Actually the problem is that if i DO call parent::beforeFilter() the
application does not work.
The only way the application is working as it should is by NOT calling
parent::beforeFilter()
My before filter function with only $this->Auth->allow('index'); in
it, lets everything work as intended, index doesn't require a password
and add and edit work just fine. Note the fact again that this only
happens if I DONT call parent:beforeFilter() which shouldn't be the
case in my opinion.
That's where my problem lies in trying to understand if this is a bug
or i'm missing something else.
The only place I'm calling parent:beforeFilter() is under the users
controller so that my custom made hashing function allows people to
log in. But if I call it anywhere else, then Add and Edit do not work
properly and you never get into the ADD and Edit forms even though you
are logged in.
Any ideas?
On Sep 26, 2:54 am, "Dr. Loboto" <drlob...@gmail.com> wrote:
> If all your problems was because of forgotten parent::beforeFilter()
> call it is only your problem, not cake one.
>
> On Sep 26, 12:38 am, gparra <gpa...@gmail.com> wrote:
>
> > Does anyone have a good sense of whether this is could be considered a
> > bug and if so, how can i submit it as one to the CakePhp community?
>
> > My code works how I want it to work, but it certainly doesn't look
> > like what I think CakePhp intended, I don't want to build my whole
> > site using it and one day have to change everything when an update of
> > CakePhp breaks it all.
>
> > I'd rather submitt a bug, track it, help if i can and make sure it
> > works as intended in the future versions.
>
> > I'll appreciate any comments.
>
> > Thank you.
>
> > On Sep 17, 11:56 pm, gparra <gpa...@gmail.com> wrote:
>
> > > Oh, by the way, I realized afterwards.
>
> > > Make sure you users_controller either doesn't have a beforeFilter()
> > > function or if it does, it calls parent::beforeFilter() as the first
> > > thing it does. Otherwise you won't be able to login or out with the
> > > custom hash in the model. (I know this makes it even more confusing to
> > > figure out how the whole thing is working, but at least it is, and
> > > that's really where I wanted it to be in the first place.)
>
> > > On Sep 17, 11:41 pm, gparra <gpa...@gmail.com> wrote:
>
> > > > Ok, so basically I left it working as intended, but I'm not sure this
> > > > is the way CakePHP intended for me to write it so it would work.
>
> > > > I tried removing isAuthorized and that made any controller without a
> > > > beforeFilter() function claiming for a definition of isAuthorized.
>
> > > > I tried four different controllers with the above mentioned
> > > > app_controller:
>
> > > > 1. No before filter function - Everything is accessible without a
> > > > password, but add and edit don't send you to the form, put you back on
> > > > index displaying the flash "The controller has been saved"
> > > > 2. Before filter function with:
> > > > function beforeFilter(){
> > > > parent::beforeFilter();
> > > > $this->Auth->allow('index');
> > > > }
> > > > In this case, nothing requires a login and Add and Edit behave the
> > > > same way as with 1.
> > > > 3. Before filter function with only $this->Auth->allow('index'); -
> > > > Here everything works as intended, index doesn't require a password
> > > > and add and edit work just fine. Note the fact again that this only
> > > > happens if I DONT call parent:beforeFilter()
> > > > 4. Empty beforeFilter() function - Everything requires a password
> > > > (even though the app_controller says allow('*'), but after the
> > > > password is entered, everything behaves as it should.
>
> > > > Thus since i was uncomfortable with the fact that my solution combined
> > > > an allow('*') in the app_controller with an empty beforeFilter()
> > > > function, i decided to try allow('display') again and combined it with
> > > > number 3 above. This way It would at least make sense that everything
> > > > would require a password except for index and display, even though not
> > > > calling parent::beforeFilter() wasn't being called.
>
> > > > And that worked. so my final combination 'weird solution' looks like
> > > > this:
> > > > app_controller:
> > > > <?php
> > > > class AppController extends Controller {
> > > > var $components = array('Auth');
>
> > > > function beforeFilter() {
> > > > Security::setHash('md5');
> > > > $this->Auth->authenticate = ClassRegistry::init('User');
> > > > $this->Auth->fields = array(
> > > > 'username' => 'name',
> > > > 'password' => 'pass',
> > > > );
> > > > $this->Auth->loginAction = array('controller' => 'users',
> > > > 'action' => 'login');
> > > > $this->Auth->loginRedirect = array('controller' => 'pages',
> > > > 'action' => 'display', 'home');
> > > > $this->Auth->allow('display');
> > > > $this->Auth->authorize = 'controller';
>
> > > > }
>
> > > > function isAuthorized() {
> > > > return true;
> > > > }}
>
> > > > ?>
>
> > > > controller before filter:
> > > > function beforeFilter(){
> > > > $this->Auth->allow('index');
> > > > }
>
> > > > User model hashpasswords:
> > > > function hashPasswords($data) {
> > > > $data['User']['pass'] = md5($data['User']['pass']);
> > > > return $data;
> > > > }
>
> > > > This allows me to move forward with an authenticated app that allows
> > > > index without credentials and lets me leave everything else working as
> > > > it should.
>
> > > > The downside is that if this is a bug I'm going to have to re-write
> > > > all the stuff once it gets fixed and that will be a big pain since I
> > > > have to put either and empty beforeFilter() function or one with the
> > > > allow index in every single controller I need to have authentication.
>
> > > > I hope my solution helps someone else in the future, or is at least
> > > > used for debugging of Cake. If I'm wrong though and I'm doing
> > > > something silly that is making me have this not so nice behavior I'll
> > > > be happy to swallow my words and venerate CakePHP accordingly so
> > > > please let me know if I am!
>
> > > > Thank you!
>
> > > > On Sep 17, 9:41 am, gparra <gpa...@gmail.com> wrote:
>
> > > > > I'll give the authorize thing a try again, although I didn't have it
> > > > > in the previous version, I don't think it will make a difference.
>
> > > > > I did read a lot about whether to use the salt or not, for other
> > > > > things rather than just the password hashing and Cake doesn't only use
> > > > > it for the password hashing but also for other things, like cookies I
> > > > > believe. So I rather keep using the Cake salt, just not for password
> > > > > hashing.
>
> > > > > I will give it a shot removing it from the core config and removing my
> > > > > own hashpassword function. Just to see if I get the right behavior.
>
> > > > > I'm pretty confused at the last thing though. Empty beforeFilter()
> > > > > functions make the controllers behave as intended? that's just
> > > > > weird :)
>
> > > > > And everything else does look correct.
>
> > > > > Will give the authorize and salt thing a try tonight, I won't be able
> > > > > to work on it until late today.
>
> > > > > Maybe the session is confusing the salt when opening an add or edit
> > > > > function and spitting me out straight to "The controller has been
> > > > > saved". (Which would be a bug since if there's problems with the salt
> > > > > and its not letting me into the add or edit form, the flash should say
> > > > > something like "Cannot add controller" or "Cannot edit controller"
> > > > > instead of the message I'm getting.
>
> > > > > Thanks.
>
> > > > > On Sep 17, 9:17 am, Miles J <mileswjohn...@gmail.com> wrote:
>
> > > > > > Try removing the isAuthorized, especially if there is no logic in
> > > > > > it.
> > > > > > That may be the problem, not sure. Everything else looks correct
> > > > > > though.
>
> > > > > > Also, if you want to use md5() hashing but not use a salt, just set
> > > > > > the salt to empty in the core config.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
