Skip to content
/ yii2-rest-auth Public

Authorization for rest, which is made for increased security.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gud3/yii2-rest-auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
migrations
migrations
 
 
models
models
 
 
CheckToken.php
CheckToken.php
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 

Repository files navigation

Yii2 rest authorized

This extension increase security betwean requests to REST contorllers.

How does it work: there is a short(token) and long(series) keys. Short key changes every time, the long key remains the same for entire period of authorization.

Then they are merged into a string and attached to the Authorization header. These values are separated by ";"

To confirm next request, when "client" send new request, it attaches the same Authoriztion header with the data it recieved. And this continues until the user is logged out or the keys are stolen.

When the keys are stolen and the thief use the user's data - the short key (token) changes every request. When the real user makes a request - the system will notice that long key (series) is the same, but short key doesn't match. In this case system delete Authorization, the thief and the real user will be logged out

For data storage it uses ActiveRecord table. In this table keeps all authorization data, the end date of the session. Sessions are stored in Redis.

Installation

The preferred way to install this extension is through composer.

Either run

php composer.phar require --prefer-dist gud3/yii2-rest-auth "*"

or add

"gud3/yii2-rest-auth": ">=1.0.0"

to the require section of your composer.json file.

Migration enter in code line:

yii migrate --migrationPath=@gud3/restAuth/migrations

Need

You need to override the static function in the 'Users' table:

public static function findIdentityByAccessToken($id, $type = null)
{
    return static::find()->where(['id' => $id])->one() || false;
}

Usage

To use this extension, simply add the following code in your controller behaviors:

public function behaviors()
{
    $behaviors = parent::behaviors();
    
    $auth = ['index'];
    //$auth = ['index', 'update', 'create', 'etc..'];
    $behaviors['authenticator']['class'] = \gud3\restAuth\CheckToken::className();
    $behaviors['authenticator']['only'] = $auth;

    return $behaviors;
}

For check exist Authorized data in headers:

public function behaviors()
{
    $behaviors = parent::behaviors();
    
    $auth = [];
    
    if (\gud3\restAuth\CheckToken::isAuth()) {
        array_push($auth, 'index', 'create');
    }
        
    $behaviors['authenticator']['class'] = \gud3\restAuth\CheckToken::className();
    $behaviors['authenticator']['only'] = $auth;
    
    return $behaviors;
}

This is necessary to check if there are authorization data, then check them, and if it is successful, authorize or go through the system without authorization, then Yii::$app->user->isGuest = true

Change storage

To store the session in the radish, you need to :

'components' => [
    'cache' => [
        'class' => 'yii\redis\Cache',
    ],
]

About

Authorization for rest, which is made for increased security.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

1.0.0 Latest
Jul 26, 2017

Packages

No packages published

Languages