CakePHP's Auth component requires the username field to be present in order to convert the password field into a hash upon save. Apparently, even if I put the following in the beforeFilter():
$this->Auth->fields = array('username' => 'email', 'password' => 'password');
it doesn't encrypt the password before inserting it into the database.
So my question is, assuming this is supposed to happen, what is the best way to encrypt the password? Or, have I made a simple error somewhere?
Thanks in advance for any assistance!
Here's the before filter in the users_controller.php:
function beforeFilter() {
$this->Auth->fields = array('username' => 'email', 'password' => 'password');
}
And the app_controller.php:
var $components = array('Auth');
Oops, I had duplicated the line $this->Auth->fields = array('username' => 'email', 'password' => 'password'); in the AppController as well and it seems that was causing the problem. Sorry about that and thanks for the tip to double check by posting here :)
Related
I read all the cakephp component Auth documentation in http://book.cakephp.org/3.0/en/controllers/components/authentication.html but I cant find a solution :-(
I'm trying to use different model called "Usuarios" in component Auth and change the field "username" by "cedula". This is my configuration in AppController.php:
public function initialize() {
parent::initialize();
$this->loadComponent('Flash');
$this->loadComponent('Auth');
$this->Auth->config('authenticate', [
'Basic' => [
'userModel' => 'Usuarios',
'fields' => [
'username' => 'cedula',
'password' => 'password']],
'Form' => ['userModel' => 'Usuarios',
'fields' => [
'username' => 'cedula',
'password' => 'password']]
]);
But nothing happend. No appear login form and session is open.
What i'm doing wrong?
Match the controller name to the template directory, and the method to the template.
If your controller is src/Controllers/Usuarios, method login(), then in src/Templates/Usuarios/ you need to have login.ctp as your view file.
If you have all that, it should work. By the way, if you are using 'password' as your password field, you don't need to specify that when you configure Auth; You only need to set 'username' => 'cedula' because you are changing the default.
Also, have you set anything in $this->Auth->allow() in the beforeFilter() method?
So in the sake of security I force all password change requests to validate through a password check. The problem I have is that using a debug($this->request) call I'm seeing a plaintext password:
object(CakeRequest) {
...snip...
data => array(
'User' => array(
'password' => '*****',
'password_check' => 'asdfa',
'id' => '38'
)
)
...snip...
}
Should this be a concern for me? Is there a way I can have password_check treated like a password?
as long as you don't actually print it anywhere on the page you will be fine!
Just for organization sake, I wanted to use a different table for the authentication component to check, but it doesn't quite work. While I can initially state:
$this->Auth->userModel = "CoreUsers" plus set the loginAction to my proper MVC
works to look at that table just to confirm it's there, but the login doesn't work, it only keeps returning an incorrect password. Something happens in the authentication component; I can't tell what makes it fail. When I rename my table to "Users", it works.
The other part is I'd prefer to actually use the column name of 'email' rather than 'username' since that's really what I'm using anyway.
I am just not having luck finding a complete tutorial and reference sets to do both these successfully with CakePHP 2.x. What is the way forward?
References:
Stack Overflow question How do I use a table other than "Users" for CakePHP's AuthComponent?
Stack Overflow question CakePHP - 'AuthComponent' with a different model name (not 'User')
(I had a look for answers, but I never quite got the whole answer.)
Make sure your database table "core_users" and model "CoreUser" exists.
When you setup component you can put login/logout redirect here.
var $components = array(
"Auth" => array(
'loginRedirect' => array('controller' => 'dashboard', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'core_users', 'action' => 'login')
),
"Session");
Now in beforeFilter medhod you can put the following
function beforeFilter(){
$this->Auth->authenticate = array(
AuthComponent::ALL => array('userModel' => 'CoreUser', 'scope' => array("CoreUser.status" => 1), "fields" => array("username" => "email", "password" => "your_password_field"), 'Form', 'Basic'
);
}
Above example you can ignore status, if you need to pass any other info on the login verification u can use that. Now about you can remove 'Basic' if you only need form validation.
I hope this would work .
First, model names are generally singular. Are you sure you didn't mean CoreUser which would look in the core_users table?
Secondly, you can use the email field instead of username by setting the fields key on your auth setup.
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'userModel' => 'CoreUser',
'fields' => array('username' => 'email')
)
)
)
);
See the book for more information.
I had downloaded the plugin from link
https://github.com/CakeDC/users
followed the steps given in the page. I have created the tables 'users' and 'details'. I have also registered the user and verfied the user, but while accessing the link www.mydomain/users/users/login this page is getting redirected to www.mydomain/users/login
which shows missing controller. I am new to cake and for me it is difficult to debug. I would be thank if some one help me.
Thank you for the response.
Yes, I have added the code given in the "cake\libs\controller\app_controller.php" file. In order to test this I have freshly downloaded the core files and setup the files in my local system. I have placed the plugins 'utils', 'search' and 'users' to my app/plugins folder and created the tables.
Now also I am able to register the user but not able to see the login page. ie. "while accessing the link www.mydomain/users/users/login this page is getting redirected to www.mydomain/users/login which shows missing controller".
Please let me know if I am missing anything or I am wrong.
Thank you.
This looks like a problem in the login redirection.
Did you add the beforeFilter() configuration to your app_controller?
if not you may need to add it.
Here is an example of how your app_controller should look like:
<?php
class AppController extends Controller {
var $components = array('RequestHandler', 'Session', 'Auth');
function beforeFilter(){
$this->Auth->fields = array('username' => 'email', 'password' => 'passwd');
$this->Auth->loginAction = array('plugin' => 'users', 'controller' => 'users', 'action' => 'login', 'admin' => false);
$this->Auth->loginRedirect = '/';
$this->Auth->logoutRedirect = '/';
$this->Auth->authError = __('Sorry, but you need to login to access this location.', true);
$this->Auth->loginError = __('Invalid e-mail / password combination. Please try again', true);
$this->Auth->autoRedirect = false;
$this->Auth->userModel = 'Users.User';
$this->Auth->userScope = array('User.active' => 1);
}
}
?>
Remember that the $this->Auth->loginAction MOST contain the 'plugin'=>'users', without it it will go to www.mydomain/users/login instead of www.mydomain/users/users/login
CakePHP's AuthComponent assumes you have a Users table that contains a username and password. I'd like to find a way to override the default tablename from Users to Accounts.
Background Information:
The way I have designed my database is to have a Users table and an Accounts table.
Accounts:
id
user_id
username
password
authentication service (for example, my site, Facebook, Google, OpenID, etc.)
Users:
simply has all the personal information of the user (age, gender, etc.)
The reason for this is so that
each user can have multiple accounts they can login from so they are not locked into one
I can connect the third-party services to an account for more awesomeness
Now back to the problem....
CakePHP has documentation on changing the default field name, but I can't find anything on changing the default table name, but assume it would be similar in nature...
Example of changing the default field name:
function beforeFilter() {
$this->Auth->fields = array(
'username' => 'username',
'password' => 'secretword'
);
}
Is there a way to accomplish this or should I restructure the tables keeping with CakePHP convention and still accomplish the same thing?
In app_controller.php:
function beforeFilter() {
$this->Auth->userModel = 'Account';
}
Below code was helpful in my case as accepting username in email field, you can also define password hash in options.
$this->Auth->authenticate = array(
'Basic' => array('userModel' => 'Account'),
'Form' => array(
'fields' => array('username' => 'email'),
'userModel' => 'Account'
)
);