From e73ac5e5df0ee1bc732e704c662f91b38b7aa739 Mon Sep 17 00:00:00 2001 From: andrey Date: Thu, 5 Aug 2021 18:52:07 +0300 Subject: [PATCH] auth token --- .../modules/api/controllers/ProfileController.php | 12 ++++++++---- .../modules/api/controllers/SkillsController.php | 12 ++++++++---- frontend/modules/api/controllers/UserController.php | 10 +++++++--- 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/frontend/modules/api/controllers/ProfileController.php b/frontend/modules/api/controllers/ProfileController.php index e347d71..d840714 100644 --- a/frontend/modules/api/controllers/ProfileController.php +++ b/frontend/modules/api/controllers/ProfileController.php @@ -6,6 +6,8 @@ use common\behaviors\GsCors; use common\classes\Debug; use common\models\InterviewRequest; use frontend\modules\api\models\ProfileSearchForm; +use yii\filters\auth\CompositeAuth; +use yii\filters\auth\HttpBearerAuth; use yii\filters\auth\QueryParamAuth; class ProfileController extends \yii\rest\Controller @@ -20,10 +22,12 @@ class ProfileController extends \yii\rest\Controller 'application/json' => \yii\web\Response::FORMAT_JSON, ], ], - 'authenticatior' => [ - 'class' => QueryParamAuth::class, //implement access token authentication - 'except' => ['login'], // no need to verify the access token method, pay attention to distinguish between $noAclLogin - ], + 'authenticator' => [ + 'class' => CompositeAuth::class, + 'authMethods' => [ + HttpBearerAuth::class, + ], + ] // 'corsFilter' => [ // 'class' => GsCors::class, // 'cors' => [ diff --git a/frontend/modules/api/controllers/SkillsController.php b/frontend/modules/api/controllers/SkillsController.php index 1227319..c0bc06f 100644 --- a/frontend/modules/api/controllers/SkillsController.php +++ b/frontend/modules/api/controllers/SkillsController.php @@ -5,6 +5,8 @@ namespace frontend\modules\api\controllers; use common\behaviors\GsCors; use common\models\Options; use yii\filters\AccessControl; +use yii\filters\auth\CompositeAuth; +use yii\filters\auth\HttpBearerAuth; use yii\filters\auth\QueryParamAuth; class SkillsController extends \yii\rest\Controller @@ -18,10 +20,12 @@ class SkillsController extends \yii\rest\Controller 'application/json' => \yii\web\Response::FORMAT_JSON, ], ], - 'authenticatior' => [ - 'class' => QueryParamAuth::class, //implement access token authentication - 'except' => ['login'], // no need to verify the access token method, pay attention to distinguish between $noAclLogin - ], + 'authenticator' => [ + 'class' => CompositeAuth::class, + 'authMethods' => [ + HttpBearerAuth::class, + ], + ] // 'corsFilter' => [ // 'class' => GsCors::class, // 'cors' => [ diff --git a/frontend/modules/api/controllers/UserController.php b/frontend/modules/api/controllers/UserController.php index 34cea86..682357f 100644 --- a/frontend/modules/api/controllers/UserController.php +++ b/frontend/modules/api/controllers/UserController.php @@ -8,6 +8,8 @@ use common\classes\Debug; use common\models\User; use frontend\modules\api\models\LoginForm; use Yii; +use yii\filters\auth\CompositeAuth; +use yii\filters\auth\HttpBearerAuth; use yii\filters\ContentNegotiator; use yii\rest\ActiveController; use yii\helpers\ArrayHelper; @@ -28,9 +30,11 @@ class UserController extends ActiveController 'application/json' => Response::FORMAT_JSON, ], ], - 'authenticatior' => [ - 'class' => QueryParamAuth::class, //implement access token authentication - 'except' => ['login'], // no need to verify the access token method, pay attention to distinguish between $noAclLogin + 'authenticator' => [ + 'class' => CompositeAuth::class, + 'authMethods' => [ + HttpBearerAuth::class, + ], ], 'corsFilter' => [ 'class' => GsCors::class,