for testing and deploying your application
for finding and fixing issues
for empowering human code reviews
<?php
/**
* @link https://www.yiiframework.com/
* @copyright Copyright (c) 2008 Yii Software LLC
* @license https://www.yiiframework.com/license/
*/
namespace yii\filters\auth;
use Yii;
use yii\base\Action;
use yii\base\ActionFilter;
use yii\helpers\StringHelper;
use yii\web\Request;
use yii\web\Response;
use yii\web\UnauthorizedHttpException;
use yii\web\User;
* AuthMethod is a base class implementing the [[AuthInterface]] interface.
*
* @author Qiang Xue <[email protected]>
* @since 2.0
abstract class AuthMethod extends ActionFilter implements AuthInterface
{
* @var User|null the user object representing the user authentication status. If not set, the `user` application component will be used.
public $user;
* @var Request|null the current request. If not set, the `request` application component will be used.
public $request;
* @var Response|null the response to be sent. If not set, the `response` application component will be used.
public $response;
* @var array list of action IDs that this filter will be applied to, but auth failure will not lead to error.
* It may be used for actions, that are allowed for public, but return some additional data for authenticated users.
* Defaults to empty, meaning authentication is not optional for any action.
* Since version 2.0.10 action IDs can be specified as wildcards, e.g. `site/*`.
* @see isOptional()
* @since 2.0.7
public $optional = [];
* {@inheritdoc}
public function beforeAction($action)
$response = $this->response ?: Yii::$app->getResponse();
try {
$identity = $this->authenticate(
$this->user ?: Yii::$app->getUser(),
getUser()
yii\base\Application
__call
If this is a false-positive, you can also ignore this issue in your code via the ignore-call annotation
ignore-call
$this->user ?: Yii::$app->/** @scrutinizer ignore-call */ getUser(),
$this->request ?: Yii::$app->getRequest(),
$response
);
} catch (UnauthorizedHttpException $e) {
if ($this->isOptional($action)) {
return true;
}
throw $e;
if ($identity !== null || $this->isOptional($action)) {
$this->challenge($response);
$this->handleFailure($response);
return false;
public function challenge($response)
public function handleFailure($response)
throw new UnauthorizedHttpException('Your request was made with invalid credentials.');
* Checks, whether authentication is optional for the given action.
* @param Action $action action to be checked.
* @return bool whether authentication is optional or not.
* @see optional
protected function isOptional($action)
$id = $this->getActionId($action);
foreach ($this->optional as $pattern) {
if (StringHelper::matchWildcard($pattern, $id)) {
yiisoft /
yii2
Robert Korulczyk
Loading history...