Using multiple models in an identity

Let's assume we have two models: Customer and Supplier and we want both to log in. Yii is quite flexible when it comes to authentication and authorization so it's possible.

First of all, Yii assumes that there's a single type of user component used at once. Still, we're able to create a universal Identity that works with both customers and suppliers.

So we create models/Identity.php:

final class Identity implements IdentityInterface
{
    const TYPE_CUSTOMER = 'customer';
    const TYPE_SUPPLIER = 'supplier';

    const ALLOWED_TYPES = [self::TYPE_CUSTOMER, self::TYPE_SUPPLIER];

    private $_id;
    private $_authkey;
    private $_passwordHash;

    public static function findIdentity($id)
    {
    	// We are going to login, so `$id` will be an empty string
        // `if (\count($parts) !== 2)` will raise an error because the parameter $id is empty
        if (strlen($id) === 0) {
            return null;
        }
        
        $parts = explode('-', $id);
        if (\count($parts) !== 2) {
            throw new InvalidCallException('id should be in form of Type-number');
        }
        [$type, $number] = $parts;

        if (!\in_array($type, self::ALLOWED_TYPES, true)) {
            throw new InvalidCallException('Unsupported identity type');
        }

        $model = null;
        switch ($type) {
            case self::TYPE_CUSTOMER:
                $model = Customer::find()->where(['id' => $number])->one();
                break;
            case self::TYPE_SUPPLIER:
                $model = Supplier::find()->where(['id' => $number])->one();
                break;
        }

        if ($model === null) {
            return false;
        }


        $identity = new Identity();
        $identity->_id = $id;
        $identity->_authkey = $model->authkey;
        $identity->_passwordHash = $model->password_hash;
        return $identity;
    }

    public static function findIdentityByAccessToken($token, $type = null)
    {
        $model = Customer::find()->where(['token' => $token])->one();
        if (!$model) {
            $model = Supplier::find()->where(['token' => $token])->one();
        }

        if (!$model) {
            return false;
        }

        if ($model instanceof Customer) {
            $type = self::TYPE_CUSTOMER;
        } else {
            $type = self::TYPE_SUPPLIER;
        }

        $identity = new Identity();
        $identity->_id = $type . '-' . $model->id;
        $identity->_authkey = $model->authkey;
        $identity->_passwordHash = $model->password_hash;
        return $identity;
    }

    public function validatePassword($password)
    {
        return password_verify($password, $this->_passwordHash);
    }
    
    public static function findByUsername(username)
    {
        $model = Customer::find()->where(['username' => $username])->one();
        if (!$model) {
            $model = Supplier::find()->where(['username' => $username])->one();
        }

        if (!$model) {
            return false;
        }

        if ($model instanceof Customer) {
            $type = self::TYPE_CUSTOMER;
        } else {
            $type = self::TYPE_SUPPLIER;
        }

        $identity = new Identity();
        $identity->_id = $type . '-' . $model->id;
        $identity->_authkey = $model->authkey;
        $identity->_passwordHash = $model->password_hash;
        return $identity;
    }

    public static function findIdentityByEmail($email)
    {
        $model = Customer::find()->where(['email' => $email])->one();
        if (!$model) {
            $model = Supplier::find()->where(['email' => $email])->one();
        }

        if (!$model) {
            return false;
        }

        if ($model instanceof Customer) {
            $type = self::TYPE_CUSTOMER;
        } else {
            $type = self::TYPE_SUPPLIER;
        }

        $identity = new Identity();
        $identity->_id = $type . '-' . $model->id;
        $identity->_authkey = $model->authkey;
        $identity->_passwordHash = $model->password_hash;
        return $identity;
    }

    public function getId()
    {
        return $this->_id;
    }

    public function getAuthKey()
    {
        return $this->_authkey;
    }

    public function validateAuthKey($authKey)
    {
        return $this->getAuthKey() === $authKey;
    }
}

In the above we assume that our ids are like customer-23 or supplier-34. When we need to get identity instance we split the id by - and getting both type and integer id for the model corresponding to that type.

Having identity we can tell Yii to use it via config/main.php:

[
    // ...
    'components' => [
        // ...
        'user' => [
            'identityClass' => 'app\models\Identity',
            'enableAutoLogin' => true,
        ],
    ],
],

The only thing left is to adjust models\LoginForm.php:

class LoginForm extends Model
{
    // ...
    
    public function getUser()
    {
        if ($this->_user === false) {
            $this->_user = Identity::findByUsername($this->username);
        }

        return $this->_user;
    }
}

That's it. Now you can log in using both models.

9 2

5 followers

Viewed: 36 773 times

Version: 2.0

Category: How-tos

Tags: authentication, identity

Written by: samdark

Last updated by: Néstor Acevedo

Created on: Oct 7, 2018

Last updated: 3 months ago

Update Article

Revisions

View all history

3 months ago by Néstor Acevedo
Adding a return null if the parameter $i...
3 years ago by Néstor Acevedo
I added the method findByUsername inside...
5 years ago by samdark
Fixed typo
6 years ago by samdark

User Contributed Notes 8

#20362

1 0

Inside the "findIdentity" function at around line number 5
`PHP
[$type, $number] = $parts;
`
php syntax error, unexpected '='

Dhrubajyoti Das at Oct 23, 2018, 4:36:32 PM

#20367

2 0

php syntax error, unexpected '='

check your php version

Rustam Mamadaminov at Oct 29, 2018, 9:49:19 AM

#20432

list($type, $number) = $parts;

Dion Maicon Duarte at Jan 17, 2019, 5:52:45 PM

#20439

little typo at line:
> Having identity we can tell Yii to use it via confing/main.php:

sorry, can not edit article :-)

Pavel Sokolov at Jan 27, 2019, 3:18:08 PM

#20744

0 0

Thats fine But how can we implement RBAC in such a case

Questions at May 26, 2020, 2:39:20 PM

#20876

0 1

Class 'app\models\InvalidCallException' not found

syahrulromadoni9898 at Feb 9, 2021, 4:33:50 AM

#20877

Yes, there are no use statements displayed. InvalidCallException is this one.

samdark at Feb 9, 2021, 11:13:39 AM

#20879

Call to undefined method app\models\Identity::findByUsername()

syahrulromadoni9898 at Feb 10, 2021, 10:25:34 AM

Please only use comments to help explain the above article.
If you have any questions, please ask in the forum instead.

Signup or Login in order to comment.

Categories

Popular Tags

Recent Comments

Using multiple models in an identity

Revisions

Related Articles