Using Bcrypt Strategy For New Application #10
Comments
|
To understand how it works you need to understand how to work with the behaviors and read a thread Authorization. Let's see the my implementation here - https://github.com/airily/skeletonYiiApp/blob/master/protected/common/modules/users/models/User.php YiiPassword extension extracted into https://github.com/airily/skeletonYiiApp/tree/master/protected/common/modules/users/extensions/behaviors in behaviors public function behaviors() {
$pathToBehaviors = 'users.extensions.behaviors.';
\Yii::import($pathToBehaviors . 'password.*');
return array(
// Password behavior strategy
'APasswordBehavior' => array(
'class' => 'APasswordBehavior',
'defaultStrategyName' => 'bcrypt',
'strategies' => array(
'bcrypt' => array(
'class' => 'ABcryptPasswordStrategy',
'minLength' => 8,
),
),
)
);
}
in rules $passStrategy = get_class($this->getStrategy());
array('newPassword', $passStrategy, 'minLength' => $this->getStrategy()->minLength)
array('newPassword', $passStrategy, 'minLength' => $this->getStrategy()->minLength, 'on' => 'changePassword, register'),
The password for authentication here - https://github.com/airily/skeletonYiiApp/blob/master/protected/common/modules/users/components/UserIdentityComponent.php public function authenticate()
{
$user = User::model()->findByAttributes(array('username' => $this->username));
if ($user->verifyPassword($this->password)) {
$this->_id = $user->id;
return true;
}
$this->errorsValidation = $user->getErrors();
return false;
}
There is another implementation (from YiiBoilerplate) - https://github.com/clevertech/YiiBoilerplate/blob/master/common/models/User.php In a short time, update the file Readme. There will be a section as set behavior. |
|
ABcryptPasswordStrategyTest.php: <?php
Yii::import("application.components.passwordStrategy.*");
Yii::import("application.models.*");
/**
* Tests for the {@link ABcryptPasswordStrategy} class.
* @author Charles Pick
* @package packages.passwordStrategy
*/
class ABcryptPasswordStrategyTest extends CTestCase
{
public function testEncode()
{
$user=User::model()->findByAttributes(array('username'=>'user'));
$strategy = new ABcryptPasswordStrategy();
$strategy->getSalt(true);
$password = $strategy->encode("pass");
$user->password = $password;
$user->save();
$this->assertTrue($user->verifyPassword("pass"));
}
}Result: Why don't verify? |
|
Why don't verify? There are two reasons. public function verifyPassword($password)
{
$owner = $this->getOwner(); /* @var CActiveRecord $owner */
$strategy = $this->getStrategy();
if ($strategy === false) {
return false; // no strategy
}
if ($this->saltAttribute) {
$strategy->setSalt($owner->{$this->saltAttribute});
}
if (!$strategy->compare($password,$owner->{$this->passwordAttribute})) {
return false;
}
if ($this->autoUpgrade && $strategy->name != $this->defaultStrategyName) {
if (!$this->changePassword($password,!$strategy->canUpgradeTo($this->getDefaultStrategy()))) {
// couldn't upgrade their password, so ask them for a new password
$owner->saveAttributes(array(
$this->requireNewPasswordAttribute => true
));
}
}
return true;
}
|
|
Very excuseme, following is attributes values: I very well know you responded all my questions and also i very tried, however you have no idea after have seen the attributes values? |
|
every time you do $user->save(); the following code in https://github.com/phpnode/YiiPassword/blob/master/APasswordBehavior.php public function beforeSave($event)
{
$password = $event->sender->{$this->passwordAttribute};
if ($password != $this->_hashedPassword && $password != "") {
$this->changePasswordInternal($password);
}
elseif ($password == "" && $this->_hashedPassword != "") {
$event->sender->{$this->passwordAttribute} = $this->_hashedPassword;
}
}
In $this->changePasswordInternal($password); $owner->{$this->passwordAttribute} = $strategy->encode($password);
So code ($strategy->compare($password,$owner->{$this->passwordAttribute}))
will always return false, since you are using $password = $strategy->encode("pass"); once before. |
|
SOLVED, Very Thanks. <?php
Yii::import("application.components.passwordStrategy.*");
Yii::import("application.models.*");
/**
* Tests for the {@link ABcryptPasswordStrategy} class.
* @author Charles Pick
* @package packages.passwordStrategy
*/
class ABcryptPasswordStrategyTest extends CTestCase
{
public function testEncode()
{
$user=User::model()->findByAttributes(array('username'=>'user'));
$strategy = new ABcryptPasswordStrategy();
$strategy->getSalt(true);
$user->password = 'pass';
$user->save();
$this->assertTrue($user->verifyPassword("pass"));
}
} |
How to use Bcrypt strategy in new application?
This extension is useful, but i didn't still use it.
I open a topic on Stackoverflow:
http://stackoverflow.com/questions/15714387/yiipassword-extension-usage
I very tried any way, i want now you how to use this extension for your application? Mainly encode the user password and verify it at user-login.
The text was updated successfully, but these errors were encountered: