data['username']);

        $bcrypt = new Bcrypt();
        if($bcrypt->verify($data['password'], $user->password))
        {
            $message = 'successfully logged in as ' . $user->username;
            $message_type = 'success';
        }
        else
        {
            $message = 'invalid password or username';
            $message_type = 'danger';
        }
    }

    return new ViewModel(array(
        'form' => $form,
        'message' => $message,
        'message_type' => $message_type,
    ));
}

Now I know I'm not using the ZF2 Authentication module but I can't get it to work with Bcrypt. 现在，我知道我没有使用ZF2身份验证模块，但无法使其与Bcrypt一起使用。 Is my method safe enough or should I use Zend\\Authentication ? 我的方法是否足够安全，还是应该使用Zend \\ Authentication？

EDIT 编辑

Alright I managed to get it to work somehow, here's the new code : 好吧，我设法使其正常工作，这是新代码：

public function loginAction()
{
    $message = '';
    $message_type = '';

    $form = new UserForm();
    $form->get('submit')->setValue('login');

    $request = $this->getRequest();
    if($request->isPost())
    {
        $user = new User();
        $form->setInputFilter($user->getInputFilter());
        $form->setValidationGroup('username', 'password');
        $form->setData($request->getPost());

        if($form->isValid())
        {
            $user->exchangeArray($form->getData());
            $data = $this->getUserTable()->getUser($user->username);

            $bcrypt = new Bcrypt();
            if($bcrypt->verify($user->password, $data->password))
            {
                $dbAdapter = $this->getServiceLocator()->get('Zend\Db\Adapter\Adapter');
                $authService = new CredentialTreatmentAdapter($dbAdapter, 'user', 'username', 'password');
                $authService->setIdentity($user->username);
                $authService->setCredential($data->password);

                if($authService->authenticate()->isValid())
                {
                    $message = 'successfully logged in as ' . $user->username;
                    $message_type = 'success';
                }
                else
                {
                    $message = 'invalid password or username';
                    $message_type = 'danger';
                }
            }
        }
    }

It uses BCrypt and Zend\\Authentication and it seems to work fine. 它使用BCrypt和Zend \\ Authentication，它似乎工作正常。

Answer 1

" but I can't get it to work with Bcrypt " “ 但我无法使其与Bcrypt一起使用 ”

Store password already bcrypted 存储密码已加密
Parametrize the auth adapter with the username and the bcrypted password 使用用户名和加密的密码对身份验证适配器进行参数设置

(It will simply compare the strings.) （它将仅比较字符串。）

" Is my method safe enough or should I use Zend\\Authentication " If you store your password crypted (as you do), I do not see any problem with your code. “ 是我的方法是否足够安全，还是应该使用Zend \\ Authentication？ ”（如果您将密码存储为加密方式）（如您所做的那样），我的代码不会出现任何问题。

Nevertheless, I would use Zend Authentication: Zend\\Authentication , as it gives much more. 不过，我将使用Zend Authentication： Zend \\ Authentication ，因为它提供了更多功能。

Answer 2

It is working for me with out session storage 它对我来说没有会话存储

   public function login($credential)
   {   
    $bcrypt = new Bcrypt();
    $user   = new User();
    $user->exchangeArray($credential);

    $password    = $user->password;
    $data        = $this->getUserTable()->selectUser($user->username);

    if (!$data)
    {
        $message = 'Username or password not correct!';
    } else {

        if ($bcrypt->verify($password, $data->password)) {

            $sm          = $this->getServiceLocator();
            $dbAdapter   = $sm->get('Zend\Db\Adapter\Adapter');
            $authAdapter = new AuthAdapter(
                    $dbAdapter,
                    'user',
                    'username',
                    'password'
            );
            $authAdapter -> setIdentity($user->username) -> setCredential($data->password);
            $auth = new AuthenticationService();
            $result = $auth->authenticate($authAdapter);
            //success
                switch ($result->getCode()) {
                    case Result::FAILURE_IDENTITY_NOT_FOUND:
                        // do stuff for nonexistent identity
                        $message = "FAILURE_IDENTITY_NOT_FOUND";
                        break;

                    case Result::FAILURE_CREDENTIAL_INVALID:
                        // do stuff for invalid credential
                        $message = "FAILURE_CREDENTIAL_INVALID";
                        break;

                    case Result::SUCCESS:

                        $message = "you are logged in succesfully";
                        break;

                    default:
                        // do stuff for other failure
                        //$message = "you are logged in succesfully";
                    break;
                //$message = "Login succesfull.Welcome ".$auth->getIdentity();

            }
        } else {
            $message =  'Username or password not correct';
        }
    }


    return new ViewModel(array("message" =>$message));
}

Zend Framework 2中处理身份验证的最佳方法

问题描述

2 个解决方案

解决方案1
1 2014-06-10 14:26:35

解决方案2
0 2014-08-06 09:59:12

Zend Framework 2中处理身份验证的最佳方法

问题描述

2 个解决方案

解决方案1 1 2014-06-10 14:26:35

解决方案2 0 2014-08-06 09:59:12

解决方案1
1 2014-06-10 14:26:35

解决方案2
0 2014-08-06 09:59:12