I am working on yii2 and created some REST API's. One is for authenticating the user and the second one is for getting the data by using the auth keyfrom the 1st API. I am usingxampp` on the local machine. The authenticate API is working perfectly alright. But when I am trying to execute the 2nd API it's giving me an error. Below is my code
main.php
<?php
$params = array_merge(
require(__DIR__ . '/../../common/config/params.php'),
require(__DIR__ . '/../../common/config/params-local.php'),
require(__DIR__ . '/params.php'),
require(__DIR__ . '/params-local.php')
);
return [
'id' => 'app-api',
'basePath' => dirname(__DIR__),
'bootstrap' => ['log'],
'modules' => [
'v1' => [
'basePath' => '@app/modules/v1',
'class' => 'api\modules\v1\Module'
]
],
'components' => [
'request' => [
'csrfParam' => '_csrf-backend',
'enableCookieValidation' => false,
'enableCsrfValidation' => false,
],
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => false,
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'urlManager' => [
'enablePrettyUrl' => true,
'enableStrictParsing' => true,
'showScriptName' => false,
'rules' => [
[
'class' => 'yii\rest\UrlRule',
'controller' => ['v1/survey'],
'tokens'=>[
'{id}' => '<id:\\d[\\d,]*>'
],
'extraPatterns' => [
'POST add' => 'add',
'POST photo/save'=>'savepic',
'POST modify/{id}' => 'modify',
'GET refdata' => 'refdata',
'GET refdata.json' => 'refdatajson',
'GET shahid' => 'shahid',
'GET list' => 'list',
],
'pluralize' => false
],[
'class' => 'yii\rest\UrlRule',
'controller' => ['v1/issue'],
'extraPatterns' => [
'POST add' => 'add'
],
'pluralize' => false
],[
'class' => 'yii\rest\UrlRule',
'controller' => ['v1/auth'],
'extraPatterns' => [
'POST authenticate' => 'authenticate'
],
'pluralize' => false
]
, [
'class' => 'yii\rest\UrlRule',
'controller' => ['v1/auth'],
'extraPatterns' => [
'POST authenticate2' => 'authenticate2'
],
'pluralize' => false
],[
'class' => 'yii\rest\UrlRule',
'controller' => ['v1/team'],
'extraPatterns' => [
'POST list' => 'list'
],
'pluralize' => false
],
[
'class' => 'yii\rest\UrlRule',
'controller' => ['v1/installation'],
'extraPatterns' => [
'GET list' => 'items',
'POST add' => 'addnew',
'POST photo/save' =>'savephoto',
'GET loadsurveyimages' =>'loadsurveyimages',
'GET listinstall'=>'listinstall',
'GET loadinstallationimages' => 'loadinstallationimages',
'GET loadfiles'=>'loadfiles',
'POST email' =>'email',
'GET details' =>'details',
'GET simtransfer'=>'simtransfer',
'POST metertosimmap'=>'metertosimmap',
'GET meterping'=>'meterping',
//'GET simtransfer'=>'simtransfer',
],
'pluralize' => false
],
[
'class' => 'yii\rest\UrlRule',
'controller' => ['v1/preinstallation'],
'extraPatterns' => [
'GET list' => 'items',
'POST add' => 'addnew',
'POST photo/save' =>'savephoto',
'GET loadsurveyimages' =>'loadsurveyimages',
'GET listinstall'=>'listinstall',
'GET loadinstallationimages' => 'loadinstallationimages',
'GET loadfiles'=>'loadfiles',
'GET email' =>'email',
'GET details' =>'details',
'GET refs' => 'refs',
],
'pluralize' => false
],
[
'class' => 'yii\rest\UrlRule',
'controller' => ['v1/routes'],
'extraPatterns' => [
'GET list' => 'list',
'GET meters'=>'meters',
'GET refs' => 'refs',
'GET ref' => 'ref',
'POST status'=>'status'
],
'pluralize' => false
]
],
]
],
'params' => $params,
];
The Authenticate API is working.
For all other API we have to use this secret key to access data and do other operations as well.
When I try to access it I am getting the below error
{
"name": "Unauthorized",
"message": "Your request was made with invalid credentials.",
"code": 0,
"status": 401,
"type": "yii\\web\\UnauthorizedHttpException"
}
I have already used all the options under body of the postman. Also used Params and Authorization but nothing seems to work.
.htaccess
#SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
SetEnvIf Authorization . HTTP_AUTHORIZATION=$0
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php
Base Controller
class BaseController extends ActiveController
{
/**
* Activate Bear Authentication
*
* @return array
*/
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => HttpBearerAuth::className(),
];
return $behaviors;
}
}
HttpBearerAuth
class HttpBearerAuth extends HttpHeaderAuth
{
/**
* {@inheritdoc}
*/
public $header = 'Authorization';
/**
* {@inheritdoc}
*/
public $pattern = '/^Bearer\s (.*?)$/';
/**
* @var string the HTTP authentication realm
*/
public $realm = 'api';
/**
* {@inheritdoc}
*/
public function challenge($response)
{
$response->getHeaders()->set('WWW-Authenticate', "Bearer realm=\"{$this->realm}\"");
}
}
I have already tried with SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$0. But still, the issue is there.
How to get rid of this issue? Any help would be highly appreciated.
CodePudding user response:
For HttpBearerAuth set token in header like
Authorization: Bearer {token}
For postman use Authorization tab and select type of token here:
And the token is automatically substituted into the headers (you can see if you display auto-generated headers)
