search

amnah / yii2-user

Yii2 user authentication module
MIT License
253 stars 104 forks source link

Compatibility with HttpBasicAuth? #214

Closed ashaduri closed 4 years ago

ashaduri commented 4 years ago

Hi,

I'm developing a REST API (using a module) in addition to standard web controllers in Yii2.

I've been following all the Yii2 guides to adding HttpBasicAuth (using username and password) functionality to my REST controller, but it seems that the flow never gets to it.

Does this plugin support 'authenticator' behaviors at all?

In my controller:

                // in behaviors():
        $behaviors['authenticator'] = [
            'class' => \yii\filters\auth\HttpBasicAuth::class,
            'auth' => [$this, 'check_auth'],
        ];

        // in the same class, never called:
    public function check_auth($username, $password)
    {
        $user = User::find()->where(['username' => $username])->one();
        if ($user->validatePassword($password)) {
            return $user;
        }
        return null;
    }

Thanks!

amnah commented 4 years ago

Hey,

The controllers in this module are just regular basic controllers - nothing special. So behaviors should work just fine

https://github.com/amnah/yii2-user/blob/master/controllers/DefaultController.php#L23-L56

https://github.com/amnah/yii2-user/blob/master/controllers/AdminController.php#L39-L52

ashaduri commented 4 years ago

Hi,

I'm using RBAC and it turns out the action was denied by AccessControl, even before the flow reached the controller. After I added the actions to AccessControl's allowedActions(), everything went fine and HttpBasicAuth worked. The AccessControl / RBAC relationship is a bit confusing (at least to me) so such mistakes are easy to make.

Sorry for bothering and thanks for your help!