When user access unauthorized url in my application, CakePHP execute too many redirects.
I don't know why.
I try set the parameters unauthorizedRedirect and redirectUrl, but doesn't work.
AppController.php
public $components = array(
'DebugKit.Toolbar',
'Session',
'Acl',
'Auth' => array(
'unauthorizedRedirect ' => false,
'loginAction' => array('controller' => 'users', 'action' => 'login'),
'authenticate' => array(
'Form' => array(
'userModel' => 'User',
'fields' => array('username' => 'nickname', 'password' => 'password_hash')
),
),
'authorize' => array(
'Actions' => array('actionPath' => 'controllers/')
)
// 'authError' => 'This error shows up with the user tries to access a part of the website that is protected',
)
);
Change this
"actionPath" => "controllers/"
into this
"actionPath" => "Controllers/"
I'm quite sure that you are on a case sensitive OS.
Another thing to setup it's the "loginRedirect" and the "logoutRedirect" statements: at the moment, if you login into the users/login action you will be redirected to the same action again and again. For a testing purpose I'd recommend you to set both of them to the root just adding this to your code:
'loginRedirect' => '/',
'logoutRedirect' => '/'
firstly check that is users/login action can display content to unauthorized user ? Use $this->Auth->allow(array('login', 'logout') in user controller. If you use Acl and Action authorize, check that anonymus has permission to see this user/login page.
Related
I have seen many similar problems here in SO but none have helped me solving my problem.
I don't think CakePHP's AuthComponent is behaving properly when it comes to permission errors.
My CakePHP app is in a subdomain of my website (e.g. http://www.example.com/myapp). Everytime a permission error occurs (user is not allowed to see this page), Cake adds another "/myapp" in the URL (so it becomes http://www.example.com/myapp/myapp) and naturally throws an error which says that "myapp" controller doesn't exist.
In my scenario, the login view is linked to the root of the website. So, I have in my AppController:
public $components = array(
'Session',
'Auth' => array(
'loginAction' => array(
'controller' => 'users',
'action' => 'login'
),
'logoutRedirect' => array(
'controller' => 'users',
'action' => 'login'
),
'authorize' => 'Controller',
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
)
)
);
And in routes.php:
Router::connect('/', array('controller' => 'users', 'action' => 'login'));
Router::connect('/users', array('controller' => 'users', 'action' => 'login'));
Router::connect('/pages/*', array('controller' => 'pages', 'action' => 'display'));
All I want is to be able to configure manually which URL Cake should redirect to in case of permission errors. Anybody knows how to do that?
I'm sorry guys, I accidentally found the answer a bit later. As CakePHP has some very intuitive labels, I started guessing some possible options for the Auth Component that would solve my problem. And I ended up discovering the unauthorizedRedirect option!
So I have:
'unauthorizedRedirect' => array(
'controller' => 'users',
'action' => 'login'
),
And it's working just fine now. I just wish Cake's documentation had covered this... If it does, I swear I couldn't find it anywhere.
I am setting for the first time the Auth component on my site, and everything seems to work fine except when I try to access a restricted page. Instead of being redirected to http://localhost/MySite/users/login, I get redirected to http://localhost/MySite/users/users/login, the controller name is repeated on the url. How can this issue be fixed?
I am using CakePhp 2.4.4
AppController
class AppController extends Controller {
public $components = array('DebugKit.Toolbar',
'Session','Auth' => array(
'loginRedirect'=> array(
'controller' => 'admins',
'action' => 'admin_index'
),
'logoutRedirect' => array(
'controller' => 'users',
'action' => 'login'
),
'loginAction' => array(
'controller' => 'users',
'action' => 'login',
'plugin' => 'users'
),
'authError' => 'Não tem permissão para aceder a esta área. Por favor faça login.',
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'username', 'password' => 'password'
),
'userModel' => 'User'
)
),
'authorize' =>array('Controller'
)
)
);
public function beforeFilter(){
$this->Auth->allow('index','ShowImages','ShowShowbill','ShowVideos','ShowContactUs','contact','login','DisplayMusic','DisplayEntertainment','DisplayPromotion','DisplayStaff','DisplayEquipments');
}
In Auth component you need to add 'unauthorizedRedirect' otherwise Cake tries to redirect to /{app-directory} (this was giving me a headache yesterday).
public $components = array(
//your other components
'Auth' => array(
//your other options for Auth
'unauthorizedRedirect' => '/home'
)
);
This would direct any user trying to access a page they shouldn't be allowed on to 'yourDomain/home'.
I have a site in cakephp 2.x where I want that a guest user (not logged in) can see same pages:
users/login
users/forgot_password
users/reset_password
I have AuthComponent that can't access my page. I can access to users/login but not to forgot_password and reset_password, if i try to ccess always redirect to the login page.
This is my AppController with AuthComponent:
public $components = array(
'Session',
'Auth' => array(
'loginAction' => array('controller'=>'users','action'=>'login', 'admin'=>false),
'logoutRedirect' => array('controller'=>'users','action'=>'login'),
'loginRedirect' => array('controller'=>'projects', 'action'=>'index'),
'authError' => 'Questa risorsa non sembra appartenere al tuo account, oppure non hai eseguito l\'accesso',
'autoRedirect' => false,
'authorize' => array(
'Controller',
'Actions' => array(
'actionPath' => 'controllers'
)
),
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
)
)
);
In this case I can't access to forgot_password and reset_password.
But if I change it to this:
public $components = array(
'Session',
'Auth' => array(
'loginAction' => null,
'logoutRedirect' => array('controller'=>'users','action'=>'login'),
'loginRedirect' => array('controller'=>'projects', 'action'=>'index'),
'authError' => 'Questa risorsa non sembra appartenere al tuo account, oppure non hai eseguito l\'accesso',
'autoRedirect' => false,
'authorize' => array(
'Controller',
'Actions' => array(
'actionPath' => 'controllers'
)
),
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
)
)
);
I have set null to loginAction in this case I can access to forgot_password and reset_password but page are blank without errors, body are empty. These page are simply html without query like this:
controller action
public function forgot_password(){
}
view
<div>
<p>RESTORE PASSWORD</p>
</div>
Someone can help me? Thanks
In your beforeFilter() callback, add $this->Auth->allow('forgot_password');
Api: AuthComponent:allow()
Noob question!
I have a complete admin setup: login, authentication an so on, it's working.
So, now i need a new controller to another situation and then i create the controller named PressDownloadsController and the correct views to every action inside this new controller.
I also created the following route:
Router::connect('/pressdownloads', array('controller' => 'pressdownloads', 'action' => 'downloads'));
Inside the pressDownloads controller, there's some redirect between some actions.
When i try to open the url /pressdownloads/downloads or just /pressdownloads it just goes to admin controller and i need to login in before acess the pressdownloads area.
Why?
The Auth Settings inside UsersController (admin):
Ok. I get it.
So the auth settings:
public $components = array(
'Session',
'Auth' => array(
'loginAction' => array(
'controller' => 'users',
'action' => 'login',
'prefix' => 'admin',
),
'loginRedirect' => '/admin/events',
'logoutRedirect' => '/admin',
'authError' => 'Acesso negado',
'flash' => array(
'element' => 'admin/messages/error',
'key' => 'auth',
'params' => array()
),
'authorize' => array('Controller'),
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
)
)
);
I recommend to check Auth component settings and how you split admin area from non-admin.
Also, you may specify in your routing not to use admin prefix like this:
Router::connect('/pressdownloads', array('controller' => 'pressdownloads', 'action' => 'downloads', 'admin' => false));
I believe you are going to that link after "Admin" has been enabled. Simply put you must be clicking the link from the pages served by admin.
Try adding additional parameter "admin" => false in your present route.
Router::connect('/pressdownloads',
array(
'controller' => 'pressdownloads',
'action' => 'downloads',
'admin' => false
)
);
I'm building a closed website which has a landing page for everyone.
I'm using ZfcUser and BjyAuthorize.
Everything works now but I wonder how I can exclude my Application's Application\Controller\Index::index action.
In my module.bjyauthorize.global.php I told my action to require no authentication:
'BjyAuthorize\Guard\Controller' => array(
array(
'controller' => 'Application\Controller\Index',
'action' => 'index',
'roles' => array()
),
// ...
But still I get forwarded to the ZFCUser login page.
Any idea what I'm missing?
Edit:
I tried it with the guest role but no luck so far:
'default_role' => 'guest',
'BjyAuthorize\Provider\Role\Config' => array(
'guest' => array(),
'user' => array(
'children' => array(
'admin' => array(),
),
),
),
NOTE: valid in BjyAuthorize 1.2.*
You have to allow the guest user to access the index page:
'BjyAuthorize\Guard\Controller' => array(
array(
'controller' => 'Application\Controller\Index',
'action' => 'index',
'roles' => array('guest', 'user')
),
// ...
What you defined in your question is a deny-all instead.
Since BjyAuthorize's controller guard configuration acts as a whitelist, there is no way to allow access to all roles at once right now.