Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

yii\filters\RateLimiter #7683

Closed
sanwv opened this issue Mar 12, 2015 · 10 comments
Closed

yii\filters\RateLimiter #7683

sanwv opened this issue Mar 12, 2015 · 10 comments
Labels
status:ready for adoption Feel free to implement this issue. type:bug Bug
Milestone
2.0.14

Comments

@sanwv
Copy link

sanwv commented Mar 12, 2015

RateLimiter default need a user implement RateLimitInterface,this filter is default configed by yii\rest\Controller

if restfull api neednt a user this will throw a exception like

Invalid Configuration User::identityClass must be set. 0 yii\base\InvalidConfigException /var/www/test/vendor/yiisoft/yii2/web/User.php
@RSalo
Copy link

RSalo commented Mar 7, 2017

I have the same problem, Maybe by default disable RateLimit for rest controller?

@samdark
Copy link
Member

samdark commented Mar 8, 2017

@RSalo what's the problem with implementing RateLimitInterface?

@yii-bot
Copy link

yii-bot commented Mar 8, 2017

Thanks for posting in our issue tracker.
In order to properly assist you, we need additional information:

  • When does the issue occur?
  • What do you see?
  • What was the expected result?
  • Can you supply us with a stacktrace? (optional)
  • Do you have exact code to reproduce it? Maybe a PHPUnit tests that fails? (optional)

Thanks!

This is an automated comment, triggered by adding the label status:need more info.

@RSalo
Copy link

RSalo commented Mar 8, 2017
edited
Loading

@samdark i have config in module

return [
    'components' => [
        'user' => [
            'class' => \app\modules\v1\models\Token::className(),
            'identityClass' => \app\modules\v1\models\Token::className(),
            'enableAutoLogin' => false
        ],
    ]
];

And get error in authenticator and rateLimiter:

{
  "errors": [
    {
      "name": "Invalid Configuration",
      "message": "User::identityClass must be set.",
      "code": 0,
      "type": "yii\\base\\InvalidConfigException",
      "file": "C:\\OpenServer\\domains\\hochu-backend.loc\\vendor\\yiisoft\\yii2\\web\\User.php",
      "line": 163,
      "stack-trace": [
        "#0 C:\\OpenServer\\domains\\hochu-backend.loc\\vendor\\yiisoft\\yii2\\base\\Object.php(107): yii\\web\\User->init()",
        "#1 [internal function]: yii\\base\\Object->__construct(Array)",
        "#2 C:\\OpenServer\\domains\\hochu-backend.loc\\vendor\\yiisoft\\yii2\\di\\Container.php(375): ReflectionClass->newInstanceArgs(Array)",
        "#3 C:\\OpenServer\\domains\\hochu-backend.loc\\vendor\\yiisoft\\yii2\\di\\Container.php(156): yii\\di\\Container->build('yii\\\\web\\\\User', Array, Array)",
        "#4 C:\\OpenServer\\domains\\hochu-backend.loc\\vendor\\yiisoft\\yii2\\BaseYii.php(344): yii\\di\\Container->get('yii\\\\web\\\\User', Array, Array)",
        "#5 C:\\OpenServer\\domains\\hochu-backend.loc\\vendor\\yiisoft\\yii2\\di\\ServiceLocator.php(135): yii\\BaseYii::createObject(Array)",
        "#6 C:\\OpenServer\\domains\\hochu-backend.loc\\vendor\\yiisoft\\yii2\\web\\Application.php(186): yii\\di\\ServiceLocator->get('user')",
        "#7 C:\\OpenServer\\domains\\hochu-backend.loc\\vendor\\yiisoft\\yii2\\filters\\RateLimiter.php(70): yii\\web\\Application->getUser()",
        "#8 C:\\OpenServer\\domains\\hochu-backend.loc\\vendor\\yiisoft\\yii2\\base\\ActionFilter.php(75): yii\\filters\\RateLimiter->beforeAction(Object(app\\modules\\v1\\controllers\\actions\\token\\IndexAction))",
        "#9 [internal function]: yii\\base\\ActionFilter->beforeFilter(Object(yii\\base\\ActionEvent))",
        "#10 C:\\OpenServer\\domains\\hochu-backend.loc\\vendor\\yiisoft\\yii2\\base\\Component.php(545): call_user_func(Array, Object(yii\\base\\ActionEvent))",
        "#11 C:\\OpenServer\\domains\\hochu-backend.loc\\vendor\\yiisoft\\yii2\\base\\Controller.php(272): yii\\base\\Component->trigger('beforeAction', Object(yii\\base\\ActionEvent))",
        "#12 C:\\OpenServer\\domains\\hochu-backend.loc\\vendor\\yiisoft\\yii2\\web\\Controller.php(164): yii\\base\\Controller->beforeAction(Object(app\\modules\\v1\\controllers\\actions\\token\\IndexAction))",
        "#13 C:\\OpenServer\\domains\\hochu-backend.loc\\vendor\\yiisoft\\yii2\\base\\Controller.php(154): yii\\web\\Controller->beforeAction(Object(app\\modules\\v1\\controllers\\actions\\token\\IndexAction))",
        "#14 C:\\OpenServer\\domains\\hochu-backend.loc\\vendor\\yiisoft\\yii2\\base\\Module.php(523): yii\\base\\Controller->runAction('index', Array)",
        "#15 C:\\OpenServer\\domains\\hochu-backend.loc\\vendor\\yiisoft\\yii2\\web\\Application.php(102): yii\\base\\Module->runAction('v1/token/index', Array)",
        "#16 C:\\OpenServer\\domains\\hochu-backend.loc\\vendor\\yiisoft\\yii2\\base\\Application.php(380): yii\\web\\Application->handleRequest(Object(yii\\web\\Request))",
        "#17 C:\\OpenServer\\domains\\hochu-backend.loc\\index.php(11): yii\\base\\Application->run()",
        "#18 {main}"
      ]
    }
  ]
}

But if i do:

            'rateLimiter' => [
                'class' => RateLimiter::className(),
                'user' => \Yii::createObject(Token::className()) // <- this
            ],

It works well.

Why rate limit and authenticator doesn't take "user" from the module config by default?

@samdark
Copy link
Member

samdark commented Mar 9, 2017

So do I understand correctly that you have two user components. In the application it's without rate limiter, in module it is with rate limiter?

@samdark
Copy link
Member

samdark commented Mar 9, 2017

Seems currently you have to explicitly set user property of the RateLimiter and AuthMethod:

yii2/framework/filters/auth/AuthMethod.php

Line 29 in 4aa935e

public $user;
. If it's not set then it's asked directly from the application's user w/o checking module:

yii2/framework/filters/auth/AuthMethod.php

Line 58 in 4aa935e

$this->user ? : Yii::$app->getUser(),

@samdark
Copy link
Member

samdark commented Mar 9, 2017

I think we can fall back to currently active module first in this case.

@samdark samdark modified the milestones: 2.0.12, 2.0.13 Mar 9, 2017
@samdark samdark added status:ready for adoption Feel free to implement this issue. type:bug Bug and removed feature:rest status:need more info labels Mar 9, 2017
@samdark samdark self-assigned this Mar 9, 2017
@RSalo
Copy link

RSalo commented Mar 9, 2017

It doesn't work as minimum for RateLimit

yii2/framework/filters/RateLimiter.php

Line 70 in 4aa935e

$user = $this->user ? : (Yii::$app->getUser() ? Yii::$app->getUser()->getIdentity(false) : null);

for AuthMethod

yii2/framework/filters/auth/AuthMethod.php

Line 58 in 4aa935e

$this->user ? : Yii::$app->getUser(),

and its all subclasses
yii\filters\auth\CompositeAuth, yii\filters\auth\HttpBasicAuth, yii\filters\auth\HttpBearerAuth, yii\filters\auth\QueryParamAuth

@samdark
Copy link
Member

samdark commented Mar 9, 2017

@samdark samdark modified the milestones: 2.0.13, 2.0.14 Sep 26, 2017
@samdark samdark removed their assignment Sep 26, 2017
@developeruz
Copy link
Member

It seems that issue solved by #13994
The test proves that RateLimiter could be configurated without User class.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status:ready for adoption Feel free to implement this issue. type:bug Bug
Projects
None yet
Milestone
2.0.14
Development

No branches or pull requests
6 participants
@samdark @qiangxue @RSalo @sanwv @developeruz @yii-bot