simplified hashing. re-worked the auth class for a little more flexibility.

9db8e1bb · Taylor Otwell · 7f2e1e9c · 9db8e1bb · 9db8e1bb · 9db8e1bb
Commit 9db8e1bb authored Sep 11, 2011 by Taylor Otwell
Hide whitespace changes
Inline Side-by-side

Showing with 69 additions and 116 deletions

application/config/auth.php
+37 -16

laravel/config/container.php
+2 -2

laravel/security/authenticator.php
+30 -58

laravel/security/hashing/hasher.php
+0 -40

No files found.
--- a/application/config/auth.php
+++ b/application/config/auth.php
@@ -4,41 +4,61 @@ return array(

 	/*
 	|--------------------------------------------------------------------------
-	| Retrieve Users By ID
+	| Retrieve The Current User
 	|--------------------------------------------------------------------------
 	|
-	| This method is called by the Auth::user() method when attempting to
-	| retrieve a user by their user ID, such as when retrieving a user by the
-	| user ID stored in the session.
+	| This closure is called by the Auth::user() method when attempting to
+	| retrieve a user by their ID stored in the session.
 	|
-	| You are free to change this method for your application however you wish.
+	| Simply return an object representing the user with the given ID. Or, if
+	| no user with the given ID is registered to use your application, you do
+	| not need to return anything.
+	|
+	| Of course, a simple, elegant authentication solution is already provided
+	| for you using Eloquent and the default Laravel hashing engine.
 	|
 	*/

-	'by_id' => function($id)
+	'user' => function($id)
 	{
-		return User::find($id);
+		if ( ! is_null($id)) return User::find($id);
 	},

 	/*
 	|--------------------------------------------------------------------------
-	| Retrieve Users By Username
+	| Authenticate User Credentials
 	|--------------------------------------------------------------------------
 	|
-	| This method is called by the Auth::check() method when attempting to
-	| retrieve a user by their username, such as when checking credentials
-	| received from a login form.
+	| This closure is called by the Auth::attempt() method when attempting to
+	| authenticate a user that is logging into your application.
 	|
-	| You are free to change this method for your application however you wish.
+	| If the provided credentials are correct, simply return an object that
+	| represents the user being authenticated. If the credentials are not
+	| valid, don't return anything.
 	|
-	| Note: This method must return an object that has "id" and "password"
-	|       properties. The type of object returned does not matter.
+	| Note: If a user object is returned, it must have an "id" property.
 	|
 	*/

-	'by_username' => function($username)
+	'attempt' => function($username, $password)
 	{
-		return User::where_email($username)->first();
+		if ( ! is_null($user = User::where('email', '=', $username)->first()))
+		{
+			if (Hasher::check($password, $user->password)) return $user;
+		}
 	},

+	/*
+	|--------------------------------------------------------------------------
+	| Logout
+	|--------------------------------------------------------------------------
+	|
+	| Here you may do anything that needs to be done when a user logs out of
+	| your application, such as call the logout method on a third-party API
+	| you are using for authentication, or anything else you desire.
+	|
+	*/
+
+	'logout' => function($id) {}
+
 );
\ No newline at end of file
--- a/laravel/config/container.php
+++ b/laravel/config/container.php
@@ -14,9 +14,9 @@ return array(
 	}),


-	'laravel.auth' => array('resolver' => function($container)
+	'laravel.auth' => array('singleton' => true, 'resolver' => function($container)
 	{
-		return new Security\Authenticator($container->resolve('laravel.session'), $container->resolve('laravel.hasher'));
+		return new Security\Authenticator($container->resolve('laravel.config'), $container->resolve('laravel.session'));
 	}),



--- a/laravel/security/authenticator.php
+++ b/laravel/security/authenticator.php
 <?php namespace Laravel\Security;

-use Laravel\IoC;
 use Laravel\Session\Driver;

 class Authenticator {
@@ -8,14 +7,9 @@ class Authenticator {
 	/**
 	 * The current user of the application.
 	 *
-	 * If no user is logged in, this will be NULL. Otherwise, it will contain the result
-	 * of the "by_id" closure in the authentication configuration file.
-	 *
-	 * Typically, the user should be accessed via the "user" method.
-	 *
 	 * @var object
 	 */
-	public $user;
+	protected $user;

 	/**
 	 * The session driver being used by the Auth instance.
@@ -25,30 +19,23 @@ class Authenticator {
 	protected $session;

 	/**
-	 * The hashing engine that should be used to perform hashing.
-	 *
-	 * @var Hashing\Engine
-	 */
-	protected $hasher;
-
-	/**
-	 * The key used to store the user ID in the session.
+	 * The configuration manager instance.
 	 *
-	 * @var string
+	 * @var Config
 	 */
-	protected static $key = 'laravel_user_id';
+	protected $engine;

 	/**
-	 * Create a new Auth class instance.
+	 * Create a new authenticator instance.
 	 *
-	 * @param  Session\Driver  $driver
-	 * @param  Hashing\Engine  $hasher
+	 * @param  Config          $config
+	 * @param  Session\Driver  $session
 	 * @return void
 	 */
-	public function __construct(Driver $driver, Hashing\Engine $hasher)
+	public function __construct(Config $config, Driver $session)
 	{
-		$this->hasher = $hasher;
-		$this->session = $driver;
+		$this->config = $config;
+		$this->session = $session;
 	}

 	/**
@@ -64,58 +51,43 @@ class Authenticator {
 	/**
 	 * Get the current user of the application.
 	 *
-	 * To retrieve the user, the user ID stored in the session will be passed to
-	 * the "by_id" closure in the authentication configuration file. The result
-	 * of the closure will be cached and returned.
+	 * If the current user is not authenticated, NULL will be returned.
 	 *
 	 * @return object
 	 */
 	public function user()
 	{
-		if (is_null($this->user) and $this->session->has(static::$key))
-		{
-			$this->user = call_user_func(Config::get('auth.by_id'), $this->session->get(static::$key));
-		}
+		if ( ! is_null($this->user)) return $this->user;

-		return $this->user;
+		return $this->user = call_user_func($this->config->get('auth.user'), $this->session->get('laravel_user_id'));
 	}

 	/**
-	 * Attempt to log a user into your application.
-	 *
-	 * If the user credentials are valid. The user's ID will be stored in the session and the
-	 * user will be considered "logged in" on subsequent requests to the application.
+	 * Attempt to log a user into the application.
 	 *
-	 * The password passed to the method should be plain text, as it will be hashed
-	 * by the Hash class when authenticating.
+	 * If the given credentials are valid, the user will be considered logged into the
+	 * application and their user ID will be stored in the session data.
 	 *
-	 * @param  string  $username
-	 * @param  string  $password
+	 * @param  string       $username
+	 * @param  string       $password
 	 * @return bool
 	 */
-	public function login($username, $password)
+	public function attempt($username, $password = null)
 	{
-		if ( ! is_null($user = call_user_func(Config::get('auth.by_username'), $username)))
+		if ( ! is_null($user = call_user_func($this->config->get('auth.attempt'), $username, $password)))
 		{
-			if ($this->hasher->check($password, $user->password))
-			{
-				$this->remember($user);
+			$this->remember($user);

-				return true;
-			}
+			return true;
 		}

 		return false;
 	}

 	/**
-	 * Log a user into your application.
+	 * Log a user into the application.
 	 *
-	 * The user's ID will be stored in the session and the user will be considered
-	 * "logged in" on subsequent requests to your application. This method is called
-	 * by the login method after determining a user's credentials are valid.
-	 *
-	 * Note: The user given to this method should be an object having an "id" property.
+	 * The user ID will be stored in the session so it is available on subsequent requests.
 	 *
 	 * @param  object  $user
 	 * @return void
@@ -124,22 +96,21 @@ class Authenticator {
 	{
 		$this->user = $user;

-		$this->session->put(static::$key, $user->id);
+		$this->session->put('laravel_user_id', $user->id);
 	}

 	/**
-	 * Log the user out of your application.
-	 *
-	 * The user ID will be removed from the session and the user will no longer
-	 * be considered logged in on subsequent requests to your application.
+	 * Log the current user out of the application.
 	 *
 	 * @return void
 	 */
 	public function logout()
 	{
+		call_user_func($this->config->get('auth.logout'), $this->user()->id);
+
 		$this->user = null;

-		$this->session->forget(static::$key);
+		$this->session->forget('laravel_user_id');
 	}

 }
\ No newline at end of file
--- a/laravel/security/hashing/hasher.php
+++ b/laravel/security/hashing/hasher.php
-<?php namespace Laravel\Security\Hashing;
-
-class Hasher {
-
-	/**
-	 * The hashing engine being used to perform the hashing.
-	 *
-	 * @var Hash\Engine
-	 */
-	protected $engine;
-
-	/**
-	 * Create a new Hasher instance.
-	 *
-	 * @param  Engine  $engine
-	 * @return void
-	 */
-	public function __construct(Engine $engine)
-	{
-		$this->engine = $engine
-	}
-
-	/**
-	 * Magic Method for delegating method calls to the hashing engine.
-	 */
-	public function __call($method, $parameters)
-	{
-		return call_user_func_array(array($this->engine, $method), $parameters);
-	}
-
-	/**
-	 * Magic Method for performing methods on the default hashing engine.
-	 */
-	public static function __callStatic($method, $parameters)
-	{
-		return call_user_func_array(array(static::make()->engine, $method), $parameters);
-	}
-
-}
\ No newline at end of file