Wallogit.com
2017 © Pedro Peláez
Authorization for rest, which is made for increased security.
This extension increase security betwean requests to REST contorllers., (*1)
How does it work: there is a short(token) and long(series) keys. Short key changes every time, the long key remains the same for entire period of authorization., (*2)
Then they are merged into a string and attached to the Authorization header. These values are separated by ";", (*3)
To confirm next request, when "client" send new request, it attaches the same Authoriztion header with the data it recieved. And this continues until the user is logged out or the keys are stolen., (*4)
When the keys are stolen and the thief use the user's data - the short key (token) changes every request. When the real user makes a request - the system will notice that long key (series) is the same, but short key doesn't match. In this case system delete Authorization, the thief and the real user will be logged out, (*5)
For data storage it uses ActiveRecord table. In this table keeps all authorization data, the end date of the session. Sessions are stored in Redis., (*6)
The preferred way to install this extension is through composer., (*7)
Either run, (*8)
php composer.phar require --prefer-dist gud3/yii2-rest-auth "*"
or add, (*9)
"gud3/yii2-rest-auth": ">=1.0.0"
to the require section of your composer.json file., (*10)
Migration enter in code line:, (*11)
yii migrate --migrationPath=@gud3/restAuth/migrations
You need to override the static function in the 'Users' table:, (*12)
public static function findIdentityByAccessToken($id, $type = null)
{
return static::find()->where(['id' => $id])->one() || false;
}
To use this extension, simply add the following code in your controller behaviors:, (*13)
public function behaviors()
{
$behaviors = parent::behaviors();
$auth = ['index'];
//$auth = ['index', 'update', 'create', 'etc..'];
$behaviors['authenticator']['class'] = \gud3\restAuth\CheckToken::className();
$behaviors['authenticator']['only'] = $auth;
return $behaviors;
}
For check exist Authorized data in headers:, (*14)
public function behaviors()
{
$behaviors = parent::behaviors();
$auth = [];
if (\gud3\restAuth\CheckToken::isAuth()) {
array_push($auth, 'index', 'create');
}
$behaviors['authenticator']['class'] = \gud3\restAuth\CheckToken::className();
$behaviors['authenticator']['only'] = $auth;
return $behaviors;
}
This is necessary to check if there are authorization data, then check them, and if it is successful, authorize or go through the system without authorization, then Yii::$app->user->isGuest = true, (*15)
To store the session in the radish, you need to :, (*16)
'components' => [
'cache' => [
'class' => 'yii\redis\Cache',
],
]
Authorization for rest, which is made for increased security.
Apache-2.0
yii2 yii2 rest yii2 rest authorized
Authorization for rest, which is made for increased security.
Apache-2.0
yii2 yii2 rest yii2 rest authorized