Qiang Xue
11 years ago
15 changed files with 456 additions and 268 deletions
@ -0,0 +1,65 @@
|
||||
<?php |
||||
/** |
||||
* @link http://www.yiiframework.com/ |
||||
* @copyright Copyright (c) 2008 Yii Software LLC |
||||
* @license http://www.yiiframework.com/license/ |
||||
*/ |
||||
|
||||
namespace yii\filters\auth; |
||||
|
||||
use Yii; |
||||
use yii\base\ActionFilter; |
||||
use yii\web\UnauthorizedHttpException; |
||||
use yii\web\User; |
||||
use yii\web\Request; |
||||
use yii\web\Response; |
||||
|
||||
/** |
||||
* AuthMethod is a base class implementing the [[AuthInterface]] interface. |
||||
* |
||||
* @author Qiang Xue <qiang.xue@gmail.com> |
||||
* @since 2.0 |
||||
*/ |
||||
abstract class AuthMethod extends ActionFilter implements AuthInterface |
||||
{ |
||||
/** |
||||
* @var User the user object representing the user authentication status. If not set, the `user` application component will be used. |
||||
*/ |
||||
public $user; |
||||
/** |
||||
* @var Request the current request. If not set, the `request` application component will be used. |
||||
*/ |
||||
public $request; |
||||
/** |
||||
* @var Response the response to be sent. If not set, the `response` application component will be used. |
||||
*/ |
||||
public $response; |
||||
|
||||
|
||||
/** |
||||
* @inheritdoc |
||||
*/ |
||||
public function beforeAction($action) |
||||
{ |
||||
$identity = $this->authenticate( |
||||
$this->user ? : Yii::$app->getUser(), |
||||
$this->request ? : Yii::$app->getRequest(), |
||||
$this->response ? : Yii::$app->getResponse() |
||||
); |
||||
|
||||
if ($identity !== null) { |
||||
return true; |
||||
} else { |
||||
$this->handleFailure($this->response ? : Yii::$app->getResponse()); |
||||
return false; |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* @inheritdoc |
||||
*/ |
||||
public function handleFailure($response) |
||||
{ |
||||
throw new UnauthorizedHttpException('You are requesting with an invalid credential.'); |
||||
} |
||||
} |
@ -0,0 +1,76 @@
|
||||
<?php |
||||
/** |
||||
* @link http://www.yiiframework.com/ |
||||
* @copyright Copyright (c) 2008 Yii Software LLC |
||||
* @license http://www.yiiframework.com/license/ |
||||
*/ |
||||
|
||||
namespace yii\filters\auth; |
||||
|
||||
use Yii; |
||||
use yii\base\InvalidConfigException; |
||||
|
||||
/** |
||||
* CompositeAuth is an action filter that supports multiple authentication methods at the same time. |
||||
* |
||||
* The authentication methods contained by CompositeAuth are configured via [[authMethods]], |
||||
* which is a list of supported authentication class configurations. |
||||
* |
||||
* The following example shows how to support three authentication methods: |
||||
* |
||||
* ```php |
||||
* public function behaviors() |
||||
* { |
||||
* return [ |
||||
* 'compositeAuth' => [ |
||||
* 'class' => \yii\filters\auth\CompositeAuth::className(), |
||||
* 'authMethods' => [ |
||||
* \yii\filters\auth\HttpBasicAuth::className(), |
||||
* \yii\filters\auth\QueryParamAuth::className(), |
||||
* ], |
||||
* ], |
||||
* ]; |
||||
* } |
||||
* ``` |
||||
* |
||||
* @author Qiang Xue <qiang.xue@gmail.com> |
||||
* @since 2.0 |
||||
*/ |
||||
class CompositeAuth extends AuthMethod |
||||
{ |
||||
/** |
||||
* @var array the supported authentication methods. This property should take a list of supported |
||||
* authentication methods, each represented by an authentication class or configuration. |
||||
* If this is not set or empty, no authentication will be performed. |
||||
* |
||||
* Note that an auth method class must implement the [[\yii\filters\auth\AuthInterface]] interface. |
||||
*/ |
||||
public $authMethods = []; |
||||
|
||||
|
||||
/** |
||||
* @inheritdoc |
||||
*/ |
||||
public function authenticate($user, $request, $response) |
||||
{ |
||||
foreach ($this->authMethods as $i => $auth) { |
||||
$this->authMethods[$i] = $auth = Yii::createObject($auth); |
||||
if (!$auth instanceof AuthInterface) { |
||||
throw new InvalidConfigException(get_class($auth) . ' must implement yii\filters\auth\AuthInterface'); |
||||
} |
||||
|
||||
$identity = $auth->authenticate($user, $request, $response); |
||||
if ($identity !== null) { |
||||
return $identity; |
||||
} |
||||
} |
||||
|
||||
if (!empty($this->authMethods)) { |
||||
/** @var AuthInterface $auth */ |
||||
$auth = reset($this->authMethods); |
||||
$auth->handleFailure($response); |
||||
} |
||||
|
||||
return null; |
||||
} |
||||
} |
@ -0,0 +1,98 @@
|
||||
<?php |
||||
/** |
||||
* @link http://www.yiiframework.com/ |
||||
* @copyright Copyright (c) 2008 Yii Software LLC |
||||
* @license http://www.yiiframework.com/license/ |
||||
*/ |
||||
|
||||
namespace yii\filters\auth; |
||||
|
||||
use Yii; |
||||
use yii\web\UnauthorizedHttpException; |
||||
|
||||
/** |
||||
* HttpBasicAuth is an action filter that supports the HTTP Basic authentication method. |
||||
* |
||||
* You may use HttpBasicAuth by attaching it as a behavior to a controller or module, like the following: |
||||
* |
||||
* ```php |
||||
* public function behaviors() |
||||
* { |
||||
* return [ |
||||
* 'basicAuth' => [ |
||||
* 'class' => \yii\filters\auth\HttpBasicAuth::className(), |
||||
* ], |
||||
* ]; |
||||
* } |
||||
* ``` |
||||
* |
||||
* @author Qiang Xue <qiang.xue@gmail.com> |
||||
* @since 2.0 |
||||
*/ |
||||
class HttpBasicAuth extends AuthMethod |
||||
{ |
||||
/** |
||||
* @var string the HTTP authentication realm |
||||
*/ |
||||
public $realm = 'api'; |
||||
/** |
||||
* @var callable a PHP callable that will authenticate the user with the HTTP basic auth information. |
||||
* The callable receives a username and a password as its parameters. It should return an identity object |
||||
* that matches the username and password. Null should be returned if there is no such identity. |
||||
* |
||||
* The following code is a typical implementation of this callable: |
||||
* |
||||
* ```php |
||||
* function ($username, $password) { |
||||
* return \app\models\User::find([ |
||||
* 'username' => $username, |
||||
* 'password' => $password, |
||||
* ]); |
||||
* } |
||||
* ``` |
||||
* |
||||
* If this property is not set, the username information will be considered as an access token |
||||
* while the password information will be ignored. The [[\yii\web\User::loginByAccessToken()]] |
||||
* method will be called to authenticate and login the user. |
||||
*/ |
||||
public $auth; |
||||
|
||||
|
||||
/** |
||||
* @inheritdoc |
||||
*/ |
||||
public function authenticate($user, $request, $response) |
||||
{ |
||||
$username = $request->getAuthUser(); |
||||
$password = $request->getAuthPassword(); |
||||
|
||||
if ($this->auth) { |
||||
if ($username !== null || $password !== null) { |
||||
$identity = call_user_func($this->auth, $username, $password); |
||||
if ($identity !== null) { |
||||
$user->setIdentity($identity); |
||||
} else { |
||||
$this->handleFailure($response); |
||||
} |
||||
return $identity; |
||||
} |
||||
} elseif ($username !== null) { |
||||
$identity = $user->loginByAccessToken($username); |
||||
if ($identity === null) { |
||||
$this->handleFailure($response); |
||||
} |
||||
return $identity; |
||||
} |
||||
|
||||
return null; |
||||
} |
||||
|
||||
/** |
||||
* @inheritdoc |
||||
*/ |
||||
public function handleFailure($response) |
||||
{ |
||||
$response->getHeaders()->set('WWW-Authenticate', "Basic realm=\"{$this->realm}\""); |
||||
throw new UnauthorizedHttpException('You are requesting with an invalid access token.'); |
||||
} |
||||
} |
@ -1,51 +0,0 @@
|
||||
<?php |
||||
/** |
||||
* @link http://www.yiiframework.com/ |
||||
* @copyright Copyright (c) 2008 Yii Software LLC |
||||
* @license http://www.yiiframework.com/license/ |
||||
*/ |
||||
|
||||
namespace yii\rest; |
||||
|
||||
use Yii; |
||||
use yii\base\Component; |
||||
use yii\web\UnauthorizedHttpException; |
||||
|
||||
/** |
||||
* HttpBasicAuth implements the HTTP Basic authentication method. |
||||
* |
||||
* @author Qiang Xue <qiang.xue@gmail.com> |
||||
* @since 2.0 |
||||
*/ |
||||
class HttpBasicAuth extends Component implements AuthInterface |
||||
{ |
||||
/** |
||||
* @var string the HTTP authentication realm |
||||
*/ |
||||
public $realm = 'api'; |
||||
|
||||
/** |
||||
* @inheritdoc |
||||
*/ |
||||
public function authenticate($user, $request, $response) |
||||
{ |
||||
if (($accessToken = $request->getAuthUser()) !== null) { |
||||
$identity = $user->loginByAccessToken($accessToken); |
||||
if ($identity !== null) { |
||||
return $identity; |
||||
} |
||||
$this->handleFailure($response); |
||||
} |
||||
|
||||
return null; |
||||
} |
||||
|
||||
/** |
||||
* @inheritdoc |
||||
*/ |
||||
public function handleFailure($response) |
||||
{ |
||||
$response->getHeaders()->set('WWW-Authenticate', "Basic realm=\"{$this->realm}\""); |
||||
throw new UnauthorizedHttpException('You are requesting with an invalid access token.'); |
||||
} |
||||
} |
Loading…
Reference in new issue