Php 基于API调用响应的自定义用户身份验证
说明:Php 基于API调用响应的自定义用户身份验证,php,laravel,authentication,laravel-5.1,Php,Laravel,Authentication,Laravel 5.1,说明: public function postSignIn(){ $username = strtolower(Input::get('username')); $password_api = VSE::user('password',$username); // abc <----- $password = Input::get('password'); // abc <----- if ( $password == $pas
public function postSignIn(){
$username = strtolower(Input::get('username'));
$password_api = VSE::user('password',$username); // abc <-----
$password = Input::get('password'); // abc <-----
if ( $password == $password_api ) {
//Log user in
$auth = Auth::attempt(); // Stuck here <----
}
if ($auth) {
return Redirect::to('/dashboard')->with('success', 'Hi '. $username .' ! You have been successfully logged in.');
}
else {
return Redirect::to('/')->with('error', 'Username/Password Wrong')->withInput(Request::except('password'))->with('username', $username);
}
}
Object
data:Array[2]
0:Object
DBA:""
account_id:111
account_type:"admin"
address1:"111 Park Ave"
address2:"Floor 4"
address3:"Suite 4011"
city:"New York"
customer_type:2
display_name:"BobJ"
email_address:"bob@xyzcorp.com"
first_name:"Bob"
last_name:"Jones"
last_updated_utc_in_secs:200200300
middle_names:"X."
name_prefix:"Mr"
name_suffix:"Jr."
nation_code:"USA"
non_person_name:false
password:"abc"
phone1:"212-555-1212"
phone2:""
phone3:""
postal_code:"10022"
state:"NY"
time_zone_offset_from_utc:-5
1:Object
DBA:""
account_id:112
account_type:"mbn"
address1:"112 Park Ave"
address2:"Floor 3"
address3:"Suite 3011"
city:"New York"
customer_type:2
display_name:"TomS"
email_address:"tom@xyzcorp.com"
first_name:"Tom"
last_name:"Smith"
last_updated_utc_in_secs:200200300
middle_names:"Z."
name_prefix:"Mr"
name_suffix:"Sr."
nation_code:"USA"
non_person_name:false
password:"abd"
phone1:"212-555-2323"
phone2:""
phone3:""
postal_code:"10022"
state:"NY"
time_zone_offset_from_utc:-5
message:"Success"
status:200
我一直在使用Laravel进行一系列的项目。
在Laravel中实现用户身份验证很简单。现在,我处理的结构有点不同-我没有本地的数据库
或用户
表。我必须进行API调用来查询我需要什么
我试过了
public function postSignIn(){
$username = strtolower(Input::get('username'));
$password_api = VSE::user('password',$username); // abc <-----
$password = Input::get('password'); // abc <-----
if ( $password == $password_api ) {
//Log user in
$auth = Auth::attempt(); // Stuck here <----
}
if ($auth) {
return Redirect::to('/dashboard')->with('success', 'Hi '. $username .' ! You have been successfully logged in.');
}
else {
return Redirect::to('/')->with('error', 'Username/Password Wrong')->withInput(Request::except('password'))->with('username', $username);
}
}
Object
data:Array[2]
0:Object
DBA:""
account_id:111
account_type:"admin"
address1:"111 Park Ave"
address2:"Floor 4"
address3:"Suite 4011"
city:"New York"
customer_type:2
display_name:"BobJ"
email_address:"bob@xyzcorp.com"
first_name:"Bob"
last_name:"Jones"
last_updated_utc_in_secs:200200300
middle_names:"X."
name_prefix:"Mr"
name_suffix:"Jr."
nation_code:"USA"
non_person_name:false
password:"abc"
phone1:"212-555-1212"
phone2:""
phone3:""
postal_code:"10022"
state:"NY"
time_zone_offset_from_utc:-5
1:Object
DBA:""
account_id:112
account_type:"mbn"
address1:"112 Park Ave"
address2:"Floor 3"
address3:"Suite 3011"
city:"New York"
customer_type:2
display_name:"TomS"
email_address:"tom@xyzcorp.com"
first_name:"Tom"
last_name:"Smith"
last_updated_utc_in_secs:200200300
middle_names:"Z."
name_prefix:"Mr"
name_suffix:"Sr."
nation_code:"USA"
non_person_name:false
password:"abd"
phone1:"212-555-2323"
phone2:""
phone3:""
postal_code:"10022"
state:"NY"
time_zone_offset_from_utc:-5
message:"Success"
status:200
我希望我能在这里向你展示,但它在我本地机器的虚拟机上,所以请留在这里。基本上,它
执行
curlhttp://172.16.67.137:1234/vse/accounts
按照以下步骤,您可以设置自己的身份验证驱动程序,使用API调用处理获取和验证用户凭据的操作:
1。在app/Auth/ApiUserProvider.php
中创建您自己的自定义用户提供程序,包含以下内容:
namespace-App\Auth;
使用Illumb\Contracts\Auth\UserProvider;
使用Illumb\Contracts\Auth\Authenticatable作为UserContract;
类ApiUserProvider实现UserProvider
{
/**
*通过给定的凭据检索用户。
*
*@param数组$credentials
*@return\light\Contracts\Auth\authenticable | null
*/
公共函数retrieveByCredentials(数组$credentials)
{
$user=$this->getUserByUsername($credentials['username']);
返回$this->getApiUser($user);
}
/**
*通过用户的唯一标识符检索用户。
*
*@param混合$identifier
*@return\light\Contracts\Auth\authenticable | null
*/
公共函数retrieveById($identifier)
{
$user=$this->getUserById($identifier);
返回$this->getApiUser($user);
}
/**
*根据给定的凭据验证用户。
*
*@param\Lightning\Contracts\Auth\Authenticatable$user
*@param数组$credentials
*@returnbool
*/
公共函数validateCredentials(UserContract$user,array$credentials)
{
返回$user->getAuthPassword()=$credentials['password'];
}
/**
*获取api用户。
*
*@param混合$user
*@return\App\Auth\ApiUser | null
*/
受保护函数getApiUser($user)
{
如果($user!==null){
返回新用户($user);
}
}
/**
*从API获取使用详细信息。
*
*@param string$username
*@return数组| null
*/
受保护的函数getUsers()
{
$ch=curl_init();
curl_setopt($ch,CURLOPT_FOLLOWLOCATION,true);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch,CURLOPT_URL,env('API_HOST').'vse/accounts');
$response=curl\u exec($ch);
$response=json_decode($response,true);
卷曲关闭($ch);
返回$response['data'];
}
受保护的函数getUserById($id)
{
$user=[];
foreach($this->getUsers()作为$item){
如果($item['account\u id']==$id){
$user=$item;
打破
}
}
返回$user?:空;
}
受保护的函数getUserByUsername($username)
{
$user=[];
foreach($this->getUsers()作为$item){
如果($item['email_address']==$username){
$user=$item;
打破
}
}
返回$user?:空;
}
//由于可验证的合同,需要定义以下方法
//但“Auth::trunt”不需要实现就可以工作并可以实现
//如果您需要它们的功能
公共函数retrieveByToken($identifier,$token){}
公共函数updateRememberToken(UserContract$user,$token){}
}
2.还创建一个用户类,该类扩展了身份验证系统在app/Auth/ApiUser.php
中提供的默认GenericUser
,并包含以下内容:
namespace-App\Auth;
使用Illumb\Auth\GenericUser;
使用Illumb\Contracts\Auth\Authenticatable作为UserContract;
类ApiUser扩展GenericUser实现UserContract
{
公共函数getAuthIdentifier()
{
返回$this->attributes['account_id'];
}
}
3。在app/Providers/AuthServiceProvider.php文件的引导方法中,注册新的驱动程序用户提供程序:
公共功能启动(GateContract$gate)
{
$this->registerPolicies($gate);
//下面的代码设置“api”驱动程序
$this->app['auth']->extend('api',function()){
返回new\App\Auth\ApiUserProvider();
});
}
4.最后,在config/auth.php
文件中,将驱动程序设置为自定义驱动程序:
“驱动程序”=>“api”,
现在,您可以在控制器操作中执行以下操作:
public function postSignIn()
{
$username=strtolower(输入::get('username'));
$password=Input::get('password');
如果(身份验证::尝试(['username'=>$username,'password'=>$password])){
return Redirect::to('/dashboard')->带有('success','Hi'.$username'.!您已成功登录');
}否则{
返回Redirect::to('/')->with('error','Username/Password error')->with input(Request::except('Password'))->with('Username',$Username);
}
}
成功登录后调用Auth::user()
以获取用户详细信息,将返回一个ApiUser
实例,其中包含从远程API获取的属性,如下所示:
ApiUser {#143 ▼
#attributes: array:10 [▼
"DBA" => ""
"account_id" => 111
"account_type" => "admin"
"display_name" => "BobJ"
"email_address" => "bob@xyzcorp.com"
"first_name" => "Bob"
"last_name" => "Jones"
"password" => "abc"
"message" => "Success"
"status" => 200
]
}
由于您尚未发布API中与用户电子邮件不匹配时得到的响应示例,因此我在getUserDetails
方法中设置了条件,以确定不存在匹配,如果响应不包含数据,则返回null