mirror of
https://github.com/yiisoft/yii2.git
synced 2025-11-04 06:37:55 +08:00
Fixes #4920: yii\filters\auth\CompositeAuth should not trigger error as long as one of the methods succeeds
Fixes #3177: `yii\filters\auth\CompositeAuth` will send out challenges from all auth methods
This commit is contained in:
Qiang Xue
@ -88,6 +88,7 @@ Yii Framework 2 Change Log
|
|||||||
- Bug #4755: `yii\test\BaseActiveFixture::unload()` does not clean up the internal cached data (qiangxue)
|
- Bug #4755: `yii\test\BaseActiveFixture::unload()` does not clean up the internal cached data (qiangxue)
|
||||||
- Bug #4813: Fixed MSSQL schema that was getting incorrect info about constraints (samdark, SerjRamone, o-rey)
|
- Bug #4813: Fixed MSSQL schema that was getting incorrect info about constraints (samdark, SerjRamone, o-rey)
|
||||||
- Bug #4880: Return value of yii\web\Request::getPrefferedLanguage() was a normalized value instead of a valid language value from the input array (cebe)
|
- Bug #4880: Return value of yii\web\Request::getPrefferedLanguage() was a normalized value instead of a valid language value from the input array (cebe)
|
||||||
|
- Bug #4920: `yii\filters\auth\CompositeAuth` should not trigger error as long as one of the methods succeeds (qiangxue)
|
||||||
- Bug: Fixed inconsistent return of `\yii\console\Application::runAction()` (samdark)
|
- Bug: Fixed inconsistent return of `\yii\console\Application::runAction()` (samdark)
|
||||||
- Bug: URL encoding for the route parameter added to `\yii\web\UrlManager` (klimov-paul)
|
- Bug: URL encoding for the route parameter added to `\yii\web\UrlManager` (klimov-paul)
|
||||||
- Bug: Fixed the bug that requesting protected or private action methods would cause 500 error instead of 404 (qiangxue)
|
- Bug: Fixed the bug that requesting protected or private action methods would cause 500 error instead of 404 (qiangxue)
|
||||||
@ -113,6 +114,7 @@ Yii Framework 2 Change Log
|
|||||||
- Enh #3108: Added `yii\debug\Module::enableDebugLogs` to disable logging debug logs by default (qiangxue)
|
- Enh #3108: Added `yii\debug\Module::enableDebugLogs` to disable logging debug logs by default (qiangxue)
|
||||||
- Enh #3132: `yii\rbac\PhpManager` now supports more compact data file format (qiangxue)
|
- Enh #3132: `yii\rbac\PhpManager` now supports more compact data file format (qiangxue)
|
||||||
- Enh #3154: Added validation error display for `GridView` filters (ivan-kolmychek)
|
- Enh #3154: Added validation error display for `GridView` filters (ivan-kolmychek)
|
||||||
|
- Enh #3177: `yii\filters\auth\CompositeAuth` will send out challenges from all auth methods (qiangxue)
|
||||||
- Enh #3196: Masked input upgraded to use jquery.inputmask plugin with more features. (kartik-v)
|
- Enh #3196: Masked input upgraded to use jquery.inputmask plugin with more features. (kartik-v)
|
||||||
- Enh #3220: Added support for setting transaction isolation levels (cebe)
|
- Enh #3220: Added support for setting transaction isolation levels (cebe)
|
||||||
- Enh #3221: Added events for DB transaction commit/rollback (drcypher, qiangxue)
|
- Enh #3221: Added events for DB transaction commit/rollback (drcypher, qiangxue)
|
||||||
|
|||||||
@ -23,7 +23,6 @@ interface AuthInterface
|
|||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* Authenticates the current user.
|
* Authenticates the current user.
|
||||||
*
|
|
||||||
* @param User $user
|
* @param User $user
|
||||||
* @param Request $request
|
* @param Request $request
|
||||||
* @param Response $response
|
* @param Response $response
|
||||||
@ -31,6 +30,12 @@ interface AuthInterface
|
|||||||
* @throws UnauthorizedHttpException if authentication information is provided but is invalid.
|
* @throws UnauthorizedHttpException if authentication information is provided but is invalid.
|
||||||
*/
|
*/
|
||||||
public function authenticate($user, $request, $response);
|
public function authenticate($user, $request, $response);
|
||||||
|
/**
|
||||||
|
* Generates challenges upon authentication failure.
|
||||||
|
* For example, some appropriate HTTP headers may be generated.
|
||||||
|
* @param Response $response
|
||||||
|
*/
|
||||||
|
public function challenge($response);
|
||||||
/**
|
/**
|
||||||
* Handles authentication failure.
|
* Handles authentication failure.
|
||||||
* The implementation should normally throw UnauthorizedHttpException to indicate authentication failure.
|
* The implementation should normally throw UnauthorizedHttpException to indicate authentication failure.
|
||||||
|
|||||||
@ -41,20 +41,30 @@ abstract class AuthMethod extends ActionFilter implements AuthInterface
|
|||||||
*/
|
*/
|
||||||
public function beforeAction($action)
|
public function beforeAction($action)
|
||||||
{
|
{
|
||||||
|
$response = $this->response ? : Yii::$app->getResponse();
|
||||||
|
|
||||||
$identity = $this->authenticate(
|
$identity = $this->authenticate(
|
||||||
$this->user ? : Yii::$app->getUser(),
|
$this->user ? : Yii::$app->getUser(),
|
||||||
$this->request ? : Yii::$app->getRequest(),
|
$this->request ? : Yii::$app->getRequest(),
|
||||||
$this->response ? : Yii::$app->getResponse()
|
$response
|
||||||
);
|
);
|
||||||
|
|
||||||
if ($identity !== null) {
|
if ($identity !== null) {
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
$this->handleFailure($this->response ? : Yii::$app->getResponse());
|
$this->challenge($response);
|
||||||
|
$this->handleFailure($response);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @inheritdoc
|
||||||
|
*/
|
||||||
|
public function challenge($response)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
|
|||||||
@ -74,12 +74,17 @@ class CompositeAuth extends AuthMethod
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!empty($this->authMethods)) {
|
|
||||||
/* @var $auth AuthInterface */
|
|
||||||
$auth = reset($this->authMethods);
|
|
||||||
$auth->handleFailure($response);
|
|
||||||
}
|
|
||||||
|
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @inheritdoc
|
||||||
|
*/
|
||||||
|
public function challenge($response)
|
||||||
|
{
|
||||||
|
foreach ($this->authMethods as $method) {
|
||||||
|
/** @var $method AuthInterface */
|
||||||
|
$method->challenge($response);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -7,9 +7,6 @@
|
|||||||
|
|
||||||
namespace yii\filters\auth;
|
namespace yii\filters\auth;
|
||||||
|
|
||||||
use Yii;
|
|
||||||
use yii\web\UnauthorizedHttpException;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* HttpBasicAuth is an action filter that supports the HTTP Basic authentication method.
|
* HttpBasicAuth is an action filter that supports the HTTP Basic authentication method.
|
||||||
*
|
*
|
||||||
@ -90,9 +87,8 @@ class HttpBasicAuth extends AuthMethod
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function handleFailure($response)
|
public function challenge($response)
|
||||||
{
|
{
|
||||||
$response->getHeaders()->set('WWW-Authenticate', "Basic realm=\"{$this->realm}\"");
|
$response->getHeaders()->set('WWW-Authenticate', "Basic realm=\"{$this->realm}\"");
|
||||||
throw new UnauthorizedHttpException('You are requesting with an invalid access token.');
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -7,9 +7,6 @@
|
|||||||
|
|
||||||
namespace yii\filters\auth;
|
namespace yii\filters\auth;
|
||||||
|
|
||||||
use Yii;
|
|
||||||
use yii\web\UnauthorizedHttpException;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* HttpBearerAuth is an action filter that supports the authentication method based on HTTP Bearer token.
|
* HttpBearerAuth is an action filter that supports the authentication method based on HTTP Bearer token.
|
||||||
*
|
*
|
||||||
@ -57,9 +54,8 @@ class HttpBearerAuth extends AuthMethod
|
|||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public function handleFailure($response)
|
public function challenge($response)
|
||||||
{
|
{
|
||||||
$response->getHeaders()->set('WWW-Authenticate', "Bearer realm=\"{$this->realm}\"");
|
$response->getHeaders()->set('WWW-Authenticate', "Bearer realm=\"{$this->realm}\"");
|
||||||
throw new UnauthorizedHttpException('You are requesting with an invalid access token.');
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -7,9 +7,6 @@
|
|||||||
|
|
||||||
namespace yii\filters\auth;
|
namespace yii\filters\auth;
|
||||||
|
|
||||||
use Yii;
|
|
||||||
use yii\web\UnauthorizedHttpException;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* QueryParamAuth is an action filter that supports the authentication based on the access token passed through a query parameter.
|
* QueryParamAuth is an action filter that supports the authentication based on the access token passed through a query parameter.
|
||||||
*
|
*
|
||||||
@ -42,12 +39,4 @@ class QueryParamAuth extends AuthMethod
|
|||||||
|
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @inheritdoc
|
|
||||||
*/
|
|
||||||
public function handleFailure($response)
|
|
||||||
{
|
|
||||||
throw new UnauthorizedHttpException(Yii::t('yii', 'You are requesting with an invalid access token.'));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user