Class yii\filters\auth\HttpBasicAuth

Inheritance	yii\filters\auth\HttpBasicAuth » yii\filters\auth\AuthMethod » yii\base\ActionFilter » yii\base\Behavior » yii\base\Object
Implements	yii\base\Configurable, yii\filters\auth\AuthInterface
Available since version	2.0
Source Code	https://github.com/yiisoft/yii2/blob/master/framework/filters/auth/HttpBasicAuth.php

HttpBasicAuth is an action filter that supports the HTTP Basic authentication method.

You may use HttpBasicAuth by attaching it as a behavior to a controller or module, like the following:

public function behaviors()
{
    return [
        'basicAuth' => [
            'class' => \yii\filters\auth\HttpBasicAuth::className(),
        ],
    ];
}

The default implementation of HttpBasicAuth uses the loginByAccessToken() method of the user application component and only passes the user name. This implementation is used for authenticating API clients.

If you want to authenticate users using username and password, you should provide the $auth function for example like the following:

public function behaviors()
{
    return [
        'basicAuth' => [
            'class' => \yii\filters\auth\HttpBasicAuth::className(),
            'auth' => function ($username, $password) {
                $user = User::find()->where(['username' => $username])->one();
                if ($user->verifyPassword($password)) {
                    return $user;
                }
                return null;
            },
        ],
    ];
}

Public Properties

Property	Type	Description	Defined By
$auth	callable	A PHP callable that will authenticate the user with the HTTP basic auth information.	yii\filters\auth\HttpBasicAuth
$except	array	List of action IDs that this filter should not apply to.	yii\base\ActionFilter
$only	array	List of action IDs that this filter should apply to.	yii\base\ActionFilter
$optional	array	List of action IDs that this filter will be applied to, but auth failure will not lead to error.	yii\filters\auth\AuthMethod
$owner	yii\base\Component|null	The owner of this behavior	yii\base\Behavior
$realm	string	The HTTP authentication realm	yii\filters\auth\HttpBasicAuth
$request	yii\web\Request	The current request.	yii\filters\auth\AuthMethod
$response	yii\web\Response	The response to be sent.	yii\filters\auth\AuthMethod
$user	yii\web\User	The user object representing the user authentication status.	yii\filters\auth\AuthMethod

Public Methods

Method	Description	Defined By
__call()	Calls the named method which is not a class method.	yii\base\Object
__construct()	Constructor.	yii\base\Object
__get()	Returns the value of an object property.	yii\base\Object
__isset()	Checks if a property is set, i.e. defined and not null.	yii\base\Object
__set()	Sets value of an object property.	yii\base\Object
__unset()	Sets an object property to null.	yii\base\Object
afterAction()	This method is invoked right after an action is executed.	yii\base\ActionFilter
afterFilter()		yii\base\ActionFilter
attach()	Attaches the behavior object to the component.	yii\base\Behavior
authenticate()	Authenticates the current user.	yii\filters\auth\HttpBasicAuth
beforeAction()	This method is invoked right before an action is to be executed (after all possible filters.) You may override this method to do last-minute preparation for the action.	yii\filters\auth\AuthMethod
beforeFilter()		yii\base\ActionFilter
canGetProperty()	Returns a value indicating whether a property can be read.	yii\base\Object
canSetProperty()	Returns a value indicating whether a property can be set.	yii\base\Object
challenge()	Generates challenges upon authentication failure.	yii\filters\auth\HttpBasicAuth
className()	Returns the fully qualified name of this class.	yii\base\Object
detach()	Detaches the behavior object from the component.	yii\base\Behavior
events()	Declares event handlers for the $owner's events.	yii\base\Behavior
handleFailure()	Handles authentication failure.	yii\filters\auth\AuthMethod
hasMethod()	Returns a value indicating whether a method is defined.	yii\base\Object
hasProperty()	Returns a value indicating whether a property is defined.	yii\base\Object
init()	Initializes the object.	yii\base\Object

Protected Methods

Method	Description	Defined By
getActionId()	Returns an action ID by converting yii\base\Action::$uniqueId into an ID relative to the module	yii\base\ActionFilter
isActive()	Returns a value indicating whether the filter is active for the given action.	yii\base\ActionFilter
isOptional()	Checks, whether authentication is optional for the given action.	yii\filters\auth\AuthMethod

Property Details

$auth public property

A PHP callable that will authenticate the user with the HTTP basic auth information. The callable receives a username and a password as its parameters. It should return an identity object that matches the username and password. Null should be returned if there is no such identity.

The following code is a typical implementation of this callable:

function ($username, $password) {
    return \app\models\User::findOne([
        'username' => $username,
        'password' => $password,
    ]);
}

If this property is not set, the username information will be considered as an access token while the password information will be ignored. The yii\web\User::loginByAccessToken() method will be called to authenticate and login the user.

public callable $auth = null

$realm public property

The HTTP authentication realm

public string $realm = 'api'

Method Details