I have cakephp 3 aplication with social login plugin, hybridauth.
Sometimes works login over face and over google but sometimes i get error like these:
In 'hybridauth' instructions there is line:
Note: When specifying loginRedirect URL for AuthComponent be sure to add 'plugin' => false (or appropiate plugin name) to the URL array.
Probably i did something wrong in my appcontroller. It looks like:
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'fields' => [
'username' => 'email',
'password' => 'password'
]
],
'ADmad/HybridAuth.HybridAuth' => [
// All keys shown below are defaults
'fields' => [
'provider' => 'provider',
'openid_identifier' => 'openid_identifier',
'email' => 'email'
],
'profileModel' => 'ADmad/HybridAuth.SocialProfiles',
'profileModelFkField' => 'user_id',
// The URL Hybridauth lib should redirect to after authentication.
// If no value is specified you are redirect to this plugin's
// HybridAuthController::authenticated() which handles persisting
// user info to AuthComponent and redirection.
'hauth_return_to' => null
]
],
'loginRedirect' => [
'controller' => 'Users',
'action' => 'index',
'ADmad/HybridAuth.HybridAuth' => 'false'
'plugin' => 'false'
],
'logoutRedirect' => [
'controller' => 'Users',
'action' => 'login',
'home'
]
]);
Like you can see i try to ad lines to main 'loginRedirect' but there is same problem again.
'ADmad/HybridAuth.HybridAuth' => 'false'
'plugin' => 'false'
any idea please?
Thank you.
Even i can login sometimes. randomly.
And every time when i push face or google login i get session-Auth. I am authenticated, but routing brings me to error screen.
And than i can change url to localhost/projectname/users/index and everything is ok, works.
i also tryed to add routes to routes.php:
$routes->connect('/Users/index', ['controller' => 'Users', 'action' => 'index']);
$routes->connect('/http://localhost/sebastus1/hybrid-auth/authenticated', ['controller' => 'Users', 'action' => 'index']);
SOLUTION
thanks to ndm.
(string)'false' != (boolean)false
Related
After logging a user in, I want to redirect them back to where they came from but It's not working properly in CakePHP 3.5. Here are the required info's to help me figure out this problem.
URL while login(session time out),
http://dev.scys.com/db/admin?redirect=%2Fadmin%2Fstatuses
This is my Auth config,
$this->loadComponent('Auth', [
'loginAction' => ['controller' => 'Admins', 'action' => 'login'],
'loginRedirect' => ['controller' => 'Admins', 'action' => 'index'],
'logoutRedirect' => ['controller' => 'Admins', 'action' => 'login'],
'unauthorizedRedirect' => $this->referer(),
'authenticate' => [
'Form' => [
'finder' => 'auth',
'userModel' => 'Admins',
'fields' => ['username' => 'username', 'password' => 'password']
]
]
]);
And in the Login method/action
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
return $this->redirect($this->Auth->redirectUrl());
}
More Points
I have also tried $this->redirect($this->request->getQuery('redirect'));
Am I missing anything or something else I have to add to work this out :(
I figured out my mistake,
Actually, I was using for action URL like,
$this->Form->create(NULL, ['url'=> ['controller' => 'Admins', 'action' => 'login'],'style'=>'display: block;');
Because of this, the URL became "admins/login" and the redirect query string get removed that's why the problem occurred, because "$this->redirect($this->Auth->redirectUrl());" didn't find any redirect query string(as per the case 1), so it uses $this->Auth->config('loginRedirect');(as per case 2).
Then I solve it by removing the URL key and value from the form create option parameter.
I'm creating an E-Commerce website using CakePHP 3
I need to create an Admin page that will allow the Admin to upload
products and possibly view a few KPI's etc..
Is there a way in Cake to have a User (general customer shopping on the site) and a Superuser (or Admin) at the same time? I have an 'is_admin' column in my Users table to differentiate between admin and user. Do I just need to have something like this in my addProducts function or is there a better way?:
public function addProducts(){
$user = $this->Auth->user();
if($user['is_admin']) {
//allow access
} else {
//throw anauthorised exception
}
}
Thanks in advance
You can manage it via different URL's for admin and front User. This can be managed via the routes and the APP Controller.
What I am using for one of my appplication is as below:
In the routes.php file
Router::prefix('admin', function ($routes) {
// All routes here will be prefixed with `/admin`
// And have the prefix => admin route element added.
$routes->fallbacks('DashedRoute');
$routes->connect('/', array('controller' => 'Users', 'action' => 'login'));
/* Here you can define all the routes for the admin */
});
Router::scope('/', function ($routes) {
$routes->connect('/', array('controller' => 'Users', 'action' => 'login', 'home'));
/* Here you can define all the routes for the frontend */
});
Please note for the Admin you need to create a directory in all /src/Controller, /src/Template named as "Admin" and within these directories you can use the same structure that we use in our code.
Now comes the code that needs to be written in /src/Controller/AppController.php
public $prefix = '';
public function initialize()
{
$this->prefix = (!empty($this->request->params['prefix'])?$this->request->params['prefix']:'');
$this->set('prefix',$this->prefix);
if( !empty($this->prefix) && $this->prefix==='admin' )
{
$this->loadComponent('Auth', [
'loginAction' => [
'controller' => 'Users',
'action' => 'login',
'prefix'=>'admin'
],
'loginRedirect' => [
'controller' => 'Users',
'action' => 'index',
'prefix'=>'admin'
],
'logoutRedirect' => [
'controller' => 'Users',
'action' => 'login',
'prefix'=>'admin'
],
'authError' => 'Did you really think you are allowed to see that?',
'authenticate' => [
'Form' => [
'finder' => 'admin',
'fields' => ['username' => 'email', 'password' => 'password']
]
],
'storage' => ['className' => 'Session', 'key' => 'Auth.Admin']
]);
}
else
{
$this->loadComponent('Auth', [
'loginAction' => [
'controller' => 'Users',
'action' => 'login'
],
'loginRedirect' => [
'controller' => 'Users',
'action' => 'myaccount'
],
'logoutRedirect' => [
'controller' => 'Users',
'action' => 'login'
],
'authError' => 'Did you really think you are allowed to see that?',
'authenticate' => [
'Form' => [
'finder' => 'user',
'fields' => ['username' => 'email', 'password' => 'password']
]
],
'storage' => ['className' => 'Session', 'key' => 'Auth.User']
]);
}
}
Here you can see that we are using different keys for the storage Auth.User and Auth.Admin
For the finder you need to write the below code in your user model table located at src\Model\Table\UsersTable.php
public function findAdmin(\Cake\ORM\Query $query, array $options)
{
$query
->select(array('Users.email', 'Users.password','Users.id','Users.role_id'))
->where(array('Users.role_id' => 1));
return $query;
}
public function findUser(\Cake\ORM\Query $query, array $options)
{
$query
->select(array('Users.email', 'Users.password','Users.id','Users.role_id'))
->where(array('Users.status' => 1,'Users.role_id' => 3));
return $query;
}
Note, Here I am keeping role_id "1" for Admin and "3" for front Users.
In this manner, even you can set the login for both in the same browser as key for both the user types is different.
Hope this helps you setup the structure accordingly.
Assume I'm in an admin\controller\action...
When a session times out and the user's next request to any controller/action is placed, I end up in my admin\users\login() function. Which is exactly what should happen based on the Auth component settings!
But, then a redirect to ['admin' => false, 'controller' => 'users', 'action' => 'login'] immediately comes back to the "admin\users\login"
The code:
$this->redirect(['admin' => false, 'controller' => 'users', 'action' => 'login'])
does NOT honor the admin=false at this point.
Actually, looking at my 'Auth' component initialization in AppController:
// Authentication
$this->loadComponent('Auth', [
'authorize' => array('Controller'),
'loginAction' => array('admin' => false, 'plugin' => NULL, 'controller' => 'users', 'action' => 'login'),
'loginRedirect' => array('admin' => false, 'plugin' => NULL, 'controller' => 'pages', 'action' => '/'),
'logoutRedirect' => array('admin' => false, 'plugin' => NULL, 'controller' => 'users', 'action' => 'login'),
'authError' => 'Authorization is Required!',
'authenticate' => [
'Form' => ['fields' => ['username' => 'name', 'password' => '
'passwordHasher' => 'Default'
]
]
]);
It looks to me as if the admin => false is being ignored. I'm sure that when the delayed (went for coffee) new request for some controller/action occurs that the request would be sent to the admin\users\login since the last one was an admin... but why shouldn't the actual redirect inside the admin\users\login or the Auth->loginRedirect shown here still enforce the admin route?
Is there something new in 3.0, or am I just missing something?
Regardless of the documentation, 'admin' => false will NOT remove the admin routing performed in the Auth component after session times out when the last request was an admin route.
I found issue #14904579 (dated 2013) that solved this very issue by changing the 'loginAction' => '/users/login'... leaving out the array syntax.
I don't have any idea if this issue existed once in 2013 and has reappeared in version cakphp 3.0.9. I did NOT have this issue when running 2.6.7
This is the correct way to remove any prefix from route (admin included):
$this->redirect(['prefix' => false, 'controller' => 'users', 'action' => 'login'])
$this->loadComponent('Auth', [
'loginAction' => [
'prefix' => false, //just add this if you wish to use the array format for urls
'controller' => 'Users',
'action' => 'login',
],
'authError' => 'Login to continue.',
'storage' => 'Session'
]);
According to the Docs, but no prefix in the LoginAction key in example code
I have searched and though people have asked similar if not the exact same question on this site and elsewhere, several of those questions have gone unanswered and the rest simply don't apply to me (different error, old cake version, etc).
I have two routing prefixes set up in my core.php. Those are 'admin' and 'moderate'. I want ALL users to login via /users/login and be redirected afterwards to /account.
When I go to a standard (non-prefixed) page that requires authentication such as /account, then I am redirected to /admin/users/login (I do not want the prefix).
After I login I am successfully redirected to /account. (At least that part is working)
Here is my AppController code
public $components = array('Session',
'Auth' => array(
'loginAction' => array('prefix' => false, 'admin' => false, 'moderate' => false, 'controller' => 'users', 'action' => 'login'),
'loginRedirect' => array('prefix' => false, 'admin' => false, 'moderate' => false, 'controller' => 'account', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'index', 'prefix' => false, 'admin' => false, 'moderate' => false),
'authError' => "You can't access that page",
'authorize' => array('Controller')
)
); // components
I also tried changing all the 'false' to 'null'. No dice. I'm using CakePHP 2.2.4
EDIT AS OF 2/11/14
Because people are still answering I just wanted to note that this question is RESOLVED. I never figured out what the exact issue was so I never posted an official/accepted answer. I suspect it was an issue with my routing. The AppController code I provided above was correct.
Try using this:
$this->Auth->loginAction = '/users/login';
Hopes that help!
Put below code in AppController.Hope that help.
public function beforeFilter() {
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login','admin' => false, 'prefix' => false, 'moderate' => false);
$this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login','admin' => false, 'prefix' => false, 'moderate' => false);
$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'home','admin' => false, 'prefix' => false, 'moderate' => false);
}
CakePHP 3 answer
In your APP/src/Controller/AppController.php:
$this->loadComponent('Auth', [
'loginAction' => [
'prefix' => false, // tells the app not to use any prefix
'controller' => 'Users', // change to your preference
'action' => 'login', // change to your preference
],
// loginRedirect, logoutRedirect etc.
// …
]);
This is way more flexible and future-proof than blacklisting individual prefixes, as you may not know upfront what those may or may not be.
Confirmed this works with my CakePHP. Tested by removing 'prefix' => false, it makes the app redirect to the prefixed login page, e.g. /admin/users/login, restoring that line fixes it back.
Official documentation
Authentication Handlers → Ctrl+F "loginAction"
Prefix Routing → Ctrl+F "Leave a prefix"
What I did
The CakePHP version is 2.2.3
I used this part of the Cookbook to create my authentication: Link
After i was finished, i changed the fields to email and password (in AppController.php):
public $components = array(
'Session',
'Auth' => array(
'authenticate' => array(
'Form' => array('userModel' => 'User', 'fields' => array('username' => 'email', 'password' => 'password'))
),
'loginRedirect' => array('controller' => 'twitter', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
'authorize' => array('Controller')
)
);
What happened
When i log in with my credentials, it redirects me to the loggedin page, even when the credentials aren't correct!
I hope someone can help me with the problem.
Thanks in advance!
EDIT:
Login now works as far as i can see! But the logout doesnt work. It doesnt remove my session.
You are passing something to $this->Auth->login($something). The code has changed since 1.x and anything passed to this method will cause the user to be logged in.
You should call $this->Auth->login() with no parameters