External Authentification

petervandeput · June 3, 2017, 2:05pm

New to Yii, set it all up and all working great so far.

My question is not handled in any of the docs i could find

On my login controller I’m calling external API of other system, passing email and password over HTTP and in response I receive JSESSIONID cookie.

I’ve create a custom class that implements the Identify interface named CmsUser , I’m creating an instance, setting the property and pass it to the login.


  $identity = new \common\models\CmsUser();

            $identity->id = $body['id'];

            $identity->firstName = $body['firstName'];

            $identity->lastName = $body['lastName'];

            $identity->isDriver = $body['isDriver'];

            $identity->email = $body['email'];

            $identity->authorities = $body['authorities'];

            $identity->jSessionId = $cookies['JSESSIONID'];

            Yii::$app->user->login($identity);

The the login controller redirects to site/index and display the firstname and last name correctly.

Also from layout the next part of code is showing the logout so Yii knows user is logged in




    if (Yii::$app->user->isGuest) {

        $menuItems[] = ['label' => 'Signup', 'url' => ['/site/signup']];

        $menuItems[] = ['label' => 'Login', 'url' => ['/login/index']];

    } else {

        $menuItems[] = '<li>'

            . Html::beginForm(['/site/logout'], 'post')

            . Html::submitButton(

                'Logout (' . Yii::$app->user->identity->fullName() . ')',

                ['class' => 'btn btn-link logout']

            )

            . Html::endForm()

            . '</li>';

    }

No cookies are written and also when I click on another link the Logout button is gone so Yii no longer knows the user->identity that is logged in.

What am I missing here?

skworden · June 3, 2017, 3:13pm

$cookie is undefined in your function so you just need to define [size="2"]$cookies.[/size]




$cookies = Yii::$app->response->cookies;

[size=“2”]Since it’s authentication and important to always work, I would look at setting your JSESSIONID into session or local storage because if a user has cookies turned off this won’t work. [/size]

Here is cookie and session handling docs

petervandeput · June 4, 2017, 9:07am

Thanks for the feedback.

I’ve added the writing of the cookie




$cookieCollection = Yii::$app->response->cookies;

            $cookieCollection->add(new \yii\web\Cookie([

                'name' => 'JSESSIONID',

                'value' => $jSessionId,

                'expire' => time() + 86400

            ]));

$jsessionId has value 6bb65a16-3d13-4dbe-834a-557b46fb06b which i check with print_r but writing it and looking in application/cookies shows me

0fc1d261fdc3747a45131075a628ac39124c8537820e182c59b30772437de932a

and the redirect to home page shows me all properties of my user->identity but when Yii still thinks this user is guest.

For subsequent API calls to external systems i need the JSESSIONID and of course need to know if th euser is already authenticated.

si i think i need to override the way that Yii is checking for current user but have no clue where or how

skworden:

$cookie is undefined in your function so you just need to define [size="2"]$cookies.[/size]
$cookies = Yii::$app->response->cookies;
[size=“2”]Since it’s authentication and important to always work, I would look at setting your JSESSIONID into session or local storage because if a user has cookies turned off this won’t work. [/size]

Here is cookie and session handling docs