• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
User authentication

#1
Hi all

Just having a play around with CI4 after using CI3 for several years.

In CI3, I had a master controller saved as one of the Core files (e.g. MY_Controller.php) which as part of the construct, checked a few details like if a user was logged in or not, and displayed the relevant errors.

So my test case with CI4 is a mini-API based app, so I love the idea of the API Response Trait.

At the moment I have all the tests in the initController function as I believe this is the best play to put it. But even when I use failUnauthorized(); for example, it still returns content from the child controller.


It's not completed - I'm just trying to nail down the authentication part at the moment. It's likely I've just misunderstood something, but any pointers appreciated!

PHP Code:
<?php namespace App\Controllers;

use 
CodeIgniter\API\ResponseTrait;

/**
 * Controller to assist with API authentication etc.
 */
class ApiBaseController extends BaseController
{
    use ResponseTrait;

    /**
    * Constructor.
    */
    public function initController(\CodeIgniter\HTTP\RequestInterface $request, \CodeIgniter\HTTP\ResponseInterface $response, \Psr\Log\LoggerInterface $logger)
    {
    
/** Do Not Edit This Line */
        parent::initController($request$response$logger);

        /** Is there an API Key specified? */
        if(($this->request->hasHeader('X-API-Key')) && ($this->request->hasHeader('X-Application')))
        {
            $apiKey     $this->request->getHeader('X-API-Key');

            /** Authenticate the app */
            $appModel   = new \App\Models\ApplicationModel();
            $appData    $appModel->find(($this->request->getHeader('X-Application'))->getValue());

            /** Have we found the app? */
            if(!$appData)
            {
                return $this->failUnauthorized("Unauthorized");
            }
        }
        else
        {
            $this->response
                
->setStatusCode(401)
                ->setBody('');
        }

    }


Reply

#2
In CI4, a filter would be the way to go: https://codeigniter4.github.io/userguide...lters.html
You can check out how Lonnie did it in Myth Auth: https://github.com/lonnieezell/myth-auth
Test your translation files with Translation Tester
Reply

#3
(03-08-2020, 11:34 AM)includebeer Wrote: In CI4, a filter would be the way to go: https://codeigniter4.github.io/userguide...lters.html
You can check out how Lonnie did it in Myth Auth: https://github.com/lonnieezell/myth-auth

Thanks includebeer - that's really helpful!

I notice even in the example of Myth Auth they redirect if a user isn't logged in, which is fine with a standard user login process. But how would you handle this in an API scenario? Would the case be to fail them in the filter (e.g. return 401), or would it be done elsewhere? If it's the former, what's the correct way to handle this and halt the request going any further?

Sorry for the questions, just trying to get my head around it!
Reply

#4
(03-13-2020, 05:45 AM)Parker1090 Wrote: But how would you handle this in an API scenario? Would the case be to fail them in the filter (e.g. return 401), or would it be done elsewhere? If it's the former, what's the correct way to handle this and halt the request going any further?

I’m not sure what’s the best way to do it, but I would fail the request in the filter. Maybe use failUnauthorized() from the API Response Trait class.
Test your translation files with Translation Tester
Reply

#5
That was my thought initially, but I've tried this and an exception is thrown. To me, it's the logical place to do this, but the exception is thrown by a system file:

Code:
    "title": "ErrorException",
    "type": "ErrorException",
    "code": 500,
    "message": "Undefined property: App\\Filters\\ApiBaseFilter::$response",
    "file": "\\vendor\\codeigniter4\\framework\\system\\API\\ResponseTrait.php",
    "line": 128,

This seems to be looking for a $response in the filter, but because it's the before function, there's only a request.

I have found a workaround, but I'm wondering if this is intended behaviour? And if it is, how should the API Response Trait actually be used?
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.