Skip to content

S
syncEnrollments
Commit 1b057c28 authored by Taylor Otwell's avatar Taylor Otwell
Browse files
Options

continuing to refactor auth remembrance.

parent e6f84bff
Show whitespace changes
Inline Side-by-side
Showing with 49 additions and 10 deletions
application/config/auth.php
View file @ 1b057c28
...@@ -2,6 +2,23 @@ ...@@ -2,6 +2,23 @@
return array( return array(
/*
|--------------------------------------------------------------------------
| Authentication Username
|--------------------------------------------------------------------------
|
} This option should be set to the "username" property of your users.
| Typically, this will be set to "email" or "username".
|
| The value of this property will be used by the "attempt" closure when
| searching for users by their username. It will also be used when the
| user is set to be "remembered", as the username is embedded into the
| encrypted cookie and is used to verify the user's identity.
|
*/
'username' => 'email',
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Retrieve The Current User | Retrieve The Current User
...@@ -43,9 +60,9 @@ return array( ...@@ -43,9 +60,9 @@ return array(
| |
*/ */
'attempt' => function($username, $password) 'attempt' => function($username, $password, $config)
{ {
if ( ! is_null($user = User::where('email', '=', $username)->first())) if ( ! is_null($user = User::where($config['username'], '=', $username)->first()))
{ {
if (Hasher::check($password, $user->password)) return $user; if (Hasher::check($password, $user->password)) return $user;
} }
......
laravel/security/auth.php
View file @ 1b057c28
...@@ -65,16 +65,36 @@ class Auth { ...@@ -65,16 +65,36 @@ class Auth {
// cookie value by the "remember" method. // cookie value by the "remember" method.
if (is_null(static::$user) and ! is_null($cookie = Cookie::get(Auth::remember_key))) if (is_null(static::$user) and ! is_null($cookie = Cookie::get(Auth::remember_key)))
{ {
// The decrypted value of the remember cookie should look like {id}|{random}. static::$user = static::recall($cookie);
// We will extract out the ID and pass it to the "user" closure to attempt }
return static::$user;
}
/**
* Attempt to login a user based on a long-lived "remember me" cookie.
*
* @param string $cookie
* @return mixed
*/
protected static function recall($cookie)
{
// The decrypted value of the remember cookie contains the ID and username.
// We will extract them out and pass the ID to the "user" closure to attempt
// to login the user. If a user is returned, their ID will be stored in // to login the user. If a user is returned, their ID will be stored in
// the session like normal and they will be considered logged in. // the session like normal and the user will be considered logged in.
$id = substr(Crypter::decrypt($cookie), 0, strpos($cookie, '|')); $cookie = explode('|', $cookie);
if (count($cookie) < 2) return;
list($id, $username) = array($cookie[0], $cookie[1]);
if ( ! is_null($user = call_user_func(Config::get('auth.user'), $id))) static::login($user); if ( ! is_null($user = call_user_func(Config::get('auth.user'), $id)) and $user->{Config::get('auth.username')} === $username)
{
static::login($user);
} }
return static::$user; return $user;
} }
/** /**
...@@ -95,7 +115,9 @@ class Auth { ...@@ -95,7 +115,9 @@ class Auth {
*/ */
public static function attempt($username, $password = null, $remember = false) public static function attempt($username, $password = null, $remember = false)
{ {
if ( ! is_null($user = call_user_func(Config::get('auth.attempt'), $username, $password))) $config = Config::get('auth');
if ( ! is_null($user = call_user_func($config['attempt'], $username, $password, $config)))
{ {
static::login($user, $remember); static::login($user, $remember);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment