1

我按照以下步骤实现 REST API 身份验证模块。由管理员创建用户 2。首先:通过基本身份验证登录以返回 access_token 3。在步骤 2 中使用 access_token 对用户进行身份验证。QueryParamAuth

作为该指令,它与 QueryParamAuth https://github.com/yiisoft/yii2/blob/master/docs/guide/rest-authentication.md一起使用

但它在第 2 步不起作用。通过 BasicAuth 进行身份验证我对其进行了调试。$this->auth总是返回 null。虽然$username$password

class HttpBasicAuth extends AuthMethod
/**
 * @var callable a PHP callable that will authenticate the user with the HTTP basic auth information.
 * The callable receives a username and a password as its parameters. It should return an identity object
 * that matches the username and password. Null should be returned if there is no such identity.
 *
 * The following code is a typical implementation of this callable:
 *
 * ```php
 * function ($username, $password) {
 *     return \app\models\User::findOne([
 *         'username' => $username,
 *         'password' => $password,
 *     ]);
 * }
 * ```
 *
 * If this property is not set, the username information will be considered as an access token
 * while the password information will be ignored. The [[\yii\web\User::loginByAccessToken()]]
 * method will be called to authenticate and login the user.
 */
public $auth;
public function authenticate($user, $request, $response)
{
    $username = $request->getAuthUser();
    $password = $request->getAuthPassword();
    if ($this->auth) {
        if ($username !== null || $password !== null) {
            $identity = call_user_func($this->auth, $username, $password);
            var_dump($identity);
            die();
            if ($identity !== null) {
                $user->switchIdentity($identity);
            } else {
                $this->handleFailure($response);
            }
            return $identity;
        }
    } elseif ($username !== null) {
        $identity = $user->loginByAccessToken($username, get_class($this));
        if ($identity === null) {
            $this->handleFailure($response);
        }
        return $identity;
    }

    return null;
}

我的问题是如何实现 $this->auth 功能?

4

2 回答 2

3

HTTP 基本身份验证

// 控制器代码

方式 1使用 auth-token 进行用户身份验证

use yii\filters\auth\HttpBasicAuth;

public function behaviors()
{
    $behaviors = parent::behaviors();
    $behaviors['authenticator'] = [
        'class' => HttpBasicAuth::className(),
    ];
    return $behaviors;
}

上面的代码将通过访问令牌验证用户(如文档中所述)

当窗口提示输入用户名和密码时

用户名:hEaccE55T0ken

密码:

方式2使用用户名和密码实现自定义身份验证,示例代码(克里斯代码有效)

我正在使用 user_email、user_password

public $user_password;


public function behaviors()
{
    $behaviors = parent::behaviors();
    $behaviors['authenticator'] = [
        'class' => HttpBasicAuth::className(),
        'auth' => [$this, 'auth']
    ];
    return $behaviors;
}

/**
 * Finds user by user_email and user_password
 *
 * @param string $username
 * @param string $password
 * @return static|null
 */
public function Auth($username, $password) {
    // username, password are mandatory fields
    if(empty($username) || empty($password))
        return null;

    // get user using requested email
    $user = \app\models\User::findOne([
        'user_email' => $username,
    ]);

    // if no record matching the requested user
    if(empty($user))
        return null;

    // hashed password from user record
    $this->user_password = $user->user_password;

    // validate password
    $isPass = \app\models\User::validatePassword($password);

    // if password validation fails
    if(!$isPass)
        return null;

    // if user validates (both user_email, user_password are valid)
    return $user;
}
于 2015-04-30T10:02:24.297 回答
0

HttpBasicAuth->auth在我的控制器中实现我附加HttpBasicAuth的行为,如下所示:

class MyController extends Controller
{
    public function behaviors()
    {
        $behaviors = parent::behaviors();

        $behaviors['authenticator'] = [
            'class' => HttpBasicAuth::className(),
            'auth' => [$this, 'auth']
        ]

        return $behaviors;
    }

    public function auth($username, $password)
    {
        // Do whatever authentication on the username and password you want.
        // Create and return identity or return null on failure
    }

    // ... Action code ...
}
于 2015-01-29T15:42:00.560 回答