Skip to content

Y
yii2
Commit 9a23e313 by Qiang Xue
Options

support authentication via query parameter.

parent 94a9087b
Showing with 32 additions and 6 deletions
framework/rest/Controller.php
...@@ -40,6 +40,10 @@ class Controller extends \yii\web\Controller ...@@ -40,6 +40,10 @@ class Controller extends \yii\web\Controller
* HTTP Bearer authentication (the token obtained through OAuth2) * HTTP Bearer authentication (the token obtained through OAuth2)
*/ */
const AUTH_TYPE_BEARER = 'Bearer'; const AUTH_TYPE_BEARER = 'Bearer';
/**
* Authentication by an access token passed via a query parameter
*/
const AUTH_TYPE_QUERY = 'Query';
/** /**
* @var string|array the configuration for creating the serializer that formats the response data. * @var string|array the configuration for creating the serializer that formats the response data.
...@@ -50,14 +54,19 @@ class Controller extends \yii\web\Controller ...@@ -50,14 +54,19 @@ class Controller extends \yii\web\Controller
*/ */
public $enableCsrfValidation = false; public $enableCsrfValidation = false;
/** /**
* @var string the authentication type. This should be a valid HTTP authentication method. * @var string|array the supported authentication type(s). Valid values include [[AUTH_TYPE_BASIC]],
* [[AUTH_TYPE_BEARER]] and [[AUTH_TYPE_QUERY]].
*/ */
public $authType = self::AUTH_TYPE_BASIC; public $authType = [self::AUTH_TYPE_BASIC, self::AUTH_TYPE_BEARER, self::AUTH_TYPE_QUERY];
/** /**
* @var string the authentication realm to display in case when authentication fails. * @var string the authentication realm to display in case when authentication fails.
*/ */
public $authRealm = 'api'; public $authRealm = 'api';
/** /**
* @var string the name of the query parameter containing the access token when [[AUTH_TYPE_QUERY]] is used.
*/
public $authParam = 'access-token';
/**
* @var string the chosen API version number * @var string the chosen API version number
* @see supportedVersions * @see supportedVersions
*/ */
...@@ -172,17 +181,34 @@ class Controller extends \yii\web\Controller ...@@ -172,17 +181,34 @@ class Controller extends \yii\web\Controller
protected function authenticate() protected function authenticate()
{ {
$request = Yii::$app->getRequest(); $request = Yii::$app->getRequest();
if ($this->authType == self::AUTH_TYPE_BASIC) { foreach ((array)$this->authType as $authType) {
switch ($authType) {
case self::AUTH_TYPE_BASIC:
$accessToken = $request->getAuthUser(); $accessToken = $request->getAuthUser();
} else { break;
case self::AUTH_TYPE_BEARER:
$authHeader = $request->getHeaders()->get('Authorization'); $authHeader = $request->getHeaders()->get('Authorization');
if ($authHeader !== null && preg_match("/^{$this->authType}\\s+(.*?)$/", $authHeader, $matches)) { if ($authHeader !== null && preg_match("/^{$this->authType}\\s+(.*?)$/", $authHeader, $matches)) {
$accessToken = $matches[1]; $accessToken = $matches[1];
} }
break;
case self::AUTH_TYPE_QUERY:
$accessToken = $request->get($this->authParam);
break;
} }
if (isset($accessToken)) {
break;
}
}
if (empty($accessToken) || !Yii::$app->getUser()->loginByAccessToken($accessToken)) { if (!isset($accessToken) || !Yii::$app->getUser()->loginByAccessToken($accessToken)) {
Yii::$app->getResponse()->getHeaders()->set("WWW-Authenticate', '{$this->authType} realm=\"{$this->authRealm}\""); if (!isset($accessToken, $authType)) {
$authType = is_array($this->authType) ? reset($this->authType) : $this->authType;
}
if ($authType !== self::AUTH_TYPE_QUERY) {
Yii::$app->getResponse()->getHeaders()->set('WWW-Authenticate', "{$authType} realm=\"{$this->authRealm}\"");
}
throw new UnauthorizedHttpException(empty($accessToken) ? 'Access token required.' : 'You are requesting with an invalid access token.'); throw new UnauthorizedHttpException(empty($accessToken) ? 'Access token required.' : 'You are requesting with an invalid access token.');
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment