Authentication 身份认证
Authentication may be extended the same way as the cache and session facilities. Again, we will use the extend method we have become familiar with:
身份认证模块的扩展方式和缓存与会话的扩展方式一样:使用我们熟悉的 extend 方法就可以进行扩展:
Auth::extend('riak', function($app)
{
// Return implementation of Illuminate\Auth\UserProviderInterface
});
The UserProviderInterface implementations are only responsible for fetching a UserInterface implementation out of persistent storage system, such as MySQL, Riak, etc. These two interfaces allow the Laravel authentication mechanisms to continue functioning regardless of how the user data is stored or what type of class is used to represent it.
接口 UserProviderInterface 负责从各种持久化存储系统——如 MySQL,Riak 等——中获取数据,然后得到接口 UserInterface 的实现对象。有了这两个接口,Laravel 的身份认证机制就可以不用管用户数据是如何储存的、究竟哪个类来代表用户对象这种事儿,从而继续专注于身份认证本身的实现。
Let's take a look at the UserProviderInterface:
咱们来看一看 UserProviderInterface 接口的代码:
interface UserProviderInterface {
public function retrieveById($identifier);
public function retrieveByCredentials(array $credentials);
public function validateCredentials(UserInterface $user, array $credentials);
}
The retrieveById function typically receives a numeric key representing the user, such as an auto-incrementing ID from a MySQL database. The UserInterface implementation matching the ID should be retrieved and returned by the method.
方法 retrieveById 通常接受一个数字参数用来表示一个用户,比如 MySQL 数据库的自增 ID。该方法要找到匹配该 ID 的 UserInterface 的实现对象,并且将该对象返回。
The retrieveByCredentials method receives the array of credentials passed to the Auth::attempt method when attempting to sign into an application. The method should then "query" the underlying persistent storage for the user matching those credentials. Typically, this method will run a query with a "where" condition on $credentials['username']. This method should not attempt to do any password validation or authentication.
retrieveByCredentials 方法接受一个参数作为登录帐号。该参数是在尝试登录系统时从 Auth::attempt 方法传来的。那么该方法应该“查询”底层的持久化存储系统,来找到那些匹配到该帐号的用户。通常该方法会执行一个带有 “where” 条件的查询来匹配参数里的 $credentials['username']。该方法不应该做任何密码验证。
The validateCredentials method should compare the given $user with the $credentials to authenticate the user. For example, this method might compare the $user->getAuthPassword(); string to a Hash::make of $credentials['password'].
validateCredentials 方法会通过比较 $user 参数和 $credentials 参数来检测用户是否通过认证。比如,该方法会调用 $user->getAuthPassword(); 方法,将得到的字符串与 $credentials['password'] 经过 Hash::make 处理后的结果进行比对。
Now that we have explored each of the methods on the UserProviderInterface, let's take a look at the UserInterface. Remember, the provider should return implementations of this interface from the retrieveById and retrieveByCredentials methods:
现在我们探索了 UserProviderInterface 接口的每一个方法,接下来咱们看一看 UserInterface 接口。别忘了 UserInterface 的实例应当是 retrieveById 和 retrieveByCredentials 方法的返回值:
interface UserInterface {
public function getAuthIdentifier();
public function getAuthPassword();
}
This interface is simple. The getAuthIdentifier method should return the "primary key" of the user. In a MySQL back-end, again, this would be the auto-incrementing primary key. The getAuthPassword should return the user's hashed password. This interface allows the authentication system to work with any User class, regardless of what ORM or storage abstraction layer you are using. By default, Laravel includes a User class in the app/models directory which implements this interface, so you may consult this class for an implementation example.
这个接口很简单。 getAuthIdentifier 方法应当返回用户的“主键”。就像刚才提到的,在 MySQL 中可能就是自增主键了。getAuthPassword 方法应当返回经过散列处理的用户密码。有了这个接口,身份认证系统就可以不用关心用户类到底使用了什么ORM或者什么存储方式。Laravel 已经在 app/models 目录下,包含了一个默认的 User 类且实现了该接口。所以你可以参考这个类当例子。
Finally, once we have implemented the UserProviderInterface, we can ready to register our extension with the Auth facade:
当我们最后实现了 UserProviderInterface 接口后,我们可以将该扩展注册进Auth里面:
Auth::extend('riak', function($app)
{
return new RiakUserProvider($app['riak.connection']);
});
After you have registered the driver with the extend method, you switch to the new driver in your app/config/auth.php configuration file.
使用 extend 方法注册好驱动以后,你就可以在 app/config/auth.php 配置文件里面切换到新的驱动了。