-
-
Notifications
You must be signed in to change notification settings - Fork 6.9k
/
HttpHeaderAuth.php
73 lines (65 loc) · 1.94 KB
/
HttpHeaderAuth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
<?php
/**
* @link https://www.yiiframework.com/
* @copyright Copyright (c) 2008 Yii Software LLC
* @license https://www.yiiframework.com/license/
*/
namespace yii\filters\auth;
/**
* HttpHeaderAuth is an action filter that supports HTTP authentication through HTTP Headers.
*
* You may use HttpHeaderAuth by attaching it as a behavior to a controller or module, like the following:
*
* ```php
* public function behaviors()
* {
* return [
* 'basicAuth' => [
* 'class' => \yii\filters\auth\HttpHeaderAuth::class,
* ],
* ];
* }
* ```
*
* The default implementation of HttpHeaderAuth uses the [[\yii\web\User::loginByAccessToken()|loginByAccessToken()]]
* method of the `user` application component and passes the value of the `X-Api-Key` header. This implementation is used
* for authenticating API clients.
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @author Benoît Boure <benoit.boure@gmail.com>
* @since 2.0.14
*/
class HttpHeaderAuth extends AuthMethod
{
/**
* @var string the HTTP header name
*/
public $header = 'X-Api-Key';
/**
* @var string a pattern to use to extract the HTTP authentication value
*/
public $pattern;
/**
* {@inheritdoc}
*/
public function authenticate($user, $request, $response)
{
$authHeader = $request->getHeaders()->get($this->header);
if ($authHeader !== null) {
if ($this->pattern !== null) {
if (preg_match($this->pattern, $authHeader, $matches)) {
$authHeader = $matches[1];
} else {
return null;
}
}
$identity = $user->loginByAccessToken($authHeader, get_class($this));
if ($identity === null) {
$this->challenge($response);
$this->handleFailure($response);
}
return $identity;
}
return null;
}
}