I'm using the code to log in the user und get the page /transactions. But it doesn't work for me. The status code is not 200, but 302. I'm using the FOSUser-Bundle. Has anybody an idea?
$client = static::createClient();
$client->request('GET', '/transactions', array(), array(), array(
'PHP_AUTH_USER' => 'user',
'PHP_AUTH_PW' => 'password',
));
$this->assertEquals(200, $client->getResponse()->getStatusCode());
After auth you are redirected - so 302 header is ok . It's not an error .
Instead status code you should chceck response body , or url where you were redirected
Related
I created a login form that uses email and password for authentication, but the credentials are not sent in the request body and I get a 500 error.
This is my login method:
if ($this->request->is('post')) {
$response = $http->post(
'http://localhost:8889/api/..',
[
'email' => $this->request->getData("email"),
'password' => $this->request->getData("password"),
]
);
debug($response);
In the image it is possible to verify a little more than I receive.
I put the information below in the debug, and I get the value coming from the form.
'email' => $this->request->getData("email"), 'password' => $this->request->getData("password")
When I test via mailman, the login is successful! Information coming from the form is not sent to the backend. Can you help me analyze?
I am using the CakePHP plugin (https://github.com/t73biz/cakephp2-jwt-auth). My CakePHP app is version 2.6.2. I have added this to my Auth Component in the AppController.
'JwtAuth.JwtToken' => array(
'fields' => array(
'username' => 'email',
'password' => 'password',
'token' => '_token'
),
'parameter' => '_token',
'contain' => array(
'Organization'
),
'scope' => array(
'User.status' => 'A',
//'User.frozen' => 0,
'User.locked_out' => 0,
'Organization.status' => 'A',
//'User.failed_sign_ins < 4'
),
'header' => 'X_JSON_WEB_TOKEN',
'pepper' => 'pepper' // Says pepper because I do not want to show the pepper key I used for my code
),
I know that the plugin runs because I add a die statement in the getUser function in the plugin and it shows up when I do the API request.
public function getUser(CakeRequest $request) {
$token = $this->_getToken($request);
if ($token) {
return $this->_findUser($token);
}
return false;
}
This is the function that is part of the JwtTokenAuthenticate.php in the Component directory in the Controller directory of the plugin. When I debug $request, I do not get the header as part of the request. I am using Postman for testing the API and Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7ImlkIjoiMTIiLCJzdWIiOiIxMiJ9LCJpYXQiOjE0ODcyNTUxMjYsImV4cCI6MTQ4NzI1ODcyNn0.5hoyXltPmEXIA3eVtJnnn3Dor2lhviej31eZNbaMbow
If I understand you correctly you're trying to pass auth token via Authorization header? But according to the plugin docs you should be doing it either via X_JSON_WEB_TOKEN header or _token query param.
Please add below code inside your .htaccess file, it will work
<IfModule mod_rewrite.c>
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
</IfModule>
I am sending a link out via email to users when they register that they must click and it will automatically direct and log them into the site.
I'm getting a 404 error when trying to access this link.
Example email sent out:
www.someurl.com/custom_confirm/verify?email=test#test.com&hash=somehash
My hook menu in custom_confirm looks like this:
function custom_confirm_menu(){
$items = array();
$items['custom_confirm/verify'] = array(
'title' => 'Confirming Registration',
'page callback' => 'verify_email',
'access callback' => TRUE,
);
return $items;
}
My function
function verify_email()
Is not being invoked when I hit this URL. It's giving me a 404 and not hitting any code inside the verify_email function.
Is there something wrong with this hook_menu? I don't understand why this is not working?
I am using basic authentication in my project to access Api. In ApiController, I added below code in beforeFilter:
$this->Auth->config('authenticate', [
'Basic' => [
'fields' => ['username' => 'username', 'password' => 'api_key'],
'userModel' => 'Users'
]
]);
So from chrome postman application, I am sending post request with basic auth credentials. for example like below:
So when I send a request, I get unauthorized error back.
you are sending a post request with a 'password' field
Your application is expecting a 'api_key' field that would contain the password.
I think you missed this one script in your model entity.
use Cake\Auth\DefaultPasswordHasher;
protected function _setPassword($password)
{
if (strlen($password) > 0) {
return (new DefaultPasswordHasher)->hash($password);
}
}
Put this one in Model/Entity/User.php
I am using DC User Plugin with activated "RememberMe" Cookie. If the session is expired and I reload a public page, it works fine (it gets the cookie and renews the session).
But if I reload a page (after session has expired) which is only allowed for logged-in users, it does not check the cookie and redirects me instead to the login page. But if I then click another (public) page and then go back to the user-only page - it works, too, without to have to login again.
So the RememberMe/Cookie Component itself seems to work fine.
My Code for the Auth check for the problematic user-only page is simple:
public function view() {
if (!$this->Auth->user()) {
$this->redirect('/users/login');
} else {
//do stuff
}
}
What do I have to add/change, so that it checks the User Cookie here, too, when the Session is expired? In the documentation of that Plugin I couldn't find that unfortunately.
Thank you so much for your help and sorry for my bad English.
Well I resolved by myself. Allthough I had added
$this->RememberMe->restoreLoginFromCookie();
to beforeFilter() function in Controller, the function always returned false, because the Cookie saves email+password, but Standard Auth expects username+password.
I added
public $components = array(
...
'Auth' => array(
'authenticate' => array(
'Form' => array(
'userModel' => 'User',
'fields' => array(
'username' => 'email',
'password' => 'password'
)
)
),
...
so it will check for the needed email field, and now it works.