Compatibility with HttpBasicAuth?

[ashaduri]

Hi,

I'm developing a REST API (using a module) in addition to standard web controllers in Yii2.

I've been following all the Yii2 guides to adding HttpBasicAuth (using username and password) functionality to my REST controller, but it seems that the flow never gets to it.

Does this plugin support 'authenticator' behaviors at all?

In my controller:

                // in behaviors():
		$behaviors['authenticator'] = [
			'class' => \yii\filters\auth\HttpBasicAuth::class,
 			'auth' => [$this, 'check_auth'],
 		];

        // in the same class, never called:
	public function check_auth($username, $password)
	{
		$user = User::find()->where(['username' => $username])->one();
		if ($user->validatePassword($password)) {
			return $user;
		}
		return null;
	}

Thanks!

[amnah]

Hey,

The controllers in this module are just regular basic controllers - nothing special. So behaviors should work just fine

https://github.com/amnah/yii2-user/blob/master/controllers/DefaultController.php#L23-L56

https://github.com/amnah/yii2-user/blob/master/controllers/AdminController.php#L39-L52

[ashaduri]

Hi,

I'm using RBAC and it turns out the action was denied by AccessControl, even before the flow reached the controller. After I added the actions to AccessControl's allowedActions(), everything went fine and HttpBasicAuth worked. The AccessControl / RBAC relationship is a bit confusing (at least to me) so such mistakes are easy to make.

Sorry for bothering and thanks for your help!