diff --git a/framework/filters/auth/AuthMethod.php b/framework/filters/auth/AuthMethod.php index 328369ba6f..798c2a4660 100644 --- a/framework/filters/auth/AuthMethod.php +++ b/framework/filters/auth/AuthMethod.php @@ -38,6 +38,7 @@ abstract class AuthMethod extends ActionFilter implements AuthInterface /** * @var array list of action IDs that this filter will be applied to, but auth failure will not lead to error. * It may be used for actions, that are allowed for public, but return some additional data for authenticated users. + * Defaults to empty, meaning authentication is not optional for any action. * @see isOptional * @since 2.0.7 */ @@ -90,23 +91,16 @@ abstract class AuthMethod extends ActionFilter implements AuthInterface } /** - * Checks, whether the $action is optional + * Checks, whether authentication is optional for the given action. * * @param Action $action * @return boolean * @see optional * @since 2.0.7 */ - protected function isOptional($action) { + protected function isOptional($action) + { $id = $this->getActionId($action); return in_array($id, $this->optional, true); } - - /** - * {@inheritdoc} - */ - protected function isActive($action) - { - return parent::isActive($action) || $this->isOptional($action); - } } diff --git a/tests/framework/filters/auth/AuthTest.php b/tests/framework/filters/auth/AuthTest.php index 6983fcfb15..8c603d47b6 100644 --- a/tests/framework/filters/auth/AuthTest.php +++ b/tests/framework/filters/auth/AuthTest.php @@ -3,6 +3,8 @@ namespace yiiunit\framework\filters\auth; use Yii; +use yii\base\Action; +use yii\filters\auth\AuthMethod; use yii\filters\auth\HttpBasicAuth; use yii\filters\auth\HttpBearerAuth; use yii\filters\auth\QueryParamAuth; @@ -140,6 +142,65 @@ class AuthTest extends \yiiunit\TestCase $this->authOptional($token, $login, $filter, 'bearer-auth'); $this->authExcept($token, $login, $filter, 'bearer-auth'); } + + public function authMethodProvider() + { + return [ + ['yii\filters\auth\CompositeAuth'], + ['yii\filters\auth\HttpBasicAuth'], + ['yii\filters\auth\HttpBearerAuth'], + ['yii\filters\auth\QueryParamAuth'], + ]; + } + + /** + * @dataProvider authMethodProvider + */ + public function testActive($authClass) + { + /** @var $filter AuthMethod */ + $filter = new $authClass; + $reflection = new \ReflectionClass($filter); + $method = $reflection->getMethod('isActive'); + $method->setAccessible(true); + + $controller = new \yii\web\Controller('test', Yii::$app); + + // active by default + $this->assertEquals(true, $method->invokeArgs($filter, [new Action('index', $controller)])); + $this->assertEquals(true, $method->invokeArgs($filter, [new Action('view', $controller)])); + + $filter->only = ['index']; + $filter->except = []; + $filter->optional = []; + $this->assertEquals(true, $method->invokeArgs($filter, [new Action('index', $controller)])); + $this->assertEquals(false, $method->invokeArgs($filter, [new Action('view', $controller)])); + + $filter->only = ['index']; + $filter->except = []; + $filter->optional = ['view']; + $this->assertEquals(true, $method->invokeArgs($filter, [new Action('index', $controller)])); + $this->assertEquals(false, $method->invokeArgs($filter, [new Action('view', $controller)])); + + $filter->only = ['index', 'view']; + $filter->except = ['view']; + $filter->optional = []; + $this->assertEquals(true, $method->invokeArgs($filter, [new Action('index', $controller)])); + $this->assertEquals(false, $method->invokeArgs($filter, [new Action('view', $controller)])); + + $filter->only = ['index', 'view']; + $filter->except = ['view']; + $filter->optional = ['view']; + $this->assertEquals(true, $method->invokeArgs($filter, [new Action('index', $controller)])); + $this->assertEquals(false, $method->invokeArgs($filter, [new Action('view', $controller)])); + + $filter->only; + $filter->except = ['view']; + $filter->optional = ['view']; + $this->assertEquals(true, $method->invokeArgs($filter, [new Action('index', $controller)])); + $this->assertEquals(false, $method->invokeArgs($filter, [new Action('view', $controller)])); + } + } /**