David A. Windham
david
/
laravel
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

continuing to refactor auth remembrance.

Taylor Otwell 13 years ago
parent
e6f84bffd4
commit
1b057c2854
2 changed files with 49 additions and 10 deletions
Split View Show Diff Stats
  1. 19 2
      application/config/auth.php
  2. 30 8
      laravel/security/auth.php

+ 19 - 2
application/config/auth.php
View File 

@@ -2,6 +2,23 @@
 
 
 return array(
 
 
+	/*
 
+	|--------------------------------------------------------------------------
 
+	| Authentication Username
 
+	|--------------------------------------------------------------------------
 
+	|
 
+	} This option should be set to the "username" property of your users.
 
+	| Typically, this will be set to "email" or "username".
 
+	|
 
+	| The value of this property will be used by the "attempt" closure when
 
+	| searching for users by their username. It will also be used when the
 
+	| user is set to be "remembered", as the username is embedded into the
 
+	| encrypted cookie and is used to verify the user's identity.
 
+	|
 
+	*/
 
+
 
+	'username' => 'email',
 
+
 
 	/*
 
 	|--------------------------------------------------------------------------
 
 	| Retrieve The Current User
 
@@ -43,9 +60,9 @@ return array(
 
 	|
 
 	*/
 
 
-	'attempt' => function($username, $password)
 
+	'attempt' => function($username, $password, $config)
 
 	{
 
-		if ( ! is_null($user = User::where('email', '=', $username)->first()))
 
+		if ( ! is_null($user = User::where($config['username'], '=', $username)->first()))
 
 		{
 
 			if (Hasher::check($password, $user->password)) return $user;
 
 		}

+ 30 - 8
laravel/security/auth.php
View File 

@@ -65,18 +65,38 @@ class Auth {
 
 		// cookie value by the "remember" method.
 
 		if (is_null(static::$user) and ! is_null($cookie = Cookie::get(Auth::remember_key)))
 
 		{
 
-			// The decrypted value of the remember cookie should look like {id}|{random}.
 
-			// We will extract out the ID and pass it to the "user" closure to attempt
 
-			// to login the user. If a user is returned, their ID will be stored in
 
-			// the session like normal and they will be considered logged in.
 
-			$id = substr(Crypter::decrypt($cookie), 0, strpos($cookie, '|'));
 
-
 
-			if ( ! is_null($user = call_user_func(Config::get('auth.user'), $id))) static::login($user);
 
+			static::$user = static::recall($cookie);
 
 		}
 
 
 		return static::$user;
 
 	}
 
 
+	/**
 
+	 * Attempt to login a user based on a long-lived "remember me" cookie.
 
+	 *
 
+	 * @param  string  $cookie
 
+	 * @return mixed
 
+	 */
 
+	protected static function recall($cookie)
 
+	{
 
+		// The decrypted value of the remember cookie contains the ID and username.
 
+		// We will extract them out and pass the ID to the "user" closure to attempt
 
+		// to login the user. If a user is returned, their ID will be stored in
 
+		// the session like normal and the user will be considered logged in.
 
+		$cookie = explode('|', $cookie);
 
+
 
+		if (count($cookie) < 2) return;
 
+
 
+		list($id, $username) = array($cookie[0], $cookie[1]);
 
+
 
+		if ( ! is_null($user = call_user_func(Config::get('auth.user'), $id)) and $user->{Config::get('auth.username')} === $username)
 
+		{
 
+			static::login($user);
 
+		}
 
+
 
+		return $user;
 
+	}
 
+
 
 	/**
 
 	 * Attempt to log a user into the application.
 
 	 *
 
@@ -95,7 +115,9 @@ class Auth {
 
 	 */
 
 	public static function attempt($username, $password = null, $remember = false)
 
 	{
 
-		if ( ! is_null($user = call_user_func(Config::get('auth.attempt'), $username, $password)))
 
+		$config = Config::get('auth');
 
+
 
+		if ( ! is_null($user = call_user_func($config['attempt'], $username, $password, $config)))
 
 		{
 
 			static::login($user, $remember);