call it is only your problem, not cake one.
On Sep 26, 12:38 am, gparra <gpa...@gmail.com> wrote:
> Does anyone have a good sense of whether this is could be considered a
> bug and if so, how can i submit it as one to the CakePhp community?
>
> My code works how I want it to work, but it certainly doesn't look
> like what I think CakePhp intended, I don't want to build my whole
> site using it and one day have to change everything when an update of
> CakePhp breaks it all.
>
> I'd rather submitt a bug, track it, help if i can and make sure it
> works as intended in the future versions.
>
> I'll appreciate any comments.
>
> Thank you.
>
> On Sep 17, 11:56 pm, gparra <gpa...@gmail.com> wrote:
>
>
>
> > Oh, by the way, I realized afterwards.
>
> > Make sure you users_controller either doesn't have a beforeFilter()
> > function or if it does, it calls parent::beforeFilter() as the first
> > thing it does. Otherwise you won't be able to login or out with the
> > custom hash in the model. (I know this makes it even more confusing to
> > figure out how the whole thing is working, but at least it is, and
> > that's really where I wanted it to be in the first place.)
>
> > On Sep 17, 11:41 pm, gparra <gpa...@gmail.com> wrote:
>
> > > Ok, so basically I left it working as intended, but I'm not sure this
> > > is the way CakePHP intended for me to write it so it would work.
>
> > > I tried removing isAuthorized and that made any controller without a
> > > beforeFilter() function claiming for a definition of isAuthorized.
>
> > > I tried four different controllers with the above mentioned
> > > app_controller:
>
> > > 1. No before filter function - Everything is accessible without a
> > > password, but add and edit don't send you to the form, put you back on
> > > index displaying the flash "The controller has been saved"
> > > 2. Before filter function with:
> > > function beforeFilter(){
> > > parent::beforeFilter();
> > > $this->Auth->allow('index');
> > > }
> > > In this case, nothing requires a login and Add and Edit behave the
> > > same way as with 1.
> > > 3. Before filter function with only $this->Auth->allow('index'); -
> > > Here everything works as intended, index doesn't require a password
> > > and add and edit work just fine. Note the fact again that this only
> > > happens if I DONT call parent:beforeFilter()
> > > 4. Empty beforeFilter() function - Everything requires a password
> > > (even though the app_controller says allow('*'), but after the
> > > password is entered, everything behaves as it should.
>
> > > Thus since i was uncomfortable with the fact that my solution combined
> > > an allow('*') in the app_controller with an empty beforeFilter()
> > > function, i decided to try allow('display') again and combined it with
> > > number 3 above. This way It would at least make sense that everything
> > > would require a password except for index and display, even though not
> > > calling parent::beforeFilter() wasn't being called.
>
> > > And that worked. so my final combination 'weird solution' looks like
> > > this:
> > > app_controller:
> > > <?php
> > > class AppController extends Controller {
> > > var $components = array('Auth');
>
> > > function beforeFilter() {
> > > Security::setHash('md5');
> > > $this->Auth->authenticate = ClassRegistry::init('User');
> > > $this->Auth->fields = array(
> > > 'username' => 'name',
> > > 'password' => 'pass',
> > > );
> > > $this->Auth->loginAction = array('controller' => 'users',
> > > 'action' => 'login');
> > > $this->Auth->loginRedirect = array('controller' => 'pages',
> > > 'action' => 'display', 'home');
> > > $this->Auth->allow('display');
> > > $this->Auth->authorize = 'controller';
>
> > > }
>
> > > function isAuthorized() {
> > > return true;
> > > }}
>
> > > ?>
>
> > > controller before filter:
> > > function beforeFilter(){
> > > $this->Auth->allow('index');
> > > }
>
> > > User model hashpasswords:
> > > function hashPasswords($data) {
> > > $data['User']['pass'] = md5($data['User']['pass']);
> > > return $data;
> > > }
>
> > > This allows me to move forward with an authenticated app that allows
> > > index without credentials and lets me leave everything else working as
> > > it should.
>
> > > The downside is that if this is a bug I'm going to have to re-write
> > > all the stuff once it gets fixed and that will be a big pain since I
> > > have to put either and empty beforeFilter() function or one with the
> > > allow index in every single controller I need to have authentication.
>
> > > I hope my solution helps someone else in the future, or is at least
> > > used for debugging of Cake. If I'm wrong though and I'm doing
> > > something silly that is making me have this not so nice behavior I'll
> > > be happy to swallow my words and venerate CakePHP accordingly so
> > > please let me know if I am!
>
> > > Thank you!
>
> > > On Sep 17, 9:41 am, gparra <gpa...@gmail.com> wrote:
>
> > > > I'll give the authorize thing a try again, although I didn't have it
> > > > in the previous version, I don't think it will make a difference.
>
> > > > I did read a lot about whether to use the salt or not, for other
> > > > things rather than just the password hashing and Cake doesn't only use
> > > > it for the password hashing but also for other things, like cookies I
> > > > believe. So I rather keep using the Cake salt, just not for password
> > > > hashing.
>
> > > > I will give it a shot removing it from the core config and removing my
> > > > own hashpassword function. Just to see if I get the right behavior.
>
> > > > I'm pretty confused at the last thing though. Empty beforeFilter()
> > > > functions make the controllers behave as intended? that's just
> > > > weird :)
>
> > > > And everything else does look correct.
>
> > > > Will give the authorize and salt thing a try tonight, I won't be able
> > > > to work on it until late today.
>
> > > > Maybe the session is confusing the salt when opening an add or edit
> > > > function and spitting me out straight to "The controller has been
> > > > saved". (Which would be a bug since if there's problems with the salt
> > > > and its not letting me into the add or edit form, the flash should say
> > > > something like "Cannot add controller" or "Cannot edit controller"
> > > > instead of the message I'm getting.
>
> > > > Thanks.
>
> > > > On Sep 17, 9:17 am, Miles J <mileswjohn...@gmail.com> wrote:
>
> > > > > Try removing the isAuthorized, especially if there is no logic in it.
> > > > > That may be the problem, not sure. Everything else looks correct
> > > > > though.
>
> > > > > Also, if you want to use md5() hashing but not use a salt, just set
> > > > > the salt to empty in the core config.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment