/** * The filter method for 'accessControl' filter. * This filter is a wrapper of {@link CAccessControlFilter}. * To use this filter, you must override {@link accessRules} method. * @param CFilterChain $filterChain the filter chain that the filter is on. */ public function filterApiAuth($filterChain) { //init extension before all else. Makes sure everything becomes autoloadable. Yii::app()->apiAuth; ApiAuth::beginProfile("ext.apiAuth.AController.filterApiAuth()", "ext.apiAuth.AController"); $filter = new AAuthFilter(); $filter->setRules($this->apiAuthRules()); $filter->filter($filterChain); ApiAuth::endProfile("ext.apiAuth.AController.filterApiAuth()", "ext.apiAuth.AController"); }
public function preFilter($filterChain) { $app = Yii::app(); $request = $app->getRequest(); $verb = $request->getRequestType(); $ip = $request->getUserHostAddress(); //always run authenticator if no rules specified $rules = $this->getRules(); if (empty($rules)) { ApiAuth::beginProfile("ext.apiAuth.AAuthFilter.getAuthenticator()", "ext.apiAuth.AAuthFilter"); $authenticator = $this->getAuthenticator(); ApiAuth::endProfile("ext.apiAuth.AAuthFilter.getAuthenticator()", "ext.apiAuth.AAuthFilter"); ApiAuth::beginProfile("ext.apiAuth.AAuthFilter.login()", "ext.apiAuth.AAuthFilter"); if ($authenticator->login()) { ApiAuth::endProfile("ext.apiAuth.AAuthFilter.login()", "ext.apiAuth.AAuthFilter"); return true; } ApiAuth::endProfile("ext.apiAuth.AAuthFilter.login()", "ext.apiAuth.AAuthFilter"); //unauthenticated $authenticator->unauthenticated(); } //Run authenticator only when rules are specified and one of the rules require it foreach ($rules as $rule) { /* @var $rule AAuthRule */ //auth required? if (($required = $rule->authenticationRequired($filterChain->controller, $filterChain->action, $ip, $verb)) > 0) { $authenticator = $this->getAuthenticator(); if ($authenticator->login()) { return true; //authentication succesfull, don't process any other rules in this filter. } else { //authentication failed if (isset($rule->deniedCallback)) { call_user_func($rule->deniedCallback, $rule); } else { $authenticator->unauthenticated($this->resolveErrorMessage($rule)); } return false; } } else { if ($required < 0) { return true; //anonymous access allowed, don't process any other rules in this filter. } } } return true; }
protected function authenticate() { // check if an api key has been specified if (!isset($_SERVER['HTTP_API_KEY'])) { $this->_sendResponse(500, 'Error: Parameter <b>API key</b> is missing'); Yii::app()->end(); } // grab api key in headers $api_key = $_SERVER['HTTP_API_KEY']; // verify api key against database $key_exists = ApiAuth::model()->find('valid_key=:api_key', array(':api_key' => $api_key)); if (count($key_exists) <= 0) { // key does not exist $this->_sendResponse(401, 'Invalid API Key!'); Yii::app()->end(); } }
public function down() { Yii::import('ext.apiAuth.*'); $this->dropTable(ApiAuth::getTablePrefix() . 'nonce'); }
/** * Process the authentication request and login the UserIdentity to Yii's user component. * Do not modify this method. If you want to customize the authenticators behavior * override the beforeAuthentication and authenticate methods in a derived authenticator class. * * @return boolean True if authentication successfull, false otherwise. */ public final function login() { //preprocessing ApiAuth::beginProfile("ext.apiAuth.AHttpAuthenticator.beforeAuthentication()", "ext.apiAuth.AHttpAuthenticator"); if ($this->beforeAuthentication()) { ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.beforeAuthentication()", "ext.apiAuth.AHttpAuthenticator"); //auth ApiAuth::beginProfile("ext.apiAuth.AHttpAuthenticator.authenticate()", "ext.apiAuth.AHttpAuthenticator"); if ($this->authenticate()) { ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.authenticate()", "ext.apiAuth.AHttpAuthenticator"); //check if authentication behavior was performed on this user identity //if not, throw an exception. This module was misconfigured by the programmer. if (!$this->isPasswordValidationPerformed()) { //Message for the programmer that get's this error: //This was your own fault for either not reading the README.md file when configuring the module //or for making an adjustment that broke it. Please try to fix it yourself and //please don't ask the author of this extension for help. ;) //HINT: The problem exists in the current UserIdentity->authorize() method $msg = YII_DEBUG ? ". Description: UserIdentity does not implement valid API password validation logic" : ""; throw new Exception("Internal Server Error" . $msg); } //post processing ApiAuth::beginProfile("ext.apiAuth.AHttpAuthenticator.afterAuthentication()", "ext.apiAuth.AHttpAuthenticator"); $this->afterAuthentication(); ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.afterAuthentication()", "ext.apiAuth.AHttpAuthenticator"); //log in Yii::app()->user->login($this->identity); return true; } else { ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.authenticate()", "ext.apiAuth.AHttpAuthenticator"); //auth failed return false; } } ApiAuth::endProfile("ext.apiAuth.AHttpAuthenticator.beforeAuthentication()", "ext.apiAuth.AHttpAuthenticator"); //preprocessing failed return false; }
/** * @param string $password * @return boolean */ public function apiAuthValidatePassword($password) { //compare user supplied password against the password we know. return ApiAuth::encryptBasic($this->owner->password) === $password; }
/** * @return string the associated database table name */ public function tableName() { return ApiAuth::getTablePrefix() . 'nonce'; }
/** * Returns the data model based on the primary key given in the GET variable. * If the data model is not found, an HTTP exception will be raised. * @param integer $id the ID of the model to be loaded * @return ApiAuth the loaded model * @throws CHttpException */ public function loadModel($id) { $model = ApiAuth::model()->findByPk($id); if ($model === null) { throw new CHttpException(404, 'The requested page does not exist.'); } return $model; }