123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 |
- <?php
- namespace api\common\behaviors;
- use Yii;
- use yii\filters\auth\AuthMethod;
- use yii\web\UnauthorizedHttpException;
- class QueryParamAuth extends AuthMethod
- {
- public $forceAuth = true;
- public $tokenParam = 'token';
-
- public function authenticate($user, $request, $response)
- {
- $accessToken = $request->headers->get($this->tokenParam);
- if (is_string($accessToken)) {
- $identity = $user->loginByAccessToken($accessToken, get_class($this));
- if ($identity !== null) {
- return $identity;
- }
- }
- if ($accessToken !== null && $this->forceAuth) {
- $this->handleFailure($response);
- }
- return null;
- }
-
- public function beforeAction($action)
- {
- $response = $this->response ? : Yii::$app->getResponse();
- try {
- $identity = $this->authenticate(
- $this->user ? : Yii::$app->getUser(),
- $this->request ? : Yii::$app->getRequest(),
- $response
- );
- } catch (UnauthorizedHttpException $e) {
- if ($this->isOptional($action) || !$this->forceAuth) {
- return true;
- }
- throw $e;
- }
- if ($identity !== null || $this->isOptional($action) || !$this->forceAuth) {
- return true;
- } else {
- $this->challenge($response);
- $this->handleFailure($response);
- return false;
- }
- }
- }
|