Изменён алгоритм авторизации на использование jwt токенов

api/config/main.php

@@ -14,7 +14,7 @@ return [
     'components' => [
         'user' => [
             'identityClass' => \common\models\Account::class,
-            'enableAutoLogin' => true,
+            'enableSession' => false,
             'loginUrl' => null,
         ],
         'log' => [

api/controllers/AuthenticationController.php

@@ -31,7 +31,7 @@ class AuthenticationController extends Controller {
     public function actionLogin() {
         $model = new LoginForm();
         $model->load(Yii::$app->request->post());
-        if (!$model->login()) {
+        if (($jwt = $model->login()) === false) {
             return [
                 'success' => false,
                 'errors' => $this->normalizeModelErrors($model->getErrors()),
@@ -40,6 +40,7 @@ class AuthenticationController extends Controller {
 
         return [
             'success' => true,
+            'jwt' => $jwt,
         ];
     }
 

api/models/LoginForm.php

@@ -44,16 +44,14 @@ class LoginForm extends BaseApiForm {
     }
 
     /**
-     * Logs in a user using the provided username and password.
-     *
-     * @return boolean whether the user is logged in successfully
+     * @return bool|string JWT с информацией об аккаунте
      */
     public function login() {
         if (!$this->validate()) {
             return false;
         }
 
-        return Yii::$app->user->login($this->getAccount(), $this->rememberMe ? 3600 * 24 * 30 : 0);
+        return $this->getAccount()->getJWT();
     }
 
     /**

common/models/Account.php

@@ -2,6 +2,7 @@
 namespace common\models;
 
 use common\components\UserPass;
+use damirka\JWT\UserTrait;
 use Yii;
 use yii\base\InvalidConfigException;
 use yii\base\NotSupportedException;
@@ -34,6 +35,7 @@ use yii\web\IdentityInterface;
  * @mixin TimestampBehavior
  */
 class Account extends ActiveRecord implements IdentityInterface {
+    use UserTrait;
 
     const STATUS_DELETED = -10;
     const STATUS_REGISTERED = 0;
@@ -64,13 +66,6 @@ class Account extends ActiveRecord implements IdentityInterface {
         return static::findOne(['id' => $id]);
     }
 
-    /**
-     * @inheritdoc
-     */
-    public static function findIdentityByAccessToken($token, $type = null) {
-        throw new NotSupportedException('"findIdentityByAccessToken" is not implemented.');
-    }
-
     /**
      * @param string $email
      * @return static|null
@@ -247,4 +242,22 @@ class Account extends ActiveRecord implements IdentityInterface {
         return false;
     }
 
+    /**
+     * @inheritdoc
+     */
+    protected static function getSecretKey() {
+        return Yii::$app->params['jwtSecret'];
+    }
+
+    /**
+     * Getter for "header" array that's used for generation of JWT
+     * @return array JWT Header Token param, see http://jwt.io/ for details
+     */
+    protected static function getHeaderToken() {
+        return [
+            'iss' => Yii::$app->request->hostInfo,
+            'aud' => Yii::$app->request->hostInfo,
+        ];
+    }
+
 }

composer.json

@@ -14,13 +14,14 @@
     },
     "minimum-stability": "stable",
     "require": {
-        "php": ">=5.4.0",
+        "php": ">=5.6.0",
         "yiisoft/yii2": ">=2.0.6",
         "yiisoft/yii2-bootstrap": "*",
         "yiisoft/yii2-swiftmailer": "*",
         "ramsey/uuid": "^3.1",
         "league/oauth2-server": "~4.1.5",
-        "yiisoft/yii2-redis": "~2.0.0"
+        "yiisoft/yii2-redis": "~2.0.0",
+        "damirka/yii2-jwt": "dev-master#be29a5b5d7e7d146c13d4374788e02c54cc04138"
     },
     "require-dev": {
         "yiisoft/yii2-codeception": "*",

environments/dev/api/config/params-local.php

@@ -1,3 +1,4 @@
 <?php
 return [
+    'jwtSecret' => 'some-long-secret-key',
 ];

environments/prod/api/config/params-local.php

@@ -1,3 +1,4 @@
 <?php
 return [
+    'jwtSecret' => 'some-long-secret-key',
 ];

tests/codeception/api/functional/LoginCest.php

@@ -101,6 +101,7 @@ class LoginCest {
         $I->canSeeResponseContainsJson([
             'success' => true,
         ]);
+        $I->canSeeResponseJsonMatchesJsonPath('$.jwt');
         $I->cantSeeResponseJsonMatchesJsonPath('$.errors');
     }
 
@@ -123,6 +124,7 @@ class LoginCest {
         $I->canSeeResponseContainsJson([
             'success' => true,
         ]);
+        $I->canSeeResponseJsonMatchesJsonPath('$.jwt');
         $I->cantSeeResponseJsonMatchesJsonPath('$.errors');
     }
 

tests/codeception/api/unit/models/LoginFormTest.php

@@ -39,25 +39,22 @@ class LoginFormTest extends DbTestCase {
         $this->specify('get errors and don\'t log in into account with wrong credentials', function () use ($model) {
             expect('model should not login user', $model->login())->false();
             expect('error messages should be set', $model->errors)->notEmpty();
-            expect('user should not be logged in', Yii::$app->user->isGuest)->true();
         });
     }
 
     public function testLoginByUsernameCorrect() {
         $model = $this->createModel('Admin', 'password_0');
         $this->specify('user should be able to login with correct username and password', function () use ($model) {
-            expect('model should login user', $model->login())->true();
+            expect('model should login user', $model->login())->notEquals(false);
             expect('error message should not be set', $model->errors)->isEmpty();
-            expect('user should be logged in', Yii::$app->user->isGuest)->false();
         });
     }
 
     public function testLoginByEmailCorrect() {
         $model = $this->createModel('admin@ely.by', 'password_0');
         $this->specify('user should be able to login with correct email and password', function () use ($model) {
-            expect('model should login user', $model->login())->true();
+            expect('model should login user', $model->login())->notEquals(false);
             expect('error message should not be set', $model->errors)->isEmpty();
-            expect('user should be logged in', Yii::$app->user->isGuest)->false();
         });
     }