Fixes #3383: Added `$type` parameter to `IdentityInterface::findIdentityByAccessToken()`

apps/advanced/common/models/User.php

@@ -69,7 +69,7 @@ class User extends ActiveRecord implements IdentityInterface
     /**
      * @inheritdoc
      */
-    public static function findIdentityByAccessToken($token)
+    public static function findIdentityByAccessToken($token, $type = null)
     {
         throw new NotSupportedException('"findIdentityByAccessToken" is not implemented.');
     }

apps/basic/models/User.php

@@ -38,7 +38,7 @@ class User extends \yii\base\Object implements \yii\web\IdentityInterface
     /**
      * @inheritdoc
      */
-    public static function findIdentityByAccessToken($token)
+    public static function findIdentityByAccessToken($token, $type = null)
     {
         foreach (self::$users as $user) {
             if ($user['accessToken'] === $token) {

docs/guide/rest-quick-start.md

@@ -679,7 +679,7 @@ use yii\web\IdentityInterface;
 
 class User extends ActiveRecord implements IdentityInterface
 {
-    public static function findIdentityByAccessToken($token)
+    public static function findIdentityByAccessToken($token, $type = null)
     {
         return static::findOne(['access_token' => $token]);
     }

docs/guide/security-authentication.md

@@ -32,7 +32,7 @@ class User extends ActiveRecord implements IdentityInterface
      * @param string $token the token to be looked for
      * @return IdentityInterface|null the identity object that matches the given token.
      */
-    public static function findIdentityByAccessToken($token)
+    public static function findIdentityByAccessToken($token, $type = null)
     {
         return static::findOne(['access_token' => $token]);
     }

docs/guide/start-basic.md → docs/guide/start-installation.md

-Basic application template
-==========================
+Installing Yii
+==============
+
+There are two ways to install Yii:
+
+* Using [Composer](http://getcomposer.org/);
+* Downloading an archive file from [yiiframework.com](http://www.yiiframework.com/download/).
+
+The first approach is highly recommended, as it allows you to automatically install updates
+
+
+Installing via Composer
+-----------------------
+
+The recommended way to install Yii is to use the [Composer](http://getcomposer.org/) package manager. If you do not already
+have Composer installed, you may download it from [http://getcomposer.org/](http://getcomposer.org/), or run the following command to download and install it:
+
+```
+curl -s http://getcomposer.org/installer | php
+```
+
+(It is strongly recommended to perform a [global Composer installation](https://getcomposer.org/doc/00-intro.md#globally)).
+
+For problems with, or more information on, installing Composer, see the official Composer guide:
+
+* [Linux](http://getcomposer.org/doc/00-intro.md#installation-nix)
+* [Windows](http://getcomposer.org/doc/00-intro.md#installation-windows)
+
+With Composer installed, you can create a new Yii site using one of Yii's ready-to-use application templates. Based on your needs, choosing the right template can help bootstrap your project.
+
+Currently, there are two Yii application templates available:
+
+- [Basic Application Template](https://github.com/yiisoft/yii2-app-basic), a basic frontend application template
+- [Advanced Application Template](https://github.com/yiisoft/yii2-app-advanced), consisting of a frontend, a backend, console resources, common (shared code), and support for environments
+
+For template installation instructions, see the above linked pages.
+To read more about the ideas behind these application templates and the proposed usage,
+refer to the [basic application template](apps-basic.md) and [advanced application template](apps-advanced.md) documents.
+
+If you do not want to use a template, rather starting from scratch, you'll find information in the [creating your own application structure](apps-own.md) document. This approach is only recommended for advanced users.
+
+
+Installing from zip
+-------------------
+
+Installation from a zip file involves two steps:
+
+   1. Downloading an application template from [yiiframework.com](http://www.yiiframework.com/download/).
+   2. Unpacking the downloaded file.
+
+If you only want the Yii Framework files you can download a zip file directly from [github](https://github.com/yiisoft/yii2-framework/releases).
+To create your application you might want to follow the steps described in [creating your own application structure](apps-own.md).
+This is only recommended for advanced users.
+
+> Tip: The Yii framework itself does not need to be installed under a web-accessible directory (in fact, it should not be).
+A Yii application has one entry script, which is usually the only file that absolutely must be
+exposed to web users (i.e., placed within the web directory). Other PHP scripts, including those
+in the Yii Framework, should be protected from web access to prevent possible exploitation by hackers.
+
+
+Requirements
+------------
+
+Yii 2 requires PHP 5.4.0 or higher. Yii has been tested with the [Apache HTTP server](http://httpd.apache.org/) and
+[Nginx HTTP server](http://nginx.org/) on both Windows and Linux.
+Yii may also be usable on other web servers and platforms, provided that PHP 5.4 or higher is present.
+
+After installing Yii, you may want to verify that your server satisfies
+Yii's requirements. You can do so by running the requirement checker
+script in a web browser or from the command line.
+
+If you have installed a Yii application template via the downloaded zip file or Composer, you'll find a `requirements.php` file in the
+base directory of your application.
+
+In order to run this script on the command line use the following command (after navigating to the directory where `requirements.php` can be found):
+
+```
+php requirements.php
+```
+
+In order to run this script in your browser, you must make sure it's within a web directory, and then
+access `http://hostname/path/to/yii-app/requirements.php` in your browser.
 
 > Note: This section is under development.
 

framework/CHANGELOG.md

@@ -47,6 +47,7 @@ Yii Framework 2 Change Log
 - Chg #2913: RBAC `DbManager` is now initialized via migration (samdark)
 - Chg #3036: Upgraded Twitter Bootstrap to 3.1.x (qiangxue)
 - Chg #3175: InvalidCallException, InvalidParamException, UnknownMethodException are now extended from SPL BadMethodCallException (samdark)
+- Chg #3383: Added `$type` parameter to `IdentityInterface::findIdentityByAccessToken()` (qiangxue)
 - Chg: Replaced `clearAll()` and `clearAllAssignments()` in `yii\rbac\ManagerInterface` with `removeAll()`, `removeAllRoles()`, `removeAllPermissions()`, `removeAllRules()` and `removeAllAssignments()` (qiangxue)
 - Chg: Added `$user` as the first parameter of `yii\rbac\Rule::execute()` (qiangxue)
 - Chg: `yii\grid\DataColumn::getDataCellValue()` visibility is now `public` to allow accessing the value from a GridView directly (cebe)

framework/UPGRADE.md

@@ -21,3 +21,11 @@ Upgrade from Yii 2.0 Beta
 
 * If you override `yii\grid\DataColumn::getDataCellValue()` with visibility `protected` you have
   to change visibility to `public` as visibility of the base method has changed.
+
+* If you have classes implementing `yii\web\IdentityInterface` (very common), you should modify
+  the signature of `findIdentityByAccessToken()` as
+  `public static function findIdentityByAccessToken($token, $type = null)`. The new `$type` parameter
+  will contain the type information about the access token. For example, if you use
+  `yii\filters\auth\HttpBearerAuth` authentication method, the value of this parameter will be
+  `yii\filters\auth\HttpBearerAuth`. This allows you to differentiate access tokens taken by
+  different authentication methods.

framework/filters/auth/HttpBasicAuth.php

@@ -77,7 +77,7 @@ class HttpBasicAuth extends AuthMethod
                 return $identity;
             }
         } elseif ($username !== null) {
-            $identity = $user->loginByAccessToken($username);
+            $identity = $user->loginByAccessToken($username, get_class($this));
             if ($identity === null) {
                 $this->handleFailure($response);
             }

framework/filters/auth/HttpBearerAuth.php

@@ -43,7 +43,7 @@ class HttpBearerAuth extends AuthMethod
     {
         $authHeader = $request->getHeaders()->get('Authorization');
         if ($authHeader !== null && preg_match("/^Bearer\\s+(.*?)$/", $authHeader, $matches)) {
-            $identity = $user->loginByAccessToken($matches[1]);
+            $identity = $user->loginByAccessToken($matches[1], get_class($this));
             if ($identity === null) {
                 $this->handleFailure($response);
             }

framework/filters/auth/QueryParamAuth.php

@@ -30,7 +30,7 @@ class QueryParamAuth extends AuthMethod
     {
         $accessToken = $request->get($this->tokenParam);
         if (is_string($accessToken)) {
-            $identity = $user->loginByAccessToken($accessToken);
+            $identity = $user->loginByAccessToken($accessToken, get_class($this));
             if ($identity !== null) {
                 return $identity;
             }

framework/web/IdentityInterface.php

@@ -21,7 +21,7 @@ namespace yii\web;
  *         return static::findOne($id);
  *     }
  *
- *     public static function findIdentityByAccessToken($token)
+ *     public static function findIdentityByAccessToken($token, $type = null)
  *     {
  *         return static::findOne(['access_token' => $token]);
  *     }
@@ -59,11 +59,13 @@ interface IdentityInterface
     /**
      * Finds an identity by the given secrete token.
      * @param string $token the secrete token
+     * @param mixed $type the type of the token. The value of this parameter depends on the implementation.
+     * For example, [[\yii\filters\auth\HttpBearerAuth]] will set this parameter to be `yii\filters\auth\HttpBearerAuth`.
      * @return IdentityInterface the identity object that matches the given token.
      * Null should be returned if such an identity cannot be found
      * or the identity is not in an active state (disabled, deleted, etc.)
      */
-    public static function findIdentityByAccessToken($token);
+    public static function findIdentityByAccessToken($token, $type = null);
     /**
      * Returns an ID that can uniquely identify a user identity.
      * @return string|integer an ID that uniquely identifies a user identity.

framework/web/User.php

@@ -216,14 +216,16 @@ class User extends Component
      * Note that unlike [[login()]], this method will NOT start a session to remember the user authentication status.
      * Also if the access token is invalid, the user will remain as a guest.
      * @param string $token the access token
+     * @param mixed $type the type of the token. The value of this parameter depends on the implementation.
+     * For example, [[\yii\filters\auth\HttpBearerAuth]] will set this parameter to be `yii\filters\auth\HttpBearerAuth`.
      * @return IdentityInterface the identity associated with the given access token. Null is returned if
      * the access token is invalid.
      */
-    public function loginByAccessToken($token)
+    public function loginByAccessToken($token, $type = null)
     {
         /** @var IdentityInterface $class */
         $class = $this->identityClass;
-        $identity = $class::findIdentityByAccessToken($token);
+        $identity = $class::findIdentityByAccessToken($token, $type);
         $this->setIdentity($identity);
 
         return $identity;