This extension is create and validate token.
Documentation ¶
Requirements ¶
- Yii 1.0 or above
Installation ¶
- Extract the release file under
protected/components
- Create table:
CREATE TABLE IF NOT EXISTS `token` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `action` varchar(100) DEFAULT NULL, `identity` char(32) NOT NULL, `token` char(32) DEFAULT NULL, `data` text, `expire_time` int(10) unsigned DEFAULT NULL, PRIMARY KEY (`id`) );
Add componets in main.php
'tokenManager'=>array(
'class'=>'TokenManager',
),
Usage ¶
See the following code example: ~~~
Create token
$token = Yii::app()->tokenManager->create('actionName', array('Some Params'), 172800, array('Data saved in this token'));
Validate token *
$data = Yii::app()->tokenManager->validate('actionName', $token);
Change Log ¶
March 3, 2010 ¶
- Initial release.
March 6, 2010 ¶
- Add public $secretKey and delete SECRET_KEY
How this compare with a cache
A cache allows you to store "named, value" pairs... and this seems to do the same. What is the difference and when I should use something like this ?
Very nice!
Very nice extension. I was always doing this on a model-by-model basis, where I saved tokens within the model. This of course has the draw back that for every action a new column has to be defined for the tokens.
Furthermore, my tokens were not time constrained, these tokens are :)
My one comment is that in the function createTokenKey you refer to the undefined constant SECRET_KEY. I made this $this->secretKey, which is a public variable of the class and defaults to 'secret'. This way this variable can be changed in the config file, so you can give every project another secret key (if you're kinda security paranoid like me :))
Keep token alive
You might want the ability to keep the token alive so that it syncs with your applications timeout.
Add the following 2 functions in the Token class
/** * Update a tokens expiry time * @param string $action - Token type name * @param string $token - Token string * @param var $time - New expire time to set * @return boolean */ public function keepAlive($action, $token, $time) { $record = $this->find($action, $token); if(!$record instanceof TokenRecord || $record->token != $token) { $this->deleteByTokenKey($action, $token); return false; } else { $this->updateByTokenKey($action, $token, ($time+time())); return true; } } /** * Update expiry by Token Key * @param string $action * @param string $tokenKey * @param string $newExpireTime * @return boolean */ protected function updateByTokenKey($action, $tokenKey, $newExpireTime) { return TokenRecord::model()->updateAll(array('expire_time'=>$newExpireTime),'action = :action AND token = :token' ,array(':action'=>$action, ':token'=>$tokenKey)); }
Then in your application within the beforeAction call in your Controller you can keep the token alive by resetting its expire time and syncing it with your applications timeout:
Yii::app()->tokenManager->keepAlive('actionName', 'TOKEN' , Yii::app()->session->getTimeout());
token_o.2 and TokenManager Question
Hi
Release 0.2 does not include the TokenManager file any more.
Are you first suppose to download 0.1.1 and then add 0.2 after that?
Or, are the Usage scripts on this page (referring to TokenManager) not valid any more?
Thanx
If you have any questions, please ask in the forum instead.
Signup or Login in order to comment.