move documentation markdown to system directory.

2012-04-03 11:20:20 -05:00
parent 1f6e5f8741
commit 43a3635722
44 changed files with 12 additions and 2 deletions
--- a/laravel/documentation/auth/config.md
+++ b/laravel/documentation/auth/config.md
@@ -0,0 +1,56 @@
+# Auth Configuration
+
+## Contents
+
+- [The Basics](#the-basics)
+- [The User Function](#user)
+- [The Attempt Function](#attempt)
+- [The Logout Function](#logout)
+
+<a name="the-basics"></a>
+## The Basics
+
+Most interactive applications have the ability for users to login and logout. Laravel provides a simple class to help you validate user credentials and retrieve information about the current user of your application.
+
+To get started, let's look over the **application/config/auth.php** file. The authentication configuration contains three functions: **user**, **attempt**, and **logout**. Let's go over each one individually.
+
+<a name="user"></a>
+## The "User" Function
+
+The **user** function is called when Laravel needs to retrieve the currently logged in user of your application. When a user logs into your application, Laravel stores the ID of that user in the [session](/docs/session/config). So, on subsequent requests, we can use the ID stored in the session to retrieve the user's information from storage. However, applications use various data stores. For this reason, you are given complete flexibility regarding how to retrieve the user.
+
+Of course, a simple default configuration has been setup for you. Let's take a look:
+
+	'user' => function($id)
+	{
+		if ( ! is_null($id) and filter_var($id, FILTER_VALIDATE_INT) !== false)
+		{
+			return DB::table('users')->find($id);
+		}
+	}
+
+As you probably noticed, the user's ID is passed to the function. The default configuration utilizes the [fluent query builder](/docs/database/fluent) to retrieve and return the user from the database. Of course, you are free to use other methods of retrieving the user. If no user is found in storage for the given ID, the function should simply return **null**.
+
+<a name="attempt"></a>
+## The "Attempt" Function
+
+Anytime you need to validate the credentials of a user, the **attempt** function is called. When attempting to authenticate a user, you will typically retrieve the user out of storage, and check the hashed password against the given password. However, since applications may use various methods of hashing or even third-party login providers, you are free to implement the authentication however you wish. Again, a simple and sensible default has been provided:
+
+	'attempt' => function($username, $password)
+	{
+		$user = DB::table('users')->where_username($username)->first();
+
+		if ( ! is_null($user) and Hash::check($password, $user->password))
+		{
+			return $user;
+		}
+	}
+
+Like the previous example, the fluent query builder is used to retrieve the user out of the database by the given username. If the user is found, the given password is hashed and compared against the hashed password stored on the table, and if the passwords match, the user model is returned. If the credentials are invalid or the user does not exist, **null** should be returned.
+
+> **Note:** Any object may be returned by this function as long as it has an **id** property.
+
+<a name="logout"></a>
+## The "Logout" Function
+
+The **logout** function is called whenever a user is logged out of your application. This function gives you a convenient location to interact with any third-party authentication providers you may be using.
--- a/laravel/documentation/auth/usage.md
+++ b/laravel/documentation/auth/usage.md
@@ -0,0 +1,89 @@
+# Authentication Usage
+
+## Contents
+
+- [Salting & Hashing](#hash)
+- [Logging In](#login)
+- [Protecting Routes](#filter)
+- [Retrieving The Logged In User](#user)
+- [Logging Out](#logout)
+
+> **Note:** Before using the Auth class, you must [specify a session driver](/docs/session/config).
+
+<a name="hash"></a>
+## Salting & Hashing
+
+If you are using the Auth class, you are strongly encouraged to hash and salt all passwords. Web development must be done responsibly. Salted, hashed passwords make a rainbow table attack against your user's passwords impractical.
+
+Salting and hashing passwords is done using the **Hash** class. The Hash class is uses the **bcrypt** hashing algorithm. Check out this example:
+
+	$password = Hash::make('secret');
+
+The **make** method of the Hash class will return a 60 character hashed string.
+
+You can compare an unhashed value against a hashed one using the **check** method on the **Hash** class:
+
+	if (Hash::check('secret', $hashed_value))
+	{
+		return 'The password is valid!';
+	}
+
+<a name="login"></a>
+## Logging In
+
+Logging a user into your application is simple using the **attempt** method on the Auth class. Simply pass the username and password of the user to the method. The login method will return **true** if the credentials are valid. Otherwise, **false** will be returned:
+
+	if (Auth::attempt('example@gmail.com', 'password'))
+	{
+	     return Redirect::to('user/profile');
+	}
+
+If the user's credentials are valid, the user ID will be stored in the session and the user will be considered "logged in" on subsequent requests to your application.
+
+You probably noticed this method name corresponds to the **attempt** function you [configured earlier](/docs/auth/config#attempt). Each time you call the **attempt** method on the **Auth** class, the **attempt** function in the configuration file will be called to check the user's credentials.
+
+> **Note:** To provide more flexiblity when working with third-party authentication providers, you are not required to pass a password into the **attempt** method.
+
+To determine if the user of your application is logged in, call the **check** method:
+
+	if (Auth::check())
+	{
+	     return "You're logged in!";
+	}
+
+Use the **login** method to login a user without checking their credentials, such as after a user first registers to use your application. Just pass your user object or the user's ID:
+
+	Auth::login($user);
+
+	Auth::login(15);
+
+<a name="filter"></a>
+## Protecting Routes
+
+It is common to limit access to certain routes only to logged in users. In Laravel this is accomplished using the [auth filter](/docs/routing#filters). If the user is logged in, the request will proceed as normal; however, if the user is not logged in, they will be redirected to the "login" [named route](/docs/routing#named-routes).
+
+To protect a route, simply attach the **auth** filter:
+
+	Route::get('admin', array('before' => 'auth', function() {});
+
+> **Note:** You are free to edit the **auth** filter however you like. A default implementation is located in **application/routes.php**.
+
+<a name="user"></a>
+## Retrieving The Logged In User
+
+Once a user has logged in to your application, you can access the user model via the **user** method on the Auth class:
+
+	return Auth::user()->email;
+
+This method calls the [**user** function](/docs/auth/config#user) in the configuration file. Also, you don't need to worry about performance when using this method. The user is only retrieved from storage the first time you use the method.
+
+> **Note:** If the user is not logged in, the **user** method will return NULL.
+
+<a name="logout"></a>
+## Logging Out
+
+Ready to log the user out of your application?
+
+	Auth::logout();
+
+This method will remove the user ID from the session, and the user will no longer be considered logged in on subsequent requests to your application.