Does anyone have a good sense of whether this is could be considered a bug and if so, how can i submit it as one to the CakePhp community?
My code works how I want it to work, but it certainly doesn't look like what I think CakePhp intended, I don't want to build my whole site using it and one day have to change everything when an update of CakePhp breaks it all. I'd rather submitt a bug, track it, help if i can and make sure it works as intended in the future versions. I'll appreciate any comments. Thank you. On Sep 17, 11:56 pm, gparra <gpa...@gmail.com> wrote: > Oh, by the way, I realized afterwards. > > Make sure you users_controller either doesn't have a beforeFilter() > function or if it does, it calls parent::beforeFilter() as the first > thing it does. Otherwise you won't be able to login or out with the > custom hash in the model. (I know this makes it even more confusing to > figure out how the whole thing is working, but at least it is, and > that's really where I wanted it to be in the first place.) > > On Sep 17, 11:41 pm, gparra <gpa...@gmail.com> wrote: > > > Ok, so basically I left it working as intended, but I'm not sure this > > is the way CakePHP intended for me to write it so it would work. > > > I tried removing isAuthorized and that made any controller without a > > beforeFilter() function claiming for a definition of isAuthorized. > > > I tried four different controllers with the above mentioned > > app_controller: > > > 1. No before filter function - Everything is accessible without a > > password, but add and edit don't send you to the form, put you back on > > index displaying the flash "The controller has been saved" > > 2. Before filter function with: > > function beforeFilter(){ > > parent::beforeFilter(); > > $this->Auth->allow('index'); > > } > > In this case, nothing requires a login and Add and Edit behave the > > same way as with 1. > > 3. Before filter function with only $this->Auth->allow('index'); - > > Here everything works as intended, index doesn't require a password > > and add and edit work just fine. Note the fact again that this only > > happens if I DONT call parent:beforeFilter() > > 4. Empty beforeFilter() function - Everything requires a password > > (even though the app_controller says allow('*'), but after the > > password is entered, everything behaves as it should. > > > Thus since i was uncomfortable with the fact that my solution combined > > an allow('*') in the app_controller with an empty beforeFilter() > > function, i decided to try allow('display') again and combined it with > > number 3 above. This way It would at least make sense that everything > > would require a password except for index and display, even though not > > calling parent::beforeFilter() wasn't being called. > > > And that worked. so my final combination 'weird solution' looks like > > this: > > app_controller: > > <?php > > class AppController extends Controller { > > var $components = array('Auth'); > > > function beforeFilter() { > > Security::setHash('md5'); > > $this->Auth->authenticate = ClassRegistry::init('User'); > > $this->Auth->fields = array( > > 'username' => 'name', > > 'password' => 'pass', > > ); > > $this->Auth->loginAction = array('controller' => 'users', > > 'action' => 'login'); > > $this->Auth->loginRedirect = array('controller' => 'pages', > > 'action' => 'display', 'home'); > > $this->Auth->allow('display'); > > $this->Auth->authorize = 'controller'; > > > } > > > function isAuthorized() { > > return true; > > }} > > > ?> > > > controller before filter: > > function beforeFilter(){ > > $this->Auth->allow('index'); > > } > > > User model hashpasswords: > > function hashPasswords($data) { > > $data['User']['pass'] = md5($data['User']['pass']); > > return $data; > > } > > > This allows me to move forward with an authenticated app that allows > > index without credentials and lets me leave everything else working as > > it should. > > > The downside is that if this is a bug I'm going to have to re-write > > all the stuff once it gets fixed and that will be a big pain since I > > have to put either and empty beforeFilter() function or one with the > > allow index in every single controller I need to have authentication. > > > I hope my solution helps someone else in the future, or is at least > > used for debugging of Cake. If I'm wrong though and I'm doing > > something silly that is making me have this not so nice behavior I'll > > be happy to swallow my words and venerate CakePHP accordingly so > > please let me know if I am! > > > Thank you! > > > On Sep 17, 9:41 am, gparra <gpa...@gmail.com> wrote: > > > > I'll give the authorize thing a try again, although I didn't have it > > > in the previous version, I don't think it will make a difference. > > > > I did read a lot about whether to use the salt or not, for other > > > things rather than just the password hashing and Cake doesn't only use > > > it for the password hashing but also for other things, like cookies I > > > believe. So I rather keep using the Cake salt, just not for password > > > hashing. > > > > I will give it a shot removing it from the core config and removing my > > > own hashpassword function. Just to see if I get the right behavior. > > > > I'm pretty confused at the last thing though. Empty beforeFilter() > > > functions make the controllers behave as intended? that's just > > > weird :) > > > > And everything else does look correct. > > > > Will give the authorize and salt thing a try tonight, I won't be able > > > to work on it until late today. > > > > Maybe the session is confusing the salt when opening an add or edit > > > function and spitting me out straight to "The controller has been > > > saved". (Which would be a bug since if there's problems with the salt > > > and its not letting me into the add or edit form, the flash should say > > > something like "Cannot add controller" or "Cannot edit controller" > > > instead of the message I'm getting. > > > > Thanks. > > > > On Sep 17, 9:17 am, Miles J <mileswjohn...@gmail.com> wrote: > > > > > Try removing the isAuthorized, especially if there is no logic in it. > > > > That may be the problem, not sure. Everything else looks correct > > > > though. > > > > > Also, if you want to use md5() hashing but not use a salt, just set > > > > the salt to empty in the core config. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---