Merge branch 'jwt'

2024-11-26 16:52:02 +05:30 · 2016-02-24 01:15:49 +03:00 · 2016-02-24 01:15:49 +03:00 · 36a5f7b359
commit 36a5f7b359
parent 1c6ba30abf 8583edbb92
13 changed files with 60 additions and 23 deletions
--- a/api/config/main.php
+++ b/api/config/main.php
@ -14,7 +14,7 @@ return [
    'components' => [
        'user' => [
            'identityClass' => \common\models\Account::class,
-            'enableAutoLogin' => true,
+            'enableSession' => false,
            'loginUrl' => null,
        ],
        'log' => [
--- a/api/controllers/AuthenticationController.php
+++ b/api/controllers/AuthenticationController.php
@ -4,11 +4,15 @@ namespace api\controllers;
 use api\models\LoginForm;
 use Yii;
 use yii\filters\AccessControl;
+use yii\helpers\ArrayHelper;

 class AuthenticationController extends Controller {

    public function behaviors() {
-        return array_merge(parent::behaviors(), [
+        return ArrayHelper::merge(parent::behaviors(), [
+            'authenticator' => [
+                'except' => ['login'],
+            ],
            'access' => [
                'class' => AccessControl::class,
                'rules' => [
@ -31,7 +35,7 @@ class AuthenticationController extends Controller {
    public function actionLogin() {
        $model = new LoginForm();
        $model->load(Yii::$app->request->post());
-        if (!$model->login()) {
+        if (($jwt = $model->login()) === false) {
            return [
                'success' => false,
                'errors' => $this->normalizeModelErrors($model->getErrors()),
@ -40,6 +44,7 @@ class AuthenticationController extends Controller {

        return [
            'success' => true,
+            'jwt' => $jwt,
        ];
    }

--- a/api/controllers/Controller.php
+++ b/api/controllers/Controller.php
@ -3,6 +3,7 @@ namespace api\controllers;

 use api\traits\ApiNormalize;
 use Yii;
+use yii\filters\auth\HttpBearerAuth;

 /**
 * @property \common\models\Account|null $account
@ -12,8 +13,15 @@ class Controller extends \yii\rest\Controller {

    public function behaviors() {
        $parentBehaviors = parent::behaviors();
+        // Добавляем авторизатор для входа по jwt токенам
+        $parentBehaviors['authenticator'] = [
+            'class' => HttpBearerAuth::className(),
+        ];
+
        // xml нам не понадобится
        unset($parentBehaviors['contentNegotiator']['formats']['application/xml']);
+        // rate limiter здесь не применяется
+        unset($parentBehaviors['rateLimiter']);

        return $parentBehaviors;
    }
--- a/api/controllers/OauthController.php
+++ b/api/controllers/OauthController.php
@ -14,13 +14,17 @@ use yii\helpers\ArrayHelper;
 class OauthController extends Controller {

    public function behaviors() {
-        return array_merge(parent::behaviors(), [
+        return ArrayHelper::merge(parent::behaviors(), [
+            'authenticator' => [
+                'except' => ['validate', 'issue-token'],
+            ],
            'access' => [
                'class' => AccessControl::class,
                'rules' => [
                    [
                        'actions' => ['validate', 'issue-token'],
                        'allow' => true,
+                        'roles' => ['?'],
                    ],
                    [
                        'actions' => ['complete'],
--- a/api/controllers/SignupController.php
+++ b/api/controllers/SignupController.php
@ -5,11 +5,15 @@ use api\models\ConfirmEmailForm;
 use api\models\RegistrationForm;
 use Yii;
 use yii\filters\AccessControl;
+use yii\helpers\ArrayHelper;

 class SignupController extends Controller {

    public function behaviors() {
-        return array_merge(parent::behaviors(), [
+        return ArrayHelper::merge(parent::behaviors(), [
+            'authenticator' => [
+                'except' => ['register', 'confirm'],
+            ],
            'access' => [
                'class' => AccessControl::class,
                'rules' => [
--- a/api/models/LoginForm.php
+++ b/api/models/LoginForm.php
@ -44,16 +44,14 @@ class LoginForm extends BaseApiForm {
    }

    /**
-     * Logs in a user using the provided username and password.
-     *
-     * @return boolean whether the user is logged in successfully
+     * @return bool|string JWT с информацией об аккаунте
     */
    public function login() {
        if (!$this->validate()) {
            return false;
        }

-        return Yii::$app->user->login($this->getAccount(), $this->rememberMe ? 3600 * 24 * 30 : 0);
+        return $this->getAccount()->getJWT();
    }

    /**
--- a/common/models/Account.php
+++ b/common/models/Account.php
@ -2,6 +2,7 @@
 namespace common\models;

 use common\components\UserPass;
+use damirka\JWT\UserTrait;
 use Yii;
 use yii\base\InvalidConfigException;
 use yii\base\NotSupportedException;
@ -34,6 +35,7 @@ use yii\web\IdentityInterface;
 * @mixin TimestampBehavior
 */
 class Account extends ActiveRecord implements IdentityInterface {
+    use UserTrait;

    const STATUS_DELETED = -10;
    const STATUS_REGISTERED = 0;
@ -64,13 +66,6 @@ class Account extends ActiveRecord implements IdentityInterface {
        return static::findOne(['id' => $id]);
    }

-    /**
-     * @inheritdoc
-     */
-    public static function findIdentityByAccessToken($token, $type = null) {
-        throw new NotSupportedException('"findIdentityByAccessToken" is not implemented.');
-    }
-
    /**
     * @param string $email
     * @return static|null
@ -247,4 +242,22 @@ class Account extends ActiveRecord implements IdentityInterface {
        return false;
    }

+    /**
+     * @inheritdoc
+     */
+    protected static function getSecretKey() {
+        return Yii::$app->params['jwtSecret'];
+    }
+
+    /**
+     * Getter for "header" array that's used for generation of JWT
+     * @return array JWT Header Token param, see http://jwt.io/ for details
+     */
+    protected static function getHeaderToken() {
+        return [
+            'iss' => Yii::$app->request->hostInfo,
+            'aud' => Yii::$app->request->hostInfo,
+        ];
+    }
+
 }
--- a/composer.json
+++ b/composer.json
@ -14,13 +14,14 @@
    },
    "minimum-stability": "stable",
    "require": {
-        "php": ">=5.4.0",
+        "php": ">=5.6.0",
        "yiisoft/yii2": ">=2.0.6",
        "yiisoft/yii2-bootstrap": "*",
        "yiisoft/yii2-swiftmailer": "*",
        "ramsey/uuid": "^3.1",
        "league/oauth2-server": "~4.1.5",
-        "yiisoft/yii2-redis": "~2.0.0"
+        "yiisoft/yii2-redis": "~2.0.0",
+        "damirka/yii2-jwt": "dev-master#be29a5b5d7e7d146c13d4374788e02c54cc04138"
    },
    "require-dev": {
        "yiisoft/yii2-codeception": "*",
--- a/environments/dev/api/config/params-local.php
+++ b/environments/dev/api/config/params-local.php
@ -1,3 +1,4 @@
 <?php
 return [
+    'jwtSecret' => 'some-long-secret-key',
 ];
--- a/environments/prod/api/config/params-local.php
+++ b/environments/prod/api/config/params-local.php
@ -1,3 +1,4 @@
 <?php
 return [
+    'jwtSecret' => 'some-long-secret-key',
 ];
--- a/tests/codeception/api/functional/LoginCest.php
+++ b/tests/codeception/api/functional/LoginCest.php
@ -101,6 +101,7 @@ class LoginCest {
        $I->canSeeResponseContainsJson([
            'success' => true,
        ]);
+        $I->canSeeResponseJsonMatchesJsonPath('$.jwt');
        $I->cantSeeResponseJsonMatchesJsonPath('$.errors');
    }

@ -123,6 +124,7 @@ class LoginCest {
        $I->canSeeResponseContainsJson([
            'success' => true,
        ]);
+        $I->canSeeResponseJsonMatchesJsonPath('$.jwt');
        $I->cantSeeResponseJsonMatchesJsonPath('$.errors');
    }

--- a/tests/codeception/api/functional/_steps/AccountSteps.php
+++ b/tests/codeception/api/functional/_steps/AccountSteps.php
@ -11,6 +11,9 @@ class AccountSteps extends FunctionalTester {
        $route = new LoginRoute($I);
        $route->login('Admin', 'password_0');
        $I->canSeeResponseIsJson();
+        $I->canSeeResponseJsonMatchesJsonPath('$.jwt');
+        $jwt = $I->grabDataFromResponseByJsonPath('$.jwt')[0];
+        $I->amBearerAuthenticated($jwt);
    }

 }
--- a/tests/codeception/api/unit/models/LoginFormTest.php
+++ b/tests/codeception/api/unit/models/LoginFormTest.php
@ -39,25 +39,22 @@ class LoginFormTest extends DbTestCase {
        $this->specify('get errors and don\'t log in into account with wrong credentials', function () use ($model) {
            expect('model should not login user', $model->login())->false();
            expect('error messages should be set', $model->errors)->notEmpty();
-            expect('user should not be logged in', Yii::$app->user->isGuest)->true();
        });
    }

    public function testLoginByUsernameCorrect() {
        $model = $this->createModel('Admin', 'password_0');
        $this->specify('user should be able to login with correct username and password', function () use ($model) {
-            expect('model should login user', $model->login())->true();
+            expect('model should login user', $model->login())->notEquals(false);
            expect('error message should not be set', $model->errors)->isEmpty();
-            expect('user should be logged in', Yii::$app->user->isGuest)->false();
        });
    }

    public function testLoginByEmailCorrect() {
        $model = $this->createModel('admin@ely.by', 'password_0');
        $this->specify('user should be able to login with correct email and password', function () use ($model) {
-            expect('model should login user', $model->login())->true();
+            expect('model should login user', $model->login())->notEquals(false);
            expect('error message should not be set', $model->errors)->isEmpty();
-            expect('user should be logged in', Yii::$app->user->isGuest)->false();
        });
    }