One thing I forgot (actually realized after I posted)
Don't forget to put in your users controller the following beforeFilter
() so you can login and out of the apps :)
function beforeFilter() {
$this->Auth->allow('login','logout');
}
On Sep 17, 11:41 pm, gparra <[email protected]> wrote:
> Ok, so basically I left it working as intended, but I'm not sure this
> is the way CakePHP intended for me to write it so it would work.
>
> I tried removing isAuthorized and that made any controller without a
> beforeFilter() function claiming for a definition of isAuthorized.
>
> I tried four different controllers with the above mentioned
> app_controller:
>
> 1. No before filter function - Everything is accessible without a
> password, but add and edit don't send you to the form, put you back on
> index displaying the flash "The controller has been saved"
> 2. Before filter function with:
> function beforeFilter(){
> parent::beforeFilter();
> $this->Auth->allow('index');
> }
> In this case, nothing requires a login and Add and Edit behave the
> same way as with 1.
> 3. Before filter function with only $this->Auth->allow('index'); -
> Here everything works as intended, index doesn't require a password
> and add and edit work just fine. Note the fact again that this only
> happens if I DONT call parent:beforeFilter()
> 4. Empty beforeFilter() function - Everything requires a password
> (even though the app_controller says allow('*'), but after the
> password is entered, everything behaves as it should.
>
> Thus since i was uncomfortable with the fact that my solution combined
> an allow('*') in the app_controller with an empty beforeFilter()
> function, i decided to try allow('display') again and combined it with
> number 3 above. This way It would at least make sense that everything
> would require a password except for index and display, even though not
> calling parent::beforeFilter() wasn't being called.
>
> And that worked. so my final combination 'weird solution' looks like
> this:
> app_controller:
> <?php
> class AppController extends Controller {
> var $components = array('Auth');
>
> function beforeFilter() {
> Security::setHash('md5');
> $this->Auth->authenticate = ClassRegistry::init('User');
> $this->Auth->fields = array(
> 'username' => 'name',
> 'password' => 'pass',
> );
> $this->Auth->loginAction = array('controller' => 'users',
> 'action' => 'login');
> $this->Auth->loginRedirect = array('controller' => 'pages',
> 'action' => 'display', 'home');
> $this->Auth->allow('display');
> $this->Auth->authorize = 'controller';
>
> }
>
> function isAuthorized() {
> return true;
> }}
>
> ?>
>
> controller before filter:
> function beforeFilter(){
> $this->Auth->allow('index');
> }
>
> User model hashpasswords:
> function hashPasswords($data) {
> $data['User']['pass'] = md5($data['User']['pass']);
> return $data;
> }
>
> This allows me to move forward with an authenticated app that allows
> index without credentials and lets me leave everything else working as
> it should.
>
> The downside is that if this is a bug I'm going to have to re-write
> all the stuff once it gets fixed and that will be a big pain since I
> have to put either and empty beforeFilter() function or one with the
> allow index in every single controller I need to have authentication.
>
> I hope my solution helps someone else in the future, or is at least
> used for debugging of Cake. If I'm wrong though and I'm doing
> something silly that is making me have this not so nice behavior I'll
> be happy to swallow my words and venerate CakePHP accordingly so
> please let me know if I am!
>
> Thank you!
>
> On Sep 17, 9:41 am, gparra <[email protected]> wrote:
>
> > I'll give the authorize thing a try again, although I didn't have it
> > in the previous version, I don't think it will make a difference.
>
> > I did read a lot about whether to use the salt or not, for other
> > things rather than just the password hashing and Cake doesn't only use
> > it for the password hashing but also for other things, like cookies I
> > believe. So I rather keep using the Cake salt, just not for password
> > hashing.
>
> > I will give it a shot removing it from the core config and removing my
> > own hashpassword function. Just to see if I get the right behavior.
>
> > I'm pretty confused at the last thing though. Empty beforeFilter()
> > functions make the controllers behave as intended? that's just
> > weird :)
>
> > And everything else does look correct.
>
> > Will give the authorize and salt thing a try tonight, I won't be able
> > to work on it until late today.
>
> > Maybe the session is confusing the salt when opening an add or edit
> > function and spitting me out straight to "The controller has been
> > saved". (Which would be a bug since if there's problems with the salt
> > and its not letting me into the add or edit form, the flash should say
> > something like "Cannot add controller" or "Cannot edit controller"
> > instead of the message I'm getting.
>
> > Thanks.
>
> > On Sep 17, 9:17 am, Miles J <[email protected]> wrote:
>
> > > Try removing the isAuthorized, especially if there is no logic in it.
> > > That may be the problem, not sure. Everything else looks correct
> > > though.
>
> > > Also, if you want to use md5() hashing but not use a salt, just set
> > > the salt to empty in the core config.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
