Merge pull request #49 from apuc/add_authentication

add authentication
This commit is contained in:
kavalar 2021-08-02 14:46:39 +03:00 committed by GitHub
commit aeb19f7475
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 342 additions and 12 deletions

View File

@ -3,10 +3,10 @@
namespace common\models;
use Yii;
use yii\base\NotSupportedException;
use yii\behaviors\TimestampBehavior;
use yii\db\ActiveRecord;
use yii\web\IdentityInterface;
use yii\web\UnauthorizedHttpException;
/**
* User model
@ -64,14 +64,25 @@ class User extends ActiveRecord implements IdentityInterface
return static::findOne(['id' => $id, 'status' => self::STATUS_ACTIVE]);
}
/**
* {@inheritdoc}
*/
public static function findIdentityByAccessToken($token, $type = null)
public function generateAccessToken()
{
throw new NotSupportedException('"findIdentityByAccessToken" is not implemented.');
$this->access_token = Yii::$app->security->generateRandomString();
return $this->access_token;
}
public static function findIdentityByAccessToken($token, $type = null)
{
$user = static::find()->where(['access_token' => $token, 'status' => self::STATUS_ACTIVE])->one();
if (!$user) {
return false;
}
if (strtotime($user->access_token_expired_at) < time()) {
throw new UnauthorizedHttpException('the access - token expired ', -1);
} else {
return $user;
}
}
/**
* Finds user by username
*
@ -186,4 +197,16 @@ class User extends ActiveRecord implements IdentityInterface
{
$this->password_reset_token = null;
}
public function beforeSave($insert)
{
if (parent::beforeSave($insert)) {
if ($this->isNewRecord) {
$this->auth_key = Yii::$app->security->generateRandomString();
}
return true;
}
return false;
}
}

View File

@ -0,0 +1,21 @@
<?php
use yii\db\Migration;
/**
* Handles adding columns to table `{{%user}}`.
*/
class m210708_141557_add_access_columns_to_user_table extends Migration
{
public function safeUp()
{
$this->addColumn('user', 'access_token', $this->string());
$this->addColumn('user', 'access_token_expired_at', $this->dateTime());
}
public function safeDown()
{
$this->dropColumn('user', 'access_token');
$this->dropColumn('user', 'access_token_expired_at');
}
}

View File

@ -15,6 +15,15 @@ return [
'modules' => [
'api' => [
'components' => [
'user' => [
'identityClass' => 'frontend\modules\api\models\User',
'enableAutoLogin' => true,
'enableSession' => false,
'class' => 'frontend\modules\api\models\User',
//'identityCookie' => ['name' => '_identity-api', 'httpOnly' => true],
],
],
'class' => 'frontend\modules\api\Api',
],
'access' => [
@ -32,6 +41,9 @@ return [
'request' => [
'csrfParam' => '_csrf-frontend',
'baseUrl' => '',
'parsers' => [
'application/json' => 'yii\web\JsonParser',
],
],
'user' => [
'identityClass' => 'common\models\User',

View File

@ -3,16 +3,32 @@
namespace frontend\modules\api\controllers;
use common\behaviors\GsCors;
use common\models\Reports;
use frontend\modules\api\models\ReportSearchForm;
use JsonException;
use Yii;
use yii\filters\auth\CompositeAuth;
use yii\filters\auth\HttpBearerAuth;
use yii\filters\ContentNegotiator;
use yii\rest\Controller;
use yii\web\BadRequestHttpException;
use yii\web\NotFoundHttpException;
use yii\web\Response;
class ReportsController extends \yii\rest\Controller
class ReportsController extends Controller
{
public function init()
{
parent::init(); // TODO: Change the autogenerated stub
}
public function behaviors()
{
return [
[
'class' => \yii\filters\ContentNegotiator::className(),
'class' => ContentNegotiator::className(),
'formats' => [
'application/json' => \yii\web\Response::FORMAT_JSON,
'application/json' => Response::FORMAT_JSON,
],
],
'corsFilter' => [
@ -27,13 +43,84 @@ class ReportsController extends \yii\rest\Controller
'X-Requested-With'
],
]
],
'authenticator' => [
'class' => CompositeAuth::class,
'authMethods' => [
HttpBearerAuth::class,
],
]
];
}
public function actionIndex()
public function actionIndex(): array
{
$reportsModel = new ReportSearchForm();
$params = Yii::$app->request->get();
$reportsModel->attributes = $params;
if(!$reportsModel->validate()){
return $reportsModel->errors;
}
return $reportsModel->byParams();
}
public function actionCreate()
{
$reportsModel = new Reports();
$params = Yii::$app->request->get();
$reportsModel->attributes = $params;
if(!$reportsModel->validate()){
throw new BadRequestHttpException(json_encode($reportsModel->errors));
}
$reportsModel->save();
return $reportsModel->toArray();
}
public function actionDelete()
{
$id = Yii::$app->request->get('id');
$report = Reports::findOne($id);
if(null === $report) {
throw new NotFoundHttpException('Report not found');
}
if(false === ($report->delete())) {
throw new JsonException('Report not deleted');
}
return true;
}
public function actionUpdate(): array
{
$params = Yii::$app->request->get();
$reportsModel = Reports::findone($params['id']);
if(!isset($reportsModel)) {
throw new NotFoundHttpException('report not found');
}
if(isset($params['user_card_id'])) {
throw new JsonException('constraint by user_card_id');
}
$reportsModel->attributes = $params;
if(!$reportsModel->validate()){
throw new BadRequestHttpException(json_encode($reportsModel->errors));
}
$reportsModel->save();
return $reportsModel->toArray();
}
}

View File

@ -0,0 +1,57 @@
<?php
namespace frontend\modules\api\controllers;
use common\models\User;
use frontend\modules\api\models\LoginForm;
use Yii;
use yii\filters\ContentNegotiator;
use yii\rest\ActiveController;
use yii\helpers\ArrayHelper;
use yii\filters\auth\QueryParamAuth;
use yii\web\BadRequestHttpException;
use yii\web\Response;
class UserController extends ActiveController
{
public $modelClass = User::class;
public function behaviors()
{
return ArrayHelper::merge(parent::behaviors(), [
[
'class' => ContentNegotiator::class,
'formats' => [
'application/json' => Response::FORMAT_JSON,
],
],
'authenticatior' => [
'class' => QueryParamAuth::class, //implement access token authentication
'except' => ['login'], // no need to verify the access token method, pay attention to distinguish between $noAclLogin
]
]);
}
public function actions()
{
$action = parent::actions(); // TODO: Change the autogenerated stub
unset($action['index']);
unset($action['create']);
unset($action['update']);
unset($action['delete']);
}
public function actionLogin()
{
$model = new LoginForm();
if ($model->load(Yii::$app->getRequest()->getBodyParams(), '') && $model->login()) {
return [
'access_token' => $model->login(),
];
} else {
throw new BadRequestHttpException(json_encode($model->errors));
}
}
}

View File

@ -0,0 +1,70 @@
<?php
namespace frontend\modules\api\models;
use common\models\User;
use Yii;
use yii\base\Model;
/**
* Login form
*/
class LoginForm extends Model
{
public $username;
public $password;
public $rememberMe = true;
private $_user;
Const EXPIRE_TIME = 604800; // token expiration time, valid for 7 days
/**
* {@inheritdoc}
*/
public function rules()
{
return [
// username and password are both required
[['username', 'password'], 'required'],
// rememberMe must be a boolean value
['rememberMe', 'boolean'],
// password is validated by validatePassword()
['password', 'validatePassword'],
];
}
public function validatePassword($attribute)
{
if (!$this->hasErrors()) {
$user = $this->getUser();
if (!$user || !$user->validatePassword($this->password)) {
$this->addError($attribute, 'Incorrect username or password.');
}
}
}
public function login()
{
if ($this->validate()) {
//return Yii::$app->user->login($this->getUser(), $this->rememberMe ? 3600 * 24 * 30 : 0);
if ($this->getUser()) {
$access_token = $this->_user->generateAccessToken();
$this->_user->access_token_expired_at = date('Y-m-d', time() + static::EXPIRE_TIME);
$this->_user->save();
Yii::$app->user->login($this->_user, static::EXPIRE_TIME);
return $access_token;
}
}
return false;
}
protected function getUser()
{
if ($this->_user === null) {
$this->_user = User::findByUsername($this->username);
}
return $this->_user;
}
}

View File

@ -0,0 +1,54 @@
<?php
namespace frontend\modules\api\models;
use common\models\Reports;
use frontend\modules\card\models\UserCard;
use yii\base\Model;
class ReportSearchForm extends Model
{
public $limit;
public $offset;
public $fromDate;
public $toDate;
public $user_id;
public function __construct($config = [])
{
$this->limit = 10;
$this->offset = 0;
$this->user_id = null;
$this->toDate = date('Y-m-d', time());
$this->fromDate = date('Y-m-01', time());
parent::__construct($config);
}
public function rules(): array
{
return [
[['fromDate', 'toDate'], 'date', 'format' => 'php:Y-m-d'],
[['limit', 'offset', 'user_id'], 'integer', 'min' => 0],
];
}
public function byParams()
{
$queryBuilder = Reports::find()
->andWhere(['between', 'created_at', $this->fromDate, $this->toDate, $this->user_id])
->limit($this->limit)
->offset($this->offset);
if(isset($this->user_id)) {
$userCardId = UserCard::findByUserId($this->user_id)->id;
$queryBuilder->andWhere(['user_card_id' => $userCardId]);
}
$data = $queryBuilder->all();
return $data;
}
}

View File

@ -3,6 +3,7 @@
namespace frontend\modules\card\models;
use common\models\CardSkill;
use Yii;
use yii\helpers\ArrayHelper;
class UserCard extends \common\models\UserCard
@ -15,7 +16,7 @@ class UserCard extends \common\models\UserCard
parent::init();
$skill = ArrayHelper::getColumn(
CardSkill::find()->where(['card_id' => \Yii::$app->request->get('id')])->all(),
CardSkill::find()->where(['card_id' => Yii::$app->request->get('id')])->all(),
'skill_id'
);
@ -26,7 +27,7 @@ class UserCard extends \common\models\UserCard
public function afterSave($insert, $changedAttributes)
{
$post = \Yii::$app->request->post('UserCard');
$post = Yii::$app->request->post('UserCard');
if ($post['skill']) {
CardSkill::deleteAll(['card_id' => $this->id]);
@ -42,4 +43,9 @@ class UserCard extends \common\models\UserCard
parent::afterSave($insert, $changedAttributes); // TODO: Change the autogenerated stub
}
public static function findByUserId($userId): ?UserCard
{
return self::findOne(['id_user' => $userId]);
}
}