rschneider/fitness-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add ActivatedFilter

Browse Source
This commit is contained in:
Roland Schneider 2022-02-17 07:23:11 +01:00
parent ea72ba1fe1
commit a03c3733f7
6 changed files with 149 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
common/manager/MobileDeviceManager.php
View File

@ -111,4 +111,15 @@ class MobileDeviceManager extends BaseObject
}
public function isMobileDeviceActivatedByIdCard($idCard){
if ( !isset($idCard)){
return false;
}
$device = MobileDevice::find()->andWhere(['id_card' => $idCard])->one();
if ( !isset($device)){
return false;
}
return isset($device->activated_at);
}
}

22
common/models/Customer.php
View File

@ -6,6 +6,7 @@ use Yii;
use yii\base\Exception;
use yii\base\InvalidConfigException;
use yii\base\NotSupportedException;
use yii\filters\RateLimitInterface;
use yii\web\IdentityInterface;
/**
@ -42,7 +43,7 @@ use yii\web\IdentityInterface;
* @property string password_hash
* @property string auth_key
*/
class Customer extends BaseFitnessActiveRecord implements IdentityInterface
class Customer extends BaseFitnessActiveRecord implements IdentityInterface, RateLimitInterface
{
const STATUS_DELETED = 0;
@ -339,4 +340,23 @@ class Customer extends BaseFitnessActiveRecord implements IdentityInterface
}
}
public function getRateLimit($request, $action)
{
return [1000,3600];
// TODO: Implement getRateLimit() method.
}
public function loadAllowance($request, $action)
{
// TODO: Implement loadAllowance() method.
return [1000,3600];
}
public function saveAllowance($request, $action, $allowance, $timestamp)
{
// TODO: Implement saveAllowance() method.
return [1000,3600];
}
}

74
mobileapi/components/ActivatedFilter.php Normal file
View File

@ -0,0 +1,74 @@
<?php
namespace mobileapi\components;
use common\components\HttpStatus;
use common\manager\MobileDeviceManager;
use Yii;
use yii\base\Action;
use yii\base\ActionFilter;
use yii\helpers\StringHelper;
use yii\web\HttpException;
class ActivatedFilter extends ActionFilter
{
/**
* @var array list of action IDs that this filter will be applied to, but auth failure will not lead to error.
* It may be used for actions, that are allowed for public, but return some additional data for authenticated users.
* Defaults to empty, meaning authentication is not optional for any action.
* @see isOptional()
* @since 2.0.7
*/
public $optional = [];
public function beforeAction($action)
{
try {
$activated = false;
// get the customer
$customer = \Yii::$app->user->getIdentity();
if (isset($customer)) {
$idCard = $customer->id_customer_card;
// find out if the device is activated
$mobileDeviceManager = new MobileDeviceManager();
$activated = $mobileDeviceManager->isMobileDeviceActivatedByIdCard($idCard);
}
// if device is not activated, throw exception with http status 412
if ($activated === false) {
throw new HttpException( HttpStatus::PRECONDITION_FAILED,"Card not activated");
}
} catch (HttpException $e) {
if ($e->statusCode === HttpStatus::PRECONDITION_FAILED && $this->isOptional($action)) {
return true;
}
throw $e;
}
return true;
}
/**
* Checks, whether authentication is optional for the given action.
*
* @param Action $action action to be checked.
* @return bool whether authentication is optional or not.
* @see optional
* @since 2.0.7
*/
protected function isOptional($action)
{
$id = $this->getActionId($action);
foreach ($this->optional as $pattern) {
if (StringHelper::matchWildcard($pattern, $id)) {
return true;
}
}
return false;
}
}

6
mobileapi/controllers/LoginController.php
View File

@ -59,8 +59,14 @@ class LoginController extends RestController
protected function getOptionalActions()
{
// user must not be logged in to call this actions
return ['login'];
}
protected function getOptionalActivatedActions()
{
// user must not be activated to call this actions
return ['login'];
}
}

24
mobileapi/controllers/PingController.php
View File

@ -25,6 +25,18 @@ class PingController extends RestController
Yii::$app->response->setStatusCode( HttpStatus::NO_CONTENT );
}
/** @noinspection PhpUnused */
public function actionPingActivated( )
{
Yii::$app->response->setStatusCode( HttpStatus::NO_CONTENT );
}
/** @noinspection PhpUnused */
public function actionPingAuth( )
{
Yii::$app->response->setStatusCode( HttpStatus::NO_CONTENT );
}
/** @noinspection PhpUnused */
public function actionQrcode( )
{
@ -38,4 +50,16 @@ class PingController extends RestController
}
protected function getOptionalActions()
{
// user must not be logged in to call this actions
return ['ping'];
}
protected function getOptionalActivatedActions()
{
// user must not be activated to call this actions
return ['ping', 'pingActivated'];
}
}

13
mobileapi/controllers/RestController.php
View File

@ -6,6 +6,7 @@ namespace mobileapi\controllers;
use common\models\Customer;
use Exception;
use Lcobucci\JWT\Token;
use mobileapi\components\ActivatedFilter;
use sizeg\jwt\JwtHttpBearerAuth;
use Yii;
use yii\filters\auth\AuthMethod;
@ -22,6 +23,10 @@ class RestController extends Controller
'auth' => [$this, 'auth'],
'optional' => $this->getOptionalActions(),
];
$behaviors['activatedChecker'] = [
'class' => ActivatedFilter::class,
'optional' => $this->getOptionalActivatedActions()
];
return $behaviors;
}
@ -56,5 +61,13 @@ class RestController extends Controller
return [];
}
/**
* Make the activated filter optional for the actions listed here
* @return array
*/
protected function getOptionalActivatedActions(){
return [];
}
}