mirror of
https://github.com/yiisoft/yii2.git
synced 2025-08-13 22:06:51 +08:00
Docs regarding Security component usage updated.
This commit is contained in:
Klimov Paul
@ -350,7 +350,6 @@ Yii 2.0 introduce muchos helpers estáticos comúnmente utilizados, incluyendo:
|
|||||||
* [[yii\helpers\StringHelper]]
|
* [[yii\helpers\StringHelper]]
|
||||||
* [[yii\helpers\FileHelper]]
|
* [[yii\helpers\FileHelper]]
|
||||||
* [[yii\helpers\Json]]
|
* [[yii\helpers\Json]]
|
||||||
* [[yii\helpers\Security]]
|
|
||||||
|
|
||||||
Por favor, consulta la sección [Información General de Helpers](helper-overview.md) para más detalles.
|
Por favor, consulta la sección [Información General de Helpers](helper-overview.md) para más detalles.
|
||||||
|
|
||||||
|
|||||||
@ -348,7 +348,6 @@ Yii 2.0 introduit de nombreuses assistants couramment utilisés, sous la forme d
|
|||||||
* [[yii\helpers\StringHelper]]
|
* [[yii\helpers\StringHelper]]
|
||||||
* [[yii\helpers\FileHelper]]
|
* [[yii\helpers\FileHelper]]
|
||||||
* [[yii\helpers\Json]]
|
* [[yii\helpers\Json]]
|
||||||
* [[yii\helpers\Security]]
|
|
||||||
|
|
||||||
Merci de lire la partie [Assistants](helper-overview.md) pour plus de détails.
|
Merci de lire la partie [Assistants](helper-overview.md) pour plus de détails.
|
||||||
|
|
||||||
|
|||||||
@ -398,7 +398,6 @@ O Yii 2.0 introduz muitas classes de helper estáticas comumente usadas, incluin
|
|||||||
* [[yii\helpers\StringHelper]]
|
* [[yii\helpers\StringHelper]]
|
||||||
* [[yii\helpers\FileHelper]]
|
* [[yii\helpers\FileHelper]]
|
||||||
* [[yii\helpers\Json]]
|
* [[yii\helpers\Json]]
|
||||||
* [[yii\helpers\Security]]
|
|
||||||
|
|
||||||
Por favor consulte a seção [Visão Geral](helper-overview.md) dos helpers para mais detalhes.
|
Por favor consulte a seção [Visão Geral](helper-overview.md) dos helpers para mais detalhes.
|
||||||
|
|
||||||
|
|||||||
@ -344,7 +344,6 @@ public function behaviors()
|
|||||||
* [[yii\helpers\StringHelper]]
|
* [[yii\helpers\StringHelper]]
|
||||||
* [[yii\helpers\FileHelper]]
|
* [[yii\helpers\FileHelper]]
|
||||||
* [[yii\helpers\Json]]
|
* [[yii\helpers\Json]]
|
||||||
* [[yii\helpers\Security]]
|
|
||||||
|
|
||||||
Более детальная информация представлена в разделе [Хелперы](helper-overview.md).
|
Более детальная информация представлена в разделе [Хелперы](helper-overview.md).
|
||||||
|
|
||||||
|
|||||||
@ -317,7 +317,6 @@ Yii 2.0 很多常用的静态助手类,包括:
|
|||||||
* [[yii\helpers\StringHelper]]
|
* [[yii\helpers\StringHelper]]
|
||||||
* [[yii\helpers\FileHelper]]
|
* [[yii\helpers\FileHelper]]
|
||||||
* [[yii\helpers\Json]]
|
* [[yii\helpers\Json]]
|
||||||
* [[yii\helpers\Security]]
|
|
||||||
|
|
||||||
请参考 [助手一览](helper-overview.md) 章节来了解更多。
|
请参考 [助手一览](helper-overview.md) 章节来了解更多。
|
||||||
|
|
||||||
|
|||||||
@ -349,7 +349,6 @@ Yii 2.0 introduces many commonly used static helper classes, including.
|
|||||||
* [[yii\helpers\StringHelper]]
|
* [[yii\helpers\StringHelper]]
|
||||||
* [[yii\helpers\FileHelper]]
|
* [[yii\helpers\FileHelper]]
|
||||||
* [[yii\helpers\Json]]
|
* [[yii\helpers\Json]]
|
||||||
* [[yii\helpers\Security]]
|
|
||||||
|
|
||||||
Please refer to the [Helper Overview](helper-overview.md) section for more details.
|
Please refer to the [Helper Overview](helper-overview.md) section for more details.
|
||||||
|
|
||||||
|
|||||||
@ -65,14 +65,14 @@ class User extends ActiveRecord implements IdentityInterface
|
|||||||
```
|
```
|
||||||
|
|
||||||
Two of the outlined methods are simple: `findIdentity` is provided with an ID value and returns a model instance associated with that ID. The `getId` method returns the ID itself.
|
Two of the outlined methods are simple: `findIdentity` is provided with an ID value and returns a model instance associated with that ID. The `getId` method returns the ID itself.
|
||||||
Two of the other methods--`getAuthKey` and `validateAuthKey`--are used to provide extra security to the "remember me" cookie. The `getAuthKey` method should return a string that is unique for each user. You can create reliably create a unique string using `Security::generateRandomKey()`. It's a good idea to also save this as part of the user's record:
|
Two of the other methods--`getAuthKey` and `validateAuthKey`--are used to provide extra security to the "remember me" cookie. The `getAuthKey` method should return a string that is unique for each user. You can create reliably create a unique string using `Yii::$app->getSecurity()->generateRandomKey()`. It's a good idea to also save this as part of the user's record:
|
||||||
|
|
||||||
```php
|
```php
|
||||||
public function beforeSave($insert)
|
public function beforeSave($insert)
|
||||||
{
|
{
|
||||||
if (parent::beforeSave($insert)) {
|
if (parent::beforeSave($insert)) {
|
||||||
if ($this->isNewRecord) {
|
if ($this->isNewRecord) {
|
||||||
$this->auth_key = Security::generateRandomKey();
|
$this->auth_key = Yii::$app->getSecurity()->generateRandomKey();
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -17,7 +17,7 @@ When a user provides a password for the first time (e.g., upon registration), th
|
|||||||
|
|
||||||
|
|
||||||
```php
|
```php
|
||||||
$hash = \yii\helpers\Security::generatePasswordHash($password);
|
$hash = \yii\helpers\Yii::$app->getSecurity()->generatePasswordHash($password);
|
||||||
```
|
```
|
||||||
|
|
||||||
The hash can then be associated with the corresponding model attribute, so it can be stored in the database for later use.
|
The hash can then be associated with the corresponding model attribute, so it can be stored in the database for later use.
|
||||||
@ -26,8 +26,7 @@ When a user attempts to log in, the submitted password must be verified against
|
|||||||
|
|
||||||
|
|
||||||
```php
|
```php
|
||||||
use yii\helpers\Security;
|
if (Yii::$app->getSecurity()->validatePassword($password, $hash)) {
|
||||||
if (Security::validatePassword($password, $hash)) {
|
|
||||||
// all good, logging user in
|
// all good, logging user in
|
||||||
} else {
|
} else {
|
||||||
// wrong password
|
// wrong password
|
||||||
@ -43,7 +42,7 @@ Yii security helper makes generating pseudorandom data simple:
|
|||||||
|
|
||||||
|
|
||||||
```php
|
```php
|
||||||
$key = \yii\helpers\Security::generateRandomKey();
|
$key = \yii\helpers\Yii::$app->getSecurity()->generateRandomKey();
|
||||||
```
|
```
|
||||||
|
|
||||||
Note that you need to have the `openssl` extension installed in order to generate cryptographically secure random data.
|
Note that you need to have the `openssl` extension installed in order to generate cryptographically secure random data.
|
||||||
@ -57,7 +56,7 @@ For example, we need to store some information in our database but we need to ma
|
|||||||
|
|
||||||
```php
|
```php
|
||||||
// $data and $secretKey are obtained from the form
|
// $data and $secretKey are obtained from the form
|
||||||
$encryptedData = \yii\helpers\Security::encrypt($data, $secretKey);
|
$encryptedData = \yii\helpers\Yii::$app->getSecurity()->encrypt($data, $secretKey);
|
||||||
// store $encryptedData to database
|
// store $encryptedData to database
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -65,7 +64,7 @@ Subsequently when user wants to read the data:
|
|||||||
|
|
||||||
```php
|
```php
|
||||||
// $secretKey is obtained from user input, $encryptedData is from the database
|
// $secretKey is obtained from user input, $encryptedData is from the database
|
||||||
$data = \yii\helpers\Security::decrypt($encryptedData, $secretKey);
|
$data = \yii\helpers\Yii::$app->getSecurity()->decrypt($encryptedData, $secretKey);
|
||||||
```
|
```
|
||||||
|
|
||||||
Confirming data integrity
|
Confirming data integrity
|
||||||
@ -78,14 +77,14 @@ Prefix the data with a hash generated from the secret key and data
|
|||||||
|
|
||||||
```php
|
```php
|
||||||
// $secretKey our application or user secret, $genuineData obtained from a reliable source
|
// $secretKey our application or user secret, $genuineData obtained from a reliable source
|
||||||
$data = \yii\helpers\Security::hashData($genuineData, $secretKey);
|
$data = \yii\helpers\Yii::$app->getSecurity()->hashData($genuineData, $secretKey);
|
||||||
```
|
```
|
||||||
|
|
||||||
Checks if the data integrity has been compromised
|
Checks if the data integrity has been compromised
|
||||||
|
|
||||||
```php
|
```php
|
||||||
// $secretKey our application or user secret, $data obtained from an unreliable source
|
// $secretKey our application or user secret, $data obtained from an unreliable source
|
||||||
$data = \yii\helpers\Security::validateData($data, $secretKey);
|
$data = \yii\helpers\Yii::$app->getSecurity()->validateData($data, $secretKey);
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -69,18 +69,16 @@ After you set all needed fields in callback, you need to return $fixture array b
|
|||||||
Another example of valid template:
|
Another example of valid template:
|
||||||
|
|
||||||
```php
|
```php
|
||||||
use yii\helpers\Security;
|
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'name' => 'firstName',
|
'name' => 'firstName',
|
||||||
'phone' => 'phoneNumber',
|
'phone' => 'phoneNumber',
|
||||||
'city' => 'city',
|
'city' => 'city',
|
||||||
'password' => function ($fixture, $faker, $index) {
|
'password' => function ($fixture, $faker, $index) {
|
||||||
$fixture['password'] = Security::generatePasswordHash('password_' . $index);
|
$fixture['password'] = Yii::$app->getSecurity()->generatePasswordHash('password_' . $index);
|
||||||
return $fixture;
|
return $fixture;
|
||||||
},
|
},
|
||||||
'auth_key' => function ($fixture, $faker, $index) {
|
'auth_key' => function ($fixture, $faker, $index) {
|
||||||
$fixture['auth_key'] = Security::generateRandomKey();
|
$fixture['auth_key'] = Yii::$app->getSecurity()->generateRandomKey();
|
||||||
return $fixture;
|
return $fixture;
|
||||||
},
|
},
|
||||||
];
|
];
|
||||||
|
|||||||
Reference in New Issue
Block a user