Class yii\filters\auth\HttpBearerAuth
Inheritance | yii\filters\auth\HttpBearerAuth » yii\filters\auth\HttpHeaderAuth » yii\filters\auth\AuthMethod » yii\base\ActionFilter » yii\base\Behavior » yii\base\BaseObject |
---|---|
Implements | yii\base\Configurable, yii\filters\auth\AuthInterface |
Available since version | 2.0 |
Source Code | https://github.com/yiisoft/yii2/blob/master/framework/filters/auth/HttpBearerAuth.php |
HttpBearerAuth is an action filter that supports the authentication method based on HTTP Bearer token.
You may use HttpBearerAuth by attaching it as a behavior to a controller or module, like the following:
public function behaviors()
{
return [
'bearerAuth' => [
'class' => \yii\filters\auth\HttpBearerAuth::class,
],
];
}
Public Properties
Property | Type | Description | Defined By |
---|---|---|---|
$except | array | List of action IDs that this filter should not apply to. | yii\base\ActionFilter |
$header | string | The HTTP header name | yii\filters\auth\HttpBearerAuth |
$only | array | List of action IDs that this filter should apply to. | yii\base\ActionFilter |
$optional | array | List of action IDs that this filter will be applied to, but auth failure will not lead to error. | yii\filters\auth\AuthMethod |
$owner | yii\base\Component|null | The owner of this behavior | yii\base\Behavior |
$pattern | string | A pattern to use to extract the HTTP authentication value | yii\filters\auth\HttpBearerAuth |
$realm | string | The HTTP authentication realm | yii\filters\auth\HttpBearerAuth |
$request | yii\web\Request|null | The current request. | yii\filters\auth\AuthMethod |
$response | yii\web\Response|null | The response to be sent. | yii\filters\auth\AuthMethod |
$user | yii\web\User|null | The user object representing the user authentication status. | yii\filters\auth\AuthMethod |
Public Methods
Method | Description | Defined By |
---|---|---|
__call() | Calls the named method which is not a class method. | yii\base\BaseObject |
__construct() | Constructor. | yii\base\BaseObject |
__get() | Returns the value of an object property. | yii\base\BaseObject |
__isset() | Checks if a property is set, i.e. defined and not null. | yii\base\BaseObject |
__set() | Sets value of an object property. | yii\base\BaseObject |
__unset() | Sets an object property to null. | yii\base\BaseObject |
afterAction() | This method is invoked right after an action is executed. | yii\base\ActionFilter |
afterFilter() | yii\base\ActionFilter | |
attach() | Attaches the behavior object to the component. | yii\base\ActionFilter |
authenticate() | Authenticates the current user. | yii\filters\auth\HttpHeaderAuth |
beforeAction() | This method is invoked right before an action is to be executed (after all possible filters.) You may override this method to do last-minute preparation for the action. | yii\filters\auth\AuthMethod |
beforeFilter() | yii\base\ActionFilter | |
canGetProperty() | Returns a value indicating whether a property can be read. | yii\base\BaseObject |
canSetProperty() | Returns a value indicating whether a property can be set. | yii\base\BaseObject |
challenge() | Generates challenges upon authentication failure. | yii\filters\auth\HttpBearerAuth |
className() | Returns the fully qualified name of this class. | yii\base\BaseObject |
detach() | Detaches the behavior object from the component. | yii\base\ActionFilter |
events() | Declares event handlers for the $owner's events. | yii\base\Behavior |
handleFailure() | Handles authentication failure. | yii\filters\auth\AuthMethod |
hasMethod() | Returns a value indicating whether a method is defined. | yii\base\BaseObject |
hasProperty() | Returns a value indicating whether a property is defined. | yii\base\BaseObject |
init() | Initializes the object. | yii\base\BaseObject |
Protected Methods
Method | Description | Defined By |
---|---|---|
getActionId() | Returns an action ID by converting yii\base\Action::$uniqueId into an ID relative to the module. | yii\base\ActionFilter |
isActive() | Returns a value indicating whether the filter is active for the given action. | yii\base\ActionFilter |
isOptional() | Checks, whether authentication is optional for the given action. | yii\filters\auth\AuthMethod |
Property Details
A pattern to use to extract the HTTP authentication value
Method Details
Defined in: yii\base\BaseObject::__call()
Calls the named method which is not a class method.
Do not call this method directly as it is a PHP magic method that will be implicitly called when an unknown method is being invoked.
public mixed __call ( $name, $params ) | ||
$name | string |
The method name |
$params | array |
Method parameters |
return | mixed |
The method return value |
---|---|---|
throws | yii\base\UnknownMethodException |
when calling unknown method |
public function __call($name, $params)
{
throw new UnknownMethodException('Calling unknown method: ' . get_class($this) . "::$name()");
}
Defined in: yii\base\BaseObject::__construct()
Constructor.
The default implementation does two things:
- Initializes the object with the given configuration
$config
. - Call init().
If this method is overridden in a child class, it is recommended that
- the last parameter of the constructor is a configuration array, like
$config
here. - call the parent implementation at the end of the constructor.
public void __construct ( $config = [] ) | ||
$config | array |
Name-value pairs that will be used to initialize the object properties |
public function __construct($config = [])
{
if (!empty($config)) {
Yii::configure($this, $config);
}
$this->init();
}
Defined in: yii\base\BaseObject::__get()
Returns the value of an object property.
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing $value = $object->property;
.
See also __set().
public mixed __get ( $name ) | ||
$name | string |
The property name |
return | mixed |
The property value |
---|---|---|
throws | yii\base\UnknownPropertyException |
if the property is not defined |
throws | yii\base\InvalidCallException |
if the property is write-only |
public function __get($name)
{
$getter = 'get' . $name;
if (method_exists($this, $getter)) {
return $this->$getter();
} elseif (method_exists($this, 'set' . $name)) {
throw new InvalidCallException('Getting write-only property: ' . get_class($this) . '::' . $name);
}
throw new UnknownPropertyException('Getting unknown property: ' . get_class($this) . '::' . $name);
}
Defined in: yii\base\BaseObject::__isset()
Checks if a property is set, i.e. defined and not null.
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing isset($object->property)
.
Note that if the property is not defined, false will be returned.
public boolean __isset ( $name ) | ||
$name | string |
The property name or the event name |
return | boolean |
Whether the named property is set (not null). |
---|
public function __isset($name)
{
$getter = 'get' . $name;
if (method_exists($this, $getter)) {
return $this->$getter() !== null;
}
return false;
}
Defined in: yii\base\BaseObject::__set()
Sets value of an object property.
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing $object->property = $value;
.
See also __get().
public void __set ( $name, $value ) | ||
$name | string |
The property name or the event name |
$value | mixed |
The property value |
throws | yii\base\UnknownPropertyException |
if the property is not defined |
---|---|---|
throws | yii\base\InvalidCallException |
if the property is read-only |
public function __set($name, $value)
{
$setter = 'set' . $name;
if (method_exists($this, $setter)) {
$this->$setter($value);
} elseif (method_exists($this, 'get' . $name)) {
throw new InvalidCallException('Setting read-only property: ' . get_class($this) . '::' . $name);
} else {
throw new UnknownPropertyException('Setting unknown property: ' . get_class($this) . '::' . $name);
}
}
Defined in: yii\base\BaseObject::__unset()
Sets an object property to null.
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing unset($object->property)
.
Note that if the property is not defined, this method will do nothing. If the property is read-only, it will throw an exception.
public void __unset ( $name ) | ||
$name | string |
The property name |
throws | yii\base\InvalidCallException |
if the property is read only. |
---|
public function __unset($name)
{
$setter = 'set' . $name;
if (method_exists($this, $setter)) {
$this->$setter(null);
} elseif (method_exists($this, 'get' . $name)) {
throw new InvalidCallException('Unsetting read-only property: ' . get_class($this) . '::' . $name);
}
}
Defined in: yii\base\ActionFilter::afterAction()
This method is invoked right after an action is executed.
You may override this method to do some postprocessing for the action.
public mixed afterAction ( $action, $result ) | ||
$action | yii\base\Action |
The action just executed. |
$result | mixed |
The action execution result |
return | mixed |
The processed action result. |
---|
public function afterAction($action, $result)
{
return $result;
}
Defined in: yii\base\ActionFilter::afterFilter()
public void afterFilter ( $event ) | ||
$event | yii\base\ActionEvent |
public function afterFilter($event)
{
$event->result = $this->afterAction($event->action, $event->result);
$this->owner->off(Controller::EVENT_AFTER_ACTION, [$this, 'afterFilter']);
}
Defined in: yii\base\ActionFilter::attach()
Attaches the behavior object to the component.
The default implementation will set the $owner property and attach event handlers as declared in events(). Make sure you call the parent implementation if you override this method.
public void attach ( $owner ) | ||
$owner | yii\base\Component |
The component that this behavior is to be attached to. |
public function attach($owner)
{
$this->owner = $owner;
$owner->on(Controller::EVENT_BEFORE_ACTION, [$this, 'beforeFilter']);
}
Defined in: yii\filters\auth\HttpHeaderAuth::authenticate()
Authenticates the current user.
public yii\web\IdentityInterface|null authenticate ( $user, $request, $response ) | ||
$user | yii\web\User | |
$request | yii\web\Request | |
$response | yii\web\Response | |
return | yii\web\IdentityInterface|null |
The authenticated user identity. If authentication information is not provided, null will be returned. |
---|---|---|
throws | yii\web\UnauthorizedHttpException |
if authentication information is provided but is invalid. |
public function authenticate($user, $request, $response)
{
$authHeader = $request->getHeaders()->get($this->header);
if ($authHeader !== null) {
if ($this->pattern !== null) {
if (preg_match($this->pattern, $authHeader, $matches)) {
$authHeader = $matches[1];
} else {
return null;
}
}
$identity = $user->loginByAccessToken($authHeader, get_class($this));
if ($identity === null) {
$this->challenge($response);
$this->handleFailure($response);
}
return $identity;
}
return null;
}
Defined in: yii\filters\auth\AuthMethod::beforeAction()
This method is invoked right before an action is to be executed (after all possible filters.) You may override this method to do last-minute preparation for the action.
public boolean beforeAction ( $action ) | ||
$action | yii\base\Action |
The action to be executed. |
return | boolean |
Whether the action should continue to be executed. |
---|
public function beforeAction($action)
{
$response = $this->response ?: Yii::$app->getResponse();
try {
$identity = $this->authenticate(
$this->user ?: Yii::$app->getUser(),
$this->request ?: Yii::$app->getRequest(),
$response
);
} catch (UnauthorizedHttpException $e) {
if ($this->isOptional($action)) {
return true;
}
throw $e;
}
if ($identity !== null || $this->isOptional($action)) {
return true;
}
$this->challenge($response);
$this->handleFailure($response);
return false;
}
Defined in: yii\base\ActionFilter::beforeFilter()
public void beforeFilter ( $event ) | ||
$event | yii\base\ActionEvent |
public function beforeFilter($event)
{
if (!$this->isActive($event->action)) {
return;
}
$event->isValid = $this->beforeAction($event->action);
if ($event->isValid) {
// call afterFilter only if beforeFilter succeeds
// beforeFilter and afterFilter should be properly nested
$this->owner->on(Controller::EVENT_AFTER_ACTION, [$this, 'afterFilter'], null, false);
} else {
$event->handled = true;
}
}
Defined in: yii\base\BaseObject::canGetProperty()
Returns a value indicating whether a property can be read.
A property is readable if:
- the class has a getter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVars
is true);
See also canSetProperty().
public boolean canGetProperty ( $name, $checkVars = true ) | ||
$name | string |
The property name |
$checkVars | boolean |
Whether to treat member variables as properties |
return | boolean |
Whether the property can be read |
---|
public function canGetProperty($name, $checkVars = true)
{
return method_exists($this, 'get' . $name) || $checkVars && property_exists($this, $name);
}
Defined in: yii\base\BaseObject::canSetProperty()
Returns a value indicating whether a property can be set.
A property is writable if:
- the class has a setter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVars
is true);
See also canGetProperty().
public boolean canSetProperty ( $name, $checkVars = true ) | ||
$name | string |
The property name |
$checkVars | boolean |
Whether to treat member variables as properties |
return | boolean |
Whether the property can be written |
---|
public function canSetProperty($name, $checkVars = true)
{
return method_exists($this, 'set' . $name) || $checkVars && property_exists($this, $name);
}
Generates challenges upon authentication failure.
For example, some appropriate HTTP headers may be generated.
public void challenge ( $response ) | ||
$response | yii\web\Response |
public function challenge($response)
{
$response->getHeaders()->set('WWW-Authenticate', "Bearer realm=\"{$this->realm}\"");
}
::class
instead.
Defined in: yii\base\BaseObject::className()
Returns the fully qualified name of this class.
public static string className ( ) | ||
return | string |
The fully qualified name of this class. |
---|
public static function className()
{
return get_called_class();
}
Defined in: yii\base\ActionFilter::detach()
Detaches the behavior object from the component.
The default implementation will unset the $owner property and detach event handlers declared in events(). Make sure you call the parent implementation if you override this method.
public void detach ( ) |
public function detach()
{
if ($this->owner) {
$this->owner->off(Controller::EVENT_BEFORE_ACTION, [$this, 'beforeFilter']);
$this->owner->off(Controller::EVENT_AFTER_ACTION, [$this, 'afterFilter']);
$this->owner = null;
}
}
Defined in: yii\base\Behavior::events()
Declares event handlers for the $owner's events.
Child classes may override this method to declare what PHP callbacks should be attached to the events of the $owner component.
The callbacks will be attached to the $owner's events when the behavior is attached to the owner; and they will be detached from the events when the behavior is detached from the component.
The callbacks can be any of the following:
- method in this behavior:
'handleClick'
, equivalent to[$this, 'handleClick']
- object method:
[$object, 'handleClick']
- static method:
['Page', 'handleClick']
- anonymous function:
function ($event) { ... }
The following is an example:
[
Model::EVENT_BEFORE_VALIDATE => 'myBeforeValidate',
Model::EVENT_AFTER_VALIDATE => 'myAfterValidate',
]
public array events ( ) | ||
return | array |
Events (array keys) and the corresponding event handler methods (array values). |
---|
public function events()
{
return [];
}
Defined in: yii\base\ActionFilter::getActionId()
Returns an action ID by converting yii\base\Action::$uniqueId into an ID relative to the module.
protected string getActionId ( $action ) | ||
$action | yii\base\Action |
protected function getActionId($action)
{
if ($this->owner instanceof Module) {
$mid = $this->owner->getUniqueId();
$id = $action->getUniqueId();
if ($mid !== '' && strpos($id, $mid) === 0) {
$id = substr($id, strlen($mid) + 1);
}
} else {
$id = $action->id;
}
return $id;
}
Defined in: yii\filters\auth\AuthMethod::handleFailure()
Handles authentication failure.
The implementation should normally throw UnauthorizedHttpException to indicate authentication failure.
public void handleFailure ( $response ) | ||
$response | yii\web\Response | |
throws | yii\web\UnauthorizedHttpException |
---|
public function handleFailure($response)
{
throw new UnauthorizedHttpException('Your request was made with invalid credentials.');
}
Defined in: yii\base\BaseObject::hasMethod()
Returns a value indicating whether a method is defined.
The default implementation is a call to php function method_exists()
.
You may override this method when you implemented the php magic method __call()
.
public boolean hasMethod ( $name ) | ||
$name | string |
The method name |
return | boolean |
Whether the method is defined |
---|
public function hasMethod($name)
{
return method_exists($this, $name);
}
Defined in: yii\base\BaseObject::hasProperty()
Returns a value indicating whether a property is defined.
A property is defined if:
- the class has a getter or setter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVars
is true);
See also:
public boolean hasProperty ( $name, $checkVars = true ) | ||
$name | string |
The property name |
$checkVars | boolean |
Whether to treat member variables as properties |
return | boolean |
Whether the property is defined |
---|
public function hasProperty($name, $checkVars = true)
{
return $this->canGetProperty($name, $checkVars) || $this->canSetProperty($name, false);
}
Defined in: yii\base\BaseObject::init()
Initializes the object.
This method is invoked at the end of the constructor after the object is initialized with the given configuration.
public void init ( ) |
public function init()
{
}
Defined in: yii\base\ActionFilter::isActive()
Returns a value indicating whether the filter is active for the given action.
protected boolean isActive ( $action ) | ||
$action | yii\base\Action |
The action being filtered |
return | boolean |
Whether the filter is active for the given action. |
---|
protected function isActive($action)
{
$id = $this->getActionId($action);
if (empty($this->only)) {
$onlyMatch = true;
} else {
$onlyMatch = false;
foreach ($this->only as $pattern) {
if (StringHelper::matchWildcard($pattern, $id)) {
$onlyMatch = true;
break;
}
}
}
$exceptMatch = false;
foreach ($this->except as $pattern) {
if (StringHelper::matchWildcard($pattern, $id)) {
$exceptMatch = true;
break;
}
}
return !$exceptMatch && $onlyMatch;
}
Defined in: yii\filters\auth\AuthMethod::isOptional()
Checks, whether authentication is optional for the given action.
See also $optional.
protected boolean isOptional ( $action ) | ||
$action | yii\base\Action |
Action to be checked. |
return | boolean |
Whether authentication is optional or not. |
---|
protected function isOptional($action)
{
$id = $this->getActionId($action);
foreach ($this->optional as $pattern) {
if (StringHelper::matchWildcard($pattern, $id)) {
return true;
}
}
return false;
}
Signup or Login in order to comment.