1 | <?php |
||||
2 | /** |
||||
3 | * @link http://www.yiiframework.com/ |
||||
4 | * @copyright Copyright (c) 2008 Yii Software LLC |
||||
5 | * @license http://www.yiiframework.com/license/ |
||||
6 | */ |
||||
7 | |||||
8 | namespace yii\filters\auth; |
||||
9 | |||||
10 | use Yii; |
||||
11 | use yii\base\Action; |
||||
12 | use yii\base\ActionFilter; |
||||
13 | use yii\helpers\StringHelper; |
||||
14 | use yii\web\Request; |
||||
15 | use yii\web\Response; |
||||
16 | use yii\web\UnauthorizedHttpException; |
||||
17 | use yii\web\User; |
||||
18 | |||||
19 | /** |
||||
20 | * AuthMethod is a base class implementing the [[AuthInterface]] interface. |
||||
21 | * |
||||
22 | * @author Qiang Xue <[email protected]> |
||||
23 | * @since 2.0 |
||||
24 | */ |
||||
25 | abstract class AuthMethod extends ActionFilter implements AuthInterface |
||||
26 | { |
||||
27 | /** |
||||
28 | * @var User the user object representing the user authentication status. If not set, the `user` application component will be used. |
||||
29 | */ |
||||
30 | public $user; |
||||
31 | /** |
||||
32 | * @var Request the current request. If not set, the `request` application component will be used. |
||||
33 | */ |
||||
34 | public $request; |
||||
35 | /** |
||||
36 | * @var Response the response to be sent. If not set, the `response` application component will be used. |
||||
37 | */ |
||||
38 | public $response; |
||||
39 | /** |
||||
40 | * @var array list of action IDs that this filter will be applied to, but auth failure will not lead to error. |
||||
41 | * It may be used for actions, that are allowed for public, but return some additional data for authenticated users. |
||||
42 | * Defaults to empty, meaning authentication is not optional for any action. |
||||
43 | * Since version 2.0.10 action IDs can be specified as wildcards, e.g. `site/*`. |
||||
44 | * @see isOptional() |
||||
45 | * @since 2.0.7 |
||||
46 | */ |
||||
47 | public $optional = []; |
||||
48 | |||||
49 | |||||
50 | /** |
||||
51 | * {@inheritdoc} |
||||
52 | */ |
||||
53 | 67 | public function beforeAction($action) |
|||
54 | { |
||||
55 | 67 | $response = $this->response ?: Yii::$app->getResponse(); |
|||
56 | |||||
57 | try { |
||||
58 | 67 | $identity = $this->authenticate( |
|||
59 | 67 | $this->user ?: Yii::$app->getUser(), |
|||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
The method
getUser() does not exist on yii\base\Application . Since you implemented __call , consider adding a @method annotation.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
60 | 67 | $this->request ?: Yii::$app->getRequest(), |
|||
0 ignored issues
–
show
It seems like
$this->request ?: Yii::app->getRequest() can also be of type yii\console\Request ; however, parameter $request of yii\filters\auth\AuthInterface::authenticate() does only seem to accept yii\web\Request , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
61 | 67 | $response |
|||
62 | ); |
||||
63 | 21 | } catch (UnauthorizedHttpException $e) { |
|||
64 | 21 | if ($this->isOptional($action)) { |
|||
65 | 19 | return true; |
|||
66 | } |
||||
67 | |||||
68 | 21 | throw $e; |
|||
69 | } |
||||
70 | |||||
71 | 46 | if ($identity !== null || $this->isOptional($action)) { |
|||
72 | 46 | return true; |
|||
73 | } |
||||
74 | |||||
75 | 6 | $this->challenge($response); |
|||
76 | 6 | $this->handleFailure($response); |
|||
77 | |||||
78 | return false; |
||||
79 | } |
||||
80 | |||||
81 | /** |
||||
82 | * {@inheritdoc} |
||||
83 | */ |
||||
84 | 7 | public function challenge($response) |
|||
85 | { |
||||
86 | 7 | } |
|||
87 | |||||
88 | /** |
||||
89 | * {@inheritdoc} |
||||
90 | */ |
||||
91 | 27 | public function handleFailure($response) |
|||
92 | { |
||||
93 | 27 | throw new UnauthorizedHttpException('Your request was made with invalid credentials.'); |
|||
94 | } |
||||
95 | |||||
96 | /** |
||||
97 | * Checks, whether authentication is optional for the given action. |
||||
98 | * |
||||
99 | * @param Action $action action to be checked. |
||||
100 | * @return bool whether authentication is optional or not. |
||||
101 | * @see optional |
||||
102 | * @since 2.0.7 |
||||
103 | */ |
||||
104 | 28 | protected function isOptional($action) |
|||
105 | { |
||||
106 | 28 | $id = $this->getActionId($action); |
|||
107 | 28 | foreach ($this->optional as $pattern) { |
|||
108 | 25 | if (StringHelper::matchWildcard($pattern, $id)) { |
|||
109 | 25 | return true; |
|||
110 | } |
||||
111 | } |
||||
112 | |||||
113 | 28 | return false; |
|||
114 | } |
||||
115 | } |
||||
116 |