i try to program a LdapAuthentication and i need some help.
First i need to configure the "$components" in /app/Controller/
Component/AppController.php
<?php
class AppController extends Controller {
var $components = array('Auth' => array(
'Ldap',
'authError' => 'Not allowed here',
'authenticate' => array('Form' => array(
'fields' => array(
'username' => 'username',
'password' => 'password',
'domain' => 'domain'
)
)
),
'authorize' => true,
), 'Session');
}
?>
Then i create a LdapAuthorize.php like
http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#creating-custom-authorize-objects
<?php
App::uses('BaseAuthorize', 'Controller/Component/Auth');
class LdapAuthorize extends BaseAuthorize {
public function authorize($user, CakeRequest $request) {
echo "test";
}
}
?>
But when i try to login with
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Username or password is incorrect'),
'default', array(), 'auth');
}
cakephp doesn't use my authorize function.
What i do wrong? Please help.
Here is a working Ldap Auth class for 2.0.x
https://github.com/analogrithems/idbroker/tree/dev_cake2.0
with a blog post detailing it here:
http://www.analogrithems.com/rant/2012/01/03/cakephp-2-0-ldapauth/
** ALSO **
Your Auth configuration is wrong - the authorize key takes a string or array - a boolean true isn't going to do anything.
If you want it to check an isAuthorized action in the controller - set it like so:
<?php
...
public $components = array( 'Auth' => array(
...
'authorize' => array( 'Controller' ),
...
));
?>
You are passing a boolean parameter here, and have no isAuthorized function in your AppController. Also, you are using old php4 syntax to declare your member variables (use public, protected or private instead of "var")
Related
I am trying to implement blowfish password hasher in my cakePHP app. I've followed along with the tutorial.
When trying to add a new user I'm getting a fatal error when I try to instantiate a new BlowfishPasswordHasher class in the beforeFilter function of my user model. The error states :Class 'BlowfishPasswordHasher' not found.
I saw the question here but it looks like I have everything setup correctly.
Here is relevant code in my app/Controller/appController:
class AppController extends Controller {
public $components = array(
'Flash',
'RequestHandler',
'Auth' => array(
'authenticate' => array(
'Form' =>array(
'passwordHasher' => 'Blowfish'
'fields' => array(
'username' => 'username',
'password' => 'password'
),
),
),
'loginRedirect' => '/trails',
'logoutRedirect' => '/',
),
);
app/Model/User.php
<?php
App::uses('AppModel', 'Model');
App::uses('BlowfishPasswordHasher', 'Conroller/Component/Auth');
class User extends AppModel {
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$passwordHasher = new BlowfishPasswordHasher();
$this->data[$this->alias]['password'] = $passwordHasher->hash($this->data[$this->alias]['password']
);
}
return true;
}
Any help is much appreciated!!!
Looks like you have a spelling mistake:
App::uses('BlowfishPasswordHasher', 'Conroller/Component/Auth');
Change this to:
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');
There's no folder called Conroller and therefore, it's unable to locate the BlowFish library file.
Hope this helps.
I just started trying to learn cakephp auth, i just copied and pasted the code, trying to understand it. I can't figure out what is directly the redirect
//app controller
//is empty i know in some cases you put it here, i'm just tested it in the user controller
//user controller
public $components = array('Paginator',
'Session',
'Auth' => array(
'loginAction' => array(
'controller' => 'users',
'action' => 'login',
'plugin' => 'users'
),
'authError' => 'Did you really think you are allowed to see that?',
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
)
)
);
public function beforeFilter() {
$this->Auth->allow('index', 'view');
}
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirectUrl());
// Prior to 2.3 use
// `return $this->redirect($this->Auth->redirect());`
} else {
$this->Session->setFlash(
__('Username or password is incorrect'),
'default',
array(),
'auth'
);
}
}
}
I understand the before filter makes sense, it only allows index and view, i have another controller called admin which redirects to the login page if your not logged in
but for somme reason it keeps redirecting to users/users/login, i want it to go to users/login? How do i fix this?
you just have to put the controller wherever you go and the action
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect(array('controller' => 'users', 'action' => 'login'));
}
} else {
$this->Session->setFlash(__('Invalido nombre de usuario o contraseƱa'));
}
}
I guess this is a silly question but I'm having trouble logging in to the restricted sections of a site I'm building in Cake.
For starting I see that the password string in $this->request->data['Usuario']['clave'] is not the same as the hashed string using SimplePasswordHasher in the beforeSave function at the model. I should also say that the model is not the default Users model, because I'm writing the application for spanish language and I didn't want to use the default model, so my configuration of the component is:
class AppController extends Controller {
/*function beforeFilter() {
date_default_timezone_set('America/Mexico_City');
}*/
public $components = array(
'Session',
'Auth' => array(
'Form'=>array(
'userModel' => 'Usuario',
'unauthorizedRedirect' => false,
'loginRedirect' => array(
'controller' => 'ComplejosResidenciales',
'action' => 'index'
),
'logOutRedirect' => array(
'controller' => 'Usuarios',
'action' => 'index'
),
'fields' => array(
'username' => 'usuario',
'password' => 'clave'
),
'authorize' => 'Controller'
)
)
);
}
So I decided not to hash the password field, but still to no avail.
I wish anyone could lend me a hand on this because I'm newbie to CakePHP and don't know how to fix it.
I figure it must be something with the Auth->login() method because I'm not following conventions here, but I don't know how to configure the said method. Currently is like follows:
public function login() {
if($this->request->is('post')) {
if($this->Auth->login()) {
return $this->Auth->redirectUrl($this->Auth->redirectUrl());
}
else {
$this->Session->setFlash(__('Las credenciales proporcionadas no son correctas'), 'default', array(), 'auth');
}
As rrd pointed, my $components array was wrong, so I changed it to:
public $components = array(
'Session',
'Auth'=>array('loginRedirect'=>array('controller'=>'ComplejosResidenciales', 'action'=>'index'), 'logOutRedirect'=>array('controller'=>'Usuarios', 'action'=>'index'), 'loginAction'=>array('controller'=>'Usuarios', 'action'=>'login'), 'authenticate'=>array('Form'=>array('userModel'=>'Usuario', 'fields'=>array('username'=>'usuario', 'password'=>'clave')))));
Which is better, according to cakephp.org
Do not put other Auth configuration keys (like authError, loginAction etc) within the authenticate or Form element. They should be at the same level as the authenticate key.
But it isn't working.
Been struggling with it and I can't get the hang of it, I wish someone would point out what I'm doing wrong. In my AppController I have declared the component and the beforeFilter function like this:
public $components = array('Auth'=>array('loginRedirect'=>array('controller'=>'ComplejosResidenciales', 'action'=>'index'),
'logoutRedirect'=>array('controller'=>'Usuarios', 'action'=>'login'),
), 'Session');
public function beforeFilter(){
$this->Auth->authenticate = array(
AuthComponent::ALL => array('userModel' => 'Usuario', "fields" => array("username" => "usuario", "password" => "clave"), 'Form'));
}
And then I have the login function which goes (obviously I guess) in the UsuariosController, like this:
public function login() {
if($this->request->is('post')) {
if($this->Auth->login()) {
return $this->Auth->redirectUrl($this->Auth->loginRedirect);
}
else {
$this->Session->setFlash(__('Las credenciales proporcionadas no son correctas'), 'default', array(), 'auth');
}
}
}
But I just keep seeing the message "Las credenciales proporcionadas no son correctas". I don't know if I'm calling the method of Auth component correctly in the part $this->Auth->login() because apparently I have no result when calling it like that, without arguments, but I tried calling it with the argument $this->request->data and as a result it didn't mattered what I wrote in the username and password fields, anything would pass, which is bad, of course.
Now I see why coding $this->Auth->login($this->request->data) resulted in giving unrestricted access:
In 2.x $this->Auth->login($this->request->data) will log the user in with whatever data is posted, whereas in 1.3 $this->Auth->login($this->data) would try to identify the user first and only log in when successful.
According to cake's manual. I can't seem to read correctly any document about this. Anyway, I beg someone would help me because I'm in a hurry here. After reading some other documents I guess that Auth component should handle everything correctly, as long as I provide the right configuration, so I've ended up doing a beforeFilter() call in the AppController, like this:
var $components = array('Auth', 'Session');
public function beforeFilter() {
$this->Auth->loginAction = array('controller'=>'Usuarios', 'action'=>'login');
$this->Auth->redirectLogin = array('controller'=>'ComplejosResidenciales', 'action'=>'add');
$this->Auth->authenticate = array('Form'=>array('userModel'=>'Usuario', 'fields'=>array('username'=>'usuario', 'password'=>'clave')));
}
Then, in my "UsuariosController" I do:
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('index', 'view', 'add', 'edit', 'delete');
}
And I have my login and logout functions, very simple, but it's not working, and it does not redirect me upon logging in nor does it let me access any other controller, it seems to do nothing. Please help!
/**
* login and logout functions
*
*/
public function login() {
}
public function logout() {
$this->redirect($this->Auth->logout());
}
You should change more things.
$components should be something like this:
public $components = array(
'Session',
'Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array('username'=>'usuario', 'password'=>'clave')
)
)
)
);
I am not sure about userModel, check the manual.
Than you should implement isAuthorized
function isAuthorized($user){
if(in_array($this->action, array('view', 'edit')))
return true;
return false;
}
beforeFilter is not necessary for your case.
Your login method is something like this.
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirectUrl());
}
else {
$this->Session->setFlash(__('Username or password is incorrect'), 'default', array(), 'auth');
}
}
}
Again, I recommend you to read the manual or the book mentioned above. It has a free sample, I think You will get the main idea by that.
I've put a considerable amount of digging into this but I haven't been able to figure out what the best method would be.
I have an employee management system where everyone who logs in is either an "employee", a "supervisor" or a "manager".
At the moment, I display different versions of pages just fine depending on what their rank is. However, regular "employees" can still get to pages they shouldn't if they manually enter the URL. According to CakePHP's documentation, it says all pages are restricted by default, and you have to grant access to each one. But I haven't granted access and it seems all the pages are accessible.
What is the best method for page access?
Thanks!
Edit: Here is the configuration of the AppController:
public $components = array(
'DebugKit.Toolbar',
'Session',
'Auth' => array(
'authenticate' => array(
'Form' => array(
'userModel' => 'Employee'
)
),
'loginAction' => array(
'controller' => 'employees',
'action' => 'login',
//'plugin' => 'users'
),
'loginRedirect' => array('controller' => 'employees', 'action' => 'dashboard'),
'logoutRedirect' => array('controller' => 'employees', 'action' => 'login'),
'authError' => 'You must be logged in to see that.'
)
);
And then there is the isAuthorized() method which always is set to return false:
public function isAuthorized($user = null) {
// Any registered user can access public functions
/*if (empty($this->request->params['admin'])) {
return true;
}*/
// Only admins can access admin functions
/*if (isset($this->request->params['admin'])) {
return (bool)($user['role'] === 'admin');
}*/
// Default deny
return false;
}
Crete two tables in database
resources (id, controller, action) (This will contain controller names and action names.)
permission (roll_id, resource_id)
In isAuthorized() function
If roll is admin, then return true.
Else Check the following.
using $this->request->controller Get current controller name.
using $this->request->action Get current action name.
Get resource_id from resources table for current controller and action.
Check record in permission table for resource_id and roll_id.
If record exist then return true.
Else at the end it is returning false by default.
Your code is missing this in the AppController.php
class AppController extends Controller {
public function isAuthorized($user) {
return true;
}
public function initialize() {
parent::initialize();
$this->loadComponent('RequestHandler');
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => ['fields' => ['username' => 'email']]
],
'authorize' => ['Controller'],
]);
//some other code here
}
I'm using CakePHP 2.2.4, and I have started to work with Atuh Componenet.
This is my AppController:
class AppController extends Controller {
public $components = array('Auth', 'Session');
public function beforeFilter() {
$this->Auth->authorize = array('Controller');
$this->Auth->authenticate = array(
'Form' => array (
'scope' => array('User.active' => 1),
'fields' => array('username' => 'email', 'password' => 'password'),
)
);
}
public function isAuthorized($user) {
debug($user);
return true;
}
}
This is my User.php model
class User extends AppModel {
public $name = 'User';
/* Relazioni */
public $hasOne = 'Profile';
public $belongsTo = 'Role';
public $hasMany = array(
'Lead' => array(
'className' => 'Lead'
)
);
}
and this is my UserController.php
<?php
App::uses('AppController', 'Controller');
class UsersController extends AppController
{
public $name = 'Users';
public $uses = array();
public function beforeFilter()
{
parent::beforeFilter();
}
public function login()
{
if ($this->request->is('post'))
{
if ($this->Auth->login())
{
debug('Logged');
}
else
{
$this->Session->setFlash('Login non autorizzato', 'default', array('class' => 'errore'), 'login');
}
}
}
public function logout()
{
$this->redirect($this->Auth->logout());
}
}
I have a strange problem using Auth Component, because at the end of the layout I have sql_dump element, that prints NO QUERY.
However, If i put correct values I do not login
Why does Auth component is not working ?
EDIT:
The data of the request is:
Array
(
[User] => Array
(
[email] => test#test.it
[pwd] => abc
)
)
Your code in AppController is wrong
public function beforeFilter() {
$this->Auth->authorize = array('Controller');
$this->Auth->authenticate = array(
'Form' => array (
'scope' => array('User.active' => 1),
// password != pwd as you post it
'fields' => array('username' => 'email', 'password' => 'password'),
)
);
}
Change it to
'fields' => array('username' => 'email', 'password' => 'pwd'),
or make sure to post password instead of pwd in your form
Please see https://github.com/cakephp/cakephp/blob/master/lib/Cake/Controller/Component/Auth/FormAuthenticate.php for documentation on the matter
I'd like to post-fix this answer for anyone arriving here, who is unable to get logged in using Auth for which this example does not DIRECTLY Apply.
An important thing to remember is that Auth is expecting the underlying database columns to be "username" and "password". If for whatever reason you defer from this, for example if you want to validate on a users email (very common) and you change the table's column name to reflect this, than you must tell Auth about this.
The reason is because the underlying query will fail. Ultimately all that's happening behind the scene is a simply query matching the specified fields. For example (not exact - simply for demonstration purposes -- select *'s are bad):
SELECT * FROM users WHERE username = 'blahblahblah' AND password = 'someInsan31yh4sh3dpassw0rd'
If your underlying table is missing a "username" column in loo of an "email" column, than this query will obviously fail. Resulting in the inability to login and usually with no indication that the query failed (it is even omitted from the SQL dump). The following code in your AppController however will solve you issues:
public $components = array(
'Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'columnUsedForValidatingUsername', 'password' => 'columnUserForValidatingPassword')
)
)
)
);
Jippi's answer was completely correct in this case. But I feel as though as an answerER on StackOverflow you owe it to anyone finding this to explain WHY the problem is occurring and provide an unspecific answer.
Cheers