Class yii\filters\auth\HttpBasicAuth
Inheritance | yii\filters\auth\HttpBasicAuth » yii\filters\auth\AuthMethod » yii\base\ActionFilter » yii\base\Behavior » yii\base\BaseObject |
---|---|
Implements | yii\base\Configurable, yii\filters\auth\AuthInterface |
Available since version | 2.0 |
Source Code | https://github.com/yiisoft/yii2/blob/master/framework/filters/auth/HttpBasicAuth.php |
HttpBasicAuth is an action filter that supports the HTTP Basic authentication method.
You may use HttpBasicAuth by attaching it as a behavior to a controller or module, like the following:
public function behaviors()
{
return [
'basicAuth' => [
'class' => \yii\filters\auth\HttpBasicAuth::class,
],
];
}
The default implementation of HttpBasicAuth uses the loginByAccessToken()
method of the user
application component and only passes the user name. This implementation is used
for authenticating API clients.
If you want to authenticate users using username and password, you should provide the $auth function for example like the following:
public function behaviors()
{
return [
'basicAuth' => [
'class' => \yii\filters\auth\HttpBasicAuth::class,
'auth' => function ($username, $password) {
$user = User::find()->where(['username' => $username])->one();
if ($user && $user->validatePassword($password)) {
return $user;
}
return null;
},
],
];
}
Tip: In case authentication does not work like expected, make sure your web server passes username and password to
$_SERVER['PHP_AUTH_USER']
and$_SERVER['PHP_AUTH_PW']
variables. If you are using Apache with PHP-CGI, you might need to add this line to your.htaccess
file:RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
Public Properties
Property | Type | Description | Defined By |
---|---|---|---|
$auth | callable|null | A PHP callable that will authenticate the user with the HTTP basic auth information. | yii\filters\auth\HttpBasicAuth |
$except | array | List of action IDs that this filter should not apply to. | yii\base\ActionFilter |
$only | array | List of action IDs that this filter should apply to. | yii\base\ActionFilter |
$optional | array | List of action IDs that this filter will be applied to, but auth failure will not lead to error. | yii\filters\auth\AuthMethod |
$owner | yii\base\Component|null | The owner of this behavior | yii\base\Behavior |
$realm | string | The HTTP authentication realm | yii\filters\auth\HttpBasicAuth |
$request | yii\web\Request|null | The current request. | yii\filters\auth\AuthMethod |
$response | yii\web\Response|null | The response to be sent. | yii\filters\auth\AuthMethod |
$user | yii\web\User|null | The user object representing the user authentication status. | yii\filters\auth\AuthMethod |
Public Methods
Method | Description | Defined By |
---|---|---|
__call() | Calls the named method which is not a class method. | yii\base\BaseObject |
__construct() | Constructor. | yii\base\BaseObject |
__get() | Returns the value of an object property. | yii\base\BaseObject |
__isset() | Checks if a property is set, i.e. defined and not null. | yii\base\BaseObject |
__set() | Sets value of an object property. | yii\base\BaseObject |
__unset() | Sets an object property to null. | yii\base\BaseObject |
afterAction() | This method is invoked right after an action is executed. | yii\base\ActionFilter |
afterFilter() | yii\base\ActionFilter | |
attach() | Attaches the behavior object to the component. | yii\base\ActionFilter |
authenticate() | Authenticates the current user. | yii\filters\auth\HttpBasicAuth |
beforeAction() | This method is invoked right before an action is to be executed (after all possible filters.) You may override this method to do last-minute preparation for the action. | yii\filters\auth\AuthMethod |
beforeFilter() | yii\base\ActionFilter | |
canGetProperty() | Returns a value indicating whether a property can be read. | yii\base\BaseObject |
canSetProperty() | Returns a value indicating whether a property can be set. | yii\base\BaseObject |
challenge() | Generates challenges upon authentication failure. | yii\filters\auth\HttpBasicAuth |
className() | Returns the fully qualified name of this class. | yii\base\BaseObject |
detach() | Detaches the behavior object from the component. | yii\base\ActionFilter |
events() | Declares event handlers for the $owner's events. | yii\base\Behavior |
handleFailure() | Handles authentication failure. | yii\filters\auth\AuthMethod |
hasMethod() | Returns a value indicating whether a method is defined. | yii\base\BaseObject |
hasProperty() | Returns a value indicating whether a property is defined. | yii\base\BaseObject |
init() | Initializes the object. | yii\base\BaseObject |
Protected Methods
Method | Description | Defined By |
---|---|---|
getActionId() | Returns an action ID by converting yii\base\Action::$uniqueId into an ID relative to the module. | yii\base\ActionFilter |
isActive() | Returns a value indicating whether the filter is active for the given action. | yii\base\ActionFilter |
isOptional() | Checks, whether authentication is optional for the given action. | yii\filters\auth\AuthMethod |
Property Details
A PHP callable that will authenticate the user with the HTTP basic auth information. The callable receives a username and a password as its parameters. It should return an identity object that matches the username and password. Null should be returned if there is no such identity. The callable will be called only if current user is not authenticated.
The following code is a typical implementation of this callable:
function ($username, $password) {
return \app\models\User::findOne([
'username' => $username,
'password' => $password,
]);
}
If this property is not set, the username information will be considered as an access token while the password information will be ignored. The yii\web\User::loginByAccessToken() method will be called to authenticate and login the user.
The HTTP authentication realm
Method Details
Authenticates the current user.
public yii\web\IdentityInterface|null authenticate ( $user, $request, $response ) | ||
$user | yii\web\User | |
$request | yii\web\Request | |
$response | yii\web\Response | |
return | yii\web\IdentityInterface|null | The authenticated user identity. If authentication information is not provided, null will be returned. |
---|---|---|
throws | yii\web\UnauthorizedHttpException | if authentication information is provided but is invalid. |
Generates challenges upon authentication failure.
For example, some appropriate HTTP headers may be generated.
public void challenge ( $response ) | ||
$response | yii\web\Response |