Yii2 - module login in basic application template

Question

Using the "basic" application template, what is the correct way of setting up a module login that is separate from the main site login?

For example I have an "admin" module which requires a login. I also need a user login for the main site.

I have done the following:

1. Created admin module using gii tool
2. Created models folder within the admin module folder
3. Placed LoginForm.php and User.php within this folder (also updated the namespace declarations in these files)
4. Added AccessControl behaviour and login/logout actions to modules\admin\controllers\DefaultController.php

5. Updated config\web.php as follows:

   'modules' => [
       'admin' => [
           'class' => 'app\modules\admin\Module',
       ],
   ],
   

6. Updated app\modules\admin\Module.php as follows:

   public function init()
   {
       parent::init();
   
       Yii::$app->set('user', [
           'class' => 'yii\web\User',
           'identityClass' => 'app\modules\admin\models\User',
           'enableAutoLogin' => true,
           'loginUrl' => ['admin/default/login'],
       ]);
   
       Yii::$app->set('session', [
           'class' => 'yii\web\Session',
           'name' => '_adminSessionId',
       ]);
   }
   

The problem I am having is that if I try to access an admin page when I am not logged in, it shows the login form (this is correct). However upon logging in, it is just redirects me back to the main site. It should redirect me to the admin page I was trying to access.

In DefaultController.php, it has the following (default code):

if ($model->load(Yii::$app->request->post()) && $model->login())
    return $this->goBack();

What is the correct way of doing this so I can have independent logins for the admin module and for the main site? I don't want to use the "advanced application template" as that adds some unnecessary complexity.

Answer 1

The User component allows you to set a returnUrl, the getter explained: This method reads the return URL from the session. It is usually used by the login action which may call this method to redirect the browser to where it goes after successful authentication.

Recommended: Before processing the data, set the returnUrl by calling Yii::$app->user->setReturnUrl(Url::current()); (this will store the page the user was on in the session, moreover, you can manipulate GET parameters using Url::current() before passing it to the session), and let the framework do its magic.

Not recommended: After processing the data, you can rely on referrer (which won't work in some cases) as following return Yii::$app->request->referrer ? $this->redirect(Yii::$app->request->referrer) : $this->goHome(); or instead of goHome which basically redirects to app->homeUrl that can be set during Module init, you could say $this->redirect('your/admin/index');

I recommend setting the ['homeUrl' => 'your/admin/index'] during the initialization of the Module, as you might need it for other features as well and Yii2 uses it as a "fallback" to some redirects as well.

Answer 2

The best way is to create new controller in the admin module, which should have login, logout actions. Because, in future you may add there some extra logic.

In that login action you can use same LoginForm.

You can specify redirect url in that login action.

Admin module class can looks like this:

namespace app\modules\admin;

class Module extends \yii\base\Module
{
    public $layout = 'main';

    public $defaultRoute = 'main/index';

    public function init()
    {
        parent::init();

        Yii::$app->errorHandler->errorAction = '/admin/main/error';
        Yii::$app->user->loginUrl = '/admin/main/login';
        .....

    }
}