Welcome Guest, Not a member yet? Register   Sign In
User authentication
#1

Hi all

Just having a play around with CI4 after using CI3 for several years.

In CI3, I had a master controller saved as one of the Core files (e.g. MY_Controller.php) which as part of the construct, checked a few details like if a user was logged in or not, and displayed the relevant errors.

So my test case with CI4 is a mini-API based app, so I love the idea of the API Response Trait.

At the moment I have all the tests in the initController function as I believe this is the best play to put it. But even when I use failUnauthorized(); for example, it still returns content from the child controller.


It's not completed - I'm just trying to nail down the authentication part at the moment. It's likely I've just misunderstood something, but any pointers appreciated!

PHP Code:
<?php namespace App\Controllers;

use 
CodeIgniter\API\ResponseTrait;

/**
 * Controller to assist with API authentication etc.
 */
class ApiBaseController extends BaseController
{
    use ResponseTrait;

    /**
    * Constructor.
    */
    public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
    {
    
/** Do Not Edit This Line */
        parent::initController($request$response$logger);

        /** Is there an API Key specified? */
        if(($this->request->hasHeader('X-API-Key')) && ($this->request->hasHeader('X-Application')))
        {
            $apiKey     $this->request->getHeader('X-API-Key');

            /** Authenticate the app */
            $appModel   = new \App\Models\ApplicationModel();
            $appData    $appModel->find(($this->request->getHeader('X-Application'))->getValue());

            /** Have we found the app? */
            if(!$appData)
            {
                return $this->failUnauthorized("Unauthorized");
            }
        }
        else
        {
            $this->response
                
->setStatusCode(401)
                ->setBody('');
        }

    }


Reply
#2

In CI4, a filter would be the way to go: https://codeigniter4.github.io/userguide...lters.html
You can check out how Lonnie did it in Myth Auth: https://github.com/lonnieezell/myth-auth
CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
/*** NO support in private message - Use the forum! ***/
Reply
#3

(03-08-2020, 11:34 AM)includebeer Wrote: In CI4, a filter would be the way to go: https://codeigniter4.github.io/userguide...lters.html
You can check out how Lonnie did it in Myth Auth: https://github.com/lonnieezell/myth-auth

Thanks includebeer - that's really helpful!

I notice even in the example of Myth Auth they redirect if a user isn't logged in, which is fine with a standard user login process. But how would you handle this in an API scenario? Would the case be to fail them in the filter (e.g. return 401), or would it be done elsewhere? If it's the former, what's the correct way to handle this and halt the request going any further?

Sorry for the questions, just trying to get my head around it!
Reply
#4

(03-13-2020, 05:45 AM)Parker1090 Wrote: But how would you handle this in an API scenario? Would the case be to fail them in the filter (e.g. return 401), or would it be done elsewhere? If it's the former, what's the correct way to handle this and halt the request going any further?

I’m not sure what’s the best way to do it, but I would fail the request in the filter. Maybe use failUnauthorized() from the API Response Trait class.
CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
/*** NO support in private message - Use the forum! ***/
Reply
#5

That was my thought initially, but I've tried this and an exception is thrown. To me, it's the logical place to do this, but the exception is thrown by a system file:

Code:
    "title": "ErrorException",
    "type": "ErrorException",
    "code": 500,
    "message": "Undefined property: App\\Filters\\ApiBaseFilter::$response",
    "file": "\\vendor\\codeigniter4\\framework\\system\\API\\ResponseTrait.php",
    "line": 128,

This seems to be looking for a $response in the filter, but because it's the before function, there's only a request.

I have found a workaround, but I'm wondering if this is intended behaviour? And if it is, how should the API Response Trait actually be used?
Reply




Theme © iAndrew 2016 - Forum software by © MyBB