mirror of
https://github.com/yiisoft/yii2.git
synced 2025-08-06 14:19:23 +08:00
Docs regarding Security component usage updated.
This commit is contained in:
Klimov Paul
@ -350,7 +350,6 @@ Yii 2.0 introduce muchos helpers estáticos comúnmente utilizados, incluyendo:
|
||||
* [[yii\helpers\StringHelper]]
|
||||
* [[yii\helpers\FileHelper]]
|
||||
* [[yii\helpers\Json]]
|
||||
* [[yii\helpers\Security]]
|
||||
|
||||
Por favor, consulta la sección [Información General de Helpers](helper-overview.md) para más detalles.
|
||||
|
||||
|
||||
@ -348,7 +348,6 @@ Yii 2.0 introduit de nombreuses assistants couramment utilisés, sous la forme d
|
||||
* [[yii\helpers\StringHelper]]
|
||||
* [[yii\helpers\FileHelper]]
|
||||
* [[yii\helpers\Json]]
|
||||
* [[yii\helpers\Security]]
|
||||
|
||||
Merci de lire la partie [Assistants](helper-overview.md) pour plus de détails.
|
||||
|
||||
|
||||
@ -398,7 +398,6 @@ O Yii 2.0 introduz muitas classes de helper estáticas comumente usadas, incluin
|
||||
* [[yii\helpers\StringHelper]]
|
||||
* [[yii\helpers\FileHelper]]
|
||||
* [[yii\helpers\Json]]
|
||||
* [[yii\helpers\Security]]
|
||||
|
||||
Por favor consulte a seção [Visão Geral](helper-overview.md) dos helpers para mais detalhes.
|
||||
|
||||
|
||||
@ -344,7 +344,6 @@ public function behaviors()
|
||||
* [[yii\helpers\StringHelper]]
|
||||
* [[yii\helpers\FileHelper]]
|
||||
* [[yii\helpers\Json]]
|
||||
* [[yii\helpers\Security]]
|
||||
|
||||
Более детальная информация представлена в разделе [Хелперы](helper-overview.md).
|
||||
|
||||
|
||||
@ -317,7 +317,6 @@ Yii 2.0 很多常用的静态助手类,包括:
|
||||
* [[yii\helpers\StringHelper]]
|
||||
* [[yii\helpers\FileHelper]]
|
||||
* [[yii\helpers\Json]]
|
||||
* [[yii\helpers\Security]]
|
||||
|
||||
请参考 [助手一览](helper-overview.md) 章节来了解更多。
|
||||
|
||||
|
||||
@ -349,7 +349,6 @@ Yii 2.0 introduces many commonly used static helper classes, including.
|
||||
* [[yii\helpers\StringHelper]]
|
||||
* [[yii\helpers\FileHelper]]
|
||||
* [[yii\helpers\Json]]
|
||||
* [[yii\helpers\Security]]
|
||||
|
||||
Please refer to the [Helper Overview](helper-overview.md) section for more details.
|
||||
|
||||
|
||||
@ -65,14 +65,14 @@ class User extends ActiveRecord implements IdentityInterface
|
||||
```
|
||||
|
||||
Two of the outlined methods are simple: `findIdentity` is provided with an ID value and returns a model instance associated with that ID. The `getId` method returns the ID itself.
|
||||
Two of the other methods--`getAuthKey` and `validateAuthKey`--are used to provide extra security to the "remember me" cookie. The `getAuthKey` method should return a string that is unique for each user. You can create reliably create a unique string using `Security::generateRandomKey()`. It's a good idea to also save this as part of the user's record:
|
||||
Two of the other methods--`getAuthKey` and `validateAuthKey`--are used to provide extra security to the "remember me" cookie. The `getAuthKey` method should return a string that is unique for each user. You can create reliably create a unique string using `Yii::$app->getSecurity()->generateRandomKey()`. It's a good idea to also save this as part of the user's record:
|
||||
|
||||
```php
|
||||
public function beforeSave($insert)
|
||||
{
|
||||
if (parent::beforeSave($insert)) {
|
||||
if ($this->isNewRecord) {
|
||||
$this->auth_key = Security::generateRandomKey();
|
||||
$this->auth_key = Yii::$app->getSecurity()->generateRandomKey();
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -17,7 +17,7 @@ When a user provides a password for the first time (e.g., upon registration), th
|
||||
|
||||
|
||||
```php
|
||||
$hash = \yii\helpers\Security::generatePasswordHash($password);
|
||||
$hash = \yii\helpers\Yii::$app->getSecurity()->generatePasswordHash($password);
|
||||
```
|
||||
|
||||
The hash can then be associated with the corresponding model attribute, so it can be stored in the database for later use.
|
||||
@ -26,8 +26,7 @@ When a user attempts to log in, the submitted password must be verified against
|
||||
|
||||
|
||||
```php
|
||||
use yii\helpers\Security;
|
||||
if (Security::validatePassword($password, $hash)) {
|
||||
if (Yii::$app->getSecurity()->validatePassword($password, $hash)) {
|
||||
// all good, logging user in
|
||||
} else {
|
||||
// wrong password
|
||||
@ -43,7 +42,7 @@ Yii security helper makes generating pseudorandom data simple:
|
||||
|
||||
|
||||
```php
|
||||
$key = \yii\helpers\Security::generateRandomKey();
|
||||
$key = \yii\helpers\Yii::$app->getSecurity()->generateRandomKey();
|
||||
```
|
||||
|
||||
Note that you need to have the `openssl` extension installed in order to generate cryptographically secure random data.
|
||||
@ -57,7 +56,7 @@ For example, we need to store some information in our database but we need to ma
|
||||
|
||||
```php
|
||||
// $data and $secretKey are obtained from the form
|
||||
$encryptedData = \yii\helpers\Security::encrypt($data, $secretKey);
|
||||
$encryptedData = \yii\helpers\Yii::$app->getSecurity()->encrypt($data, $secretKey);
|
||||
// store $encryptedData to database
|
||||
```
|
||||
|
||||
@ -65,7 +64,7 @@ Subsequently when user wants to read the data:
|
||||
|
||||
```php
|
||||
// $secretKey is obtained from user input, $encryptedData is from the database
|
||||
$data = \yii\helpers\Security::decrypt($encryptedData, $secretKey);
|
||||
$data = \yii\helpers\Yii::$app->getSecurity()->decrypt($encryptedData, $secretKey);
|
||||
```
|
||||
|
||||
Confirming data integrity
|
||||
@ -78,14 +77,14 @@ Prefix the data with a hash generated from the secret key and data
|
||||
|
||||
```php
|
||||
// $secretKey our application or user secret, $genuineData obtained from a reliable source
|
||||
$data = \yii\helpers\Security::hashData($genuineData, $secretKey);
|
||||
$data = \yii\helpers\Yii::$app->getSecurity()->hashData($genuineData, $secretKey);
|
||||
```
|
||||
|
||||
Checks if the data integrity has been compromised
|
||||
|
||||
```php
|
||||
// $secretKey our application or user secret, $data obtained from an unreliable source
|
||||
$data = \yii\helpers\Security::validateData($data, $secretKey);
|
||||
$data = \yii\helpers\Yii::$app->getSecurity()->validateData($data, $secretKey);
|
||||
```
|
||||
|
||||
|
||||
|
||||
@ -69,18 +69,16 @@ After you set all needed fields in callback, you need to return $fixture array b
|
||||
Another example of valid template:
|
||||
|
||||
```php
|
||||
use yii\helpers\Security;
|
||||
|
||||
return [
|
||||
'name' => 'firstName',
|
||||
'phone' => 'phoneNumber',
|
||||
'city' => 'city',
|
||||
'password' => function ($fixture, $faker, $index) {
|
||||
$fixture['password'] = Security::generatePasswordHash('password_' . $index);
|
||||
$fixture['password'] = Yii::$app->getSecurity()->generatePasswordHash('password_' . $index);
|
||||
return $fixture;
|
||||
},
|
||||
'auth_key' => function ($fixture, $faker, $index) {
|
||||
$fixture['auth_key'] = Security::generateRandomKey();
|
||||
$fixture['auth_key'] = Yii::$app->getSecurity()->generateRandomKey();
|
||||
return $fixture;
|
||||
},
|
||||
];
|
||||
|
||||
Reference in New Issue
Block a user