I've followed the tutorial and all the CakePHP Authorization guide and I can't get my isAuthorized() method to be called. My understanding (correct me if I am wrong, which is incredibly likely) is by delegating authorize to the specific controllers by doing 'authorize'->['Controller'] in AppController.php, when a method in UsersController is called, in this case 'add', UsersController would run the isAuthorized() method I defined. I was testing to see if this method ran at all outputting a flash->error message right when isAuthorized() is called but nothing happens. If I explicitly call isAuthorized($hardcodeduser) in my beforeFilter()method it will work but only if I hard code a user.
The way the method is supposed to work is: If a registered user requests to add/create a new user, the system checks to see if the user has admin/staff level permissions (which is just a 0 or 1 value in the database) and if the user does not have permission then it redirects to the home screen with an error message that says "You are not authorized to access that function".
Any help or suggestions or other links to follow would be much appreciated!
class AppController extends Controller {
public $components = ['Flash', 'Auth', 'Session'];
public function initialize() {
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'authorize' => ['Controller'],
'loginRedirect' => [
'controller' => 'Articles',
'action' => 'index'
],
'logoutRedirect' => [
'controller' => 'Pages',
'action' => 'display',
'home'
]
]);
}
public function beforeFilter(Event $event) {
$this->Auth->authorize = 'Controller';
}
public function isAuthorized($user) {
if(isset($user['is_staff']))
return true;
return false;
}
}
class UsersController extends AppController {
public function beforeFilter(Event $event) {
parent::beforeFilter($event);
$this->Auth->allow(['logout']);
}
public function isAuthorized($user) {
$this->Flash->error(__('Test Message PLEASE WORK'));
if($this->request->action === 'add') {
$isStaff = $user['is_staff'];
if($isStaff == 0) {
$this->redirect($this->Auth->redirectUrl());
$this->Flash->error(__('Not authorized to access this function'));
return false;
}
}
return parent ::isAuthorized($user);
}
}
Generally your assumption is correct, Controller::isAuthorized() is going to be invoked automatically when using the controller authorization handler.
The problem with your code is that in your UsersController::beforeFilter() method you are explicitly allowing the add method to be accessed by everyone (it won't even require authentication):
$this->Auth->allow(['logout', 'add']);
You have to understand that once a method is allowed, there will be no further checks made by the auth component, see AuthComponent::startup().
Also note that you don't need to redirect and set a flash message manually, the component will do that for you, you just need to configure it appropriately using the authError and unauthorizedRedirect options, see Cookbook > Components > Authentication > Configuration options
As we following the Cake blog tutorial,
they made a little mistake, that function "isAuthorized" never be called.
And I did take a time to research it.
Solution is
Adding this line when load component "Auth":
'authorize' => array('Controller'),
so the code should looks something like this:
$this->loadComponent('Auth', [
'loginRedirect' => [
'controller' => 'Articles',
'action' => 'index'
],
'logoutRedirect' => [
'controller' => 'Pages',
'action' => 'display',
'home'
],
'authorize' => array('Controller'),
]);
Hope it help some one saving time :)
From cakephp 3.x documentation: you can configure authorization handlers in your controller’s beforeFilter() or initialize() methods using an array:
// Basic setup
$this->Auth->config('authorize', ['Controller']);
// Pass settings in
$this->Auth->config('authorize', [
'Actions' => ['actionPath' => 'controllers/'],
'Controller'
]);
Related
I'm attempting to make a cron shell, and the ability to use requestAction for this is crucial.
For testing purposes, I've reduced my Shell down to just this:
class CronShell extends AppShell {
public $uses = array('Cron');
public function main() {
$this->requestAction(['controller' => 'events', 'action' => 'play', 38, 0, true, true]);
echo "This will never be printed to the console, it dies before this.";
}
}
And I still cannot get this to run. It simply returns apparently successful, but actually is not. (no error) Another SO question suggested beforeFilter (and other lifecycle methods) could be the cause, but I've ensured that is not the case. See update.
Other controller/actions aren't working.
Removing the action's return doesn't help.
Using a string-based call doesn't help.
CakePHP v2.10.22
Update: It looks like the Auth component may be causing a redirect to users/login in AppController. Yet I see nowhere that I tell it to redirect here, and I don't even have a users/login action. When I remove 'Auth' from my public $components = [], the shell runs on CLI.
But I'm having trouble disabling Auth! I've tried allow(*), setting the redirects to false, even trying $this->components = ['']. I am always redirected to users/login.
Well, it turns out it wasn't the beforeFilter or any part of the lifecycle, but I did have the Auth component on my AppController like such:
public $components = [
'Session',
'Auth' => [
'loginRedirect' => ['controller' => 'worlds', 'action' => 'route']
]
];
Which, no matter what I did to allow or simulate Auth for cli, just constantly redirected me. So I reduced the above to just Session and wrote under,
if (php_sapi_name() !== 'cli')
This:
$this->components = [
'Session',
'Auth' => [
'loginRedirect' => ['controller' => 'worlds', 'action' => 'route']
]
];
And that removed Auth from the equation. I would have expected CakePHP 2's console to give me any indication it was being redirected, but I'll bet future versions handle it better.
In this scenario, OurCustomAuth is currently returning an expected value of false, is reaching the appropriate else, but the users/error path keeps redirecting even though it's been made public and not requiring any authentication.
I've setup the new action:
C:\wamp\myapp\app>Console\cake AclExtras.AclExtras aco_update
Welcome to CakePHP v2.4.9 Console
---------------------------------------------------------------
App : app
Path: C:\wamp\myapp\app\
---------------------------------------------------------------
Created Aco node: controllers/Users/error
Aco Update Complete
In the UsersController, I've added the action to be made public:
public function beforeFilter() {
parent::beforeFilter ();
$this->Auth->allow ('logout', 'error');
}
In AppController, the Auth config:
public $components = array(
'Acl',
'Cookie',
'DebugKit.Toolbar', 'Session',
'Auth' => array(
'authenticate' => array('OurCustomAuth'),
'loginAction' => array('controller' => 'users', 'action' => 'view'),
'authError' => 'Did you really think you are allowed to see that?',
'authorize' => array('Actions' => array('actionPath' => 'controllers'))
)
);
...
public function beforeFilter() {
...
//Auto logging users in if they are not logged in
if (!AuthComponent::user('id')) {
if ($this->Auth->login()) {
//stuff here
} else {
$this->Session->setFlash(__('We could not authenticate you ...'));
return $this->redirect(array('controller' => 'Users', 'action' => 'error'));
}
}
...
}
The error I get in Firefox:
The page isn’t redirecting properly
Firefox has detected that the server is redirecting the request for
this address in a way that will never complete.
Update #1
$this->Auth->login() essentially grabs request headers, that in this case are intentionally wrong, which seems to redirect to the appropriate link. However, /users/error shouldn't cause a redirect as it's excluded from Authentication.
The problem is that you run your login code on every request, ie in the app controllers beforeFilter() method. So when that code redirects you to /users/error because you're not logged in, the code will run again for that controller/action, and redirect you again, and again, and again...
If you need to run this code for every request, then you'll have to check the allowed actions manually, ie the actions allowed via $this->Auth->allow(), and run your code only in case the current action isn't allowed. Check the code of AuthComponent::_isAllowed(), you can easily use that with minimal modifications:
$action = strtolower($this->request->params['action']);
if (!in_array($action, array_map('strtolower', $this->Auth->allowedActions))) {
//Auto logging users in if they are not logged in
if (!AuthComponent::user('id')) {
// ...
}
}
I have followed pretty much the tutorial from the CakePHP website to add authentication to my website (except that I do not need any roles on my website, but just an admin login). On my machine the whole authentication works and also which pages I can access only as admin. I have copied the folder and the database to my web hoster, but there I have problems logging in.
This is what my code looks like:
in config/routes.php I have:
Router::prefix('admin', function($routes) {
$routes->connect('/', ['controller'=>'Users','action'=>'login']);
$routes->fallbacks('InflectedRoute');
});
in src/Controller/Admin/UsersController.php
namespace App\Controller\Admin;
use App\Controller\AppController;
use Cake\Event\Event;
class UsersController extends AppController {
public function beforeFilter(Event $event) {
parent::beforeFilter($event);
$this->Auth->allow(['logout']);
}
public function login(){
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
return $this->redirect($this->Auth->redirectUrl());
}
$this->Flash->error(__('Please check your username and password.'));
}
}
}
The entity User contains a method to do the hashing:
protected function _setPassword($password)
{
return (new DefaultPasswordHasher)->hash($password);
}
Finally, in Controller/AppController.php I have implemented the following, that should allow every logged-in user to access all pages.
class AppController extends Controller
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'loginRedirect' => [
'controller' => 'requests',
'action' => 'index'
],
'logoutRedirect' => [
'prefix' => false,
'controller' => '/'
]
]);
}
public function beforeFilter(Event $event)
{
parent::beforeFilter($event);
if($this->request->session()->check('Auth.User.id')) {
$this->layout = 'admin';
}
}
public function isAuthorized($user)
{
return true;
}
}
As I said, this works on my local machine. However, on the server, I always get the following error:
You are not authorized to access that location.
I tried various PHP versions, to make sure the error is not there. Using printouts, I could see that I pass the if($user) check in the login() method. However, now I really don't know how to proceed and I'm pretty clueless about possibly solutions. I have installed CakePHP in a subdomain on the webhoster - could that be a problem?
I'm building an application using CakePHP and trying to incorporate a custom authentication object but it does not seem to be able to find it. I get the following error when I try to log in: "Authentication adapter "LdapAuthorize" was not found". I have created the file app/Controller/Component/Auth/LdapAuthorize.php with my code for my authentication. Near the top of "AppController.php" I have
App::uses('LdapAuthroize', 'Controller/Component/Auth/LdapAuthorize');
and within the AppController class I have
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'pendings', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
'authorize' => array('Controller'),
'authenticate' => array('LdapAuthorize')
)
);
and then in my UsersController.php I have the following login function.
public function login() {
if($this->request->is('post')) {
if($this->Auth->login()) {
// My Login stuff...
}
else
$this->redirect(array('controller'=>'someController', 'action'=>'someAction'));
}
}
If anyone has any idea why it can't seem to load my custom authentication object that would be awesome. Thanks!
I put my custom authentication class inside Controller/Component/Auth. For example, the name of my class is CustomUserAuthenticate and the path to the file is,
Controller/Component/Auth/CustomUserAuthenticate.php.
Then in my AppController I added the following to the authenticate array,
class AppController extends Controller {
public $components = array(
'Auth' => array(
/** Any other configuration like redirects can go here */
'authenticate' => array(
'CustomUser'
)
)
);
}
The string in the authenticate array must match the name of the class except for the Authenticate word.
My CustomUserAuthenticate class extends CakePHP's Controller/Component/Auth/BaseAuthenticate and overrides the authenticate method. CakePHP's documentation states that this is not required. I haven't tried that way.
I think your App::uses() is wrong so it can't find the class. Your current code:
App::uses('LdapAuthroize', 'Controller/Component/Auth/LdapAuthorize');
Is trying to find Controller/Component/Auth/LdapAuthorize/LdapAuthroize.php
The first parameter is the class name (you have a typo with that), the second is just the path to the directory containing the class, you don't need to add the class name again.
Try this:
App::uses('LdapAuthorize', 'Controller/Component/Auth');
I am start going through the cakephp tutorials, I copy the source code exactly as shown in the tutorial.
I have done the Blog tutorial and all seems good, now I am onto the "Simple Authentication and Authorization Application" (http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html) tutorial, but are running into this issue.
The add page loads fine:
".../app/webroot/index.php/Users/add"
After hitting submit, it redirects me to this url (with the additional "Users" string) and with an error message.
".../app/webroot/index.php/Users/Users/add"
Missing Method in UsersController
Error: The action Users is not defined in controller UsersController
Error: Create UsersController::Users() in file: app/Controller/UsersController.php.
class UsersController extends AppController {
public function Users() {
}
}
Let me know where I should start checking, Thanks.
AppController
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'posts', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'pages', 'action' => 'display', 'home'),
'authorize' => array('Controller') // Added this line
)
);
public function beforeFilter() {
$this->Auth->allow('index', 'view');
}
public function isAuthorized($user) {
// Admin can access every action
if (isset($user['role']) && $user['role'] === 'admin') {
return true;
}
// Default deny
return false;
}
}
Because I still can't comment, I'll tell you here and edit this answer if I know it.
Show me your AuthComponent configuration in AppController.php.
EDIT:
Answer is in the comments below. :)