Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Yii2: Can I apply authenticator behavior just to some actions?

Tags:

rest

php

api

yii2

I always got "You are requesting with an invalid credential." but I need to have a public endpoint specifically "view" action that everybody can access whitout send access token and keep the other actions with token validation

This is part of my Api controller:

/**
 * @inheritdoc
 */
public function behaviors()
{
    return [
        'contentNegotiator' => [
            'class' => ContentNegotiator::className(),
            'formats' => [
                'application/json' => Response::FORMAT_JSON,
                //'application/xml' => Response::FORMAT_XML,
            ],
        ],
        'verbFilter' => [
            'class' => VerbFilter::className(),
            'actions' => $this->verbs(),
        ],
        'access' => [
            'class' => AccessControl::className(),
            'only' => ['view'],
            'rules' => [
                [
                    'actions' => ['view'],
                    'allow' => true,
                    'roles' => ['?'],
                ],
            ],
        ],
        'authenticator' => [
            'class' => CompositeAuth::className(),
            'authMethods' => [
                HttpBasicAuth::className(),
                HttpBearerAuth::className(),
                QueryParamAuth::className(),
            ],
        ],
        'rateLimiter' => [
            'class' => RateLimiter::className(),
        ],
    ];
}

I try using:

'access' => [
     'class' => AccessControl::className(),
     'only' => ['view'],
     'rules' => [
         [
             'actions' => ['view'],
             'allow' => true,
             'roles' => ['?'],
         ],
    ],

],

But the authenticator behavior does not allow that my view action are a public action

like image 675
gsalgadotoledo Avatar asked Feb 04 '15 20:02

gsalgadotoledo


1 Answers

I found the solutions is just using 'only' or 'except' key on the authenticator behavior

'authenticator' => [
            'class' => CompositeAuth::className(),
            'except' => ['view'],
            'authMethods' => [
                HttpBasicAuth::className(),
                HttpBearerAuth::className(),
                QueryParamAuth::className(),
            ],
        ],

Source: https://github.com/yiisoft/yii2/issues/4575 https://github.com/yiisoft/yii2/blob/master/docs/guide/structure-filters.md#using-filters-

Thanks, Enjoy Yii2 and REST ;)

like image 163
gsalgadotoledo Avatar answered Nov 15 '22 12:11

gsalgadotoledo