/** * The filter method for 'accessControl' filter. * This filter is a wrapper of {@link CAccessControlFilter}. * To use this filter, you must override {@link accessRules} method. * @param CFilterChain $filterChain the filter chain that the filter is on. */ public function filterApiAuth($filterChain) { //init extension before all else. Makes sure everything becomes autoloadable. Yii::app()->apiAuth; ApiAuth::beginProfile("ext.apiAuth.AController.filterApiAuth()", "ext.apiAuth.AController"); $filter = new AAuthFilter(); $filter->setRules($this->apiAuthRules()); $filter->filter($filterChain); ApiAuth::endProfile("ext.apiAuth.AController.filterApiAuth()", "ext.apiAuth.AController"); }
public function preFilter($filterChain) { $app = Yii::app(); $request = $app->getRequest(); $verb = $request->getRequestType(); $ip = $request->getUserHostAddress(); //always run authenticator if no rules specified $rules = $this->getRules(); if (empty($rules)) { ApiAuth::beginProfile("ext.apiAuth.AAuthFilter.getAuthenticator()", "ext.apiAuth.AAuthFilter"); $authenticator = $this->getAuthenticator(); ApiAuth::endProfile("ext.apiAuth.AAuthFilter.getAuthenticator()", "ext.apiAuth.AAuthFilter"); ApiAuth::beginProfile("ext.apiAuth.AAuthFilter.login()", "ext.apiAuth.AAuthFilter"); if ($authenticator->login()) { ApiAuth::endProfile("ext.apiAuth.AAuthFilter.login()", "ext.apiAuth.AAuthFilter"); return true; } ApiAuth::endProfile("ext.apiAuth.AAuthFilter.login()", "ext.apiAuth.AAuthFilter"); //unauthenticated $authenticator->unauthenticated(); } //Run authenticator only when rules are specified and one of the rules require it foreach ($rules as $rule) { /* @var $rule AAuthRule */ //auth required? if (($required = $rule->authenticationRequired($filterChain->controller, $filterChain->action, $ip, $verb)) > 0) { $authenticator = $this->getAuthenticator(); if ($authenticator->login()) { return true; //authentication succesfull, don't process any other rules in this filter. } else { //authentication failed if (isset($rule->deniedCallback)) { call_user_func($rule->deniedCallback, $rule); } else { $authenticator->unauthenticated($this->resolveErrorMessage($rule)); } return false; } } else { if ($required < 0) { return true; //anonymous access allowed, don't process any other rules in this filter. } } } return true; }
/** * Process the authentication request and login the UserIdentity to Yii's user component. * Do not modify this method. If you want to customize the authenticators behavior * override the beforeAuthentication and authenticate methods in a derived authenticator class. * * @return boolean True if authentication successfull, false otherwise. */ public final function login() { //preprocessing ApiAuth::beginProfile("ext.apiAuth.AHttpAuthenticator.beforeAuthentication()", "ext.apiAuth.AHttpAuthenticator"); if ($this->beforeAuthentication()) { ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.beforeAuthentication()", "ext.apiAuth.AHttpAuthenticator"); //auth ApiAuth::beginProfile("ext.apiAuth.AHttpAuthenticator.authenticate()", "ext.apiAuth.AHttpAuthenticator"); if ($this->authenticate()) { ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.authenticate()", "ext.apiAuth.AHttpAuthenticator"); //check if authentication behavior was performed on this user identity //if not, throw an exception. This module was misconfigured by the programmer. if (!$this->isPasswordValidationPerformed()) { //Message for the programmer that get's this error: //This was your own fault for either not reading the README.md file when configuring the module //or for making an adjustment that broke it. Please try to fix it yourself and //please don't ask the author of this extension for help. ;) //HINT: The problem exists in the current UserIdentity->authorize() method $msg = YII_DEBUG ? ". Description: UserIdentity does not implement valid API password validation logic" : ""; throw new Exception("Internal Server Error" . $msg); } //post processing ApiAuth::beginProfile("ext.apiAuth.AHttpAuthenticator.afterAuthentication()", "ext.apiAuth.AHttpAuthenticator"); $this->afterAuthentication(); ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.afterAuthentication()", "ext.apiAuth.AHttpAuthenticator"); //log in Yii::app()->user->login($this->identity); return true; } else { ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.authenticate()", "ext.apiAuth.AHttpAuthenticator"); //auth failed return false; } } ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.beforeAuthentication()", "ext.apiAuth.AHttpAuthenticator"); //preprocessing failed return false; }