add api authentication

This commit is contained in:
kirill 2021-07-28 18:15:38 +03:00
parent 1a2347ef99
commit 3f97cb7c04
5 changed files with 189 additions and 6 deletions

View File

@ -3,10 +3,10 @@
namespace common\models; namespace common\models;
use Yii; use Yii;
use yii\base\NotSupportedException;
use yii\behaviors\TimestampBehavior; use yii\behaviors\TimestampBehavior;
use yii\db\ActiveRecord; use yii\db\ActiveRecord;
use yii\web\IdentityInterface; use yii\web\IdentityInterface;
use yii\web\UnauthorizedHttpException;
/** /**
* User model * User model
@ -64,14 +64,25 @@ class User extends ActiveRecord implements IdentityInterface
return static::findOne(['id' => $id, 'status' => self::STATUS_ACTIVE]); return static::findOne(['id' => $id, 'status' => self::STATUS_ACTIVE]);
} }
/** public function generateAccessToken()
* {@inheritdoc}
*/
public static function findIdentityByAccessToken($token, $type = null)
{ {
throw new NotSupportedException('"findIdentityByAccessToken" is not implemented.'); $this->access_token = Yii::$app->security->generateRandomString();
return $this->access_token;
} }
public static function findIdentityByAccessToken($token, $type = null)
{
$user = static::find()->where(['access_token' => $token, 'status' => self::STATUS_ACTIVE])->one();
if (!$user) {
return false;
}
if (strtotime($user->access_token_expired_at) < time()) {
throw new UnauthorizedHttpException('the access - token expired ', -1);
} else {
return $user;
}
}
/** /**
* Finds user by username * Finds user by username
* *
@ -186,4 +197,16 @@ class User extends ActiveRecord implements IdentityInterface
{ {
$this->password_reset_token = null; $this->password_reset_token = null;
} }
public function beforeSave($insert)
{
if (parent::beforeSave($insert)) {
if ($this->isNewRecord) {
$this->auth_key = Yii::$app->security->generateRandomString();
}
return true;
}
return false;
}
} }

View File

@ -0,0 +1,21 @@
<?php
use yii\db\Migration;
/**
* Handles adding columns to table `{{%user}}`.
*/
class m210708_141557_add_access_columns_to_user_table extends Migration
{
public function safeUp()
{
$this->addColumn('user', 'access_token', $this->string());
$this->addColumn('user', 'access_token_expired_at', $this->dateTime());
}
public function safeDown()
{
$this->dropColumn('user', 'access_token');
$this->dropColumn('user', 'access_token_expired_at');
}
}

View File

@ -15,6 +15,15 @@ return [
'modules' => [ 'modules' => [
'api' => [ 'api' => [
'components' => [
'user' => [
'identityClass' => 'frontend\modules\api\models\User',
'enableAutoLogin' => true,
'enableSession' => false,
'class' => 'frontend\modules\api\models\User',
//'identityCookie' => ['name' => '_identity-api', 'httpOnly' => true],
],
],
'class' => 'frontend\modules\api\Api', 'class' => 'frontend\modules\api\Api',
], ],
'access' => [ 'access' => [
@ -32,6 +41,9 @@ return [
'request' => [ 'request' => [
'csrfParam' => '_csrf-frontend', 'csrfParam' => '_csrf-frontend',
'baseUrl' => '', 'baseUrl' => '',
'parsers' => [
'application/json' => 'yii\web\JsonParser',
],
], ],
'user' => [ 'user' => [
'identityClass' => 'common\models\User', 'identityClass' => 'common\models\User',

View File

@ -0,0 +1,57 @@
<?php
namespace frontend\modules\api\controllers;
use common\models\User;
use frontend\modules\api\models\LoginForm;
use Yii;
use yii\filters\ContentNegotiator;
use yii\rest\ActiveController;
use yii\helpers\ArrayHelper;
use yii\filters\auth\QueryParamAuth;
use yii\web\BadRequestHttpException;
use yii\web\Response;
class UserController extends ActiveController
{
public $modelClass = User::class;
public function behaviors()
{
return ArrayHelper::merge(parent::behaviors(), [
[
'class' => ContentNegotiator::class,
'formats' => [
'application/json' => Response::FORMAT_JSON,
],
],
'authenticatior' => [
'class' => QueryParamAuth::class, //implement access token authentication
'except' => ['login'], // no need to verify the access token method, pay attention to distinguish between $noAclLogin
]
]);
}
public function actions()
{
$action = parent::actions(); // TODO: Change the autogenerated stub
unset($action['index']);
unset($action['create']);
unset($action['update']);
unset($action['delete']);
}
public function actionLogin()
{
$model = new LoginForm();
if ($model->load(Yii::$app->getRequest()->getBodyParams(), '') && $model->login()) {
return [
'access_token' => $model->login(),
];
} else {
throw new BadRequestHttpException(json_encode($model->errors));
}
}
}

View File

@ -0,0 +1,70 @@
<?php
namespace frontend\modules\api\models;
use common\models\User;
use Yii;
use yii\base\Model;
/**
* Login form
*/
class LoginForm extends Model
{
public $username;
public $password;
public $rememberMe = true;
private $_user;
Const EXPIRE_TIME = 604800; // token expiration time, valid for 7 days
/**
* {@inheritdoc}
*/
public function rules()
{
return [
// username and password are both required
[['username', 'password'], 'required'],
// rememberMe must be a boolean value
['rememberMe', 'boolean'],
// password is validated by validatePassword()
['password', 'validatePassword'],
];
}
public function validatePassword($attribute)
{
if (!$this->hasErrors()) {
$user = $this->getUser();
if (!$user || !$user->validatePassword($this->password)) {
$this->addError($attribute, 'Incorrect username or password.');
}
}
}
public function login()
{
if ($this->validate()) {
//return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600 * 24 * 30 : 0);
if ($this->getUser()) {
$access_token = $this->_user->generateAccessToken();
$this->_user->access_token_expired_at = date('Y-m-d', time() + static::EXPIRE_TIME);
$this->_user->save();
Yii::$app->user->login($this->_user, static::EXPIRE_TIME);
return $access_token;
}
}
return false;
}
protected function getUser()
{
if ($this->_user === null) {
$this->_user = User::findByUsername($this->username);
}
return $this->_user;
}
}