/**
* The filter method for 'accessControl' filter.
* This filter is a wrapper of {@link CAccessControlFilter}.
* To use this filter, you must override {@link accessRules} method.
* @param CFilterChain $filterChain the filter chain that the filter is on.
*/
public function filterApiAuth($filterChain)
{
//init extension before all else. Makes sure everything becomes autoloadable.
Yii::app()->apiAuth;
ApiAuth::beginProfile("ext.apiAuth.AController.filterApiAuth()", "ext.apiAuth.AController");
$filter = new AAuthFilter();
$filter->setRules($this->apiAuthRules());
$filter->filter($filterChain);
ApiAuth::endProfile("ext.apiAuth.AController.filterApiAuth()", "ext.apiAuth.AController");
}
public function preFilter($filterChain)
{
$app = Yii::app();
$request = $app->getRequest();
$verb = $request->getRequestType();
$ip = $request->getUserHostAddress();
//always run authenticator if no rules specified
$rules = $this->getRules();
if (empty($rules)) {
ApiAuth::beginProfile("ext.apiAuth.AAuthFilter.getAuthenticator()", "ext.apiAuth.AAuthFilter");
$authenticator = $this->getAuthenticator();
ApiAuth::endProfile("ext.apiAuth.AAuthFilter.getAuthenticator()", "ext.apiAuth.AAuthFilter");
ApiAuth::beginProfile("ext.apiAuth.AAuthFilter.login()", "ext.apiAuth.AAuthFilter");
if ($authenticator->login()) {
ApiAuth::endProfile("ext.apiAuth.AAuthFilter.login()", "ext.apiAuth.AAuthFilter");
return true;
}
ApiAuth::endProfile("ext.apiAuth.AAuthFilter.login()", "ext.apiAuth.AAuthFilter");
//unauthenticated
$authenticator->unauthenticated();
}
//Run authenticator only when rules are specified and one of the rules require it
foreach ($rules as $rule) {
/* @var $rule AAuthRule */
//auth required?
if (($required = $rule->authenticationRequired($filterChain->controller, $filterChain->action, $ip, $verb)) > 0) {
$authenticator = $this->getAuthenticator();
if ($authenticator->login()) {
return true;
//authentication succesfull, don't process any other rules in this filter.
} else {
//authentication failed
if (isset($rule->deniedCallback)) {
call_user_func($rule->deniedCallback, $rule);
} else {
$authenticator->unauthenticated($this->resolveErrorMessage($rule));
}
return false;
}
} else {
if ($required < 0) {
return true;
//anonymous access allowed, don't process any other rules in this filter.
}
}
}
return true;
}
protected function authenticate()
{
// check if an api key has been specified
if (!isset($_SERVER['HTTP_API_KEY'])) {
$this->_sendResponse(500, 'Error: Parameter <b>API key</b> is missing');
Yii::app()->end();
}
// grab api key in headers
$api_key = $_SERVER['HTTP_API_KEY'];
// verify api key against database
$key_exists = ApiAuth::model()->find('valid_key=:api_key', array(':api_key' => $api_key));
if (count($key_exists) <= 0) {
// key does not exist
$this->_sendResponse(401, 'Invalid API Key!');
Yii::app()->end();
}
}
public function down()
{
Yii::import('ext.apiAuth.*');
$this->dropTable(ApiAuth::getTablePrefix() . 'nonce');
}
/**
* Process the authentication request and login the UserIdentity to Yii's user component.
* Do not modify this method. If you want to customize the authenticators behavior
* override the beforeAuthentication and authenticate methods in a derived authenticator class.
*
* @return boolean True if authentication successfull, false otherwise.
*/
public final function login()
{
//preprocessing
ApiAuth::beginProfile("ext.apiAuth.AHttpAuthenticator.beforeAuthentication()", "ext.apiAuth.AHttpAuthenticator");
if ($this->beforeAuthentication()) {
ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.beforeAuthentication()", "ext.apiAuth.AHttpAuthenticator");
//auth
ApiAuth::beginProfile("ext.apiAuth.AHttpAuthenticator.authenticate()", "ext.apiAuth.AHttpAuthenticator");
if ($this->authenticate()) {
ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.authenticate()", "ext.apiAuth.AHttpAuthenticator");
//check if authentication behavior was performed on this user identity
//if not, throw an exception. This module was misconfigured by the programmer.
if (!$this->isPasswordValidationPerformed()) {
//Message for the programmer that get's this error:
//This was your own fault for either not reading the README.md file when configuring the module
//or for making an adjustment that broke it. Please try to fix it yourself and
//please don't ask the author of this extension for help. ;)
//HINT: The problem exists in the current UserIdentity->authorize() method
$msg = YII_DEBUG ? ". Description: UserIdentity does not implement valid API password validation logic" : "";
throw new Exception("Internal Server Error" . $msg);
}
//post processing
ApiAuth::beginProfile("ext.apiAuth.AHttpAuthenticator.afterAuthentication()", "ext.apiAuth.AHttpAuthenticator");
$this->afterAuthentication();
ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.afterAuthentication()", "ext.apiAuth.AHttpAuthenticator");
//log in
Yii::app()->user->login($this->identity);
return true;
} else {
ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.authenticate()", "ext.apiAuth.AHttpAuthenticator");
//auth failed
return false;
}
}
ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.beforeAuthentication()", "ext.apiAuth.AHttpAuthenticator");
//preprocessing failed
return false;
}
/**
* @param string $password
* @return boolean
*/
public function apiAuthValidatePassword($password)
{
//compare user supplied password against the password we know.
return ApiAuth::encryptBasic($this->owner->password) === $password;
}
/**
* @return string the associated database table name
*/
public function tableName()
{
return ApiAuth::getTablePrefix() . 'nonce';
}
/**
* Returns the data model based on the primary key given in the GET variable.
* If the data model is not found, an HTTP exception will be raised.
* @param integer $id the ID of the model to be loaded
* @return ApiAuth the loaded model
* @throws CHttpException
*/
public function loadModel($id)
{
$model = ApiAuth::model()->findByPk($id);
if ($model === null) {
throw new CHttpException(404, 'The requested page does not exist.');
}
return $model;
}
