作为快速开发Laravel自带了Auth用户管理系统,如果传统的开发,目前的登陆系统就足够了,但是如果用于基于微信的应用的开发,缺少了账号密码的登陆方式,能不用适用呢,或者说能不能改造成适合基于微信的用户管理呢?下面我们就来探究一下这套机制


首先进入下载了的demo查看route路由配置

Route::auth();

封装了配置,具体配置在Illuminate\Routing\Router中

    public function auth()
    {
        // Authentication Routes...
        $this->get('login', 'Auth\AuthController@showLoginForm');
        $this->post('login', 'Auth\AuthController@login');
        $this->get('logout', 'Auth\AuthController@logout');

        // Registration Routes...
        $this->get('register', 'Auth\AuthController@showRegistrationForm');
        $this->post('register', 'Auth\AuthController@register');

        // Password Reset Routes...
        $this->get('password/reset/{token?}', 'Auth\PasswordController@showResetForm');
        $this->post('password/email', 'Auth\PasswordController@sendResetLinkEmail');
        $this->post('password/reset', 'Auth\PasswordController@reset');
    }

找到登录post提交的控制器

    Auth\AuthController@login

再进一步查找直到找到在trait文件AuthenticatesUsers中的login方法。trait是自 PHP 5.4.0 起,PHP 实现了一种代码复用的方法。后面我们在再研究。 接着查看login方法

public function login(Request $request)
    {
        $this->validateLogin($request);

        //判断使用该trait的类中有没有use ThrottlesLogins trait
        $throttles = $this->isUsingThrottlesLoginsTrait();
        if ($throttles && $lockedOut = $this->hasTooManyLoginAttempts($request)) {
            $this->fireLockoutEvent($request);

            return $this->sendLockoutResponse($request);
        }

        $credentials = $this->getCredentials($request);

        if (Auth::guard($this->getGuard())->attempt($credentials, $request->has('remember'))) {
            return $this->handleUserWasAuthenticated($request, $throttles);
        }//验证登陆及是否记住密码,重要的登陆步骤在这里

        if ($throttles && ! $lockedOut) {
            $this->incrementLoginAttempts($request);
        }

        return $this->sendFailedLoginResponse($request);
    }

所以要找到attempt方法查看具体的验证内容。 在Illuminate\Auth\SessionGuard类中我们发现以下

    public function attempt(array $credentials = [], $remember = false, $login = true)
    {
        $this->fireAttemptEvent($credentials, $remember, $login);

        //拿到当前登陆用户模型
        $this->lastAttempted = $user = $this->provider->retrieveByCredentials($credentials);
        //验证当然模型与拿到的证书。
        if ($this->hasValidCredentials($user, $credentials)) {
            if ($login) {
                $this->login($user, $remember);
                //验证成功后session有关的操作
            }

            return true;
        }

        // If the authentication attempt fails we will fire an event so that the user
        // may be notified of any suspicious attempts to access their account from
        // an unrecognized user. A developer may listen to this event as needed.
        if ($login) {
            $this->fireFailedEvent($user, $credentials);
        }

        return false;
    }

由上我们可以看到整个完整的登陆流程。