yii2restapi承载认证
我使用Yii2框架作为后端,使用reactjs作为客户端。我正在尝试使用HTTPBearer身份验证创建RESTAPI,但总是得到401未经授权的错误。我遵循了yii2restapi认证,但没有成功。我还在user.php上实现了findIdentityByAccessToken,在sql上实现了access\u token。我的文件:- 文件夹结构:- -apiyii2restapi承载认证,rest,authentication,reactjs,yii2-advanced-app,bearer-token,Rest,Authentication,Reactjs,Yii2 Advanced App,Bearer Token,我使用Yii2框架作为后端,使用reactjs作为客户端。我正在尝试使用HTTPBearer身份验证创建RESTAPI,但总是得到401未经授权的错误。我遵循了yii2restapi认证,但没有成功。我还在user.php上实现了findIdentityByAccessToken,在sql上实现了access\u token。我的文件:- 文件夹结构:- -api --配置 --main.php --main local.php … --模块 --v1 --控制器 --CheckinsContr
--配置
--main.php
--main local.php
…
--模块
--v1
--控制器
--CheckinsController.php
namespace api\modules\v1\controllers;
use yii\rest\ActiveController;
use yii\data\ActiveDataProvider;
use yii\filters\ContentNegotiator;
use api\modules\v1\models\CheckinApi;
use yii\filters\auth\HttpBearerAuth;
use yii\web\Response;
class CheckinsController extends ActiveController
{
public $modelClass = 'common\models\Events';
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => HttpBearerAuth::className()
];
$behaviors['contentNegotiator'] = [
'class' => ContentNegotiator::className(),
'formats' => [
'application/json' => Response::FORMAT_JSON,
],
];
return $behaviors;
}
public function actionCheckinview($id)
{
// \Yii::$app->response->format = \yii\web\Response::FORMAT_JSON;
$query = new CheckinApi();
$test =
[
'count' => $query->Checkincount($id),
'checkinid' => $id,
'useridused' => Yii::$app->user->identity->id,
];
return $test;//Testing purpose
}
}
User.php
class User extends ActiveRecord implements IdentityInterface
{
const STATUS_DELETED = 0;
const STATUS_ACTIVE = 10;
/**
* @inheritdoc
*/
public static function tableName()
{
return '{{%user}}';
}
/**
* @inheritdoc
*/
public function behaviors()
{
return [
TimestampBehavior::className(),
];
}
/**
* @inheritdoc
*/
public function rules()
{
return [
['status', 'default', 'value' => self::STATUS_ACTIVE],
['status', 'in', 'range' => [self::STATUS_ACTIVE, self::STATUS_DELETED]],
];
}
public function fields()
{
$fields = parent::fields();
// remove fields that contain sensitive information
unset($fields['auth_key'], $fields['password_hash'], $fields['password_reset_token'],$fields['access_token']);
return $fields;
}
/**
* @inheritdoc
*/
public static function findIdentity($id)
{
return static::findOne(['id' => $id, 'status' => self::STATUS_ACTIVE]);
}
/**
* @inheritdoc
*/
public static function findIdentityByAccessToken($token, $type = null)
{
return static::findOne(['access_token' => $token]);
}
/**
* Finds user by username
*
* @param string $username
* @return static|null
*/
public static function findByUsername($username)
{
return static::findOne(['username' => $username, 'status' => self::STATUS_ACTIVE]);
}
/**
* Finds user by password reset token
*
* @param string $token password reset token
* @return static|null
*/
public static function findByPasswordResetToken($token)
{
if (!static::isPasswordResetTokenValid($token)) {
return null;
}
return static::findOne([
'password_reset_token' => $token,
'status' => self::STATUS_ACTIVE,
]);
}
/**
* Finds out if password reset token is valid
*
* @param string $token password reset token
* @return boolean
*/
public static function isPasswordResetTokenValid($token)
{
if (empty($token)) {
return false;
}
$expire = Yii::$app->params['user.passwordResetTokenExpire'];
$parts = explode('_', $token);
$timestamp = (int) end($parts);
return $timestamp + $expire >= time();
}
/**
* @inheritdoc
*/
public function getId()
{
return $this->getPrimaryKey();
}
/**
* @inheritdoc
*/
public function getAuthKey()
{
return $this->auth_key;
}
/**
* @inheritdoc
*/
public function validateAuthKey($authKey)
{
return $this->getAuthKey() === $authKey;
}
/**
* Validates password
*
* @param string $password password to validate
* @return boolean if password provided is valid for current user
*/
public function validatePassword($password)
{
return Yii::$app->security->validatePassword($password, $this->password_hash);
}
/**
* Generates password hash from password and sets it to the model
*
* @param string $password
*/
public function setPassword($password)
{
$this->password_hash = Yii::$app->security->generatePasswordHash($password);
}
/**
* Generates "remember me" authentication key
*/
public function generateAuthKey()
{
$this->auth_key = Yii::$app->security->generateRandomString();
}
/**
* Generates "api" access token
*/
public function generateAccessToken()
{
$this->access_token = Yii::$app->security->generateRandomString($length = 16);
}
/**
* Generates new password reset token
*/
public function generatePasswordResetToken()
{
$this->password_reset_token = Yii::$app->security- >generateRandomString() . '_' . time();
}
/**
* Removes password reset token
*/
public function removePasswordResetToken()
{
$this->password_reset_token = null;
}
}
-后端-普通的
-前端 main.php
<?php
$params = array_merge(
require(__DIR__ . '/../../common/config/params.php'),
require(__DIR__ . '/../../common/config/params-local.php'),
require(__DIR__ . '/params.php'),
require(__DIR__ . '/params-local.php')
);
return [
'id' => 'app-api',
'basePath' => dirname(__DIR__),
'bootstrap' => ['log'],
'modules' => [
'v1' => [
'basePath' => '@app/modules/v1',
'class' => 'api\modules\v1\Module' // here is our v1 modules
]
],
'components' => [
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => false,
'enableSession' => false,
'loginUrl' =>'',
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'request' => [
'class' => '\yii\web\Request',
'enableCookieValidation' => false,
'parsers' => [
'application/json' => 'yii\web\JsonParser',
]
],
'urlManager' => [
'enablePrettyUrl' => true,
'enableStrictParsing' => true,
'showScriptName' => false,
'rules' => [
[
'class' => 'yii\rest\UrlRule',
'controller' => 'v1/user',
'tokens' => [
'{id}' => '<id:\\w+>'
]
],
[
'class' => 'yii\rest\UrlRule',
'controller' => 'v1/event',
'extraPatterns' => [
'GET test' => 'test'
],
],
[
'class' => 'yii\rest\UrlRule',
'controller' => 'v1/checkins',
'extraPatterns' => [
'GET checkinview/<id:\d+>' => 'checkinview/'
],
]
],
]
],
'params' => $params,
];
任何帮助都将不胜感激!!几天来一直试图解决这个问题,但没有成功。不知道这是不是我犯的一个简单的错误 - 请给我“user.php”以查看更多
- “CheckinsController”应类似于以下LOC(如果您不控制它,请不要添加更多信息)李>
- 您可以参考以下手册:
- 也可以参考这个项目(包括数据库)-它在我的本地主机上运行得很好。
希望我帮了你什么李>
public function behaviors() {
return
\yii\helpers\ArrayHelper::merge(parent::behaviors(), [
'corsFilter' => [
'class' => \yii\filters\Cors::className(),
],
'authenticator' => [
'class' => \yii\filters\auth\HttpBearerAuth::className(),
'except' => ['options'],
],
]);
}
但是,我不明白为什么选择,为什么得到的回报没有回应?有人能详细解释一下吗?我的案子和你的一样。我正在为客户端使用
ReactJS
,为api使用danyii2
public function behaviors() {
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => CompositeAuth::className(),
'except' => ['token'],
'authMethods' => [
HttpBearerAuth::className(),
QueryParamAuth::className(),
],
];
return $behaviors;
}
在您的情况下,请检查此规则:
[
'class' => 'yii\rest\UrlRule',
'controller' => 'v1/checkins',
'extraPatterns' => [
'GET checkinview/<id:\d+>' => 'checkinview/'
],
]
[
'class'=>'yii\rest\UrlRule',
“控制器”=>“v1/签入”,
“外部模式”=>[
“获取checkinview/”=>“checkinview/”
],
]
此代码应为:
[
'class' => 'yii\rest\UrlRule',
'controller' => 'v1/checkins',
'tokens' => ['{id}' => '<id:\\w+>'], --> because you stil use ActiveController
'pluralize' => false, --> for disable pluralize
'extraPatterns' => [
'GET checkinview/<id:\d+>' => 'checkinview' --> remove '/' sign
'OPTIONS checkinview/<id:\d+>' => 'options', --> for corsFilter
],
]
[
'class'=>'yii\rest\UrlRule',
“控制器”=>“v1/签入”,
'tokens'=>['{id}'=>'],-->因为您仍然使用ActiveController
“复数化”=>false,-->用于禁用复数化
“外部模式”=>[
“GET checkinview/”=>“checkinview”-->删除“/”符号
'选项检查查看/'=>'选项',-->用于corsFilter
],
]
谢谢您的时间和回复,我会试一试的。我还包括user.php。请检查它。我正在使用generateAccessToken方法进行api'OPTIONS checkinview/'=>'OPTIONS',-->进行corsFilter
如果我缺少此方法,它会将状态代码显示为401吗?未经验证,而相同的请求在PostManit中可以正常工作,如果您使用axios或fetch js for HTTP promise,选项
请求用于检查是否允许您执行获取、发布、删除、更新
。jQuery使用application/x-www-form-urlencoded
,而axios或fetch使用application/json
。请检查您可以使用全部或一次使用一个
[
'class' => 'yii\rest\UrlRule',
'controller' => 'v1/checkins',
'tokens' => ['{id}' => '<id:\\w+>'], --> because you stil use ActiveController
'pluralize' => false, --> for disable pluralize
'extraPatterns' => [
'GET checkinview/<id:\d+>' => 'checkinview' --> remove '/' sign
'OPTIONS checkinview/<id:\d+>' => 'options', --> for corsFilter
],
]