在配置文件main.xml中设置用户认证类。与WEB站点不同,cookie和session通常不用于维护登录状态。'user'=>['identityClass'=>'common\models\User','enableAutoLogin'=>true,'enableSession'=>false,//'identityCookie'=>['name'=>'_identity-backend','httpOnly'=>true],],/*'session'=>[//这是用于后端登录的会话cookie的名称'name'=>'advanced-backend',],*/实现Api用户认证(登录功能)复制一份common/models/UserLoginForm到common/models并重命名为ApiLoginForm,取消rememberme和vitifyCode等相关功能,重写登录方法。代码如下:'用户名','password'=>'密码',//'rememberMe'=>'记住我',//'vitifyCode'=>'验证码',];}/***{@inheritdoc}*/publicfunctionrules(){return[//用户名和密码都是必需的[['username','password'],'required'],//rememberMe必须是布尔值value//['rememberMe','boolean'],//密码由validatePassword()['password','validatePassword'],//['vitifyCode','captcha'],//验证码验证];}/***验证密码d.*此方法用作密码的内联验证。**@paramstring$attribute当前正在验证的属性*@paramarray$params规则中给出的附加名称-值对*/publicfunctionvalidatePassword($attribute,$params){if(!$this->hasErrors()){$user=$this->getUser();if(!$user||!$user->validatePassword($this->password)){$this->addError($attribute,'不正确的用户名或密码。');}}}/***使用提供的用户名和密码登录用户。**@returnbool用户是否登录成功*/publicfunctionlogin(){if($this->validate()){//returnYii::$app->user->login($this->getUser(),$this->rememberMe?3600*24*30:0);$access_token=$this->_user->generateAccessToken();$this->_user->expire_at=time()+3600*7*24;//设置access_token过期时间$this->_user->save();Yii::$app->user->login($this->_user,3600*7*24);返回$access_token;}else{返回错误;}}/***通过[[username]]查找用户**@returnUser|null*/protectedfunctiongetUser(){if($this->_user===null){$this->_user=User::findByUsername($this->用户名);}返回$this->_user;}}在common/modelsUser中实现generateAccessToken,代码如下:/***生成access_token*@returnstring*@throws\yii\base\Exception*/publicfunctiongenerateAccessToken(){$this->access_token=Yii::$app->security->generateRandomString();返回$this->access_token;}现实UserController控件,现实登录方法:username=$_POST['username'];$model->password=$_POST['password'];*///使用getBodyParams处理POST请求$model->load(\Yii::$app->getRequest()->getBodyParams(),'');如果($model->login()){return['access_token'=>$model->login()];}else{$model->validate();返回$模型;}}}配置好url美化:['class'=>'yii\rest\UrlRule','controller'=>'user','pluralize'=>false,//访问资源不需要添加'extraPatterns'=>['POST登录'=>'登录','POST注册'=>'signup',],]测试登录API成功获取accessToken:Maintaintheauthenticationstate:维护认证状态,即客户端如何使用accesstoken令牌访问服务端提供的服务1,并在VideoDetailController中添加QueryParamAuth过滤器:}可以看到认证已经生效。我们带一个有效的access-token来测试:提醒我们为了顺利通过验证,必须在common\models\User.php中实现一个findIdentityByAccessToken方法。实现这个方法:publicstaticfunctionfindIdentityByAccessToken($token,$type=null){returnstatic::find()->where(['access_token'=>$token,'status'=>self::STATUS_ACTIVE])->andWhere(['>','expire_at',time()])->one();}再次拿access-token测试一下,可以看到已经成功获取到了想要的数据:我们也可以指定需要认证才能访问的Actions。比如列表页不需要鉴权,详情需要:className(),'only'=>['view'],],]);}YiiRestfulApi认证可以参考:YiiRestfulApi认证过滤可以参考:过滤用户注册实现将frontend/models/SignupForm复制一份到common/models,重命名为ApiSignupForm,修改代码如下:'\common\models\User','message'=>'用户名已被使用。'],['username','string','min'=>2,'max'=>255],['email','修剪'],['email','required'],['email','email'],['email','string','max'=>255],['email','unique','targetClass'=>'\common\models\User','message'=>'Emailisalreadytaken.'],['password','required'],['password_repeat','required'],['password','string','min'=>6],['password_repeat','compare','compareAttribute'=>'password','message'=>'两次输入的密码不一致!'],/*['realname','required'],['realname','string','max'=>128],*/];}publicfunctionattributeLabels(){return['username'=>'Username',//'realname'=>'Name','password'=>'Password','password_repeat'=>'重复密码','email'=>'电子邮件',];}/***注册用户。**@returnUser|null保存的模型,如果保存失败则返回null*@throws\yii\base\Exception*/publicfunactionsignup(){if(!$this->validate()){返回空值;}$用户=新用户();$user->username=$this->username;$user->email=$this->email;//$user->realname=$this->realname;$user->setPassword($this->password);$user->generateAuthKey();返回$user->save()?$用户:空;}}在UserController中实现注册方法:publicfunctionactionSignup(){$model=newApiSignupForm();$model->load(\Yii::$app->getRequest()->getBodyParams(),'');if($model->signup()){return['result'=>'注册成功'];}else{$model->validate();返回$模型;}}配置Url美化:['class'=>'yii\rest\UrlRule','controller'=>'user','pluralize'=>false,//不需要加s'extraPatterns'=>['POSTlogin'=>'login','POSTsignup'=>'signup',],]测试:欢迎大家讨论(879782113):
