Yii2 REST简化基本验证 [英] Yii2 REST Simplify BasicAuth

问题描述

我与它是多么简单的创建一个Yii2 REST API pssed IM $ P $。不过，我有一个小麻烦了解基本身份验证。我的需求是简单得不能再简单，我想我的解决方案跟风。

I'm impressed with how simple it was to create a REST api in Yii2. However, i'm having a little trouble understanding the Basic Authentication. My needs are utterly simple and i'd like my solution to follow suit.

我在这里需要基本令牌认证。我并不反对，甚至硬编码它现在，但这里就是我迄今为止所做。

I need Basic token authentication here. I'm not even against hardcoding it for now, but here's what i've done thus far.

我有数据库表来保存我的奇异令牌ApiAccess（ID，的access_token）

I have database table to hold my singular token ApiAccess(id, access_token)

ApiAccess.php - 型号 - 注意：IDE显示了这个第一行语法错误

ApiAccess.php - Model - NOTE: IDE shows syntax error on this first line

 class ApiAccess extends base\ApiAccessBase implements IdentityInterface
 {
   public static function findIdentityByAccessToken($token, $type = null)
   {
     return static::findOne(['access_token' => $token]);
   }
 }

Module.php - 在init（）函数

Module.php - in init() function

 \Yii::$app->user->enableSession = false;

我所做的每一个后续名词延伸

I made an ApiController that each subsequent noun extends

ApiController.php

 use yii\rest\ActiveController;
 use yii\filters\auth\HttpBasicAuth;
 use app\models\db\ApiAccess;

 class ApiController extends ActiveController
 {
   public function behaviors()
   {
      $behaviors = parent::behaviors();
      $behaviors['authenticator'] = [
        'class' => HttpBasicAuth::className(),
      ];
     return $behaviors;
   }
 }

因为它的立场，在浏览器中访问的API端点提示输入用户名和密码。通过REST客户端请求显示访问错误。

As it stands, accessing an api endpoint in the browser prompts for a username and password. Request via REST Client displays access error.

如何正确绑HttpBasicAuth我ApiAccess模式？

或

我如何辛苦code的API访问令牌？（第一种选择显然是最好的）

How do I hardcode an api access token? (First option is obviously best)

推荐答案

让我们看一下，了解了REST警予的方式基本身份验证。

Let's watch and try to understand "yii" way basic auth for REST.

1。当您添加行为到你的REST控制器，则启用基本身份验证：

1st. When you adding behavior to your REST controller, you enabling basic auth:

$behaviors['authenticator'] = [
    'class' => HttpBasicAuth::className(),
  ];

当你做了。这是什么意思？这意味着，你的应用程序将解析您的授权头。它看起来像：

As you did. What does it mean? It means that your application will parse your authorization header. It looks like:

Authorization : Basic base64(user:password)

下面是yii2一招。如果您在code更仔细看，你会看到警予使用的access_token 从用户的领域，使您的标题应该是这样的：

Here is a trick for yii2. If you look at code more carefully, you will see that yii uses access_token from user field, so your header should look like:

Authorization : Basic base64(access_token:)

您可以通过自己的解析这个头，如果你想改变这种行为：

You can parse this header by your own, if you want to change this behavior:

$behaviors['authenticator'] = [
            'class' => HttpBasicAuth::className(),
            'auth' => [$this, 'auth']
        ];
....
public function auth($username, $password)
    {
        return \app\models\User::findOne(['login' => $username, 'password' => $password]);
    }

2日的事情。您必须实施 findIdentityByAccessToken（）从identityInterface功能。
为什么你的IDE抱怨？

2nd thing to do. You must implement findIdentityByAccessToken() function from identityInterface. Why your IDE complaining?

class User extends ActiveRecord implements IdentityInterface

这是你的用户类的声明应该是什么样子。

Here's how your user class declaration should look.

从您的实现和结构：

public static function findIdentityByAccessToken($token, $type = null)
   {
     return static::findOne(['access_token' => $token]);
   }

您没有返回类的对象，它实现了身份的界面。

you not returning object of class which implements identity interface.

如何使它正常吗？
添加ACCESS_TOKEN你的用户表列，并返回你的用户模型（你可以看看应该怎样看这里 - <一个href=\"https://github.com/yiisoft/yii2-app-advanced/blob/master/common/models/User.php\">https://github.com/yiisoft/yii2-app-advanced/blob/master/common/models/User.php)
如果你这样做 - 默认code将与您 findIdentityByAccessToken（）实施工作

How to make it properly? Add column access_token to your users table, and return back your user model (you can look how it must look here - https://github.com/yiisoft/yii2-app-advanced/blob/master/common/models/User.php) If you do this - default code will work with your findIdentityByAccessToken() implementation.

如果你不希望添加字段用户表 - 使新的有 USER_ID，的access_token 字段。那么您的实现应该是这样的：

If you don't want to add field to users table - make new one with user_id,access_token fields. Then your implementation should look like:

public static function findIdentityByAccessToken($token, $type = null)
   {
     $apiUser = ApiAccess::find()
        ->where(['access_token' => $token])
        ->one();
     return static::findOne(['id' => $apiUser->user_id, 'status' => self::STATUS_ACTIVE]);
   }

希望我能涵盖所有的疑问。

Hope i could cover all of your questions.

这篇关于Yii2 REST简化基本验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！