after I tried finding a solution using Google's search, I still haven't found anything which helped me. The problem is simple, I want to use another Model for the user authentication. The way the manual shows us does, somehow, not work.
My AppController looks like the follow:
public $components = array(
'Auth',
'DebugKit.Toolbar'
);
public function beforeFilter()
{
parent::beforeFilter();
if (isset($this->request->params["intranet"]) && $this->request->params["intranet"] == 1) {
$this->Auth = array(
"loginAction" => array(
"intranet" => true,
"controller" => "employees",
"action" => "login"
),
"authenticate" => array(AuthComponent::ALL => array("userModel" => "Employee"))
);
$this->layout = "intranet";
}
}
It does not matter what url I open, CakePHP always redirects me to /users/login. Of course I run parent::beforeFilter() in the Controllers.
Edit: Okay seems like I missunderstand userModel, loginAction seem to be the right keyword here, but after I changed it to array("controller" => "employees", "action" => "login") it still redirects me to /users/login...
Oh my god I'm so dumb... I guess the most programmers already have a facepalm after reading this, but for the newer CakePHP/PHP developers who may struggle with the same problem:
In the code above, I override $this->Auth with the array. The solution:
$this->Auth->loginAction = array(
"intranet" => true,
"controller" => "employees",
"action" => "login"
);
$this->Auth->authenticate = array(AuthComponent::ALL => array("userModel" => "Employee"));
Related
I've followed the tutorial and all the CakePHP Authorization guide and I can't get my isAuthorized() method to be called. My understanding (correct me if I am wrong, which is incredibly likely) is by delegating authorize to the specific controllers by doing 'authorize'->['Controller'] in AppController.php, when a method in UsersController is called, in this case 'add', UsersController would run the isAuthorized() method I defined. I was testing to see if this method ran at all outputting a flash->error message right when isAuthorized() is called but nothing happens. If I explicitly call isAuthorized($hardcodeduser) in my beforeFilter()method it will work but only if I hard code a user.
The way the method is supposed to work is: If a registered user requests to add/create a new user, the system checks to see if the user has admin/staff level permissions (which is just a 0 or 1 value in the database) and if the user does not have permission then it redirects to the home screen with an error message that says "You are not authorized to access that function".
Any help or suggestions or other links to follow would be much appreciated!
class AppController extends Controller {
public $components = ['Flash', 'Auth', 'Session'];
public function initialize() {
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'authorize' => ['Controller'],
'loginRedirect' => [
'controller' => 'Articles',
'action' => 'index'
],
'logoutRedirect' => [
'controller' => 'Pages',
'action' => 'display',
'home'
]
]);
}
public function beforeFilter(Event $event) {
$this->Auth->authorize = 'Controller';
}
public function isAuthorized($user) {
if(isset($user['is_staff']))
return true;
return false;
}
}
class UsersController extends AppController {
public function beforeFilter(Event $event) {
parent::beforeFilter($event);
$this->Auth->allow(['logout']);
}
public function isAuthorized($user) {
$this->Flash->error(__('Test Message PLEASE WORK'));
if($this->request->action === 'add') {
$isStaff = $user['is_staff'];
if($isStaff == 0) {
$this->redirect($this->Auth->redirectUrl());
$this->Flash->error(__('Not authorized to access this function'));
return false;
}
}
return parent ::isAuthorized($user);
}
}
Generally your assumption is correct, Controller::isAuthorized() is going to be invoked automatically when using the controller authorization handler.
The problem with your code is that in your UsersController::beforeFilter() method you are explicitly allowing the add method to be accessed by everyone (it won't even require authentication):
$this->Auth->allow(['logout', 'add']);
You have to understand that once a method is allowed, there will be no further checks made by the auth component, see AuthComponent::startup().
Also note that you don't need to redirect and set a flash message manually, the component will do that for you, you just need to configure it appropriately using the authError and unauthorizedRedirect options, see Cookbook > Components > Authentication > Configuration options
As we following the Cake blog tutorial,
they made a little mistake, that function "isAuthorized" never be called.
And I did take a time to research it.
Solution is
Adding this line when load component "Auth":
'authorize' => array('Controller'),
so the code should looks something like this:
$this->loadComponent('Auth', [
'loginRedirect' => [
'controller' => 'Articles',
'action' => 'index'
],
'logoutRedirect' => [
'controller' => 'Pages',
'action' => 'display',
'home'
],
'authorize' => array('Controller'),
]);
Hope it help some one saving time :)
From cakephp 3.x documentation: you can configure authorization handlers in your controller’s beforeFilter() or initialize() methods using an array:
// Basic setup
$this->Auth->config('authorize', ['Controller']);
// Pass settings in
$this->Auth->config('authorize', [
'Actions' => ['actionPath' => 'controllers/'],
'Controller'
]);
I'm trying to implement something like Mark Story's "Down for Maintenance" page using CakePHP 2.1.0. I'm pretty close to achieving this, but I'm running into two issues that I could use some help with. First of all, here is all of the relevant code (six files):
1) app/Config/bootstrap.php:
Configure::write('App.maintenance', true);
2) app/Config/core.php:
Configure::write('debug', 1);
...
Configure::write('Exception', array(
'handler' => 'ErrorHandler::handleException',
'renderer' => 'AppExceptionRenderer',
'log' => true
));
3) app/Controller/AppController.php:
if (Configure::read('App.maintenance') == true) {
App::uses('DownForMaintenanceException', 'Error/Exception');
throw new DownForMaintenanceException(null);
}
4) app/Lib/Error/Exception/DownForMaintenanceException.php:
<?php
class DownForMaintenanceException extends CakeException {}
5) app/Lib/Error/AppExceptionRenderer.php:
<?php
App::uses('ExceptionRenderer', 'Error');
class AppExceptionRenderer extends ExceptionRenderer {
function _outputMessage($template) {
// Call the "beforeFilter" method so that the "Page Not Found" page will
// know if the user is logged in or not and, therefore, show the links that
// it is supposed to show.
if (Configure::read('App.maintenance') == false)
{
$this->controller->beforeFilter();
}
parent::_outputMessage($template);
}
public function downForMaintenance() {
$url = $this->controller->request->here();
$code = 403;
$this->controller->response->statusCode($code);
$this->controller->set(array(
'code' => $code,
'url' => h($url),
'isMobile' => $this->controller->RequestHandler->isMobile(),
'logged_in' => false,
'title_for_layout' => 'Down for Maintenance'
));
$this->_outputMessage($this->template);
}
}
6) app/View/Errors/down_for_maintenance.ctp:
<p>Down for Maintenance</p>
Now, for the two issues I'm experiencing. First, this code only works when debug is set higher than 1. Is there anything I can do about that? Does that indicate that I'm going about this the wrong way? The second issue is that, although I'm setting the "isMobile" and "logged_in" view variables to boolean values in the "downForMaintenance" method, the "app/View/Layouts/default.ctp" file is seeing them as strings. What can I do about that?
Thanks!
here is a quick and dirty maintenance page for cakephp
in public index.php
define('MAINTENANCE', 0);
if(MAINTENANCE > 0 && $_SERVER['REMOTE_ADDR'] !='188.YOUR.IP.HERE')
{
require('maintenance.php'); die();
}
Then just change MAINTENANCE = 1 when you want to take your site down and it will still be viewable from your home/office.
BONUS: Works with all versions of cake!
A more elegant way would be to add a route overriding any other one at the very top of routes.php:
//Uncomment to set the site to "under construction"
Router::connect('/*', array('controller' => 'pages', 'action' => 'underConstruction'));
//any other route should be underneath
If you want to add any condition you can also do it here:
define('MAINTENANCE', 0);
if(MAINTENANCE > 0 && $_SERVER['REMOTE_ADDR'] !='188.YOUR.IP.HERE')
Router::connect('/*', array('controller' => 'pages', 'action' => 'underConstruction'));
}
We'll need to create a custom Dispatch Filter,CakePHP has you covered.
check below link
http://josediazgonzalez.com/2013/12/13/simple-application-maintenance-mode/
I had downloaded the plugin from link
https://github.com/CakeDC/users
followed the steps given in the page. I have created the tables 'users' and 'details'. I have also registered the user and verfied the user, but while accessing the link www.mydomain/users/users/login this page is getting redirected to www.mydomain/users/login
which shows missing controller. I am new to cake and for me it is difficult to debug. I would be thank if some one help me.
Thank you for the response.
Yes, I have added the code given in the "cake\libs\controller\app_controller.php" file. In order to test this I have freshly downloaded the core files and setup the files in my local system. I have placed the plugins 'utils', 'search' and 'users' to my app/plugins folder and created the tables.
Now also I am able to register the user but not able to see the login page. ie. "while accessing the link www.mydomain/users/users/login this page is getting redirected to www.mydomain/users/login which shows missing controller".
Please let me know if I am missing anything or I am wrong.
Thank you.
This looks like a problem in the login redirection.
Did you add the beforeFilter() configuration to your app_controller?
if not you may need to add it.
Here is an example of how your app_controller should look like:
<?php
class AppController extends Controller {
var $components = array('RequestHandler', 'Session', 'Auth');
function beforeFilter(){
$this->Auth->fields = array('username' => 'email', 'password' => 'passwd');
$this->Auth->loginAction = array('plugin' => 'users', 'controller' => 'users', 'action' => 'login', 'admin' => false);
$this->Auth->loginRedirect = '/';
$this->Auth->logoutRedirect = '/';
$this->Auth->authError = __('Sorry, but you need to login to access this location.', true);
$this->Auth->loginError = __('Invalid e-mail / password combination. Please try again', true);
$this->Auth->autoRedirect = false;
$this->Auth->userModel = 'Users.User';
$this->Auth->userScope = array('User.active' => 1);
}
}
?>
Remember that the $this->Auth->loginAction MOST contain the 'plugin'=>'users', without it it will go to www.mydomain/users/login instead of www.mydomain/users/users/login
I have an issue with cake's auth that I simply can't seem to get past (i've been debugging and trying different tutorials for the last two days). As far as I can see it should be very simple, the problem is whenever i try to login, it just refreshes the login page. I cannot for the life of me figure out why! My only conclusion is that there must be something (basic) which tutorials take for granted that I have missed.
Here are a couple of snippets:
users_controller.php
class UsersController extends AppController {
var $name = 'Users';
function beforeFiler() {
parent::beforeFilter();
}
function login() {
}
function logout() {
$this->Session->setFlash('You have successfully logged out.');
$this->redirect($this->Auth->logout());
}
}
app_controller.php
class AppController extends Controller {
var $helpers = array('Html','Form','Javascript');
var $components = array('Auth');
function beforeFilter() {
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
$this->Auth->loginRedirect = array('controller' => 'contents', 'action' => 'index');
$this->Auth->logoutRedirect = array('controller' => 'contents', 'action' => 'view');
$this->Auth->loginError = 'Something went wrong';
$this->Auth->allow('register', 'view');
$this->Auth->authorize = 'controller';
$this->set('loggedIn', $this->Auth->user('id'));
}
function isAuthorized() {
return true;
}
}
login.ctp
<div class="midCol short">
<h3>Login</h3>
<div class="loginBox">
<?php e($form->create('User', array('controller'=>'users','action'=>'login')));?>
<?php
echo $this->Form->input('username');
echo $this->Form->input('password');
e($this->Form->end(array('label'=>'Login', 'class'=>'loginButton button png')));?>
</div>
</div>
Any help would be greatly appreciated, this has me tearing my hair out!
Just for documentation as I had difficulties finding an answer for CakePHP 2.x on the web. This stuff needs to be "correct" in order to use Form authentication:
The config needs to be right, e.g. in your UsersController (the fields config is really only required when names differ in the DB):
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array(
'username' => 'username',
'password' => 'password'
),
)
)
)
);
You have to use the Form Helper: Form->create adds a hidden input field ("post"), and the names of the input fields generated by Form->input() follow a convention that the Auth component expects.
User->login must not pass custom data to Auth->login(). The Auth component will take the auth data from the form (= request).
Thanks for the advice, but I ended up scrapping it and building again from scratch. Not exactly sure why it was originally breaking, probably not calling inbuilt functions with American English!
The Auth component will redirect to the page before you logged in. If that page was the login page that's where it'll redirect to.
When you're testing, it's likely that you're refreshing the login page, so on successful login that's where you're redirected to. You can check this by trying to perform an Auth protected action after logging in.
This gives me a lot of headaches as well - I think the current functionality of the component is a little clumsy in that respect.
I had the exact same problem and found that I had to restart mySQL service. Once it was restarted I stopped getting the login page being redirected. Hope that helps.
Gonna throw something in here. I was having an almost unresolveable problem with cakephp authentication. Ended up doing some debugging around it and found that during my database prep I had created a field for the password which was perfectly able to store normal size passwords... but.... when you start applying password hashing you need a lot more. My code was fine, but I had to add a bunch more space into the VARCHAR field for the password before I could log in. If you're having a problem with authentication - make sure your password field is adequately sized and not getting truncated like mine was. Took me a whole day to find that. DOH!
Correct me if i am wrong but must there not be code for redirection or something inside the function of login
function login() {
}
should it not be something like
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
return $this->redirect($this->Auth->redirectUrl());
}
$this->Flash->error(__('Invalid username or password, try again'));
}
}
I set up the basic Authentication/Authorization set up, but a problem now is that every time I try to access the http://localhost:1234/, it requires user to login.
How/Where do I make the Auth->authorize("index") on the main page?
In the beforeFilter() of your controller
add the following piece of code
> $this->Auth->allow('actionname');
for suppose if I want to allow adding/registering of user without logging in then I would do like this in the beforeFilter() function of the users_controller.php file.
> $this->Auth->allow('add');
Inside app_controller.php's beforeFilter():
$this->Auth->authorize("display");
fixed the problem.
for cakephp 1.3 you have to do it now like this:
var $components = array(
'Auth' => array(
'authorize' => 'controller',
'allowedActions' => array('index','**display**');
)
);
And remember that you also can config a router:
Router::connect('/facebook', array('controller' => 'pages', 'action' => '**display**', 'facebook'));