Commit 7efb47bf by Qiang Xue

Fixes #4920: `yii\filters\auth\CompositeAuth` should not trigger error as long…

Fixes #4920: `yii\filters\auth\CompositeAuth` should not trigger error as long as one of the methods succeeds Fixes #3177: `yii\filters\auth\CompositeAuth` will send out challenges from all auth methods
parent 53d8ac18
...@@ -88,6 +88,7 @@ Yii Framework 2 Change Log ...@@ -88,6 +88,7 @@ Yii Framework 2 Change Log
- Bug #4755: `yii\test\BaseActiveFixture::unload()` does not clean up the internal cached data (qiangxue) - Bug #4755: `yii\test\BaseActiveFixture::unload()` does not clean up the internal cached data (qiangxue)
- Bug #4813: Fixed MSSQL schema that was getting incorrect info about constraints (samdark, SerjRamone, o-rey) - Bug #4813: Fixed MSSQL schema that was getting incorrect info about constraints (samdark, SerjRamone, o-rey)
- Bug #4880: Return value of yii\web\Request::getPrefferedLanguage() was a normalized value instead of a valid language value from the input array (cebe) - Bug #4880: Return value of yii\web\Request::getPrefferedLanguage() was a normalized value instead of a valid language value from the input array (cebe)
- Bug #4920: `yii\filters\auth\CompositeAuth` should not trigger error as long as one of the methods succeeds (qiangxue)
- Bug: Fixed inconsistent return of `\yii\console\Application::runAction()` (samdark) - Bug: Fixed inconsistent return of `\yii\console\Application::runAction()` (samdark)
- Bug: URL encoding for the route parameter added to `\yii\web\UrlManager` (klimov-paul) - Bug: URL encoding for the route parameter added to `\yii\web\UrlManager` (klimov-paul)
- Bug: Fixed the bug that requesting protected or private action methods would cause 500 error instead of 404 (qiangxue) - Bug: Fixed the bug that requesting protected or private action methods would cause 500 error instead of 404 (qiangxue)
...@@ -113,6 +114,7 @@ Yii Framework 2 Change Log ...@@ -113,6 +114,7 @@ Yii Framework 2 Change Log
- Enh #3108: Added `yii\debug\Module::enableDebugLogs` to disable logging debug logs by default (qiangxue) - Enh #3108: Added `yii\debug\Module::enableDebugLogs` to disable logging debug logs by default (qiangxue)
- Enh #3132: `yii\rbac\PhpManager` now supports more compact data file format (qiangxue) - Enh #3132: `yii\rbac\PhpManager` now supports more compact data file format (qiangxue)
- Enh #3154: Added validation error display for `GridView` filters (ivan-kolmychek) - Enh #3154: Added validation error display for `GridView` filters (ivan-kolmychek)
- Enh #3177: `yii\filters\auth\CompositeAuth` will send out challenges from all auth methods (qiangxue)
- Enh #3196: Masked input upgraded to use jquery.inputmask plugin with more features. (kartik-v) - Enh #3196: Masked input upgraded to use jquery.inputmask plugin with more features. (kartik-v)
- Enh #3220: Added support for setting transaction isolation levels (cebe) - Enh #3220: Added support for setting transaction isolation levels (cebe)
- Enh #3221: Added events for DB transaction commit/rollback (drcypher, qiangxue) - Enh #3221: Added events for DB transaction commit/rollback (drcypher, qiangxue)
......
...@@ -23,7 +23,6 @@ interface AuthInterface ...@@ -23,7 +23,6 @@ interface AuthInterface
{ {
/** /**
* Authenticates the current user. * Authenticates the current user.
*
* @param User $user * @param User $user
* @param Request $request * @param Request $request
* @param Response $response * @param Response $response
...@@ -32,6 +31,12 @@ interface AuthInterface ...@@ -32,6 +31,12 @@ interface AuthInterface
*/ */
public function authenticate($user, $request, $response); public function authenticate($user, $request, $response);
/** /**
* Generates challenges upon authentication failure.
* For example, some appropriate HTTP headers may be generated.
* @param Response $response
*/
public function challenge($response);
/**
* Handles authentication failure. * Handles authentication failure.
* The implementation should normally throw UnauthorizedHttpException to indicate authentication failure. * The implementation should normally throw UnauthorizedHttpException to indicate authentication failure.
* @param Response $response * @param Response $response
......
...@@ -41,16 +41,19 @@ abstract class AuthMethod extends ActionFilter implements AuthInterface ...@@ -41,16 +41,19 @@ abstract class AuthMethod extends ActionFilter implements AuthInterface
*/ */
public function beforeAction($action) public function beforeAction($action)
{ {
$response = $this->response ? : Yii::$app->getResponse();
$identity = $this->authenticate( $identity = $this->authenticate(
$this->user ? : Yii::$app->getUser(), $this->user ? : Yii::$app->getUser(),
$this->request ? : Yii::$app->getRequest(), $this->request ? : Yii::$app->getRequest(),
$this->response ? : Yii::$app->getResponse() $response
); );
if ($identity !== null) { if ($identity !== null) {
return true; return true;
} else { } else {
$this->handleFailure($this->response ? : Yii::$app->getResponse()); $this->challenge($response);
$this->handleFailure($response);
return false; return false;
} }
} }
...@@ -58,6 +61,13 @@ abstract class AuthMethod extends ActionFilter implements AuthInterface ...@@ -58,6 +61,13 @@ abstract class AuthMethod extends ActionFilter implements AuthInterface
/** /**
* @inheritdoc * @inheritdoc
*/ */
public function challenge($response)
{
}
/**
* @inheritdoc
*/
public function handleFailure($response) public function handleFailure($response)
{ {
throw new UnauthorizedHttpException('You are requesting with an invalid credential.'); throw new UnauthorizedHttpException('You are requesting with an invalid credential.');
......
...@@ -74,12 +74,17 @@ class CompositeAuth extends AuthMethod ...@@ -74,12 +74,17 @@ class CompositeAuth extends AuthMethod
} }
} }
if (!empty($this->authMethods)) { return null;
/* @var $auth AuthInterface */
$auth = reset($this->authMethods);
$auth->handleFailure($response);
} }
return null; /**
* @inheritdoc
*/
public function challenge($response)
{
foreach ($this->authMethods as $method) {
/** @var $method AuthInterface */
$method->challenge($response);
}
} }
} }
...@@ -7,9 +7,6 @@ ...@@ -7,9 +7,6 @@
namespace yii\filters\auth; namespace yii\filters\auth;
use Yii;
use yii\web\UnauthorizedHttpException;
/** /**
* HttpBasicAuth is an action filter that supports the HTTP Basic authentication method. * HttpBasicAuth is an action filter that supports the HTTP Basic authentication method.
* *
...@@ -90,9 +87,8 @@ class HttpBasicAuth extends AuthMethod ...@@ -90,9 +87,8 @@ class HttpBasicAuth extends AuthMethod
/** /**
* @inheritdoc * @inheritdoc
*/ */
public function handleFailure($response) public function challenge($response)
{ {
$response->getHeaders()->set('WWW-Authenticate', "Basic realm=\"{$this->realm}\""); $response->getHeaders()->set('WWW-Authenticate', "Basic realm=\"{$this->realm}\"");
throw new UnauthorizedHttpException('You are requesting with an invalid access token.');
} }
} }
...@@ -7,9 +7,6 @@ ...@@ -7,9 +7,6 @@
namespace yii\filters\auth; namespace yii\filters\auth;
use Yii;
use yii\web\UnauthorizedHttpException;
/** /**
* HttpBearerAuth is an action filter that supports the authentication method based on HTTP Bearer token. * HttpBearerAuth is an action filter that supports the authentication method based on HTTP Bearer token.
* *
...@@ -57,9 +54,8 @@ class HttpBearerAuth extends AuthMethod ...@@ -57,9 +54,8 @@ class HttpBearerAuth extends AuthMethod
/** /**
* @inheritdoc * @inheritdoc
*/ */
public function handleFailure($response) public function challenge($response)
{ {
$response->getHeaders()->set('WWW-Authenticate', "Bearer realm=\"{$this->realm}\""); $response->getHeaders()->set('WWW-Authenticate', "Bearer realm=\"{$this->realm}\"");
throw new UnauthorizedHttpException('You are requesting with an invalid access token.');
} }
} }
...@@ -7,9 +7,6 @@ ...@@ -7,9 +7,6 @@
namespace yii\filters\auth; namespace yii\filters\auth;
use Yii;
use yii\web\UnauthorizedHttpException;
/** /**
* QueryParamAuth is an action filter that supports the authentication based on the access token passed through a query parameter. * QueryParamAuth is an action filter that supports the authentication based on the access token passed through a query parameter.
* *
...@@ -42,12 +39,4 @@ class QueryParamAuth extends AuthMethod ...@@ -42,12 +39,4 @@ class QueryParamAuth extends AuthMethod
return null; return null;
} }
/**
* @inheritdoc
*/
public function handleFailure($response)
{
throw new UnauthorizedHttpException(Yii::t('yii', 'You are requesting with an invalid access token.'));
}
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment