Php 我可以将验证器行为应用于某些操作吗?
我总是得到“您正在使用无效凭据进行请求”。但我需要一个公共端点,特别是“查看”操作,每个人都可以通过发送访问令牌来访问该操作,并使用令牌验证保留其他操作 这是我的Api控制器的一部分:Php 我可以将验证器行为应用于某些操作吗?,php,api,rest,yii2,Php,Api,Rest,Yii2,我总是得到“您正在使用无效凭据进行请求”。但我需要一个公共端点,特别是“查看”操作,每个人都可以通过发送访问令牌来访问该操作,并使用令牌验证保留其他操作 这是我的Api控制器的一部分: /** * @inheritdoc */ public function behaviors() { return [ 'contentNegotiator' => [ 'class' => ContentNegotiator::className(
/**
* @inheritdoc
*/
public function behaviors()
{
return [
'contentNegotiator' => [
'class' => ContentNegotiator::className(),
'formats' => [
'application/json' => Response::FORMAT_JSON,
//'application/xml' => Response::FORMAT_XML,
],
],
'verbFilter' => [
'class' => VerbFilter::className(),
'actions' => $this->verbs(),
],
'access' => [
'class' => AccessControl::className(),
'only' => ['view'],
'rules' => [
[
'actions' => ['view'],
'allow' => true,
'roles' => ['?'],
],
],
],
'authenticator' => [
'class' => CompositeAuth::className(),
'authMethods' => [
HttpBasicAuth::className(),
HttpBearerAuth::className(),
QueryParamAuth::className(),
],
],
'rateLimiter' => [
'class' => RateLimiter::className(),
],
];
}
我尝试使用:
'access' => [
'class' => AccessControl::className(),
'only' => ['view'],
'rules' => [
[
'actions' => ['view'],
'allow' => true,
'roles' => ['?'],
],
],
],
但是验证器行为不允许我的查看操作是公共操作我发现解决方案只是在验证器行为上使用了'only'或'Exception'键
'authenticator' => [
'class' => CompositeAuth::className(),
'except' => ['view'],
'authMethods' => [
HttpBasicAuth::className(),
HttpBearerAuth::className(),
QueryParamAuth::className(),
],
],
资料来源:
谢谢,好好休息吧;) 有两个属性可以绕过操作上的验证器 1.仅=>绕过已配置阵列中的其余操作 2.Exception=>bypass仅在阵列中配置
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => CompositeAuth::className(),
'except' => ['login', 'register','regenerate'],
//'only'=>['index'],
'authMethods' => [
[
'class' => HttpBasicAuth::className(),
'auth' => function ($username, $password) {
$user = User::findByLogin($username);
return $user->validatePassword($password)
? $user
: null;
}
],
HttpBearerAuth::className(),
QueryParamAuth::className()
],
];
return $behaviors;
}