I'm using Cake's Auth component and can't seem to figure out how to set specific flash data/error message when using scope.
While testing by changing active from 0 to 1, I can confirm the scope parameter works, however if scope returns false, I get flash data associated with my login method, Your username or password was incorrect..
UsersController
public function login(){
if($this->request->is('post')){
if($this->Auth->login()){
$this->Session->setFlash('You are logged in!');
return $this->redirect($this->Auth->redirect());
}
$this->Session->setFlash(__('Your username or password was incorrect.'));
}
}
AppController
public $components = array(
'DebugKit.Toolbar',
'Acl',
'Auth' => array(
'authorize' => array(
'Actions' => array('actionPath' => 'controllers')
),
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email'),
'scope' => array('active' => '1')
)
)
),
'Session'
);
public function beforeFilter() {
$this->Auth->loginAction = array(
'controller' => 'Users',
'action' => 'login'
);
$this->Auth->logoutRedirect = array(
'controller' => 'Users',
'action' => 'login'
);
$this->Auth->loginRedirect = array(
'controller' => 'Users',
'action' => 'index'
);
}
Is it possible to bind a specific error message for each scope parameter and login method?
Very simple in CakePHP :)
You can custom error message in every method of Controller
Simple, you do it as I say ^_^
Exmple:
<?php
public function accessSite(){
//disable default message authError of Auth
$this->Auth->authError = false;
$message = 'You not have permission access here';
//set new custom message
$this->Auth->flash($message);
}
Related
I am new to rapid development frameworks and I am currently working on a project on Cakephp. I have been having a problem establishing a session on my application.
I have used the login function but it won't accept the credentials I put in and returns the flash message for incorrect credentials. I have tried changing the function in different ways but it's clear that it is not establishing a session. Please help.
Here is the relevant code.
UsersController.php
public function login() {
if ($this->request->is('post')) {
if ( $this->request->is( 'post' ) ) {
if ( $this->Auth->login() ) {
$this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Your username or password was incorrect.'));
}
}
}
}
AppController.php
public $components = array('Session', 'Auth');
It seems your AppController is missing some information inside $components.
Try this:
class AppController extends Controller {
public $components = array(
'Cookie',
'Session',
'Auth' => array(
'loginRedirect' => array(
'controller' => '**YOUR CONTOLLERr**',
'action' => '**YOUR ACTION**'
),
'logoutRedirect' => array(
'controller' => '**YOUR CONTOLLERr**',
'action' => '**YOUR ACTION**',
'home'
),
'loginAction' => array(
'controller' => '**YOUR CONTOLLERr**',
'action' => '**YOUR ACTION**'
),
'authError' => 'Access Denied!',
'loginError' => 'Invalid user and password',
'authorize' => array('Controller'),
'authenticate' => array('Form' => array(
'userModel' => 'User',
'fields' => array(
'username' => '**LOGIN FIELD**',
'password' => '**PASSWORD FIELD**'
)
)
),
)
);
}
It is important to set Session inside AppController so you can establish it.
Also its important to check PasswordHash since Cakephp only validate credentials if password stored in Database is Hashed.
Hope It helps you.
I can see nothing in your "relevant code", you can compare the data of that you obtain with your DB in your login, just use debug, so:
public function login() {
if ($this->request->is('post')) {
debug($this->request->data);
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirectUrl());
} else {
//$this->Session->setFlash(('Your username or password was incorrect.'));
}
}
}
with this we can obtain more information you can tell me what show and if those data is the same in the DB.
I have 2 admin roles (super, admin), at first login, everything works fine but after logout and login as a different admin, it redirect be to the super prefix.
Here is my app controller:
class AppController extends Controller {
public $helpers = array('Js', 'Session');
public $components = array(
'Session',
'RequestHandler',
'DebugKit.Toolbar',
'Auth' => array(
'autoRedirect' => false,
'loginAction' => array(
'admin' => false,
'super' => false,
'controller' => 'users',
'action' => 'login'
),
'loginRedirect' => array(
'controller' => 'users',
'action' => 'dashboard',
'admin'=> true,
'super'=> true
),
'logoutRedirect' => array(
'admin' => false,
'super' => false,
'controller' => 'users',
'action' => 'login'
),
'authError' => 'Please login to continue.',
'flash' => array('element' => 'flash/default', 'key' => 'auth', 'params' => array('class' => 'error', 'title' => 'Authentication Error')),
'authorize' => 'Controller',
'authenticate' => array(
'Form' => array(
'userModel' => 'User',
'fields' => array(
'username' => 'email'
),
)
),
)
);
public function isAuthorized($user) {
# Accept if Admin
if($user['admin']){
return true;
}
# Check if current prefix is admin or physician and authenticate user
if(isset($this->request->prefix)) {
switch ($this->request->prefix) {
case 'super':
if(!$user['super']){
$this->Auth->authError = 'Sorry, you do not have permission to access the Manager\'s area';
}
return $user['super'];
break;
case 'admin':
if(!$user['admin']){
$this->Auth->authError = 'Sorry, you do not have permission to access the Administrators\'s area';
}else{
$this->layout = 'admin_layout';
}
return $user['admin'];
break;
}
}else{
$this->layout = 'super_layout';
return true;
}
$this->Auth->authError = 'Sorry, you do not have permission to access the Admin area';
return false;
}
public function beforefilter(){
$this->appSettings = Configure::read('appSettings');
$this->set('appSettings', Configure::read('appSettings'));
if (!$this->Auth->loggedIn()) {
$this->Auth->authError = false;
}
if(isset($this->request->prefix)) {
switch ($this->request->prefix) {
case 'admin':
$this->layout = 'admin_layout';
$admin = true;
break;
case 'super':
$this->layout = 'super_layout';
$super = true;
break;
}
}
}
property AuthComponent::$loginRedirect
The URL (defined as a string or array) to the controller action users should be redirected to after logging in. This value will be ignored if the user has an Auth.redirect value in their session.
If you tried accessed domain.com/super/ and tried to login as an admin, cake will ignore the $loginRedirect attribute and after you login , it will try to redirect you to domain.com/super/ which is the link you tried to access at first
i am developing with cakephp 2.4.7 where i am using the auth component for multiple login (a user and a company login).
My goal is to set the right sessionKey (Auth.User or Auth.Company) in the beforeFilter. Auth.User is the default value in cakephp.
AppController:
public $helpers = array('Cache','Html','Session','Form');
public $components = array(
'Security',
'Cookie',
'RequestHandler',
'DebugKit.Toolbar',
'Session',
'Auth' => array(
'loginRedirect' => array(
'controller' => 'users',
'action' => 'index'
),
'logoutRedirect' => array(
'controller' => 'users',
'action' => 'login'
),
'authError' => 'You must be loggedin to view this page.',
'loginError' => 'Invalid user credentials.',
'authorize' => array('Controller')
)
);
public function beforeFilter() {
$this->Auth->deny('*');
}
CompaniesController:
public function beforeFilter() {
parent::beforeFilter();
AuthComponent::$sessionKey = 'Company';
//$this->Auth->sessionKey = 'Auth.Company';
$this->Auth->authenticate = array(
'Form' => array(
'userModel' => 'Company', // set the new userModel
'fields' => array('username' => 'email')
)
);
$this->Auth->allow('register', 'login', 'logout');
}
The login works perfectly, but the auth-session is still Auth.User. (Tested with debug($this->Auth->User());)
What i am doing wrong? How can i set the AuthComponent::$sessionKey correctly?
I had a same problem today, I have jumped into code (here) to check why its not working for me.
It seems that you have to set it like this
public function beforeFilter()
{
AuthComponent::$sessionKey = 'Auth.Company'; // static property so we have to
// access in static way so you want get strict errors
...
}
and then logout and login user again. In your action just var_dump() or pr() the $this->Session->read('Auth')
Btw $this->Auth->user() will always return you array that is in the Auth by [$sessionKey] and its same for AuthComponent::user() static call.
Is it a way to customize the authError URL on CakePHP? If I look into the Auth component I've placed in the AppController i have a redirect action loginRedirect and logoutRedirect but i don't know if is it possible to set something like authErrorRedirect:
<?php
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'index'),
'authError' => 'You don\'t have the right to go there.',
// something like this
'authErrorRedirect' => array('controller' => 'users', 'action' => 'login'),
'authorize' => array(
'Controller',
'Actions' => array(
'actionPath' => 'controllers'
)
),
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
)
),
'Acl'
);
Can I set an authError redirect action?
No. If you follow the Simple Authentication and Authorization Application Example # CakePHP Cookbook v2.x documentation you should redirect in the login action where the login fails for 'Invalid username or password...'. These only makes sense if you want to redirect for a different action, in the following example login2
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Invalid username or password, try again'));
$this->redirect(array('controller' => 'users', 'action' => 'login2'));
}
}
}
I don't have a User table. I got a Customer table. It seems like Cakephp Auth doesn't recognise any other table beside User. Is there any way to walk around this error?
If I tried using $this->Auth->User('role') - it works perfectly fine. But all my auth credentials is under the Customer table. please help.
I got this error below
Fatal error: Call to undefined method AuthComponent::Customer() in
/Applications/MAMP/htdocs/development03/app/app_controller.php on line 56
The code:
function beforeFilter() {
$this->set('admin', $this->_isAdmin());
}
function _isAdmin() {
$admin = FALSE;
if ($this->Auth->Customer('role') == 'admin') {
$admin = TRUE;
}
return $admin;
}
Let's say that you want administrators table where username is field email and password is field password:
In your AppController.php:
public $components = array('Session',
'Auth' => array('authenticate' => array('Form' => array( 'userModel' => 'Administrator',
'fields' => array(
'username' => 'email',
'password' => 'password'
)
)
),
'authorize' => array('Controller'),
'loginAction' => array('controller' => 'administrators', 'action' => 'login'),
'loginRedirect' => array('controller' => 'Home', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'Home', 'action' => 'index'),
),
);
In AppController.php add this too:
public function isAuthorized($user){
return true;
}
You will have to use userModel => ModelName property. Your AppController should looks like:
class AppController extends Controller
{
public $components = array(
'Auth' => array('authenticate' => array('Form' => array('userModel' =>'Customer',
'fields' => array('username' => 'USER_LOGINNAME', 'password' => 'USER_PASSWORD'
)
)
)
)
);
/*...... Your code ............*/
}
This link might help you to resolve bugs.