authentication - 使用密钥的太妃糖认证

Question

使用此代码进行太妃糖认证

<cfscript>
    function onTaffyRequest(verb, cfc, requestArguments, mimeExt, headers, methodMetadata, matchedURI) {
        local.status = {Status:'Forbidden'};
        local.invalidReturnData = representationOf( local.status ).withStatus(401);

        //get basic auth data, if any, and pass it into the resources
        local.credentials = getBasicAuthCredentials();
        var validateResult = validate(credentials.username, credentials.password);

        arguments.requestArguments.username = local.credentials.username;
        arguments.requestArguments.password = local.credentials.password;

        /* CATCH NO BASIC auth*/            

        if ( methodMetadata.keyExists("allow_public") && methodMetadata.allow_public == true ){
            return true;
        }
        //if username is blank return false
        else if (arguments.requestArguments.username is ""){
            return local.invalidReturnData;
        }

        //check invalid password
        else if(arguments.requestArguments.password is ""){
            return local.invalidReturnData;
        }

        else if (structKeyExists(arguments.requestArguments, "refuse") and arguments.requestArguments.refuse)
        {
            return noData().withStatus(405);
        }

        else if ( validateResult == false ) {
            return noData().withStatus(401, "Not Authorized");
        }
        else{
            return true;
        }
    }
</cfscript>
<cffunction name="validate">
    <cfargument name="username" required="true" default="">
    <cfargument name="password" required="true" default="">
    <cfquery name="local.myQuery" datasource="dsn">
        SELECT username,password FROM auth 
        WHERE username = <cfqueryparam cfsqltype="cf_sql_varchar" value="#arguments.username#"> 
        AND password = <cfqueryparam cfsqltype="cf_sql_varchar" value="#arguments.password#"> 
        AND status = 1
    </cfquery>
    <cfif local.myQuery.recordcount>
        <cfreturn true>
    <cfelse>
        <cfreturn false>
    </cfif>
</cffunction>

在这里它适用于每次通话时，我必须提供用户名/密码，但我想像使用密钥一样更改它，并且一个用户可以有多个密钥，如果用户名/密码不存在，我想要的一种方法是传递用户名/密码和电子邮件将生成一个新的注册和密钥，任何人都可以指导

还需要使用标头传递身份验证

Answer 1

看起来你正在尝试做这样的事情。

在端点构建令牌

资源/login.cfc

 ...
var loginToken = createUUID();

User[1].setLoginToken(loginToken)
    .setTokenCreateDate(now());
EntitySave(User[1]);

return rep({
    'message' : {
        'type' : 'success', 
        'content' : '<b>Success:</b> You have logged in.'
        },
    'time' : GetHttpTimeString(now()),
    'data' : loginToken
    });
 ...

在令牌在这里返回。由客户端应用程序保留令牌并将其与后续请求一起返回

应用程序.cfc

function onTaffyRequest(verb, cfc, requestArguments, mimeExt, headers, methodMetaData, matchedURI)  {
    ...
   // lesser user identification happens here

    ...

    var Login = EntityLoad("Users", { loginToken : listrest(arguments.headers.authorization, " ") }, true);

    if (isNull(Login))  {
        return rep({
            'message' : {'type'     : 'error', 'content' : '<b>Error:</b> You must provide a authorization that is valid.' },
            'time'  : GetHttpTimeString(now())
            }).withStatus(401);
    }

源代码：https ://github.com/jmohler1970/Taffy_withUI

免责声明链接是我写的代码