Yii Framework Forum: Identity And Auto Login - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Identity And Auto Login

#1 User is offline   Ben 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 270
  • Joined: 15-March 09

Posted 04 May 2013 - 07:54 AM

First, let me admit: I don't like auto login. So my my opinion on this might be biased... But still...

I think the possibility/ feature of logging in a user automatically doesn't have to do a lot with the concept and encapsulation of a user's identity. So any chance to separate those two things into two interfaces instead of combining them in one?

I know that auto login is a frequent requirement, so to come up to that, the default web app's user implementation could still implement both interfaces, user application component could still be configured to allow auto login. But it shouldn't be a must have.

Basically whenever you reuse an existing userbase that doesn't yet implement the concept of authKeys, you're left with a couple of choices:

  • set up additional storage to extend the existing user data -> a lot of extra work if I basically don't intend to use that feature.
  • don't implement authKey methods (empty dummy implementation/ throwing "not implemented" exception) -> Feels wrong. If it doesn't implement the whole interface, then it simply isn't an implementation of the interface. Can't be properly reused.
  • use the password as authKey -> Bad idea, isn't it?
  • use a hash function to generate authKey from existing persistent user data -> yep, this seems to work. But the again: if it can be done in such a generic way, then why implement it for each and every interface implementation? It could as well be one implementation of the "auto login interface", which could then be reused for all "user identity interface" implementations.

Don't like ads in my sig...
0

#2 User is offline   jacmoe 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 2,601
  • Joined: 10-October 10
  • Location:Denmark

Posted 04 May 2013 - 08:37 AM

This is really a topic for extensions to Yii, not Yii core, and especially not the demo application (which has to be simple).
"Less noise - more signal"
0

#3 User is offline   Ben 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 270
  • Joined: 15-March 09

Posted 04 May 2013 - 09:06 AM

But it is in the core. Identity and Autologin mixed in one interface. Used by the core user component.
Don't like ads in my sig...
0

#4 User is offline   qiang 

  • Yii Project Lead
  • Yii
  • Group: Yii Dev Team
  • Posts: 5,892
  • Joined: 04-October 08
  • Location:DC, USA

Posted 04 May 2013 - 12:16 PM

You have a point that authKey doesn't really belong to identity. The reason that we don't separate them is mainly for simplicity: if you don't use auto-login, you can still implement getAuthKey() and validateAuth(), but with exception or empty implementation. Most people will however implement all these.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users