Laravel 5.5 授权,提供额外的凭据,调用 retrieveByCredentials()
Laravel 5.5 Authorization, supplying additional credentials, calling retrieveByCredentials()
正在从 4.2 升级。我正在尝试连接到 5.5 的 Auth 模型,并且(正如许多人所做的那样)需要额外的字段(凭证)。大多数人似乎只是简单地绕过授权结构。我们宁愿 'do it properly' 可以这么说,并保持完全集成在 Laravel 提供的 Auth 功能中。
但我不确定如何在登录上下文中调用 retrieveByCredentials($array)。
(对于 api 文档,请参阅:https://laravel.com/api/5.5/Illuminate/Auth/EloquentUserProvider.html#method_retrieveByCredentials )
那么,你能帮我知道使用什么,以及如何调用方法吗?
-谢谢
对于想知道通过覆盖 AuthenticateUsers 特征添加凭据的人,在您的 LoginController()
首先,添加到文件的顶部:
use Illuminate\Foundation\Auth\AuthenticatesUsers;
然后在 class 内,在顶部添加:
use AuthenticatesUsers;
然后在class的正文中,添加这两个函数:
/**
* Get the needed authorization credentials from the request.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
protected function credentials(Request $request)
{
// NOTE: Add fields here to regulate login requirements.
// ORIGINAL CODE: return $request->only($this->username(), 'password', 'verified');
// CODE WITH ADDITIONAL FIELDS (you can use any syntax you want to add to the array)
// Note that the binary '1' values are still in single quotes cover all circumstances.
return array_merge($request->only($this->username(), 'password'), ['verified' => '1', 'can_login' => '1']);
}
/**
* Get the failed login response instance.
*
* @param \Illuminate\Http\Request $request
* @return \Symfony\Component\HttpFoundation\Response
*
* @throws ValidationException
*/
protected function sendFailedLoginResponse(Request $request)
{
// MY QUESTION IS: INSTEAD OF CALLING THIS:
$user = SysUserModel::where('email', '=', $request->email)->firstOrFail(['email','verified','can_login', 'state']);
//HOW DO I CALL THIS? (And is this correct? Is there a better way to capture the user data without an additional call to the database?)
$user = retrieveByCredentials( $request->only($this->username(), 'password'));
// SO THAT I CAN DETERMINE IF
// (a) the user-email/pw doesn't exist
// (b) the user-email/pw exists but 'verified' = 0
// (c) the user-email/pw exists, 'verified' = 1, but 'can_login' = 0
// SO THAT I CAN RETURN THE APPROPRIATE ERROR MESSAGE HERE
throw ValidationException::withMessages([
$this->username() => [trans('auth.failed')],
]);
}
自定义身份验证过程时,您应该实施自定义保护。这样您就需要更改框架代码或广泛覆盖任何内容。如下所示,控制器有一个 guard 属性 调用 attempt。这是您的警卫处理传入的附加字段的地方。
/**
* Attempt to log the user into the application.
*
* @param \Illuminate\Http\Request $request
* @return bool
*/
protected function attemptLogin(Request $request)
{
return $this->guard()->attempt(
$this->credentials($request), $request->has('remember')
);
}
查看此处了解如何实现自定义守卫:
https://laravel.com/docs/5.5/authentication#adding-custom-guards
最后,您在 config/auth.php
设置了新的守卫
正在从 4.2 升级。我正在尝试连接到 5.5 的 Auth 模型,并且(正如许多人所做的那样)需要额外的字段(凭证)。大多数人似乎只是简单地绕过授权结构。我们宁愿 'do it properly' 可以这么说,并保持完全集成在 Laravel 提供的 Auth 功能中。
但我不确定如何在登录上下文中调用 retrieveByCredentials($array)。 (对于 api 文档,请参阅:https://laravel.com/api/5.5/Illuminate/Auth/EloquentUserProvider.html#method_retrieveByCredentials )
那么,你能帮我知道使用什么,以及如何调用方法吗?
-谢谢
对于想知道通过覆盖 AuthenticateUsers 特征添加凭据的人,在您的 LoginController()
首先,添加到文件的顶部:
use Illuminate\Foundation\Auth\AuthenticatesUsers;
然后在 class 内,在顶部添加:
use AuthenticatesUsers;
然后在class的正文中,添加这两个函数:
/**
* Get the needed authorization credentials from the request.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
protected function credentials(Request $request)
{
// NOTE: Add fields here to regulate login requirements.
// ORIGINAL CODE: return $request->only($this->username(), 'password', 'verified');
// CODE WITH ADDITIONAL FIELDS (you can use any syntax you want to add to the array)
// Note that the binary '1' values are still in single quotes cover all circumstances.
return array_merge($request->only($this->username(), 'password'), ['verified' => '1', 'can_login' => '1']);
}
/**
* Get the failed login response instance.
*
* @param \Illuminate\Http\Request $request
* @return \Symfony\Component\HttpFoundation\Response
*
* @throws ValidationException
*/
protected function sendFailedLoginResponse(Request $request)
{
// MY QUESTION IS: INSTEAD OF CALLING THIS:
$user = SysUserModel::where('email', '=', $request->email)->firstOrFail(['email','verified','can_login', 'state']);
//HOW DO I CALL THIS? (And is this correct? Is there a better way to capture the user data without an additional call to the database?)
$user = retrieveByCredentials( $request->only($this->username(), 'password'));
// SO THAT I CAN DETERMINE IF
// (a) the user-email/pw doesn't exist
// (b) the user-email/pw exists but 'verified' = 0
// (c) the user-email/pw exists, 'verified' = 1, but 'can_login' = 0
// SO THAT I CAN RETURN THE APPROPRIATE ERROR MESSAGE HERE
throw ValidationException::withMessages([
$this->username() => [trans('auth.failed')],
]);
}
自定义身份验证过程时,您应该实施自定义保护。这样您就需要更改框架代码或广泛覆盖任何内容。如下所示,控制器有一个 guard 属性 调用 attempt。这是您的警卫处理传入的附加字段的地方。
/**
* Attempt to log the user into the application.
*
* @param \Illuminate\Http\Request $request
* @return bool
*/
protected function attemptLogin(Request $request)
{
return $this->guard()->attempt(
$this->credentials($request), $request->has('remember')
);
}
查看此处了解如何实现自定义守卫:
https://laravel.com/docs/5.5/authentication#adding-custom-guards
最后,您在 config/auth.php