Laravel:使用身份验证驱动程序登录,但没有密码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21741402/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel: Login with Auth driver, but without password
提问by Alias
Okay, so to keep it simple I have a userstable, and a Usermodel. The table contains a unique identifier com_id(plus other user info), which I'd like to login with, but no password.
好的,为了简单起见,我有一张users桌子和一个User模型。该表包含一个唯一标识符com_id(加上其他用户信息),我想用它登录,但没有密码。
I'd like to log the user in, and be able to access their data via the Auth driver: Auth::user()->emailetc, but I'm having some problems logging them in.
我想让用户登录,并能够通过 Auth 驱动程序访问他们的数据:Auth::user()->email等,但我在登录时遇到了一些问题。
if (Auth::attempt(['com_id' => $com_id]))
{
dd("successful login");
}
With this, I get an error regarding the UserInterface, so in my Model I add:
有了这个,我得到一个关于 的错误UserInterface,所以在我的模型中我添加:
use Illuminate\Auth\UserInterface;
class User extends Eloquent implements UserInterface {
protected $table = 'users';
protected $guarded = array('id');
public function getAuthIdentifier()
{
return $this->steam_community_id;
}
public function getAuthPassword()
{
return $this->password;
}
}
But what do I do about the password? I can't remove the function since it's required, and I'm not sure what the getAuthIdentifieris supposed to refer to?
但是我该怎么处理密码呢?我无法删除该功能,因为它是必需的,而且我不确定getAuthIdentifier应该指的是什么?
Any help would be nice.
你能帮忙的话,我会很高兴。
I could handle this through Sessions, but surely this is possible the "normal" way.
我可以通过 Sessions 来处理这个问题,但这肯定是“正常”的方式。
采纳答案by alexrussell
I'd say the correct way to solve this would be to implement your own auth provider (that extends UserProviderInterface) that doesn't care about a password. Laravel ships with a couple of providers: DatabaseUserProvider and EloquentUserProvider, but both assume a hashed password. In fact, even if you create your own auth provider, you have to implement a method that validates the credentials (but these credentials don't have to be password-based), but this method could be what checks the steam community id against an API or something.
我会说解决这个问题的正确方法是实现你自己的UserProviderInterface不关心密码的身份验证提供程序(扩展)。Laravel 附带了几个提供者:DatabaseUserProvider 和 EloquentUserProvider,但两者都假定一个散列密码。事实上,即使您创建自己的身份验证提供程序,您也必须实现一种验证凭据的方法(但这些凭据不必是基于密码的),但此方法可能用于根据API什么的。
As I understand it, getAuthIdentifieris used to store the user's id in session (and in remember me scenarios too). So it pretty much just have to be any unique identifier for the user (sounds like your com_id field would do the trick there). getAuthPassworddoes indeed have to return a hashed password, but this is for compatibility with Laravel's hashed-password-assuming DatabaseUserProviderand EloquentUserProvider, so you can safely implement the method but make it do nothing useful if you were to use your own provider.
据我了解,getAuthIdentifier用于在会话中存储用户的 ID(在记住我的场景中也是如此)。所以它几乎只需要是用户的任何唯一标识符(听起来你的 com_id 字段就可以做到这一点)。getAuthPassword确实必须返回一个散列密码,但这是为了与 Laravel 的 hashed-password-assuming DatabaseUserProviderand兼容EloquentUserProvider,因此您可以安全地实现该方法,但如果您要使用自己的提供程序,则使它没有任何用处。
However, if you can't really see the point in creating your own provider just to undo the assumptions that Laravel makes, then just implement those methods as above in your User model (unique identifier for getAuthIdentifierand blank string or no return value for getAuthPassword) and use your own means to retrieve a user from the database and then use Auth::login($user)directly to bypass any checking of a password in the traditional sense.
但是,如果您不能真正看到创建自己的提供程序只是为了撤消 Laravel 所做的假设的意义,那么只需在您的 User 模型中实现上述这些方法(唯一标识符getAuthIdentifier和空白字符串或没有返回值getAuthPassword)和使用您自己的方法从数据库中检索用户,然后Auth::login($user)直接使用绕过任何传统意义上的密码检查。
回答by Djuki
To log in user without a password in Laravel 4. You just need to call method login.
在 Laravel 4 中不用密码登录用户login。你只需要调用方法。
Auth::login($user);
Auth::login($user);
This method will log in your user without any credential check.
此方法将在没有任何凭据检查的情况下登录您的用户。
If you need to check the credentials in other hand, this method which will check the credentials.
如果您需要检查凭据,则此方法将检查凭据。
Auth::attempt(array('email' => $email, 'password' => $password), true);
Auth::attempt(array('email' => $email, 'password' => $password), true);
回答by Kiren Siva
This is a hack and may help in the case of debugging.
这是一个 hack,可能有助于调试。
In Laravel 5 refer the file /vendor\laravel\framework\src\Illuminate\Auth\EloquentUserProvider.phpand its member function validateCredentials. Here they are checking the password is existing against the user (email, username or what ever). You can simply return trueif you want to bypass the credential checking.
在 Laravel 5 中引用文件/vendor\laravel\framework\src\Illuminate\Auth\EloquentUserProvider.php及其成员函数validateCredentials。在这里,他们正在检查用户的密码是否存在(电子邮件、用户名或其他任何内容)。return true如果您想绕过凭证检查,您可以简单地。
/**
* Validate a user against the given credentials.
*
* @param \Illuminate\Contracts\Auth\Authenticatable $user
* @param array $credentials
* @return bool
*/
public function validateCredentials(UserContract $user, array $credentials)
{
// return true; // this will bypass the password checking.
$plain = $credentials['password'];
return $this->hasher->check($plain, $user->getAuthPassword());
}
回答by The Alpha
Actually the functions in your models are:
实际上,您模型中的功能是:
public function getAuthIdentifier()
{
return $this->steam_community_id;
}
public function getAuthPassword()
{
return $this->password;
}
These are mutable and by default, getAuthIdentifierthe idprimary key from your authuserstable setup in the app/config/auth.phpfile and you may change the table (also model) for authdriver to be used for user authentication. So, if you have userstable and Usermodel then it's fine, make sure the primary key in your users table is idand if that's different than idthen here in this function return that field instead, if it's for example some_idthen return some_idinstead.
这些是可变的,默认情况下是文件中设置的表中getAuthIdentifier的id主键,您可以更改用于用户身份验证的驱动程序的表(也是模型)。因此,如果您有表和模型,那么就可以了,请确保用户表中的主键是,如果与此函数中的主键不同,则返回该字段,例如,如果是,则返回。authusersapp/config/auth.phpauthusersUserididsome_idsome_id
The getAuthPasswordmethod returns the passwordfield by default and if you want to change the password field with anything else for example some_tokenthen return the some_tokeninstead of password likereturn $this->passwordField;and here use the passwordFieldas your password. This lets you set your password filed, the field you set will be used to authenticate the user.
该getAuthPassword方法password默认返回该字段,如果您想使用其他任何内容更改密码字段,some_token则返回some_token而不是password like返回$this->passwordField;并在此处使用passwordField作为您的password. 这允许您设置密码字段,您设置的字段将用于对用户进行身份验证。
For password filed, make sure you use a mutatormethod to encriptthe field when saving.
对于密码归档,请确保在保存时对该字段使用mutator方法encript。
