Does anyone have a good sense of whether this is could be considered a
bug and if so, how can i submit it as one to the CakePhp community?
My code works how I want it to work, but it certainly doesn't look
like what I think CakePhp intended, I don't want to build my whole
site using it and one day have to change everything when an update of
CakePhp breaks it all.
I'd rather submitt a bug, track it, help if i can and make sure it
works as intended in the future versions.
I'll appreciate any comments.
Thank you.
On Sep 17, 11:56 pm, gparra <gpa...@gmail.com> wrote:
> Oh, by the way, I realized afterwards.
>
> Make sure you users_controller either doesn't have a beforeFilter()
> function or if it does, it calls parent::beforeFilter() as the first
> thing it does. Otherwise you won't be able to login or out with the
> custom hash in the model. (I know this makes it even more confusing to
> figure out how the whole thing is working, but at least it is, and
> that's really where I wanted it to be in the first place.)
>
> On Sep 17, 11:41 pm, gparra <gpa...@gmail.com> wrote:
>
> > Ok, so basically I left it working as intended, but I'm not sure this
> > is the way CakePHP intended for me to write it so it would work.
>
> > I tried removing isAuthorized and that made any controller without a
> > beforeFilter() function claiming for a definition of isAuthorized.
>
> > I tried four different controllers with the above mentioned
> > app_controller:
>
> > 1. No before filter function - Everything is accessible without a
> > password, but add and edit don't send you to the form, put you back on
> > index displaying the flash "The controller has been saved"
> > 2. Before filter function with:
> > function beforeFilter(){
> > parent::beforeFilter();
> > $this->Auth->allow('index');
> > }
> > In this case, nothing requires a login and Add and Edit behave the
> > same way as with 1.
> > 3. Before filter function with only $this->Auth->allow('index'); -
> > Here everything works as intended, index doesn't require a password
> > and add and edit work just fine. Note the fact again that this only
> > happens if I DONT call parent:beforeFilter()
> > 4. Empty beforeFilter() function - Everything requires a password
> > (even though the app_controller says allow('*'), but after the
> > password is entered, everything behaves as it should.
>
> > Thus since i was uncomfortable with the fact that my solution combined
> > an allow('*') in the app_controller with an empty beforeFilter()
> > function, i decided to try allow('display') again and combined it with
> > number 3 above. This way It would at least make sense that everything
> > would require a password except for index and display, even though not
> > calling parent::beforeFilter() wasn't being called.
>
> > And that worked. so my final combination 'weird solution' looks like
> > this:
> > app_controller:
> > <?php
> > class AppController extends Controller {
> > var $components = array('Auth');
>
> > function beforeFilter() {
> > Security::setHash('md5');
> > $this->Auth->authenticate = ClassRegistry::init('User');
> > $this->Auth->fields = array(
> > 'username' => 'name',
> > 'password' => 'pass',
> > );
> > $this->Auth->loginAction = array('controller' => 'users',
> > 'action' => 'login');
> > $this->Auth->loginRedirect = array('controller' => 'pages',
> > 'action' => 'display', 'home');
> > $this->Auth->allow('display');
> > $this->Auth->authorize = 'controller';
>
> > }
>
> > function isAuthorized() {
> > return true;
> > }}
>
> > ?>
>
> > controller before filter:
> > function beforeFilter(){
> > $this->Auth->allow('index');
> > }
>
> > User model hashpasswords:
> > function hashPasswords($data) {
> > $data['User']['pass'] = md5($data['User']['pass']);
> > return $data;
> > }
>
> > This allows me to move forward with an authenticated app that allows
> > index without credentials and lets me leave everything else working as
> > it should.
>
> > The downside is that if this is a bug I'm going to have to re-write
> > all the stuff once it gets fixed and that will be a big pain since I
> > have to put either and empty beforeFilter() function or one with the
> > allow index in every single controller I need to have authentication.
>
> > I hope my solution helps someone else in the future, or is at least
> > used for debugging of Cake. If I'm wrong though and I'm doing
> > something silly that is making me have this not so nice behavior I'll
> > be happy to swallow my words and venerate CakePHP accordingly so
> > please let me know if I am!
>
> > Thank you!
>
> > On Sep 17, 9:41 am, gparra <gpa...@gmail.com> wrote:
>
> > > I'll give the authorize thing a try again, although I didn't have it
> > > in the previous version, I don't think it will make a difference.
>
> > > I did read a lot about whether to use the salt or not, for other
> > > things rather than just the password hashing and Cake doesn't only use
> > > it for the password hashing but also for other things, like cookies I
> > > believe. So I rather keep using the Cake salt, just not for password
> > > hashing.
>
> > > I will give it a shot removing it from the core config and removing my
> > > own hashpassword function. Just to see if I get the right behavior.
>
> > > I'm pretty confused at the last thing though. Empty beforeFilter()
> > > functions make the controllers behave as intended? that's just
> > > weird :)
>
> > > And everything else does look correct.
>
> > > Will give the authorize and salt thing a try tonight, I won't be able
> > > to work on it until late today.
>
> > > Maybe the session is confusing the salt when opening an add or edit
> > > function and spitting me out straight to "The controller has been
> > > saved". (Which would be a bug since if there's problems with the salt
> > > and its not letting me into the add or edit form, the flash should say
> > > something like "Cannot add controller" or "Cannot edit controller"
> > > instead of the message I'm getting.
>
> > > Thanks.
>
> > > On Sep 17, 9:17 am, Miles J <mileswjohn...@gmail.com> wrote:
>
> > > > Try removing the isAuthorized, especially if there is no logic in it.
> > > > That may be the problem, not sure. Everything else looks correct
> > > > though.
>
> > > > Also, if you want to use md5() hashing but not use a salt, just set
> > > > the salt to empty in the core config.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
