RESTful服务-使用Phil Sturgeon Rest Server:使用用户名和密码验证用户的逻辑/功能?
[英]RESTful service - using Phil Sturgeon Rest Server : Logic / function for validating the users with their username and password?
问题描述
I'm writing a simple RESTful service, using Phil Sturgeon Rest Server. 
我正在使用Phil Sturgeon Rest Server编写一个简单的RESTful服务。 Can anyone provide me a solution for login using username and password. 谁能为我提供使用用户名和密码登录的解决方案。 I am able to get all the json reponse without login. 我无需登录即可获取所有json响应。
Porblem 1 : $config['rest_auth'] = 'basic'; 问题1 : $config['rest_auth'] = 'basic';
An Error Was Encountered
The configuration file ldap.php does not exist.
The same happens with
$config['rest_auth'] = 'digest';$config['rest_auth'] = 'digest';
I haven't used "ldap" earlier and don't know how it works apart from a few basic information. 我以前没有使用过“ ldap”,除了一些基本信息之外,我不知道它是如何工作的。 So could you please tell me what could be the reason for this error ? 那么,能否请您告诉我该错误的原因是什么?
Tried out Solutions
I changed the value of
$config['auth_source'] = 'ldap';$config['auth_source'] = 'ldap';to$config['auth_source'] = '';$config['auth_source'] = '';, Now REST Login Usernames are working for both basic and digest , ie;
$config['rest_auth'] = 'basic'; or $config['rest_auth'] = 'digest'; 或$config['rest_auth'] = 'digest'; . 。
$config['rest_valid_logins'] = ['admin' => '1234','sudheesh'=>'test'];
Prevailing issue : unable to use session for authentication
Tried the commented notes from Phil Sturgeon ie; 尝试了菲尔·斯特金(Phil Sturgeon)的评论笔记,即;
Note: If 'rest_auth' is set to 'session' then change 'auth_source' to the name of the session variable
How the session is created in MODEL, it is here : 如何在MODEL中创建会话,位于此处:
if ($query->num_rows() == 1) {
// If there is a user, then create session data
$row = $query->row();
$data = array(
'id' => $row->id,
'name' => $row->full_name,
'email' => $row->email,
'phone' => $row->phone,
'acc_status' => $row->rec_status,
'validated' => true
);
$this->session->set_userdata($data);
//$this->session->set_authkey('1e957ebc35631ab22d5bd6526bd14ea2');
//print_r($data);
return $data;
Question is : How can I change the 'auth_source' to the name of the session variable , 问题是:如何将'auth_source'更改为会话变量的名称,
Right now it is
$config['auth_source'] = ''$config['auth_source'] = ''Do i have to change it to :
$config['validated'], if I do this am not getting the access , I have read here that:$config['validated'],如果我这样做没有获得访问权限,我在这里读到:If you're tying this library into an AJAX endpoint where clients authenticate using PHP sessions then you may not like either of the digest nor basic authentication methods.
$config['auth_source'].$config['auth_source']定义变量。 Then tell the library to use a php session variable by setting$config['rest_auth']tosession.$config['rest_auth']到session。
Is there any suggestions ? 有什么建议吗?
Problem 2 : How can I grant API access to users with a valid username and password ? 问题2 :如何为具有有效用户名和密码的用户授予API访问权限?
Can anyone provide me with a function or detailed information on how to implement this ?
Other Doubts : 其他疑问 :
$config['rest_valid_logins'] = ['admin' => '1234'];
The description for this 'REST Login Usernames' says if ldap is configured this is ignored. 此“ REST登录用户名”的说明说,如果配置了ldap,则将其忽略。
Question : How can I use this Array of usernames and passwords for login, without configuring LDAP. 问题 :如何在不配置LDAP的情况下使用此用户名和密码数组进行登录。
REST Login Class and Function
This says, If library authentication is used define the class and function name. 这表示,如果使用库身份验证,则定义类和函数名称。 The function should accept two parameters: class->function($username, $password) . 该函数应接受两个参数: class->function($username, $password) 。 In other cases override the function _perform_library_auth in your controller. 在其他情况下,请在您的控制器中覆盖函数_perform_library_auth。
For digest authentication the library function should return already a stored md5(username:restrealm:password) for that username. 对于摘要身份验证,库函数应已为该用户名返回已存储的md5(username:restrealm:password)。
eg: md5('admin:REST API:1234') = '1e957ebc35631ab22d5bd6526bd14ea2' 例如:md5('admin:REST API:1234')='1e957ebc35631ab22d5bd6526bd14ea2'
$config['auth_library_class'] = '';
$config['auth_library_function'] = '';
Question: Can I use this to allow users with a valid username and password to access the API ? 问:我可以使用它来允许具有有效用户名和密码的用户访问API吗? If Yes , Do you have any functions already written to help in this scenario , any help would be highly appreciated. 如果是,在此情况下您是否已编写任何功能来帮助您,我们将不胜感激。 Thank you very much . 非常感谢你 。 If you know answers for any of my issues, please help. 如果您知道我的任何问题的答案,请提供帮助。 Thanks again. 再次感谢。
1 个解决方案
解决方案1
1 2015-10-15 12:15:20
Rather than attempt to address every single question posted by Sudheesh, I would like to propose an alternate solution. 我想提出一个替代解决方案,而不是试图解决Sudheesh提出的每个问题。
Disclaimer: This is a commercial Joomla plugin, so please keep that in mind before proceeding... 免责声明:这是一个商业性的Joomla插件,因此在继续之前请记住这一点...
Having experienced the same challenge as yourself, I ended up building a RESTful API framework for Joomla, powered by the Slim PHP micro-framework. 在经历了与您自己同样的挑战之后,我最终为Soom PHP构建了一个RESTful API框架,该框架由Slim PHP微框架提供支持。 This allowed me to leverage all the power of Slim, including it's standards-compliant routing architecture, request-type handling and much, much more. 这使我能够利用Slim的所有功能,包括符合标准的路由体系结构,请求类型处理等等。 This also solved the problem of deal with authentication, access control, content management, database access, etc. because it runs on the Joomla CMS & Platform framework. 这也解决了身份验证,访问控制,内容管理,数据库访问等问题,因为它运行在Joomla CMS和平台框架上。
This solution provides exactly what you are looking for, easily extensible through plugins and is built on an already popular and well support RESTful API framework (Slim). 该解决方案提供了您正在寻找的功能,可通过插件轻松扩展,并基于已经流行且良好支持的RESTful API框架(Slim)构建。
For more information on the micro-framework I used: 有关我使用的微框架的更多信息:
http://slimframework.com http://slimframework.com
For more information on the Joomla RESTful API package: 有关Joomla RESTful API软件包的更多信息:
http://getcapi.org http://getcapi.org
What does it provide? 它提供什么?
- Control Panel for managing access tokens, API rate limitation and other Slim parameters 控制面板,用于管理访问令牌,API速率限制和其他Slim参数
- Pluggable framework allowing for easy incorporation of new web service routes (include new ones to be released soon, for MySQL, MSSQL, LDAP, etc.) 可插拔的框架,允许轻松合并新的Web服务路由(包括即将发布的新路由,适用于MySQL,MSSQL,LDAP等)
- Based on Joomla. 基于Joomla。 This means you don't have to worry about writing the authentication, access control, content management or other framework. 这意味着您不必担心编写身份验证,访问控制,内容管理或其他框架。 It's already done! 已经完成了!
Examples of how username and password can be passed through to create a logged in session via a URL request: 如何通过URL请求传递用户名和密码以创建登录会话的示例:
GET user/login/:username/:password GET用户/登录/:用户名/:密码
"User login authentication via Joomla authentication plugins with username and password. Note that since credentials are passed into the URL, be aware that they can be stored in server logs. API traffic must traverse a secure (HTTPS) connection." “通过具有用户名和密码的Joomla身份验证插件进行的用户登录身份验证。请注意,由于凭据已传递到URL中,因此请注意,它们可以存储在服务器日志中。API流量必须经过安全(HTTPS)连接。”
Response: JSON 响应:JSON
Example request: 请求示例:
GET https://yourdomain.com/api/v1/user/login/dynus.borvalds/3jf9LfjNdiw GET https://yourdomain.com/api/v1/user/login/dynus.borvalds/3jf9LfjNdiw
Example response: 响应示例:
{"msg": "Authenticated","jresponse": true,"session":"1a36eab5e2b102a979918ee049f15e27","error": false,"status": 200}
The session ID can then be used to force log-out for that session using the method: 然后可以使用以下方法使用会话ID强制注销该会话:
GET user/logout/:user/:session GET用户/注销/:user /:会话
Hope this gets you pointed in the right direction. 希望这能为您指明正确的方向。 Let me know if you have any questions. 如果您有任何疑问,请告诉我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.