Yii2ResultfulApi认证使用accesstoken作为用户登录认证信息1.修改认证main.php/***认证类***/'user'=>['identityClass'=>'common\models\backend\Admin','enableAutoLogin'=>true,'enableSession'=>FALSE,//关闭会话//'identityCookie'=>['name'=>'_identity-api','httpOnly'=>true],],//'session'=>[//'name'=>'advanced-api',//],2.获取访问令牌认证类Adminnamespacecommon\models\backend;useYii;useyii\web\IdentityInterface;/***这是表“admin”的模型类。**@propertyint$idID*@propertystring$usernameusername*@propertystring$realnamename*@propertystring$emailemail*@propertyint$statusstatus*@propertystring$password_hashpassword*@propertystring$auth_keyauthorizationkey*@propertystring$password_reset_token密码重置令牌*@propertystring$access_token访问令牌*@propertyint$expire_在过期时间*@propertyint$logged_at登录时间*@propertyint$created_at创建时间*@propertyint$updated_at最后修改时间*/classAdminextends\yii\db\ActiveRecordimplementsIdentityInterface{/***{@inheritdoc}*/publicstaticfunctiontableName(){return'admin';}/***{@inheritdoc}*/publicfunctionrules(){return[[['id','email','password_hash','auth_key'],'required'],[['id','status','expire_at','logged_at','created_at','updated_at'],'integer'],[['username'],'string','max'=>32],[['realname','email','password_hash','auth_key','password_reset_token','access_token'],'string','max'=>255],];}/***{@inheritdoc}*/publicfunctionattributeLabels(){return['id'=>'ID','username'=>'username','realname'=>'name','email'=>'email','status'=>'status','password_hash'=>'password','auth_key'=>'授权密钥','password_reset_token'=>'密码重置令牌','access_token'=>'访问令牌','expire_at'=>'过期时间','logged_at'=>'登录时间','created_at'=>'创建time','updated_at'=>'最后修改时间',];}publicstaticfunctionfindIdentity($id){//TODO:实现findIdentity()方法。}publicstaticfunctionfindIdentityByAccessToken($token,$type=NULL){//TODO:实现findIdentityByAccessToken()方法。}publicfunctiongetId(){//TODO:实现getId()方法。}publicfunctiongetAuthKey(){//TODO:实施tgetAuthKey()方法。}publicfunctionvalidateAuthKey($authKey){//TODO:实施validateAuthKey()方法。}/***使用用户名查找用户**@param$username*@return\common\models\backend\Admin|null*/publicstaticfunctionfindByUsername($username){returnstatic::findOne(['username'=>$用户名]);}/***验证密码**@paramstring$password要验证的密码*@returnbool如果提供的密码对当前用户有效*/publicfunctionvalidatePassword($password){returnYii::$app->security->验证密码($密码,$this->password_hash);}/***生成访问令牌**@returnstring*@throws\yii\base\Exception*/publicfunctiongenerateAccessToken(){$this->access_token=Yii::$app->security->generateRandomString();返回$this->access_token;}}控制器文件namespaceapi\modules\后端\控制器;使用api\模型\后端\AdminLoginForm;类AdminController扩展\yii\rest\ActiveController{public$modelClass="common\models\backend\Admin";/***用户登录**@return\api\models\backend\AdminLoginForm|array*@throws\yii\base\Exception*/publicfunctionactionLogin(){$model=newAdminLoginForm();$model->用户名=$_POST['用户名'];$model->password=$_POST['密码'];如果($model->login()){return['access_token'=>$model->login()];}else{$model->validate();返回$模型;}}}后台使用到的登录表单模型类namespaceapi\models\backend;usecommon\models\backend\Admin;useyii\base\Model;/***登录表单*/classAdminLoginFormextendsModel{public$username;公共$密码;/***@varAdmin*/private$_user;/***{@inheritdoc}*/publicfunctionrules(){return[//用户名和密码都是必需的[['username','password'],'required'],//密码由validatePassword()['password','validatePassword'],];}/***@param$attribute*@param$params*/publicfunctionvalidatePassword($attribute,$params){if(!$this->hasErrors()){$user=$this->getUser();if(!$user||!$user->validatePassword($this->password)){$this->addError($attribute,'不正确的用户名或密码。');}}}/***@returnstring|bool*@throws\yii\base\Exception*/publicfunctionlogin(){if($this->validate()){$accessToken=$this->_user->生成访问令牌();$this->_user->save();返回$accessToken;}返回假;}/***查找用户**@returnAdmin|null*/protectedfunctiongetUser(){if($this->_user===NULL){$this->_user=Admin::findByUsername($this->username);}}返回$this->_user;}}3。每个控制器的认证访问令牌修改/***认证用户访问令牌*@returnarray*/publicfunctionbehaviors(){returnArrayHelper::merge(parent::behaviors(),['authenticatior'=>QueryParamAuth::className()]);}在Admin类中实现findIdentityByAccessToken方法/***通过accesstoken获取用户信息*@parammixed$token*@paramnull$type*@return\common\models\backend\Admin|\yii\web\IdentityInterface|null*/publicstaticfunctionfindIdentityByAccessToken($token,$type=NULL){returnstatic::findOne(['access_token'=>$token]);}
