将额外数据传递给 finder auth

问题描述 投票:0回答:2

我来自 

Auth
的查找器具有我需要访问 
$this->request
的条件,但我在 
UsersTable
上无权访问。

AppController::初始化

$this->loadComponent('Auth', [
        'authenticate' => [
            'Form' => [
                'finder' => 'auth',
            ]
        ]
    ]);

用户表

public function findAuth(Query $query, array $options)
{
    $query
        ->select([
            'Users.id',
            'Users.name',
            'Users.username',
            'Users.password',
        ])
        ->where(['Users.is_active' => true]); // If I had access to extra data passed I would use here.

    return $query;
}

我需要将额外的数据从 

AppController
传递到 
finder
auth
,因为我无权访问 
$this->request->data
上的 
UsersTable

更新

人们在评论中说这是一个糟糕的设计,所以我会准确解释我需要什么。

我有一个表

users
,但每个用户都属于一个
gym
username(email)
仅对于特定的 
gym
是唯一的,因此我可以从 
[email protected]
获得一个 
gym_id 1
,并从 
[email protected]
获得另一个 
gym_id 2
。 在登录页面上,我有 
gym_slug
告诉 
auth finder
我提供的用户 
gym
属于哪个 
username

php authentication orm cakephp-3.0
2个回答
3
投票

据我所知,在3.1中没有办法通过将其传递到配置中来做到这一点。这可能是一个好主意,将其作为功能请求提交到 cakephp git hub 上。

有多种方法可以通过创建一个新的身份验证对象来扩展基本身份验证,然后覆盖 _findUser 和 _query 来实现此目的。像这样的东西:

class GymFormAuthenticate extends BaseAuthenticate
{

 /**
  * Checks the fields to ensure they are supplied.
  *
  * @param \Cake\Network\Request $request The request that contains login information.
  * @param array $fields The fields to be checked.
  * @return bool False if the fields have not been supplied. True if they exist.
  */
 protected function _checkFields(Request $request, array $fields)
 {
     foreach ([$fields['username'], $fields['password'], $fields['gym']] as $field) {
         $value = $request->data($field);
         if (empty($value) || !is_string($value)) {
             return false;
         }
     }
     return true;
 }

 /**
  * Authenticates the identity contained in a request. Will use the `config.userModel`, and `config.fields`
  * to find POST data that is used to find a matching record in the `config.userModel`. Will return false if
  * there is no post data, either username or password is missing, or if the scope conditions have not been met.
  *
  * @param \Cake\Network\Request $request The request that contains login information.
  * @param \Cake\Network\Response $response Unused response object.
  * @return mixed False on login failure.  An array of User data on success.
  */
 public function authenticate(Request $request, Response $response)
 {
     $fields = $this->_config['fields'];
     if (!$this->_checkFields($request, $fields)) {
         return false;
     }
     return $this->_findUser(
         $request->data[$fields['username']],
         $request->data[$fields['password']],
         $request->data[$fields['gym']],
     );
 }

/**
  * Find a user record using the username,password,gym provided.
  *
  * Input passwords will be hashed even when a user doesn't exist. This
  * helps mitigate timing attacks that are attempting to find valid usernames.
  *
  * @param string $username The username/identifier.
  * @param string|null $password The password, if not provided password checking is skipped
  *   and result of find is returned.
  * @return bool|array Either false on failure, or an array of user data.
  */
 protected function _findUser($username, $password = null, $gym = null)
 {
     $result = $this->_query($username, $gym)->first();

     if (empty($result)) {
         return false;
     }

     if ($password !== null) {
         $hasher = $this->passwordHasher();
         $hashedPassword = $result->get($this->_config['fields']['password']);
         if (!$hasher->check($password, $hashedPassword)) {
             return false;
         }

         $this->_needsPasswordRehash = $hasher->needsRehash($hashedPassword);
         $result->unsetProperty($this->_config['fields']['password']);
     }

     return $result->toArray();
 }

/**
  * Get query object for fetching user from database.
  *
  * @param string $username The username/identifier.
  * @return \Cake\ORM\Query
  */
 protected function _query($username, $gym)
 {
     $config = $this->_config;
     $table = TableRegistryget($config['userModel']);

     $options = [
         'conditions' => [$table->aliasField($config['fields']['username']) => $username, 'gym' => $gym]
     ];

     if (!empty($config['scope'])) {
         $options['conditions'] = array_merge($options['conditions'], $config['scope']);
     }
     if (!empty($config['contain'])) {
         $options['contain'] = $config['contain'];
     }

     $query = $table->find($config['finder'], $options);

     return $query;
 }
 }

有关更多信息,请参阅:创建自定义身份验证对象

1
投票

我知道这是一个老问题,但我想我应该发布我在我们基于 Cakephp 3 构建的 SaaS 应用程序之一中使用的查找器。它是否遵循 DRY 等,可能不会。要说一切都可以用 X 或 Y 方式完成……你总是必须打破规则。 在这种情况下,根据 URL(xdomain.com 或 ydomain.com),我们的应用程序会确定客户是谁并更改布局等。此外,基于用户的信息与电子邮件和 site_id 相关联,就像您的一样

public function findAuth(\Cake\ORM\Query $query, array $options) {
    $query
            ->select([
                'Users.id',
                'Users.email',
                'Users.password',
                'Users.site_id',
                'Users.firstname',
                'Users.lastname'])
            ->where([
                'Users.active' => 1,
                'Users.site_id'=> \Cake\Core\Configure::read('site_id')
            ]);

    return $query;
}

无论如何希望它能帮助别人

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.