Laravel:如何在沒有數據庫的情況下對用戶進行身份驗證
[英]Laravel: How to authenticate users without DB
問題描述
正如標題所暗示的,是否可以在沒有數據庫的情況下進行身份驗證(而是使用用戶提供程序)?
我看過有關如何在沒有密碼的情況下進行身份驗證的帖子,但是是否有可能在沒有DB 的情況下進行身份驗證?
這是我一直在努力實現的目標......
- 要求用戶提交 PIN
- 將 PIN 與 .env 中的值進行比較
- 如果 PIN 正確,請驗證用戶
通過引入用戶提供程序,似乎可以在沒有傳統 RDBMS 的情況下進行身份驗證。
但是,該文檔似乎並未描述用戶提供程序的外觀。
這是我的代碼片段(好吧,我只是模仿了文檔)...
class AuthServiceProvider extends ServiceProvider {
public function boot()
{
$this->registerPolicies();
Auth::provider('myUser', function ($app, array $config) {
// Return an instance of Illuminate\Contracts\Auth\UserProvider...
return new MyUserProvider($app->make('myUser'));
});
}
}
在auth.php ...
'providers' => [
'users' => [
'driver' => 'myUser',
],
],
現在,我不知道如何繼續。
所以,我想知道...
user provider應該是什么樣子如果可以首先使用
env()對用戶進行身份驗證
任何建議將被認真考慮。
3 個解決方案
解決方案1
21 2018-05-31 06:41:54
創建您自己的Guard忽略UserProvider接口。 我在我的項目中采用了它,並且運行良好。
PinGuard.php
<?php
declare(strict_types=1);
namespace App\Auth\Guards;
use App\User;
use Illuminate\Auth\AuthenticationException;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Http\Request;
/**
* Class PinGuard
*/
class PinGuard implements Guard
{
/**
* @var null|Authenticatable|User
*/
protected $user;
/**
* @var Request
*/
protected $request;
/**
* OpenAPIGuard constructor.
*
* @param Request $request
*/
public function __construct(Request $request)
{
$this->request = $request;
}
/**
* Check whether user is logged in.
*
* @return bool
*/
public function check(): bool
{
return (bool)$this->user();
}
/**
* Check whether user is not logged in.
*
* @return bool
*/
public function guest(): bool
{
return !$this->check();
}
/**
* Return user id or null.
*
* @return null|int
*/
public function id(): ?int
{
$user = $this->user();
return $user->id ?? null;
}
/**
* Manually set user as logged in.
*
* @param null|\App\User|\Illuminate\Contracts\Auth\Authenticatable $user
* @return $this
*/
public function setUser(?Authenticatable $user): self
{
$this->user = $user;
return $this;
}
/**
* @param array $credentials
* @return bool
*/
public function validate(array $credentials = []): bool
{
throw new \BadMethodCallException('Unexpected method call');
}
/**
* Return user or throw AuthenticationException.
*
* @throws AuthenticationException
* @return \App\User
*/
public function authenticate(): User
{
$user = $this->user();
if ($user instanceof User) {
return $user;
}
throw new AuthenticationException();
}
/**
* Return cached user or newly authenticate user.
*
* @return null|\App\User|\Illuminate\Contracts\Auth\Authenticatable
*/
public function user(): ?User
{
return $this->user ?: $this->signInWithPin();
}
/**
* Sign in using requested PIN.
*
* @return null|User
*/
protected function signInWithPin(): ?User
{
// Implement your logic here
// Return User on success, or return null on failure
}
/**
* Logout user.
*/
public function logout(): void
{
if ($this->user) {
$this->setUser(null);
}
}
}
NoRememberTokenAuthenticatable.php
User應該混合這個特性。
<?php
declare(strict_types=1);
namespace App\Auth;
use Illuminate\Database\Eloquent\Model;
/**
* Trait NoRememberTokenAuthenticatable
*
* @mixin Model
*/
trait NoRememberTokenAuthenticatable
{
/**
* Get the name of the unique identifier for the user.
*
* @return string
*/
public function getAuthIdentifierName()
{
return 'id';
}
/**
* Get the unique identifier for the user.
*
* @return mixed
*/
public function getAuthIdentifier()
{
return $this->id;
}
/**
* Get the password for the user.
*
* @return string
* @codeCoverageIgnore
*/
public function getAuthPassword()
{
throw new \BadMethodCallException('Unexpected method call');
}
/**
* Get the token value for the "remember me" session.
*
* @return string
* @codeCoverageIgnore
*/
public function getRememberToken()
{
throw new \BadMethodCallException('Unexpected method call');
}
/**
* Set the token value for the "remember me" session.
*
* @param string $value
* @codeCoverageIgnore
*/
public function setRememberToken($value)
{
throw new \BadMethodCallException('Unexpected method call');
}
/**
* Get the column name for the "remember me" token.
*
* @return string
* @codeCoverageIgnore
*/
public function getRememberTokenName()
{
throw new \BadMethodCallException('Unexpected method call');
}
}
AuthServiceProvider.php
<?php
declare(strict_types=1);
namespace App\Providers;
use App\Auth\Guards\PinGuard;
use Illuminate\Container\Container;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Auth;
class AuthServiceProvider extends ServiceProvider
{
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [];
/**
* Register any authentication / authorization services.
*/
public function boot()
{
Auth::extend('pin', function (Container $app) {
return new PinGuard($app['request']);
});
$this->registerPolicies();
}
}
config/auth.php
您應該注釋掉其中的大部分。
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
// 'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/
'guards' => [
'web' => [
'driver' => 'pin',
],
// 'api' => [
// 'driver' => 'session',
// 'provider' => 'users',
// ],
// 'web' => [
// 'driver' => 'session',
// 'provider' => 'users',
// ],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
// 'users' => [
// 'driver' => 'eloquent',
// 'model' => App\User::class,
// ],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
// 'passwords' => [
// 'users' => [
// 'provider' => 'users',
// 'table' => 'password_resets',
// 'expire' => 60,
// ],
// ],
];
解決方案2
17 已采納 2018-05-31 06:25:02
謝謝大家,但有一個更簡單的解決方案......那就是使用session() 。
在控制器中,
public function login(Request $request)
{
if ($request->input('pin') === env('PIN')) {
$request->session()->put('authenticated', time());
return redirect()->intended('success');
}
return view('auth.login', [
'message' => 'Provided PIN is invalid. ',
]);
//Or, you can throw an exception here.
}
路線看起來像,
Route::group(['middleware' => ['web', 'custom_auth']], function () {
Route::get('/success', 'Controller@success')->name('success');
});
該custom_auth將looke一樣,
public function handle($request, Closure $next)
{
if (!empty(session('authenticated'))) {
$request->session()->put('authenticated', time());
return $next($request);
}
return redirect('/login');
}
希望這會幫助某人。
解決方案3
-2 2018-05-30 14:12:42
如果您知道用戶是誰(IE:已經有一個 $user 實例),您可以簡單地登錄而不使用任何守衛,如文檔中所示
Auth::login($user);
我會將 User 實例而不是 $email/$password 傳遞給您的函數
$user = User::whereEmail($email)->first();
$class->login($user);
然后在你的班級
public static function Login(User $user)
{
// ...
if(substr ( $result, 0, 3 ) == '+OK')
Auth::login($user);
return true; //user will be logged in and then redirect
else
return false;
}
如何使用相同的密碼將Laravel用戶認證為wordpress用戶
[英]How to authenticate Laravel users to wordpress user using same password
如何在不使用用戶名和密碼的情況下使用Active Directory在PHP中對用戶進行身份驗證
[英]How to authenticate users in PHP using Active Directory without username and password
當每個租戶在laravel中有多個用戶時,如何對多租戶網站中的用戶進行身份驗證
[英]How to authenticate users in multi-tenant website when each tenant have multiple users in laravel
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
如何在 Laravel 中驗證沒有數據庫的用戶?
Laravel 5.1:如何僅對活動用戶進行身份驗證
Laravel-如何分別驗證管理員和用戶
Laravel 5-如何在沒有電子郵件確認的情況下進行身份驗證?
如何在Laravel 5.2中沒有數據庫進行身份驗證?
如何在 Laravel 5.3 的模塊結構中對用戶進行身份驗證
如何使用相同的密碼將Laravel用戶認證為wordpress用戶
如何在不使用用戶名和密碼的情況下使用Active Directory在PHP中對用戶進行身份驗證
如何在不強制用戶注冊的情況下對用戶進行身份驗證?
當每個租戶在laravel中有多個用戶時,如何對多租戶網站中的用戶進行身份驗證
相關標簽