Class yii\filters\auth\HttpBasicAuth

Inheritanceyii\filters\auth\HttpBasicAuth » yii\filters\auth\AuthMethod » yii\base\ActionFilter » yii\base\Behavior » yii\base\BaseObject
Implementsyii\base\Configurable, yii\filters\auth\AuthInterface
Available since version2.0
Source Code https://github.com/yiisoft/yii2/blob/master/framework/filters/auth/HttpBasicAuth.php

HttpBasicAuth is an action filter that supports the HTTP Basic authentication method.

You may use HttpBasicAuth by attaching it as a behavior to a controller or module, like the following:

public function behaviors()
{
    return [
        'basicAuth' => [
            'class' => \yii\filters\auth\HttpBasicAuth::class,
        ],
    ];
}

The default implementation of HttpBasicAuth uses the loginByAccessToken() method of the user application component and only passes the user name. This implementation is used for authenticating API clients.

If you want to authenticate users using username and password, you should provide the $auth function for example like the following:

public function behaviors()
{
    return [
        'basicAuth' => [
            'class' => \yii\filters\auth\HttpBasicAuth::class,
            'auth' => function ($username, $password) {
                $user = User::find()->where(['username' => $username])->one();
                if ($user && $user->validatePassword($password)) {
                    return $user;
                }
                return null;
            },
        ],
    ];
}

Tip: In case authentication does not work like expected, make sure your web server passes username and password to $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] variables. If you are using Apache with PHP-CGI, you might need to add this line to your .htaccess file: RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

Public Properties

Hide inherited properties

PropertyTypeDescriptionDefined By
$auth callable|null A PHP callable that will authenticate the user with the HTTP basic auth information. yii\filters\auth\HttpBasicAuth
$except array List of action IDs that this filter should not apply to. yii\base\ActionFilter
$only array List of action IDs that this filter should apply to. yii\base\ActionFilter
$optional array List of action IDs that this filter will be applied to, but auth failure will not lead to error. yii\filters\auth\AuthMethod
$owner yii\base\Component|null The owner of this behavior yii\base\Behavior
$realm string The HTTP authentication realm yii\filters\auth\HttpBasicAuth
$request yii\web\Request|null The current request. yii\filters\auth\AuthMethod
$response yii\web\Response|null The response to be sent. yii\filters\auth\AuthMethod
$user yii\web\User|null The user object representing the user authentication status. yii\filters\auth\AuthMethod

Public Methods

Hide inherited methods

MethodDescriptionDefined By
__call() Calls the named method which is not a class method. yii\base\BaseObject
__construct() Constructor. yii\base\BaseObject
__get() Returns the value of an object property. yii\base\BaseObject
__isset() Checks if a property is set, i.e. defined and not null. yii\base\BaseObject
__set() Sets value of an object property. yii\base\BaseObject
__unset() Sets an object property to null. yii\base\BaseObject
afterAction() This method is invoked right after an action is executed. yii\base\ActionFilter
afterFilter() yii\base\ActionFilter
attach() Attaches the behavior object to the component. yii\base\ActionFilter
authenticate() Authenticates the current user. yii\filters\auth\HttpBasicAuth
beforeAction() This method is invoked right before an action is to be executed (after all possible filters.) You may override this method to do last-minute preparation for the action. yii\filters\auth\AuthMethod
beforeFilter() yii\base\ActionFilter
canGetProperty() Returns a value indicating whether a property can be read. yii\base\BaseObject
canSetProperty() Returns a value indicating whether a property can be set. yii\base\BaseObject
challenge() Generates challenges upon authentication failure. yii\filters\auth\HttpBasicAuth
className() Returns the fully qualified name of this class. yii\base\BaseObject
detach() Detaches the behavior object from the component. yii\base\ActionFilter
events() Declares event handlers for the $owner's events. yii\base\Behavior
handleFailure() Handles authentication failure. yii\filters\auth\AuthMethod
hasMethod() Returns a value indicating whether a method is defined. yii\base\BaseObject
hasProperty() Returns a value indicating whether a property is defined. yii\base\BaseObject
init() Initializes the object. yii\base\BaseObject

Protected Methods

Hide inherited methods

MethodDescriptionDefined By
getActionId() Returns an action ID by converting yii\base\Action::$uniqueId into an ID relative to the module. yii\base\ActionFilter
isActive() Returns a value indicating whether the filter is active for the given action. yii\base\ActionFilter
isOptional() Checks, whether authentication is optional for the given action. yii\filters\auth\AuthMethod

Property Details

$auth public property

A PHP callable that will authenticate the user with the HTTP basic auth information. The callable receives a username and a password as its parameters. It should return an identity object that matches the username and password. Null should be returned if there is no such identity. The callable will be called only if current user is not authenticated.

The following code is a typical implementation of this callable:

function ($username, $password) {
    return \app\models\User::findOne([
        'username' => $username,
        'password' => $password,
    ]);
}

If this property is not set, the username information will be considered as an access token while the password information will be ignored. The yii\web\User::loginByAccessToken() method will be called to authenticate and login the user.

public callable|null $auth null
$realm public property

The HTTP authentication realm

public string $realm 'api'

Method Details

authenticate() public method

Authenticates the current user.

public yii\web\IdentityInterface|null authenticate ( $user, $request, $response )
$user yii\web\User
$request yii\web\Request
$response yii\web\Response
return yii\web\IdentityInterface|null

The authenticated user identity. If authentication information is not provided, null will be returned.

throws yii\web\UnauthorizedHttpException

if authentication information is provided but is invalid.

challenge() public method

Generates challenges upon authentication failure.

For example, some appropriate HTTP headers may be generated.

public void challenge ( $response )
$response yii\web\Response