/**
* The filter method for 'accessControl' filter.
* This filter is a wrapper of {@link CAccessControlFilter}.
* To use this filter, you must override {@link accessRules} method.
* @param CFilterChain $filterChain the filter chain that the filter is on.
*/
public function filterApiAuth($filterChain)
{
//init extension before all else. Makes sure everything becomes autoloadable.
Yii::app()->apiAuth;
ApiAuth::beginProfile("ext.apiAuth.AController.filterApiAuth()", "ext.apiAuth.AController");
$filter = new AAuthFilter();
$filter->setRules($this->apiAuthRules());
$filter->filter($filterChain);
ApiAuth::endProfile("ext.apiAuth.AController.filterApiAuth()", "ext.apiAuth.AController");
}
public function preFilter($filterChain)
{
$app = Yii::app();
$request = $app->getRequest();
$verb = $request->getRequestType();
$ip = $request->getUserHostAddress();
//always run authenticator if no rules specified
$rules = $this->getRules();
if (empty($rules)) {
ApiAuth::beginProfile("ext.apiAuth.AAuthFilter.getAuthenticator()", "ext.apiAuth.AAuthFilter");
$authenticator = $this->getAuthenticator();
ApiAuth::endProfile("ext.apiAuth.AAuthFilter.getAuthenticator()", "ext.apiAuth.AAuthFilter");
ApiAuth::beginProfile("ext.apiAuth.AAuthFilter.login()", "ext.apiAuth.AAuthFilter");
if ($authenticator->login()) {
ApiAuth::endProfile("ext.apiAuth.AAuthFilter.login()", "ext.apiAuth.AAuthFilter");
return true;
}
ApiAuth::endProfile("ext.apiAuth.AAuthFilter.login()", "ext.apiAuth.AAuthFilter");
//unauthenticated
$authenticator->unauthenticated();
}
//Run authenticator only when rules are specified and one of the rules require it
foreach ($rules as $rule) {
/* @var $rule AAuthRule */
//auth required?
if (($required = $rule->authenticationRequired($filterChain->controller, $filterChain->action, $ip, $verb)) > 0) {
$authenticator = $this->getAuthenticator();
if ($authenticator->login()) {
return true;
//authentication succesfull, don't process any other rules in this filter.
} else {
//authentication failed
if (isset($rule->deniedCallback)) {
call_user_func($rule->deniedCallback, $rule);
} else {
$authenticator->unauthenticated($this->resolveErrorMessage($rule));
}
return false;
}
} else {
if ($required < 0) {
return true;
//anonymous access allowed, don't process any other rules in this filter.
}
}
}
return true;
}
/**
* Process the authentication request and login the UserIdentity to Yii's user component.
* Do not modify this method. If you want to customize the authenticators behavior
* override the beforeAuthentication and authenticate methods in a derived authenticator class.
*
* @return boolean True if authentication successfull, false otherwise.
*/
public final function login()
{
//preprocessing
ApiAuth::beginProfile("ext.apiAuth.AHttpAuthenticator.beforeAuthentication()", "ext.apiAuth.AHttpAuthenticator");
if ($this->beforeAuthentication()) {
ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.beforeAuthentication()", "ext.apiAuth.AHttpAuthenticator");
//auth
ApiAuth::beginProfile("ext.apiAuth.AHttpAuthenticator.authenticate()", "ext.apiAuth.AHttpAuthenticator");
if ($this->authenticate()) {
ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.authenticate()", "ext.apiAuth.AHttpAuthenticator");
//check if authentication behavior was performed on this user identity
//if not, throw an exception. This module was misconfigured by the programmer.
if (!$this->isPasswordValidationPerformed()) {
//Message for the programmer that get's this error:
//This was your own fault for either not reading the README.md file when configuring the module
//or for making an adjustment that broke it. Please try to fix it yourself and
//please don't ask the author of this extension for help. ;)
//HINT: The problem exists in the current UserIdentity->authorize() method
$msg = YII_DEBUG ? ". Description: UserIdentity does not implement valid API password validation logic" : "";
throw new Exception("Internal Server Error" . $msg);
}
//post processing
ApiAuth::beginProfile("ext.apiAuth.AHttpAuthenticator.afterAuthentication()", "ext.apiAuth.AHttpAuthenticator");
$this->afterAuthentication();
ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.afterAuthentication()", "ext.apiAuth.AHttpAuthenticator");
//log in
Yii::app()->user->login($this->identity);
return true;
} else {
ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.authenticate()", "ext.apiAuth.AHttpAuthenticator");
//auth failed
return false;
}
}
ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.beforeAuthentication()", "ext.apiAuth.AHttpAuthenticator");
//preprocessing failed
return false;
}
