Yii2 global filter/behavior to force user to authenticate first

Asked 23/9, 2014 at 14:47 Answered 23/9, 2014 at 18:27

In my Yii2 application I'm trying to force all users to be authenticated. If they're not already authenticated they should be redirected to the login page.

In Yii1 I did this by creating a class that would check if a user was logged in and attaching that class to the onBeginRequest behavior in my main config file.

// Yii 1
'behaviors' => array(
    'onBeginRequest' => array(
        'class' => 'application.components.RequireLogin',
    )
),

How can I get the same behavior in Yii2? I know I can use behavior to do this, but I wan't to add this behavior to my main config file so all requests are first checked for authentication.

The working behaviors method looks like this:

// Yii2
public function behaviors() {
    return [
        'access' => [
            'class' => AccessControl::className(),
            'rules' => [
                [
                    'actions' => ['login', 'error'],
                    'allow' => true,
                ],
                [
                    'allow' => true,
                    'roles' => ['@'],
                ],
            ],
        ],
    ];
}

Frans answered 23/9, 2014 at 14:47 Comment(1)

Have you tried adding an accesscontrol to the basecontroller? – Isidor 23/9, 2014 at 14:58

Ok, so I had to add the following code below 'components' => [...]

 'as beforeRequest' => [
    'class' => 'yii\filters\AccessControl',
    'rules' => [
        [
            'actions' => ['login', 'error'],
            'allow' => true,
        ],
        [

            'allow' => true,
            'roles' => ['@'],
        ],
    ],
],

Frans answered 23/9, 2014 at 15:18 Comment(5)

Hint: this code adds an behavior to the application. It doesn't have to be part of components - it must be part of the config itself. So this is why jagsler wrote below components, not in components. And 'as someNameHere' => ... is the syntax for adding behaviors. Look here for doc. I just write this because I have spend some hours finding that out. – Cherice 19/11, 2014 at 16:36

Very nice. It saves my time. – Dialyze 6/3, 2015 at 11:6

Another note: you need to have a controller and an action site/login because this gets called if the user is not logged in and no rule applies. This can be changed in the configuration (see here for more information) if the login action has another name or is another controller. – Cherice 24/6, 2015 at 14:58

If you exclude error from the allowed actions it causes a white screen. Previously you could use this to redirect everyone that was not logged in, however, you can no longer redirect 404 errors etc since some updates. I found the current way here github.com/yiisoft/yii2/issues/11054#issuecomment-198310042 – Diabolize 23/3, 2016 at 14:4

@Cherice thanks very much! Your comment saved my time! – Spaceman 7/11, 2016 at 11:14

-1

I'm actually not versed into Yii2 (but very much so into Yii1).

One solution that can be employed in Yii1 and I guess also in Yii2 is having a filter method in a master Controller class. Typically a single controller serves as a master controller. If you don't have one, create it and everyone should extend it. You can implement this probably not as a filter but in other methods of this 'master controller' (init() ?) If all activity is going through controller class then you're set.

Shelburne answered 23/9, 2014 at 18:27 Comment(0)

Recommended topics

Hot tags