Rest and HttpBasicAuth

In my controller:

   public function behaviors()


  	$behaviors = parent::behaviors();

  	$behaviors['authenticator'] = [

    	'class' => HttpBasicAuth::className(),

    	'auth' => [$this, 'auth']


 	return $behaviors;


	public function auth($email, $pass) {

    	return User::findOne([

        	'email' => $email,

        	'password' => $pass,



This works fine if I use in postman login and password hashed, but how I can authenticate with password in plain text and transfrom it in hashed password?

I tried this, but it doesn’t work

public function auth($email, $pass) {

	// username, password are mandatory fields

	if(empty($email) || empty($pass))

    	return null;

	// get user using requested email

	$user = User::findOne([

    	'email' => $email,


	// if no record matching the requested user


    	return null;

	// hashed password from user record

	$pwd = $user->password;

	// validate password

	$isPass = User::validatePassword($pass, $pwd);

	// if password validation fails


    	return null;

	// if user validates (both user_email, user_password are valid)

	return $user;



$isPass = User::validatePassword($pass, $pwd);


$isPass = $user->validatePassword($pass);

because the method uses the User object, and the static method cannot reference the object.

Yes, you’re right. But I had not even clear how and what to do.

Then I resolved through user login to get an[font="Arial"] access token[/font], and then I used httpbearerauth in all the other functions. Practically a mobile application login first, get the key and then this key is passed to the HttpBearerAuth. If the key is detected, the user is allowed to do what he has to do