Wednesday, June 20, 2012

Re: User Info from Auth Component

Yup, let me clarify a bit more, you're passing $this->reuqest->data into $this->Auth->login():
   $this->Auth->login($this->request->data)
This will always log the user in no matter what is posted!

On Thursday, 21 June 2012 00:37:07 UTC+3, Max Dörfler wrote:
Like I said: You are passing data into the login function. In 2.0 this "will log the user in with whatever data is posted". Thats why only the two fields posted are displayed and the PW isn't hashed. Since you haven't specified what version of cake you are using, I still assume this is the reason. If you say you don't use cake 2.x I'll stop bothering you. ;)

On 06/20/2012 09:27 PM, Joey Hauschildt wrote:
I just followed the tutorial in the book. The only custimization I made was was using the email field instead of the username field.

Here is my AppController:

class AppController extends Controller {

    public $uses = array('User');
    
    public $components = array(
        'Session',
        'Auth' => array(
            'loginRedirect' => array('controller' => 'posts', 'action' => 'index'),
            'logoutRedirect' => array('controller' => 'pages', 'action' => 'display', 'home')
        )
    );

    public function beforeFilter() {
        $this->Auth->allow('index', 'view');
        $this->set('logged_in', $this->Auth->LoggedIn());
        $this->set('current_user', $this->Auth->user());
        //debug($this->Session->read('Auth.User'));
    }

    public function isAuthorized($user) {
        return TRUE;
    }

}


And here is my Users/login action:

    public function login() {
        if ($this->request->is('post')) {

            if ($this->Auth->login($this->request->data)) {
                return $this->redirect($this->Auth->redirect());
            } else {
                $this->Session->setFlash(__('Username or password is incorrect'), 'default', array(), 'auth');
            }
        }
    }


The beforeFilter in my Users controller:

    public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->fields = array('username' => 'email', 'password' => 'password');
        $this->Auth->allow('add', 'logout');
    }



On Wednesday, June 20, 2012 12:31:35 AM UTC-6, Борислав Събев wrote:
This could be the case - a wrongly implemented Authentication system. @Joey Hauschildt $this->Auth->user() and the "Auth.User" Session key should both return/contain the full user information - i.e. all fields from the users DB table. This behaviour is strange. Can you provide more info on your exact implementation.

Cheers,
   Borislav.


On Wednesday, 20 June 2012 00:36:24 UTC+3, Max Dörfler wrote:
http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#identifying-users-and-logging-them-in

"In 2.0 $this->Auth->login($this->request->data) will log the user in with whatever data is posted, whereas in 1.3 $this->Auth->login($this->data) would try to identify the user first and only log in when successful."

I assume you are yousing 2.x. I guess this is what you are looking for. Call login() without params.

On 06/19/2012 11:18 PM, Joey Hauschildt wrote:
I am. All passwords in the db are hashed. The problem seems to be that instead of getting info from the users table, it is only filling debug($this->Session->read('Auth.User')); and debug($this->Auth->User()) with data from the form. Otherwise the password would be hashed. It has nowhere else to get an unhashed password from. This seems like a pretty poor choice for default behavior. I would prefer that my app didn't store passwords from the form anywhere.

On Tuesday, June 19, 2012 2:50:45 PM UTC-6, Jeremy Burns wrote:
You should be hashing the password before saving it.

Jeremy Burns
Class Outfit

http://www.classoutfit.com

On 19 Jun 2012, at 19:41:30, Joey Hauschildt wrote:

debug($this->Session->read('Auth.User')); and debug($this->Auth->User()); both return:

array(
'User' => array(
'password' => '*****',
'email' => 'test@example.com'
)
)

These are the fields that the user uses to log in. The password isn't even hashed. When I print_r, it displays the actual password. I would like to have access to other user info like an ID or role. Do I need to use my own query to get this info or should the Auth Component be grabbing that stuff for me?.

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)