Class yii\filters\auth\HttpBasicAuth
Inheritance | yii\filters\auth\HttpBasicAuth » yii\filters\auth\AuthMethod » yii\base\ActionFilter » yii\base\Behavior » yii\base\BaseObject |
---|---|
Implements | yii\base\Configurable, yii\filters\auth\AuthInterface |
Available since version | 2.0 |
Source Code | https://github.com/yiisoft/yii2/blob/master/framework/filters/auth/HttpBasicAuth.php |
HttpBasicAuth is an action filter that supports the HTTP Basic authentication method.
You may use HttpBasicAuth by attaching it as a behavior to a controller or module, like the following:
public function behaviors()
{
return [
'basicAuth' => [
'class' => \yii\filters\auth\HttpBasicAuth::class,
],
];
}
The default implementation of HttpBasicAuth uses the loginByAccessToken()
method of the user
application component and only passes the user name. This implementation is used
for authenticating API clients.
If you want to authenticate users using username and password, you should provide the $auth function for example like the following:
public function behaviors()
{
return [
'basicAuth' => [
'class' => \yii\filters\auth\HttpBasicAuth::class,
'auth' => function ($username, $password) {
$user = User::find()->where(['username' => $username])->one();
if ($user && $user->validatePassword($password)) {
return $user;
}
return null;
},
],
];
}
Tip: In case authentication does not work like expected, make sure your web server passes username and password to
$_SERVER['PHP_AUTH_USER']
and$_SERVER['PHP_AUTH_PW']
variables. If you are using Apache with PHP-CGI, you might need to add this line to your.htaccess
file:RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
Public Properties
Property | Type | Description | Defined By |
---|---|---|---|
$auth | callable|null | A PHP callable that will authenticate the user with the HTTP basic auth information. | yii\filters\auth\HttpBasicAuth |
$except | array | List of action IDs that this filter should not apply to. | yii\base\ActionFilter |
$only | array | List of action IDs that this filter should apply to. | yii\base\ActionFilter |
$optional | array | List of action IDs that this filter will be applied to, but auth failure will not lead to error. | yii\filters\auth\AuthMethod |
$owner | yii\base\Component|null | The owner of this behavior | yii\base\Behavior |
$realm | string | The HTTP authentication realm | yii\filters\auth\HttpBasicAuth |
$request | yii\web\Request|null | The current request. | yii\filters\auth\AuthMethod |
$response | yii\web\Response|null | The response to be sent. | yii\filters\auth\AuthMethod |
$user | yii\web\User|null | The user object representing the user authentication status. | yii\filters\auth\AuthMethod |
Public Methods
Method | Description | Defined By |
---|---|---|
__call() | Calls the named method which is not a class method. | yii\base\BaseObject |
__construct() | Constructor. | yii\base\BaseObject |
__get() | Returns the value of an object property. | yii\base\BaseObject |
__isset() | Checks if a property is set, i.e. defined and not null. | yii\base\BaseObject |
__set() | Sets value of an object property. | yii\base\BaseObject |
__unset() | Sets an object property to null. | yii\base\BaseObject |
afterAction() | This method is invoked right after an action is executed. | yii\base\ActionFilter |
afterFilter() | yii\base\ActionFilter | |
attach() | Attaches the behavior object to the component. | yii\base\ActionFilter |
authenticate() | Authenticates the current user. | yii\filters\auth\HttpBasicAuth |
beforeAction() | This method is invoked right before an action is to be executed (after all possible filters.) You may override this method to do last-minute preparation for the action. | yii\filters\auth\AuthMethod |
beforeFilter() | yii\base\ActionFilter | |
canGetProperty() | Returns a value indicating whether a property can be read. | yii\base\BaseObject |
canSetProperty() | Returns a value indicating whether a property can be set. | yii\base\BaseObject |
challenge() | Generates challenges upon authentication failure. | yii\filters\auth\HttpBasicAuth |
className() | Returns the fully qualified name of this class. | yii\base\BaseObject |
detach() | Detaches the behavior object from the component. | yii\base\ActionFilter |
events() | Declares event handlers for the $owner's events. | yii\base\Behavior |
handleFailure() | Handles authentication failure. | yii\filters\auth\AuthMethod |
hasMethod() | Returns a value indicating whether a method is defined. | yii\base\BaseObject |
hasProperty() | Returns a value indicating whether a property is defined. | yii\base\BaseObject |
init() | Initializes the object. | yii\base\BaseObject |
Protected Methods
Method | Description | Defined By |
---|---|---|
getActionId() | Returns an action ID by converting yii\base\Action::$uniqueId into an ID relative to the module. | yii\base\ActionFilter |
isActive() | Returns a value indicating whether the filter is active for the given action. | yii\base\ActionFilter |
isOptional() | Checks, whether authentication is optional for the given action. | yii\filters\auth\AuthMethod |
Property Details
A PHP callable that will authenticate the user with the HTTP basic auth information. The callable receives a username and a password as its parameters. It should return an identity object that matches the username and password. Null should be returned if there is no such identity. The callable will be called only if current user is not authenticated.
The following code is a typical implementation of this callable:
function ($username, $password) {
return \app\models\User::findOne([
'username' => $username,
'password' => $password,
]);
}
If this property is not set, the username information will be considered as an access token while the password information will be ignored. The yii\web\User::loginByAccessToken() method will be called to authenticate and login the user.
Method Details
Defined in: yii\base\BaseObject::__call()
Calls the named method which is not a class method.
Do not call this method directly as it is a PHP magic method that will be implicitly called when an unknown method is being invoked.
public mixed __call ( $name, $params ) | ||
$name | string |
The method name |
$params | array |
Method parameters |
return | mixed |
The method return value |
---|---|---|
throws | yii\base\UnknownMethodException |
when calling unknown method |
public function __call($name, $params)
{
throw new UnknownMethodException('Calling unknown method: ' . get_class($this) . "::$name()");
}
Defined in: yii\base\BaseObject::__construct()
Constructor.
The default implementation does two things:
- Initializes the object with the given configuration
$config
. - Call init().
If this method is overridden in a child class, it is recommended that
- the last parameter of the constructor is a configuration array, like
$config
here. - call the parent implementation at the end of the constructor.
public void __construct ( $config = [] ) | ||
$config | array |
Name-value pairs that will be used to initialize the object properties |
public function __construct($config = [])
{
if (!empty($config)) {
Yii::configure($this, $config);
}
$this->init();
}
Defined in: yii\base\BaseObject::__get()
Returns the value of an object property.
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing $value = $object->property;
.
See also __set().
public mixed __get ( $name ) | ||
$name | string |
The property name |
return | mixed |
The property value |
---|---|---|
throws | yii\base\UnknownPropertyException |
if the property is not defined |
throws | yii\base\InvalidCallException |
if the property is write-only |
public function __get($name)
{
$getter = 'get' . $name;
if (method_exists($this, $getter)) {
return $this->$getter();
} elseif (method_exists($this, 'set' . $name)) {
throw new InvalidCallException('Getting write-only property: ' . get_class($this) . '::' . $name);
}
throw new UnknownPropertyException('Getting unknown property: ' . get_class($this) . '::' . $name);
}
Defined in: yii\base\BaseObject::__isset()
Checks if a property is set, i.e. defined and not null.
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing isset($object->property)
.
Note that if the property is not defined, false will be returned.
public boolean __isset ( $name ) | ||
$name | string |
The property name or the event name |
return | boolean |
Whether the named property is set (not null). |
---|
public function __isset($name)
{
$getter = 'get' . $name;
if (method_exists($this, $getter)) {
return $this->$getter() !== null;
}
return false;
}
Defined in: yii\base\BaseObject::__set()
Sets value of an object property.
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing $object->property = $value;
.
See also __get().
public void __set ( $name, $value ) | ||
$name | string |
The property name or the event name |
$value | mixed |
The property value |
throws | yii\base\UnknownPropertyException |
if the property is not defined |
---|---|---|
throws | yii\base\InvalidCallException |
if the property is read-only |
public function __set($name, $value)
{
$setter = 'set' . $name;
if (method_exists($this, $setter)) {
$this->$setter($value);
} elseif (method_exists($this, 'get' . $name)) {
throw new InvalidCallException('Setting read-only property: ' . get_class($this) . '::' . $name);
} else {
throw new UnknownPropertyException('Setting unknown property: ' . get_class($this) . '::' . $name);
}
}
Defined in: yii\base\BaseObject::__unset()
Sets an object property to null.
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing unset($object->property)
.
Note that if the property is not defined, this method will do nothing. If the property is read-only, it will throw an exception.
public void __unset ( $name ) | ||
$name | string |
The property name |
throws | yii\base\InvalidCallException |
if the property is read only. |
---|
public function __unset($name)
{
$setter = 'set' . $name;
if (method_exists($this, $setter)) {
$this->$setter(null);
} elseif (method_exists($this, 'get' . $name)) {
throw new InvalidCallException('Unsetting read-only property: ' . get_class($this) . '::' . $name);
}
}
Defined in: yii\base\ActionFilter::afterAction()
This method is invoked right after an action is executed.
You may override this method to do some postprocessing for the action.
public mixed afterAction ( $action, $result ) | ||
$action | yii\base\Action |
The action just executed. |
$result | mixed |
The action execution result |
return | mixed |
The processed action result. |
---|
public function afterAction($action, $result)
{
return $result;
}
Defined in: yii\base\ActionFilter::afterFilter()
public void afterFilter ( $event ) | ||
$event | yii\base\ActionEvent |
public function afterFilter($event)
{
$event->result = $this->afterAction($event->action, $event->result);
$this->owner->off(Controller::EVENT_AFTER_ACTION, [$this, 'afterFilter']);
}
Defined in: yii\base\ActionFilter::attach()
Attaches the behavior object to the component.
The default implementation will set the $owner property and attach event handlers as declared in events(). Make sure you call the parent implementation if you override this method.
public void attach ( $owner ) | ||
$owner | yii\base\Component |
The component that this behavior is to be attached to. |
public function attach($owner)
{
$this->owner = $owner;
$owner->on(Controller::EVENT_BEFORE_ACTION, [$this, 'beforeFilter']);
}
Authenticates the current user.
public yii\web\IdentityInterface|null authenticate ( $user, $request, $response ) | ||
$user | yii\web\User | |
$request | yii\web\Request | |
$response | yii\web\Response | |
return | yii\web\IdentityInterface|null |
The authenticated user identity. If authentication information is not provided, null will be returned. |
---|---|---|
throws | yii\web\UnauthorizedHttpException |
if authentication information is provided but is invalid. |
public function authenticate($user, $request, $response)
{
list($username, $password) = $request->getAuthCredentials();
if ($this->auth) {
if ($username !== null || $password !== null) {
$identity = $user->getIdentity() ?: call_user_func($this->auth, $username, $password);
if ($identity === null) {
$this->handleFailure($response);
} elseif ($user->getIdentity(false) !== $identity) {
$user->login($identity);
}
return $identity;
}
} elseif ($username !== null) {
$identity = $user->loginByAccessToken($username, get_class($this));
if ($identity === null) {
$this->handleFailure($response);
}
return $identity;
}
return null;
}
Defined in: yii\filters\auth\AuthMethod::beforeAction()
This method is invoked right before an action is to be executed (after all possible filters.) You may override this method to do last-minute preparation for the action.
public boolean beforeAction ( $action ) | ||
$action | yii\base\Action |
The action to be executed. |
return | boolean |
Whether the action should continue to be executed. |
---|
public function beforeAction($action)
{
$response = $this->response ?: Yii::$app->getResponse();
try {
$identity = $this->authenticate(
$this->user ?: Yii::$app->getUser(),
$this->request ?: Yii::$app->getRequest(),
$response
);
} catch (UnauthorizedHttpException $e) {
if ($this->isOptional($action)) {
return true;
}
throw $e;
}
if ($identity !== null || $this->isOptional($action)) {
return true;
}
$this->challenge($response);
$this->handleFailure($response);
return false;
}
Defined in: yii\base\ActionFilter::beforeFilter()
public void beforeFilter ( $event ) | ||
$event | yii\base\ActionEvent |
public function beforeFilter($event)
{
if (!$this->isActive($event->action)) {
return;
}
$event->isValid = $this->beforeAction($event->action);
if ($event->isValid) {
// call afterFilter only if beforeFilter succeeds
// beforeFilter and afterFilter should be properly nested
$this->owner->on(Controller::EVENT_AFTER_ACTION, [$this, 'afterFilter'], null, false);
} else {
$event->handled = true;
}
}
Defined in: yii\base\BaseObject::canGetProperty()
Returns a value indicating whether a property can be read.
A property is readable if:
- the class has a getter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVars
is true);
See also canSetProperty().
public boolean canGetProperty ( $name, $checkVars = true ) | ||
$name | string |
The property name |
$checkVars | boolean |
Whether to treat member variables as properties |
return | boolean |
Whether the property can be read |
---|
public function canGetProperty($name, $checkVars = true)
{
return method_exists($this, 'get' . $name) || $checkVars && property_exists($this, $name);
}
Defined in: yii\base\BaseObject::canSetProperty()
Returns a value indicating whether a property can be set.
A property is writable if:
- the class has a setter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVars
is true);
See also canGetProperty().
public boolean canSetProperty ( $name, $checkVars = true ) | ||
$name | string |
The property name |
$checkVars | boolean |
Whether to treat member variables as properties |
return | boolean |
Whether the property can be written |
---|
public function canSetProperty($name, $checkVars = true)
{
return method_exists($this, 'set' . $name) || $checkVars && property_exists($this, $name);
}
Generates challenges upon authentication failure.
For example, some appropriate HTTP headers may be generated.
public void challenge ( $response ) | ||
$response | yii\web\Response |
public function challenge($response)
{
$response->getHeaders()->set('WWW-Authenticate', "Basic realm=\"{$this->realm}\"");
}
::class
instead.
Defined in: yii\base\BaseObject::className()
Returns the fully qualified name of this class.
public static string className ( ) | ||
return | string |
The fully qualified name of this class. |
---|
public static function className()
{
return get_called_class();
}
Defined in: yii\base\ActionFilter::detach()
Detaches the behavior object from the component.
The default implementation will unset the $owner property and detach event handlers declared in events(). Make sure you call the parent implementation if you override this method.
public void detach ( ) |
public function detach()
{
if ($this->owner) {
$this->owner->off(Controller::EVENT_BEFORE_ACTION, [$this, 'beforeFilter']);
$this->owner->off(Controller::EVENT_AFTER_ACTION, [$this, 'afterFilter']);
$this->owner = null;
}
}
Defined in: yii\base\Behavior::events()
Declares event handlers for the $owner's events.
Child classes may override this method to declare what PHP callbacks should be attached to the events of the $owner component.
The callbacks will be attached to the $owner's events when the behavior is attached to the owner; and they will be detached from the events when the behavior is detached from the component.
The callbacks can be any of the following:
- method in this behavior:
'handleClick'
, equivalent to[$this, 'handleClick']
- object method:
[$object, 'handleClick']
- static method:
['Page', 'handleClick']
- anonymous function:
function ($event) { ... }
The following is an example:
[
Model::EVENT_BEFORE_VALIDATE => 'myBeforeValidate',
Model::EVENT_AFTER_VALIDATE => 'myAfterValidate',
]
public array events ( ) | ||
return | array |
Events (array keys) and the corresponding event handler methods (array values). |
---|
public function events()
{
return [];
}
Defined in: yii\base\ActionFilter::getActionId()
Returns an action ID by converting yii\base\Action::$uniqueId into an ID relative to the module.
protected string getActionId ( $action ) | ||
$action | yii\base\Action |
protected function getActionId($action)
{
if ($this->owner instanceof Module) {
$mid = $this->owner->getUniqueId();
$id = $action->getUniqueId();
if ($mid !== '' && strpos($id, $mid) === 0) {
$id = substr($id, strlen($mid) + 1);
}
} else {
$id = $action->id;
}
return $id;
}
Defined in: yii\filters\auth\AuthMethod::handleFailure()
Handles authentication failure.
The implementation should normally throw UnauthorizedHttpException to indicate authentication failure.
public void handleFailure ( $response ) | ||
$response | yii\web\Response | |
throws | yii\web\UnauthorizedHttpException |
---|
public function handleFailure($response)
{
throw new UnauthorizedHttpException('Your request was made with invalid credentials.');
}
Defined in: yii\base\BaseObject::hasMethod()
Returns a value indicating whether a method is defined.
The default implementation is a call to php function method_exists()
.
You may override this method when you implemented the php magic method __call()
.
public boolean hasMethod ( $name ) | ||
$name | string |
The method name |
return | boolean |
Whether the method is defined |
---|
public function hasMethod($name)
{
return method_exists($this, $name);
}
Defined in: yii\base\BaseObject::hasProperty()
Returns a value indicating whether a property is defined.
A property is defined if:
- the class has a getter or setter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVars
is true);
See also:
public boolean hasProperty ( $name, $checkVars = true ) | ||
$name | string |
The property name |
$checkVars | boolean |
Whether to treat member variables as properties |
return | boolean |
Whether the property is defined |
---|
public function hasProperty($name, $checkVars = true)
{
return $this->canGetProperty($name, $checkVars) || $this->canSetProperty($name, false);
}
Defined in: yii\base\BaseObject::init()
Initializes the object.
This method is invoked at the end of the constructor after the object is initialized with the given configuration.
public void init ( ) |
public function init()
{
}
Defined in: yii\base\ActionFilter::isActive()
Returns a value indicating whether the filter is active for the given action.
protected boolean isActive ( $action ) | ||
$action | yii\base\Action |
The action being filtered |
return | boolean |
Whether the filter is active for the given action. |
---|
protected function isActive($action)
{
$id = $this->getActionId($action);
if (empty($this->only)) {
$onlyMatch = true;
} else {
$onlyMatch = false;
foreach ($this->only as $pattern) {
if (StringHelper::matchWildcard($pattern, $id)) {
$onlyMatch = true;
break;
}
}
}
$exceptMatch = false;
foreach ($this->except as $pattern) {
if (StringHelper::matchWildcard($pattern, $id)) {
$exceptMatch = true;
break;
}
}
return !$exceptMatch && $onlyMatch;
}
Defined in: yii\filters\auth\AuthMethod::isOptional()
Checks, whether authentication is optional for the given action.
See also $optional.
protected boolean isOptional ( $action ) | ||
$action | yii\base\Action |
Action to be checked. |
return | boolean |
Whether authentication is optional or not. |
---|
protected function isOptional($action)
{
$id = $this->getActionId($action);
foreach ($this->optional as $pattern) {
if (StringHelper::matchWildcard($pattern, $id)) {
return true;
}
}
return false;
}