some docs on Authentication

b3550192 · Alexander Makarov · 7e805864 · b3550192
Commit b3550192 authored Nov 01, 2013 by Alexander Makarov
Hide whitespace changes
Inline Side-by-side

Showing with 72 additions and 0 deletions

authentication.md docs/guide/authentication.md +72 -0

No files found.
--- a/docs/guide/authentication.md
+++ b/docs/guide/authentication.md
+Authentication
+==============
+
+Authentication is basically what happens when one is trying to sign in. Typically login and passwords are read from
+the form and then application checks if there's such user with such password.
+
+In Yii all this is done semi-automatically and what's left to developer is to implement [[\yii\web\IdentityInterface]].
+Typically it is being implemented in `User` model. You can find a full featured example in
+[advanced application template](installation.md). Below only interface methods are listed:
+
+```php
+class User extends ActiveRecord implements IdentityInterface
+{
+	// ...
+
+	/**
+	 * Finds an identity by the given ID.
+	 *
+	 * @param string|integer $id the ID to be looked for
+	 * @return IdentityInterface|null the identity object that matches the given ID.
+	 */
+	public static function findIdentity($id)
+	{
+		return static::find($id);
+	}
+
+	/**
+	 * @return int|string current user ID
+	 */
+	public function getId()
+	{
+		return $this->id;
+	}
+
+	/**
+	 * @return string current user auth key
+	 */
+	public function getAuthKey()
+	{
+		return $this->auth_key;
+	}
+
+	/**
+	 * @param string $authKey
+	 * @return boolean if auth key is valid for current user
+	 */
+	public function validateAuthKey($authKey)
+	{
+		return $this->getAuthKey() === $authKey;
+	}
+}
+```
+
+First two methods are simple. `findIdentity` given ID returns model instance while `getId` returns ID itself.
+`getAuthKey` and `validateAuthKey` are used to provide extra security to the "remember me" cookie.
+`getAuthKey` should return a string that is unique for each user. A good idea is to save this value when user is
+created using `Security::generateRandomKey()`:
+
+```php
+public function beforeSave($insert)
+{
+	if (parent::beforeSave($insert)) {
+		if ($this->isNewRecord) {
+			$this->auth_key = Security::generateRandomKey();
+		}
+		return true;
+	}
+	return false;
+}
+```
+
+`validateAuthKey` just compares `$authKey` passed as parameter (got from cookie) with the value got from database.