rschneider/fitness-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improve login controller

Browse Source
This commit is contained in:
Roland Schneider 2022-02-16 20:02:53 +01:00
parent aec6913000
commit 8a1a1425a7
1 changed files with 26 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
mobileapi/controllers/LoginController.php
View File

@ -11,6 +11,7 @@ namespace mobileapi\controllers;
use mobileapi\models\LoginForm;
use sizeg\jwt\Jwt;
use Yii;
use yii\web\BadRequestHttpException;
use yii\web\UnauthorizedHttpException;
/** @noinspection PhpUnused */
@ -20,19 +21,17 @@ class LoginController extends RestController
/**
* hash for password test is:
* $2y$13$D2BauYE2nhCdVDNatT9BMeWGxOvi5t5V6W2OUjr6sj2FRpb317Cpq
*
*/
/** @noinspection PhpUnused */
public function actionLogin()
{
$form = new LoginForm();
$post = \Yii::$app->request->post();
$post2 = $_POST;
$form->load(\Yii::$app->request->post(), '');
if ($form->validate()) {
if (!$form->validate()) {
throw new BadRequestHttpException("Hibás e-mail cím vagy jelszó!");
}
/** @var Jwt $jwt */
$jwt = Yii::$app->jwt;
@ -40,24 +39,24 @@ class LoginController extends RestController
$key = $jwt->getKey();
$time = time();
$validFor = 60 * 60 * 24 * 7 * 2; // 4 weeks
// Adoption for lcobucci/jwt ^4.0 version
$token = $jwt->getBuilder()
->issuedBy('mobileapi')// Configures the issuer (iss claim)
->permittedFor('customer')// Configures the audience (aud claim)
->identifiedBy('A989C57D19E2AF756BA9585AC4CFAF7974AE3D2BCA7CCA7307B39AB28CC7C2C8', true)// Configures the id (jti claim), replicating as a header item
->issuedAt($time)// Configures the time that the token was issue (iat claim)
->expiresAt($time + 3600)// Configures the expiration time of the token (exp claim)
->expiresAt($time + $validFor)// Configures the expiration time of the token (exp claim)
->withClaim('uid', $form->getCustomer()->getId())// Configures a new claim, called "uid"
->getToken($signer, $key); // Retrieves the generated token
return $this->asJson([
'token' => (string)$token,
]);
} else {
throw new UnauthorizedHttpException("Hibás e-mail cím vagy jelszó!");
}
}
protected function getOptionalActions()
{
return ['login'];