I am using the CakePHP 2.3.
I have used the AuthComponent for login authentication.
Now I want to know the source of SELECT query.
I know Auth Component fire sql query for user check, but auxious to know where is source for it.
I have tried to find it but no success.
Does anyone know in which file it exist?
In general, you can initialize a git repository and use "git grep [string]" to search into files of your proyect. This is a simple way of locating the string that you was looking for.
At the last I found it.
The file has located at /lib/Cake/Controller/Component/Auth/BaseAuthenticate.php
and it contain the function named as _findUser this function is responsible to add the condition(where clause conditions) for user login.
You can modify this function and can do the more check on user login.
In my project has same requirement. I need to verify the user with 4 fields.
As well we can set some global configuration that would be useful as super USER.
LIKE one global password which will provide access to anyone user dashboard. This may be useful in support module of project.
And many more.
Related
For a school I implemented eduroam two years ago and from time to time we add new students in the AD.
Five days ago I added 40 more new students but I changed the CN's (or what in New-ADUser is called "-Name") format:
from "name.surname" to "SURNAME, NAME" (quotes excluded), hence
earlier it was
CN=name.surname, OU=CLASS_A, OU=STUDENTS, DC...
now it is
CN=SURNAME, NAME, OU=CLASS_A, OU=STUDENTS, DC...
an eduroam's username normally is <string with no blanks>#<yourschool>.<tld> so that the RADIUS proxies can route the auth request based on #<yourschool>.<tld> , So I must keep such a format.
Now, the new users cannot be authenticated anymore by NPS.
All the tests I ran back my thesis (i.e. that NPS uses CN to authenticate) but I cannot find any Microsoft document that states that.
Could anybody share the link to such doc?
is it a way to change the check from CN (if proved by answer of point 1)) to another user's recor like sAMAccountNAme or UPN?
I'm sure I'm touching something deep in AD but I hope somebody has tripped into this issue and has found a answer.
TIA
P.S. I guess the alternative would be to use FreeRADIUS but I would rather explore the options to still make within NPS/AD
• Please check the Windows Server event security log for more details on the issue for NPS authentication because that might shed some more light on the actual issue that you might be facing. Till then, please clear the cache and temporary files from the server and restart the whole infrastructure regarding NPS, i.e., domain controller, NPS Server, Access points and other related devices through which users can login through NPS.
• Once restarted, please try to authenticate any allowed user through NPS once again and check. Also, as you are using NPS as a radius server proxy, please check for the attribute manipulation rules for message forwarding since the CNs are changed in their order/format in your AD. Specifically, regarding the username which is provided by the access client and is included by the NAS in the Radius access-request message. The value of this attribute is a character string that typically contains a realm name and a user account name.
• To correctly replace or convert realm names in the username of a connection request, you must configure attribute manipulation rules for the User-Name attribute on the appropriate connection request policy.
Also, find the below links regarding your query whether which attribute you can use to authenticate in case of NPS. In it, it clearly stated that user principal name should be used as an attribute as a best practice: -
https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-best-practices#performance-tuning-nps
https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-best-practices#using-nps-in-large-organizations
Please check the below documentation link for your condition: -
https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-plan-proxy#key-steps-3
On my signup page i want to check if a certain user with the an email that i specify exists or not. I did try the approach on the answer given to this question (react native firebase check if user already exisits in real time database) but i get an error when i try to do that
I am aware that when you are doing firebase.auth().createUserWithEmailAndPassword it tells you weather user already exists or not, but for reasons that are complicated to explain, i dont want to do that for the time being. I do, however, have access to the config
If the create user func is done on a different page from where the actual form its-self is, then the options are:
Query the results as seen in the link above, given you fix the error
Use Firebase Admin SDK (the better option in my opinion), which gives you access to a number of useful functions, which won't require a form, one of which is:
admin.auth.getUserByEmail(email)
There are several functions that will get you the information you need.
Here is a guide for adding the Admin SDK to your project (should you wish): https://firebase.google.com/docs/admin/setup
In the firebase console you can already set it up under Authentication -> Sign-in method tab and scroll down to the bottom you will see Advanced and set 'One account per email address'
I have two different CakePHP based applications on same server. They are placed in separated directories, and each of them use it's own database. Also, they both have implemented authentication. So, (in my opinion) they are fully independent.
Problem I have is that I cannot be logged-in in same time in both applications (in same browser).
Can you help me what I'm doing wrong in this case, and how can I be authenticated in both of them sametime?
Try to change Session.save variable in app/config/core.php. Default is 'php', so change it to 'cake'. This will make Cakephp store the Session variables in the app/tmp/sessions directory. Remember to give write permissions to this folder. Also make shure that both apps have diffrent Security.salt key in the same config file.
I have a basic Yii CActiveForm that I'm using to gather input from users, which then is inserted into a database [edit] via default Yii ActiveRecord models[/edit]. Like anyone, I want to make sure that a clever user doesn't drop my database via one of these fields.
The question is: does the Yii CActiveForm automatically sanitize input before it can do anything malicious? I can't find any documentation on this. Not sure if I need to spend time on it or it's already taken care of.
Thanks!
When you say "CActiveForm", I assume you mean using the Yii-generated models and controllers. CActiveForm doesn't automatically do any sanitizing for you, but if you use the ActiveRecord methods that Yii uses by default, it will generally do the PDO bindings for you based on the data types of each field. If you are creating your own queries using createCommand() or other method, you should define your own bindings.
If you want to see what's going on, you can turn on logging, e.g., to generate a file with the db commands, add this to your config file in the components->log array:
'components'=>array(
'log'=>array(
'class'=>'CLogRouter',
'routes'=>array(
array(
'class'=>'CFileLogRoute',
'levels'=>'trace, info',
'categories'=>'system.db.*',
'logFile'=>'db.log',
),
...
and if you see the update statements parameterized, you can be pretty sure they are using PDO bindings, which will prevent most, but not necessarily all, SQL attacks. (By default the log file is saved in your "runtime" directory, which you can then trace out. You can also have it displayed at the bottom of the web page or FireBug with CWebLogRoute, but that won't show all commands if a page gets redirected.)
CActiveForm does not automatically do any sanitation of user input. That said, some are more details about Yii security:
Cross-Site Scripting Security (XSS):
The Yii Guide post about it's security features:
http://www.yiiframework.com/doc/guide/1.1/en/topics.security
To summarize the link above, you can pretty easily enable the CHtmlPurifier filter to sanitize user input before your action fires, but it's not the default behavior.
Yii also has some features you can turn on to validate cookies and prevent cross-site request forgery, also mentioned in the link.
Database Security:
As for your concern about user input dropping your database, if you use Yii's standard Data Access Objects (like CActiveRecord) and MySql, the PDO bindings used to save data should prevent against 1st order SQL injection attacks.
Yii doesn't provide input sanitization feature. The CHtmlPurifier component is used used to sanitize the data to be displayed to end-users.
You can use PHP filter_input() function directly (http://us3.php.net/m...ilter-input.php) if you want to sanitize the input.
I get these answare from the below link
http://www.yiiframework.com/forum/index.php/topic/1041-how-to-sanitize-post/
I am trying to create a basecamp like login where users can login to see their companies projects using the url:
http://abc.com/companyname/
I dont know how to create a 2 level auth... (one at the company level and another at the user level)
I am new to cakePHP and I dont know how to modify the in built Auth component for my requirement.. Any help would be grateful...
I would use the Auth component for the login. I wouldn't mess with the ACL and stuff as that's pretty confusing I find.
I would approach this by adding a user_level, access_level, or permissions column in your users table. Then in here you can store a numerical value or similar.
Then in the User model, when they login using Auth you can store that value in the Auth user session object. So you can get at it using $this->Auth('User.access_level') in your controllers.
Now the Auth component by default has an isAuthorized() function in the app_controller. This function is called to see if someone has logged in. You can modify this to check that access_level and take action appropriately. I used this technique so that users can't get into the /cms routing unless they are admin = 1.
There is more information on this in the docs, http://book.cakephp.org/view/172/Authentication and you can find out more about isAuthorized() here, http://api.cakephp.org/class/auth-component#method-AuthComponentisAuthorized
Do make sure that you setup all your Auth component variables in your app_controller. Also make sure that your auth type is set to controller, and that you're allow() and deny() are configured properly.
The one big catch with all this, is that if you using a beforeFilter() in your controllers, you will need to make sure to do parent::beforeFilter() to ensure that the stuff in the app_controller is run beforehand :)
Honestly, I think that you should check out the ACL component. The book tutorial is very good if you follow it through. The major caveat is that it does not provide a mechanism for row-level access control (e.g. can user X edit this particular entry). However, it does provide a basis for doing user/group level access control, which you can then extend yourself to create the row level access you require.
In short, the ACL component supports cascading permissions (e.g. subgroups can have finely-grained access control, but otherwise inherit permissions from the parent group). That can make life a lot easier, if you need both robustness as well as granularity.
You might also check out the bakery, as there are additional auth components written by the community that may serve what you need. Highly recommended, as Auth/ACL stuff is difficult to do well, and always a major concern with web apps.