YII2 REST Identity Interface returns all users?


(Buisine) #1

I have a REST API endpoint that i use to get a user logged in and retrieve informations about his account.

That implementation was running fine…but now it’s broken.

I am using basicauth override to use USERNAME:PASSWORD instead of the token

Below controller and MODEL code

Into the response i find now all the users…instead of one

can’t understand as in the first place we use findOne to select ONE user and THEN password is checked.

Maybe i missed something here :confused:

USER MODEL :




    <?php

    namespace common\models;

    use yii\base\NotSupportedException;

    use yii\behaviors\TimestampBehavior;

    use yii\db\ActiveRecord;

    use yii\web\IdentityInterface;

    

    class User extends ActiveRecord implements IdentityInterface

    {

    

        public static function tableName()

        {

            return '{{%user}}';

        }

    

    

        public function behaviors()

        {

            return [

                TimestampBehavior::className(),

            ];

        }

    

        public function rules()

        {

            return [

                [['username', 'auth_key', 'password_hash', 'email'], 'required'],

                [['status', 'created_at', 'updated_at', 'background'], 'integer'],

                [['username', 'password_hash', 'password_reset_token', 'email', 'hmac_shopify', 'shop_address', 'room_id', 'wp_address', 'blog_address', 'iosRegisterID', 'androidRegisterID', 'timeZone'], 'string', 'max' => 255],

                [['auth_key'], 'string', 'max' => 32],

                [['account_level'], 'string', 'max' => 45],

                [['username'], 'unique'],

                [['email'], 'unique'],

                [['password_reset_token'], 'unique'],

            ];

        }

    

        public static function findIdentity($id)

        {

            return static::findOne(['id' => $id]);

        }

    

        public static function findIdentityByAccessToken($token, $type = null)

        {

            return static::findOne(['auth_key' => $token]);

        }

    

    

        public static function findByUsername($username)

        {

            return static::findOne(['username' => $username]);

        }

    

        public static function findByPasswordResetToken($token)

        {

            if (!static::isPasswordResetTokenValid($token)) {

                return null;

            }

    

            return static::findOne([

                'password_reset_token' => $token,

                'status' => self::STATUS_ACTIVE,

            ]);

        }

        

        public static function isPasswordResetTokenValid($token)

        {

            if (empty($token)) {

                return false;

            }

    

            $timestamp = (int) substr($token, strrpos($token, '_') + 1);

            $expire = Yii::$app->params['user.passwordResetTokenExpire'];

            return $timestamp + $expire >= time();

        }

    

        public function getId()

        {

            return $this->getPrimaryKey();

        }

    

    

        public function getAuthKey()

        {

            return $this->auth_key;

            return $this->hmac_shopify;

        }

    

    

        public function validateAuthKey($authKey)

        {

            return $this->getAuthKey() === $authKey;

        }

    

        public function validatePassword($password)

        {        

    

            return Yii::$app->security->validatePassword($password, $this->password_hash);

        }

    

        public function setPassword($password)

        {

            $this->password_hash = Yii::$app->security->generatePasswordHash($password);

        }

    

        public function generateAuthKey()

        {

            $this->auth_key = Yii::$app->security->generateRandomString();

            $this->room_id = "_r_".Yii::$app->security->generateRandomString();

        }

    

        public function generatePasswordResetToken()

        {

            $this->password_reset_token = Yii::$app->security->generateRandomString() . '_' . time();

        }

    

        public function removePasswordResetToken()

        {

            $this->password_reset_token = null;

        }

    

        public static function find() 

        { 

           return new UserQuery(get_called_class()); 

        } 

    

    }



This is controller :


 <?php

    namespace api\controllers;

    use yii;

    use yii\rest\ActiveController;

    use \common\models\User;

    

    class RestController extends ActiveController

    {

    

    	public $modelClass = '\common\models\User';

    	public $password_hash;

    

    	public function behaviors()

    	{

    	$behaviors = parent::behaviors();

    	$behaviors['verbs'] = [

    	'class' => \yii\filters\VerbFilter::className(),

    	'actions' => [

    	'index' => ['get', 'head'],

    	],

    	];

    

    	$behaviors['access'] = [

        'class' => \yii\filters\AccessControl::className(),

        'only' => ['index'],

        'rules' => [

            [

                'actions' => ['index'],

                'allow' => true,

                'roles' => ['@'],

            ],

        ],

    ];

    

    

    $behaviors['authenticator'] = [

    

    	'class' => \yii\filters\auth\HttpBasicAuth::className(),

    

    	'auth' => function ($username, $password) {

    

    

    	    $user = \common\models\User::findByUsername($username);

    

    	    if ($user ) {

    

    			$password_valid = \common\models\User::validatePassword($password,$user->password_hash);

    

    			if($password_valid)

    				return $user;

    

    	    }

    

    	}

    

    ];

    

    	return $behaviors;

    	}

    

    

    

    

    }



Data response from REST AUTH




    <pre>

    <response>

    <item>...</item>

    <item>...</item>

    <item>...</item>

    <item>...</item>

    <item>...</item>

    <item>...</item>

    <item>...</item>

    </response>

    </pre>