• Yii2 认证实现原理和示例


      Yii的用户认证分为两个部分,一个是User组件,负责管理用户认证状态的,包括登录,登出,检测当前登录状态等,源文件位于vender/yiisoft/yii2/web/User.php。另一个是实现接口IdentityInterface的模型,同时必须继承ActiveRecord,当用户登录注册时,组件User会通过模型中的接口方法,对用户进行验证。

      对于用户状态切换主要通过switchIdentity方法实现的,比如注册后,用户登录时,会用到User组件中的switchIdentity方法,如下:

    /**
         * Switches to a new identity for the current user.
         *
         * When [[enableSession]] is true, this method may use session and/or cookie to store the user identity information,
         * according to the value of `$duration`. Please refer to [[login()]] for more details.
         *
         * This method is mainly called by [[login()]], [[logout()]] and [[loginByCookie()]]
         * when the current user needs to be associated with the corresponding identity information.
         *
         * @param IdentityInterface|null $identity the identity information to be associated with the current user.
         * If null, it means switching the current user to be a guest.
         * @param integer $duration number of seconds that the user can remain in logged-in status.
         * This parameter is used only when `$identity` is not null.
         */
        public function switchIdentity($identity, $duration = 0)
        {
            $this->setIdentity($identity);
    
            if (!$this->enableSession) {
                return;
            }
    
            /* Ensure any existing identity cookies are removed. */
            if ($this->enableAutoLogin) {
                $this->removeIdentityCookie();
            }
    
            $session = Yii::$app->getSession();
            if (!YII_ENV_TEST) {
                $session->regenerateID(true);
            }
            $session->remove($this->idParam);
            $session->remove($this->authTimeoutParam);
    
            if ($identity) {
                $session->set($this->idParam, $identity->getId());
                if ($this->authTimeout !== null) {
                    $session->set($this->authTimeoutParam, time() + $this->authTimeout);
                }
                if ($this->absoluteAuthTimeout !== null) {
                    $session->set($this->absoluteAuthTimeoutParam, time() + $this->absoluteAuthTimeout);
                }
                if ($duration > 0 && $this->enableAutoLogin) {
                    $this->sendIdentityCookie($identity, $duration);
                }
            }
        }
    

      如果写入identity为null,则将用户状态设置为离线,如果不是null,而是模型实例,该方法会将用户模型的id值写入session中,用户打开新页面时,只需下面的方法就可以判断是否已经登录。

    //已登录返回true
    Yii::$app->user->isGuest
    

      访问user组件的isGuest属性,会通过魔术方法,调用User组件中的getIsGuest方法

        /**
         * Returns a value indicating whether the user is a guest (not authenticated).
         * @return boolean whether the current user is a guest.
         * @see getIdentity()
         */
        public function getIsGuest()
        {
            return $this->getIdentity() === null;
        }
    

      方法又调用getIdentity()方法

        /**
         * Returns the identity object associated with the currently logged-in user.
         * When [[enableSession]] is true, this method may attempt to read the user's authentication data
         * stored in session and reconstruct the corresponding identity object, if it has not done so before.
         * @param boolean $autoRenew whether to automatically renew authentication status if it has not been done so before.
         * This is only useful when [[enableSession]] is true.
         * @return IdentityInterface|null the identity object associated with the currently logged-in user.
         * `null` is returned if the user is not logged in (not authenticated).
         * @see login()
         * @see logout()
         */
        public function getIdentity($autoRenew = true)
        {
            if ($this->_identity === false) {
                if ($this->enableSession && $autoRenew) {
                    $this->_identity = null;
                    $this->renewAuthStatus();
                } else {
                    return null;
                }
            }
    
            return $this->_identity;
        }
    

      当session启用时,通过renewAuthStatus()更新新用户状态

        /**
         * Updates the authentication status using the information from session and cookie.
         *
         * This method will try to determine the user identity using the [[idParam]] session variable.
         *
         * If [[authTimeout]] is set, this method will refresh the timer.
         *
         * If the user identity cannot be determined by session, this method will try to [[loginByCookie()|login by cookie]]
         * if [[enableAutoLogin]] is true.
         */
        protected function renewAuthStatus()
        {
            $session = Yii::$app->getSession();
            $id = $session->getHasSessionId() || $session->getIsActive() ? $session->get($this->idParam) : null;
    
            if ($id === null) {
                $identity = null;
            } else {
                /* @var $class IdentityInterface */
                $class = $this->identityClass;
                $identity = $class::findIdentity($id);
            }
    
            $this->setIdentity($identity);
    
            if ($identity !== null && ($this->authTimeout !== null || $this->absoluteAuthTimeout !== null)) {
                $expire = $this->authTimeout !== null ? $session->get($this->authTimeoutParam) : null;
                $expireAbsolute = $this->absoluteAuthTimeout !== null ? $session->get($this->absoluteAuthTimeoutParam) : null;
                if ($expire !== null && $expire < time() || $expireAbsolute !== null && $expireAbsolute < time()) {
                    $this->logout(false);
                } elseif ($this->authTimeout !== null) {
                    $session->set($this->authTimeoutParam, time() + $this->authTimeout);
                }
            }
    
            if ($this->enableAutoLogin) {
                if ($this->getIsGuest()) {
                    $this->loginByCookie();
                } elseif ($this->autoRenewCookie) {
                    $this->renewIdentityCookie();
                }
            }
        }
    

      该方法主要通过session取出用户id,然后通过id获取用户模型实例,然后使用实例进行登录,和更新认证过期时间。

      下面实现一个常用的用户注册登录功能模块,用户只有登录后才可以进入home页面

      User模型:

    <?php
    /**
     * Created by PhpStorm.
     * User: zhenbao
     * Date: 16/10/17
     * Time: 下午4:14
     */
    
    namespace appmodels;
    
    use Yii;
    use yiiwebIdentityInterface;
    use yiidbActiveRecord;
    
    class User extends ActiveRecord implements IdentityInterface
    {
        const LOGIN = "login";
        const REGISTER = "register";
    
        public function scenarios()
        {
            return [
                self::LOGIN => ['username', 'password'],
                self::REGISTER => ['username', 'password']
            ];
        }
    
        public static function tableName()
        {
            return "user";
        }
    
        public static function findIdentity($id)
        {
            return static::findOne($id);
        }
    
        public static function findIdentityByAccessToken($token, $type = null)
        {
            return static::findOne(['accessToken' => $token]);
        }
    
        public function getId()
        {
            return $this -> id;
        }
    
        public function getAuthKey()
        {
            return $this -> authKey;
        }
    
        public function validateAuthKey($authKey)
        {
            return $this -> getAuthKey() === $authKey;
        }
    
        public static function findIdentityByUsername($username)
        {
            return static::findOne(['username' => $username]);
        }
    
        public function validatePassword($password)
        {
            return $this -> password === sha1($password);
        }
    
        public function setPassword()
        {
            $this -> password = sha1($this -> password);
            return true;
        }
    
        public function beforeSave($insert)
        {
            if(parent::beforeSave($insert))
            {
                if($this -> isNewRecord)
                {
                    $this -> authKey = Yii::$app -> security -> generateRandomString();
                }
                return true;
            }
            return false;
        }
    }
    

      控制器:

    <?php
    
    namespace appcontrollers;
    
    use Yii;
    use yiiwebController;
    use appmodelsUser;
    use yiiwebCookie;
    
    class UserController extends Controller
    {
        /**默认方法为home方法
         * @var string
         */
        public $defaultAction = 'home';
    
        /**用户登录,当已经登录直接跳转home页面,
         * 否则,查看是否有访问accessToken,如果有使用accessToken登录,如果accessToken无效则删除accessToken然后返回到登录界面
         * 如果没有accessToken则使用用户的登录密码登录,验证成功后,查看是否选择了记住我,有则生成accessToken,下次直接使用accessToken登录
         * 登录失败,返回到登录界面重新登录。
         * @return string|yiiwebResponse
         */
        public function actionLogin()
        {
            $request = Yii::$app->request->post('User');
            //如果已经登录获取认证identity然后进入home页面
            if (!(Yii::$app->user->isGuest)) {
                return $this->redirect('/?r=user/home');
            } else {
                //如果没有登录,查看cookie中是否有accessToken,如果有尝试使用accessToken登录,accessToken登录失败,则删除这个无效的accessToken
                $accessToken = Yii::$app->request->cookies->getValue('accessToken');
                if ($accessToken !== null) {
                    if (Yii::$app->user->loginByAccessToken($accessToken)) {
                        return $this->redirect("/?r=user/home");
                    } else {
                        Yii::$app->request->cookies->remove("accessToken");
                        $user = new User(['scenario' => 'login']);
                        return $this->renderPartial('login', ['model' => $user]);
                    }
                }
                //尝试用户名密码登录,如果验证成功,查看是否有点击记住我,如果有生成accessToken,下次直接accessToken登录
                $request = Yii::$app->request->post('User');
                if ($request && isset($request['username']) && isset($request['password'])) {
                    $user = User::findIdentityByUsername($request['username']);
                    if ($user && $user->validatePassword($request['password'])) {
                        $remeberMe = Yii::$app->request->post('remeberMe');
                        if ($remeberMe === 'on') {
                            //生成访问accessToken
                            $user->accessToken = Yii::$app->security->generateRandomString();
                            $user->scenario = 'login';
                            $user->save();
                            Yii::$app->response->cookies->add(new Cookie([
                                'name' => 'accessToken',
                                'value' => $user->accessToken,
                                'expire' => time() + 3600 * 24 * 7
                            ]));
                        }
                        Yii::$app->user->login($user);
                        return $this->redirect('/?r=user/home');
                    }
                }
                //accessToken和账号密码均无法登录,重新返回登录界面
                $user = new User(['scenario' => 'login']);
                return $this->renderPartial('login', ['model' => $user]);
    
            }
        }
    
        /**根据用户是否登录,选择跳转页面
         * @return string|yiiwebResponse
         */
        public function actionHome()
        {
            if (Yii::$app->user->isGuest) {
                return $this->redirect('/?r=user/login');
            }
            $user = Yii::$app->user->getIdentity();
            return $this->renderPartial('home', ['user' => $user]);
        }
    
        /**退出登录,如果有删除accessToken,返回登录页面
         * @return yiiwebResponse
         */
        public function actionLogout()
        {
            $user = Yii::$app->user->getIdentity();
            Yii::$app->user->logout($user);
            $accessToken = Yii::$app->request->cookies->getValue('accessToken');
            if ($accessToken !== null) {
                Yii::$app->response->cookies->remove('accessToken');
            }
            return $this->redirect('/?r=user/login');
        }
    
        /**
         * 注册用户,如果注册成功自动进入home主页,注册失败进入注册页面
         * @return string|yiiwebResponse
         */
        public function actionRegister()
        {
            $user = new User(['scenario' => 'register']);
            $request = Yii::$app->request->post();
            if ($request) {
                if ($user->load($request) && $user->setPassword() && $user->save()) {
                    Yii::$app->user->login($user);
                    return $this->redirect('/?r=user/login');
                }
            }
            return $this->renderPartial('register', ['model' => $user]);
        }
    }
    

      视图login

    <?php
    
    use yiihelpersHtml;
    use yiiootstrapActiveForm;
    
     $form = ActiveForm::begin([
            'id' => 'user',
            'options' => ['class' => 'form-horizontal'],
            'fieldConfig' => [
                'template' => "{label}
    <div class="col-lg-3">{input}</div>
    <div class="col-lg-8">{error}</div>",
                'labelOptions' => ['class' => 'col-lg-1 control-label'],
            ],
        ]); ?>
    
    <?= $form->field($model, 'username')->textInput(['autofocus' => true]) ?>
    <?= $form->field($model, 'password')->passwordInput() ?>
    <input type="checkbox" name="remeberMe" >记住我
    <?= Html::submitButton('Login', ['class' => 'btn btn-primary', 'name' => 'login-button']) ?>
    <?php ActiveForm::end(); ?>
    <a href="/?r=user/register">注册</a>
    

      视图注册:

    <?php
    
    use yiihelpersHtml;
    use yiiootstrapActiveForm;
    
    $this->title = 'register';
    
    $form = ActiveForm::begin([
        'id' => 'login-form',
        'options' => ['class' => 'form-horizontal'],
        'fieldConfig' => [
            'template' => "{label}
    <div class="col-lg-3">{input}</div>
    <div class="col-lg-8">{error}</div>",
            'labelOptions' => ['class' => 'col-lg-1 control-label'],
        ],
    ]); ?>
    
    <?= $form->field($model, 'username')->textInput(['autofocus' => true]) ?>
    <?= $form->field($model, 'password')->passwordInput() ?>
    <?= Html::submitButton('Register', ['class' => 'btn btn-primary', 'name' => 'login-button']) ?>
    <?php ActiveForm::end(); ?>
    <a href="/?r=user/login">登录</a>
    

      home视图:

    <?php
        echo $user -> username;
    ?>
    <a href="/?r=user/logout">退出</a>
    

      运行:

    home页面

     

    文档:http://www.yiichina.com/doc/guide/2.0/security-authentication

  • 相关阅读:
    程序员编程武器大盘点
    Opencv 视频转为图像序列
    C/C++ 浮点数比较问题
    C/C++ Swap without using extra variable
    C/C++ Quick Sort Algorithm
    LaTeX 插图片
    LaTeX 基本的公式符号命令
    天龙八部服务器端共享内存的设计(1/3)
    天龙八部服务器端共享内存的设计(2/3)
    天龙八部服务器端共享内存的设计(2/3)
  • 原文地址:https://www.cnblogs.com/yangxunwu1992/p/5976550.html
Copyright © 2020-2023  润新知