How can I get a static token not from the database using api?

H

hollanditkzn2018-03-30 11:16:45

Yii

hollanditkzn, 2018-03-30 11:16:45

I also need another site to take the user's data via api and that's it, not creating a record, not editing, and so on. That is, I need to create a static token and that's it for this site, so that left requests cannot take data from this site.
As I understand it, I need findIdentityByAccessToken, of course, I can be wrong.
But it turns out that I make a request in the browser or postman at least secret_token or another, then I still get a response.
My implementation
Controller

class UserController extends ActiveController
{
    public $modelClass = 'backend\models\User';
}

Model

class User extends ActiveRecord implements IdentityInterface
{
    /**
     * @inheritdoc
     */
    public static function tableName()
    {
        return '{{%user}}';
    }

    public function actions()
    {
        $actions = parent::actions();

        unset($actions['delete'], $actions['create'], $actions['update']);
    }

    public function fields()
    {
        return [
            'name' => function(){
                return $this->last_name.' '.$this->name.' '.$this->patronymic;
            },
            'position' => function(){
                return $this->position->name;
            },
            'phone'
        ];
    }
public static function findIdentityByAccessToken($token, $type = null)
    {
// Вот тут я вообще не пойму как указывать тот токен, который мне нужен
        return 'secret_token' == $token;
    }
}

Or do I need another method, as I understand it when the user is logged in or not?
for example

QueryParams

class UserController extends ActiveController
{
    const API_KEY = 'secret';

    public $modelClass = 'backend\models\User';
    public function behaviors()
    {
        $behaviors = parent::behaviors();
        $behaviors['authenticator']['class'] = QueryParamAuth::className();
        $behaviors['authenticator']['tokenParam'] = 'token';
        return [
            'access' => [
                'class' => AccessControl::className(),
                'user' => false,
                'rules' => [
                    [
                        'allow' => true,
                        'matchCallback' => function ($rule, $action){
                            $data = \Yii::$app->getRequest()->getBodyParams();
                            return isset($data['token']) === self::API_KEY;
                        },
                    ],
                ],
            ],
        ];
    }
}

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

H

hollanditkzn, 2018-03-30
@hollanditkzn

class UserController extends ActiveController
{
    const TOKEN = 'secret';

    public $modelClass = 'backend\models\User';
    public function behaviors()
    {
        $behaviors = parent::behaviors();
        $behaviors['authenticator']['class'] = QueryParamAuth::className();
        $behaviors['authenticator']['tokenParam'] = 'token';
        return ArrayHelper::merge(parent::behaviors(), [
                'access' => [
                    'class' => AccessControl::className(),
                    'user' => false,
                    'rules' => [
                        [
                            'allow' => true,
                            'matchCallback' => function ($rule, $action) {
                                $data = \Yii::$app->request->get('token');
                                return $data === self::TOKEN;
                            },
                        ],
                    ],
                    'denyCallback' => function ($rule, $action) {
                        throw new \yii\web\ForbiddenHttpException('Доступ запрещен');
                    }
                ],
            ]
        );
    }
}