gpt4 book ai didi

php - Yii2 AccessControl 在 Rest API 中使用 HTTPBearerAuth 时给出 Forbidden 403

转载 作者:搜寻专家 更新时间:2023-10-31 21:56:17 24 4
gpt4 key购买 nike

我正在使用 HTTPBearerAuth 在我的基本 Controller 上进行身份验证

public function behaviors()
{
$behaviors['authenticator'] = [
'class' => CompositeAuth::className(),
'authMethods' => [
HttpBearerAuth::className(),
],
];

return $behaviors;
}

在我的 UserController 上扩展基本 Controller 并使用 AccessControl 允许 guest 用户访问登录。

public function behaviors()
{
$behaviors = parent::behaviors();

$behaviors['access'] = [
'class' => AccessControl::className(),
'only' => ['login', 'logout', 'signup'],
'rules' => [
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['logout'],
'allow' => true,
'roles' => ['@'],
],
],
];

$behaviors['verbs'] = [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
];

return $behaviors;
}

当我尝试在没有身份验证详细信息的情况下访问登录名时,我得到

{
"name": "Unauthorized",
"message": "You are requesting with an invalid credential.",
"code": 0,
"status": 401,
"type": "yii\web\UnauthorizedHttpException"
}

未授权 401。有了身份验证详细信息,我得到了

{
"name": "Forbidden",
"message": "You are not allowed to perform this action.",
"code": 0,
"status": 403,
"type": "yii\web\ForbiddenHttpException"
}

为什么我会收到这个?

最佳答案

您可以使用 onlyexcept 取出 AccessControl 并在子行为中使用 HTTPBearerAuth。

public function behaviors()
{
$behaviors = parent::behaviors();
//authentication only applies to actionIndex in child controller
$behaviors['authenticator']['only'][] = 'index';

return $behaviors;
}

关于php - Yii2 AccessControl 在 Rest API 中使用 HTTPBearerAuth 时给出 Forbidden 403,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/33338985/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com