Authentication is the process of verifying the identity of a user. It usually uses an identifier (e.g. a username or an email address) and a secret token (e.g. a password or an access token) to judge if the user is the one whom he claims as. Authentication is the basis of the login feature.
Yii provides an authentication framework which wires up various components to support login. To use this framework, you mainly need to do the following work:
The user application component manages the user authentication status. It requires you to specify an identity class which contains the actual authentication logic. In the following application configuration, the identity class for user is configured to be app\models\User whose implementation is explained in the next subsection:
return [
'components' => [
'user' => [
'identityClass' => 'app\models\User',
],
],
];
The identity class must implement the yii\web\IdentityInterface which contains the following methods:
If a particular method is not needed, you may implement it with an empty body. For example, if your application is a pure stateless RESTful application, you would only need to implement findIdentityByAccessToken() and getId() while leaving all other methods with an empty body. Or if your application uses session only authentication, you would need to implement all the methods except findIdentityByAccessToken().
In the following example, an identity class is implemented as an Active Record class associated with the user database table.
<?php
use yii\db\ActiveRecord;
use yii\web\IdentityInterface;
class User extends ActiveRecord implements IdentityInterface
{
public static function tableName()
{
return 'user';
}
public static function findIdentity($id)
{
return static::findOne($id);
}
public static function findIdentityByAccessToken($token, $type = null)
{
return static::findOne(['access_token' => $token]);
}
public function getId()
{
return $this->id;
}
public function getAuthKey()
{
return $this->auth_key;
}
public function validateAuthKey($authKey)
{
return $this->getAuthKey() === $authKey;
}
}
You may use the following code to generate an auth key for each user and then store it in the user table:
class User extends ActiveRecord implements IdentityInterface
{
......
public function beforeSave($insert)
{
if (parent::beforeSave($insert)) {
if ($this->isNewRecord) {
$this->auth_key = \Yii::$app->security->generateRandomString();
}
return true;
}
return false;
}
}
Using yii\web\User ¶Note: Do not confuse the
Useridentity class with yii\web\User. The former is the class implementing the authentication logic. It is often implemented as an Active Record class associated with some persistent storage for storing the user credential information. The latter is an application component class responsible for managing the user authentication state.
You mainly use yii\web\User in terms of the user application component.
You can detect the identity of the current user using the expression Yii::$app->user->identity. It returns an instance of the identity class representing the currently logged-in user, or null if the current user is not authenticated (meaning a guest). The following code shows how to retrieve other authentication-related information from yii\web\User:
$identity = Yii::$app->user->identity;
$id = Yii::$app->user->id;
$isGuest = Yii::$app->user->isGuest;
To login a user, you may use the following code:
$identity = User::findOne(['username' => $username]);
Yii::$app->user->login($identity);
The yii\web\User::login() method sets the identity of the current user to the yii\web\User. If session is enabled, it will keep the identity in the session so that the user authentication status is maintained throughout the whole session. If cookie-based login (i.e. "remember me" login) is enabled, it will also save the identity in a cookie so that the user authentication status can be recovered from the cookie as long as the cookie remains valid.
In order to enable cookie-based login, you need to configure yii\web\User::$enableAutoLogin to be true in the application configuration. You also need to provide a duration time parameter when calling the yii\web\User::login() method.
To logout a user, simply call
Yii::$app->user->logout();
Note that logging out a user is only meaningful when session is enabled. The method will clean up the user authentication status from both memory and session. And by default, it will also destroy all user session data. If you want to keep the session data, you should call Yii::$app->user->logout(false), instead.
The yii\web\User class raises a few events during the login and logout processes.
false, the login process will be cancelled.false, the logout process will be cancelled.You may respond to these events to implement features such as login audit, online user statistics. For example, in the handler for EVENT_AFTER_LOGIN, you may record the login time and IP address in the user table.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4