Help us understand the problem. What is going on with this article?

Laravel3認証のカスタムドライバーを作ってみた

More than 5 years have passed since last update.

認証ドライバーの拡張方法はドキュメントにタイトルだけ有って、本文がないので焦ったんですが
ここを参考にしたらサクッと出来たのでメモ的に残しときます。

Eloquentドライバーを元に拡張

laravel/auth/drivers/eloquent.phpをコピーして、
application/libraries/sha1.phpを作ります。

application/libraries/sha1.php
-<?php namespace Laravel\Auth\Drivers; use Laravel\Hash, Laravel\Config;
+<?php
-class Eloquent extends Driver {
+class Sha1 extends \Laravel\Auth\Drivers\Eloquent {

    /**
     * Get the current user of the application.
     *
     * If the user is a guest, null should be returned.
     *
     * @param  int|object  $token
     * @return mixed|null
     */
    public function retrieve($token)
    {
        // We return an object here either if the passed token is an integer (ID)
        // or if we are passed a model object of the correct type
        if (filter_var($token, FILTER_VALIDATE_INT) !== false)
        {
            return $this->model()->find($token);
        }
        else if (is_object($token) and get_class($token) == Config::get('auth.model'))
        {
            return $token;
        }
    }

    /**
     * Attempt to log a user into the application.
     *
     * @param  array $arguments
     * @return void
     */
    public function attempt($arguments = array())
    {
        $user = $this->model()->where(function($query) use($arguments)
        {
            $username = Config::get('auth.username');

            $query->where($username, '=', $arguments['username']);

            foreach(array_except($arguments, array('username', 'password', 'remember')) as $column => $val)
            {
                $query->where($column, '=', $val);
            }
        })->first();

        // If the credentials match what is in the database we will just
        // log the user into the application and remember them if asked.
        $password = $arguments['password'];

        $password_field = Config::get('auth.password', 'password');

-       if ( ! is_null($user) and Hash::check($password, $user->{$password_field}))
+       if ( ! is_null($user) and self::checkPassword($password, $user->{$password_field}))
        {
            return $this->login($user->get_key(), array_get($arguments, 'remember'));
        }

        return false;
    }

    /**
     * Get a fresh model instance.
     *
     * @return Eloquent
     */
    protected function model()
    {
        $model = Config::get('auth.model');

        return new $model;
    }

+    protected static function checkPassword($password, $hash){
+        return sha1($password) === $hash;
+    }
}

eloquent.phpではハッシュ化周りをもともとHash::check()メソッドでチェックしていたのをsha1()のみでチェックするようにします。
実際にはsha1()だけってのはNGで、ソルト値も使ったり、なんやかんやすると思うんですが、わかりやすさを優先しています。めんどくさい訳ではないです。

Userモデルのハッシュ化方法の変更

ここも上記と同様にsha1()を使います。

application/models/user.php
class User extends Eloquent {

    public static $timestamps = true;

    public function set_password($password)
    {
-        $this->set_attribute('password', Hash::make($password));
+        $this->set_attribute('password', sha1($password));
    }
}

Laravelにドライバーを教える

application/config/auth.php
return array(

-   'driver' => 'eloquent',
+   'driver' => 'sha1',

    'username' => 'username',
application/start.php
+Auth::extend('sha1', function()
+{
+    return new Sha1;
+});

これでOK!

おわり

niikunihiro
プログラミング ≦ 筋トレ
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away