我正在实施REST API身份验证模块,如下所示 1.通过Admin创建用户 2.第一个时间:通过Basic Auth登录以返回access_token 3.在步骤2中使用access_token来验证用户身份。 QueryParamAuth
作为此指令,它与QueryParamAuth一起使用 https://github.com/yiisoft/yii2/blob/master/docs/guide/rest-authentication.md
但它在第二步不起作用。由BasicAuth认证
我调试它。 $this->auth始终返回null。虽然$username和$password正确
class HttpBasicAuth extends AuthMethod
/**
* @var callable a PHP callable that will authenticate the user with the HTTP basic auth information.
* The callable receives a username and a password as its parameters. It should return an identity object
* that matches the username and password. Null should be returned if there is no such identity.
*
* The following code is a typical implementation of this callable:
*
* ```php
* function ($username, $password) {
* return \app\models\User::findOne([
* 'username' => $username,
* 'password' => $password,
* ]);
* }
* ```
*
* If this property is not set, the username information will be considered as an access token
* while the password information will be ignored. The [[\yii\web\User::loginByAccessToken()]]
* method will be called to authenticate and login the user.
*/
public $auth;
public function authenticate($user, $request, $response)
{
$username = $request->getAuthUser();
$password = $request->getAuthPassword();
if ($this->auth) {
if ($username !== null || $password !== null) {
$identity = call_user_func($this->auth, $username, $password);
var_dump($identity);
die();
if ($identity !== null) {
$user->switchIdentity($identity);
} else {
$this->handleFailure($response);
}
return $identity;
}
} elseif ($username !== null) {
$identity = $user->loginByAccessToken($username, get_class($this));
if ($identity === null) {
$this->handleFailure($response);
}
return $identity;
}
return null;
}
我的问题是如何实现$ this-> auth功能?
答案 0 :(得分:3)
//控制器代码
方式1 :用户使用身份验证令验证
use yii\filters\auth\HttpBasicAuth;
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => HttpBasicAuth::className(),
];
return $behaviors;
}
以上代码将通过访问令牌验证用户(如文档中所述)
当窗口提示输入用户名&密码
用户名:hErEaccE55T0ken
密码:
方式2 : 使用用户名和密码实现自定义身份验证密码,示例代码(克里斯代码有效)
我正在使用user_email,user_password
public $user_password;
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => HttpBasicAuth::className(),
'auth' => [$this, 'auth']
];
return $behaviors;
}
/**
* Finds user by user_email and user_password
*
* @param string $username
* @param string $password
* @return static|null
*/
public function Auth($username, $password) {
// username, password are mandatory fields
if(empty($username) || empty($password))
return null;
// get user using requested email
$user = \app\models\User::findOne([
'user_email' => $username,
]);
// if no record matching the requested user
if(empty($user))
return null;
// hashed password from user record
$this->user_password = $user->user_password;
// validate password
$isPass = \app\models\User::validatePassword($password);
// if password validation fails
if(!$isPass)
return null;
// if user validates (both user_email, user_password are valid)
return $user;
}
答案 1 :(得分:0)
我在我的控制器中实现了HttpBasicAuth->auth,我将HttpBasicAuth作为一种行为附加起来:
class MyController extends Controller
{
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => HttpBasicAuth::className(),
'auth' => [$this, 'auth']
]
return $behaviors;
}
public function auth($username, $password)
{
// Do whatever authentication on the username and password you want.
// Create and return identity or return null on failure
}
// ... Action code ...
}