Finished User.

framework/web/Controller.php

@@ -41,19 +41,4 @@ class Controller extends \yii\base\Controller
 		}
 		return Yii::$app->getUrlManager()->createUrl($route, $params);
 	}
-
-	/**
-	 * Redirects the browser to the specified URL or route (controller/action).
-	 * @param mixed $url the URL to be redirected to. If the parameter is an array,
-	 * the first element must be a route to a controller action and the rest
-	 * are GET parameters in name-value pairs.
-	 * @param boolean $terminate whether to terminate the current application after calling this method. Defaults to true.
-	 * @param integer $statusCode the HTTP status code. Defaults to 302. See {@link http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html}
-	 * for details about HTTP status code.
-	 */
-	public function redirect($url, $terminate = true, $statusCode = 302)
-	{
-		$url = Html::url($url);
-		Yii::$app->getResponse()->redirect($url, $terminate, $statusCode);
-	}
 }
\ No newline at end of file

framework/web/Identity.php

@@ -15,6 +15,14 @@ namespace yii\web;
 interface Identity
 {
 	/**
+	 * Finds an identity by the given ID.
+	 * @param string|integer $id the ID to be looked for
+	 * @return Identity the identity object that matches the given ID.
+	 * Null should be returned if such an identity cannot be found
+	 * or the identity is not in an active state (disabled, deleted, etc.)
+	 */
+	public static function findIdentity($id);
+	/**
 	 * Returns an ID that can uniquely identify a user identity.
 	 * @return string|integer an ID that uniquely identifies a user identity.
 	 */
@@ -23,23 +31,19 @@ interface Identity
 	 * Returns a key that can be used to check the validity of a given identity ID.
 	 * The space of such keys should be big and random enough to defeat potential identity attacks.
 	 * The returned key can be a string, an integer, or any serializable data.
+	 *
+	 * This is required if [[User::enableAutoLogin]] is enabled.
 	 * @return string a key that is used to check the validity of a given identity ID.
 	 * @see validateAuthKey()
 	 */
 	public function getAuthKey();
 	/**
 	 * Validates the given auth key.
+	 *
+	 * This is required if [[User::enableAutoLogin]] is enabled.
 	 * @param string $authKey the given auth key
 	 * @return boolean whether the given auth key is valid.
 	 * @see getAuthKey()
 	 */
 	public function validateAuthKey($authKey);
-	/**
-	 * Finds an identity by the given ID.
-	 * @param string|integer $id the ID to be looked for
-	 * @return Identity the identity object that matches the given ID.
-	 * Null should be returned if such an identity cannot be found
-	 * or the identity is not in an active state (disabled, deleted, etc.)
-	 */
-	public static function findIdentity($id);
 }
\ No newline at end of file

framework/web/Response.php

@@ -9,6 +9,7 @@ namespace yii\web;
 
 use Yii;
 use yii\helpers\FileHelper;
+use yii\helpers\Html;
 
 /**
  * @author Qiang Xue <qiang.xue@gmail.com>
@@ -17,6 +18,14 @@ use yii\helpers\FileHelper;
 class Response extends \yii\base\Response
 {
 	/**
+	 * @var integer the HTTP status code that should be used when redirecting in AJAX mode.
+	 * This is used by [[redirect()]]. A 2xx code should normally be used for this purpose
+	 * so that the AJAX handler will treat the response as a success.
+	 * @see redirect
+	 */
+	public $ajaxRedirectCode = 278;
+
+	/**
 	 * Sends a file to user.
 	 * @param string $fileName file name
 	 * @param string $content content to be set.
@@ -147,24 +156,45 @@ class Response extends \yii\base\Response
 
 	/**
 	 * Redirects the browser to the specified URL.
-	 * @param string $url URL to be redirected to. Note that when URL is not
-	 * absolute (not starting with "/") it will be relative to current request URL.
+	 * This method will send out a "Location" header to achieve the redirection.
+	 * In AJAX mode, this normally will not work as expected unless there are some
+	 * client-side JavaScript code handling the redirection. To help achieve this goal,
+	 * this method will use [[ajaxRedirectCode]] as the HTTP status code when performing
+	 * redirection in AJAX mode. The following JavaScript code may be used on the client
+	 * side to handle the redirection response:
+	 *
+	 * ~~~
+	 * $(document).ajaxSuccess(function(event, xhr, settings) {
+	 *     if (xhr.status == 278) {
+	 *         window.location = xhr.getResponseHeader('Location');
+	 *     }
+	 * });
+	 * ~~~
+	 *
+	 * @param array|string $url the URL to be redirected to. [[\yii\helpers\Html::url()]]
+	 * will be used to normalize the URL. If the resulting URL is still a relative URL
+	 * (one without host info), the current request host info will be used.
 	 * @param boolean $terminate whether to terminate the current application
-	 * @param integer $statusCode the HTTP status code. Defaults to 302. See {@link http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html}
+	 * @param integer $statusCode the HTTP status code. Defaults to 302.
+	 * See [[http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html]]
 	 * for details about HTTP status code.
+	 * Note that if the request is an AJAX request, [[ajaxRedirectCode]] will be used instead.
 	 */
 	public function redirect($url, $terminate = true, $statusCode = 302)
 	{
+		$url = Html::url($url);
 		if (strpos($url, '/') === 0 && strpos($url, '//') !== 0) {
 			$url = Yii::$app->getRequest()->getHostInfo() . $url;
 		}
+		if (Yii::$app->getRequest()->getIsAjaxRequest()) {
+			$statusCode = $this->ajaxRedirectCode;
+		}
 		header('Location: ' . $url, true, $statusCode);
 		if ($terminate) {
 			Yii::$app->end();
 		}
 	}
 
-
 	/**
 	 * Returns the cookie collection.
 	 * Through the returned cookie collection, you add or remove cookies as follows,

framework/web/UserEvent.php

@@ -24,7 +24,7 @@ class UserEvent extends Event
 	 * @var boolean whether the login is cookie-based. This property is only meaningful
 	 * for [[User::EVENT_BEFORE_LOGIN]] and [[User::EVENT_AFTER_LOGIN]] events.
 	 */
-	public $fromCookie;
+	public $cookieBased;
 	/**
 	 * @var boolean whether the login or logout should proceed.
 	 * Event handlers may modify this property to determine whether the login or logout should proceed.