Add ability to specify request type in optional patterns about auth HOT 14 OPEN

1. Remove Authentication middleware from the route.
2. Use $currentUser->isGuest() in your controller.

from auth.

@rustamwin If remove Authentication middleware in route, $currentUser->isGuest() alway return true.

from auth.

@hiscaler You should add optional routes to withOptionalPatterns() method. For example:

Authentication::class => [
        'class' => Authentication::class,
        '__construct()' => [
            'authenticationFailureHandler' => Reference::to(PassportRequestErrorHandler::class),
        ],
        'withOptionalPatterns()' => [
            'optional' => [
                '/en/products/[1-9]',
                'products/product/view', // Don't forget adapt pattern for your case
            ]
        ]
    ],

from auth.

@vjik I will try. Thank you!

from auth.

@vjik Can not.

GET /en/products/1 is return product 1 detail
PUT /en/products/1 is update product 1 detail
DELETE /en/products/1 is delete product 1

but withOptionalPatterns.optional

['/en/products/[1-9]']

can't not know what's request method.

from auth.

and has a other question.

['/en/products/[1-9]{1}']

can't matched /en/products/123

from auth.

@hiscaler see patterns https://github.com/yiisoft/strings/blob/master/README.md#wildcardpattern-usage

from auth.

@rustamwin Thank you!

from auth.

@hiscaler see patterns https://github.com/yiisoft/strings/blob/master/README.md#wildcardpattern-usage

Valid setting is ['/en/products/[1-9]*'] , thank you.

from auth.

@vjik Can not.

GET /en/products/1 is return product 1 detail PUT /en/products/1 is update product 1 detail DELETE /en/products/1 is delete product 1

but withOptionalPatterns.optional

['/en/products/[1-9]']

can't not know what's request method.

So i think should add check request method in Authentication.isOptional

from auth.

@hiscaler you want make optional authentication for GET request only and otherwise required (POST, DELETE, etc.)?

from auth.

@vjik yes, is only GET request, POST, DELETE is must authentication

from auth.

Need add ability to specify request type in optional patterns.

from auth.

Another idea: leave in Authentication middleware authentication process only and create new middleawre that will be throw exception or return response "No access".

from auth.