Monday, February 23, 2009

Re: SecurityComponent::requireLogin() with type 'basic' not working

When you specify the "login" you are telling the component that you
will handle the authentication in that method. To make a login fail
from that method you must "black-hole" the request. Return values
below do nothing but they should imho.


$this->Security->loginOptions = array(
'type'=>'basic',
'login'=>'_logged_in', // <-- method name of where you want to do
authentication
'realm'=>'My_Ream'
);

function _logged_in($user) {
if ( $user['username'] == 'something' ) {
return true;
} else {
$this->Security->blackHole($this, 'login'); // <-- this is
important. Need to blackhole a bad login
return false;
}
}

On Feb 23, 8:49 pm, kazooka <abdrew.my...@gmail.com> wrote:
> Can someone please explain some things about the security component
> for me? I've used cake before but not with the security component and
> now I'm having trouble understanding some code that was written by
> somebody else involving the loginRequired() method....
>
> It's a pretty simple app with only a couple of controllers. Here's an
> example of what the app controller looks like ...
>
> class AppController extends Controller {
>
>     var $components = array('Security');
>
>     function beforeFilter() {
>         $this->Security->requireLogin(
>             'admin_index',
>             'admin_edit',
>             'admin_add',
>             'admin_delete',
>             'admin_landing',
>             array('type' => 'basic',
>                   'users' => array('admin'=>'password'),
>                   'login' => '_logged_in'
>                  )
>         );
>     }
>
>     function _logged_in($user) {
>         $this->Session->write('admin', true);
>     }
>
> }
>
> Now... when I try to go to mysite/mycontroler/admin/index, I get the
> HTTP Authentication dialog alright, but it allows me to authenticate
> with any username. I can enter 'blah blah' for the username, leave the
> password field blank, and it still authenticates.
>
> So I dug into cake/libs/controllers/components/security.php and
> noticed that in SecurityComponent::loginCredentials(), it will return
> whatever was entered into the dialog, regardless of if it matches the
> values specified in the data member SecurityComponent::loginUsers
> (which stores the array of username=>password pairs specified in the
> call to SecurityCompoenent::requireLogin() inside of
> AppController::befireFilter().
>
> I also returning false in the callback, AppController::_logged_in()
> but no luck there either.
>
> Any ideas?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)