Re: HTTP-auth and Security Component cake 1.2 - POST a form cause me difficulty
Hi McFadly,
hats interesting thanks. I normally use othAuth but I jsut wanted a
very simple HTTP-Auth, and it seems to me that should be easily
achievable with this Security component, although I have not been able
to get it to work!
All I would like to do is turn off the separate checking of POSTed
data -- can anyone help?
Or even someone who uses a HTTP-auth (with or without the digest) to
post an example of their code to achieve it?
I am not sure if a problem is arsing becasue my code is in the
app_controller, maybe it would be better in each controller that needs
the HTTP-auth; this seems to be the way of the OC presentation on
Cake's example.
thanks
Luke
On Nov 1, 4:58 pm, McFadly <[EMAIL PROTECTED]> wrote:
> Hi Luke -
> I think you're making this process more difficult than it needs to
> be. I haven't used HTTP auth in theSecuritycomponent, so I can't
> offer much insight in that realm. But you may just want to look into
> using the Auth component, its pretty straightforward. Check out
> Chris's article
> here:http://www.littlehart.net/atthekeyboard/2007/09/11/a-hopefully-useful...
>
> On Nov 1, 7:03 am, luke BAKING barker <[EMAIL PROTECTED]> wrote:
>
> > looking at the HTML of the form I am submitting, I see there is this
> > token:
> > > style="display: none;"> > value="451ed6fb6ba0df462ad05faad6f0bdaab07b667c" id="Token1063112810" /
>
> > I suppose that is causing a mismatch upon a POST?
>
> > regards
>
> > luke
>
> > On Nov 1, 12:55 pm, luke BAKING barker <[EMAIL PROTECTED]> wrote:
>
> > > Hi,
>
> > > I am using Cake 1.2 - 14th October nightly build. I have set up my
> > > app_controller with admin routing, so that an admin function will ask
> > > the user to authenticate with HTTP auth. (I had wanted to do a
> > > simple .htaccess, with .htpasswd - so I thought I would try the Cake
> > > way).
>
> > > I have this working, BUT, when I submit an add form (e.g. submit
> > > admin_Add or admin_edit) I get asked to authenticate again, which also
> > > doesnt seem to work if correct details are put in. (The latter is to
> > > do with my custom blackhole callback I think).
>
> > > How can I tell theSecuritycomponent not to ask for Auth again upon
> > > a POST?
>
> > > here is my app_controller code:
> > > class AppController extends Controller {
>
> > > var $helpers = array('Html','Form','Javascript');
>
> > > var $components = array("Security");
>
> > > function beforeFilter() {
> > > if (isset($this->params["admin"])) {
>
> > > $this->Security->blackHoleCallback = 'incorrect';
>
> > >
> > > $this->Security->requireLogin('*',array('type'=>'basic','realm' =>
> > > Configure::read('Settings.title')));
>
> > > $this->Security->loginUsers = array("admin" =>
> > > 'password');
>
> > > }
> > > }
>
> > > // added this callback because without, if a user enters wrong
> > > details, auth prompt will not re-display
> > > function incorrect () {
>
> > > header('WWW-Authenticate: Basic' .'
> > > realm="' .
> > > Configure::read('Settings.title') . '"');
>
> > > header('HTTP/1.1 401 Unauthorized');
>
> > > $this->autoRender = false;
> > > $this->layout = '';
>
> > > die('HTTP/1.1 401 Unauthorized.
> > > Details incorrect.
> > > Please refresh.');
>
> > > }
>
> > > if I change my callback to this, it will work, but this is insecure,
> > > obviously as it simply authenticates any POSTs!
>
> > > function incorrect () {
> > > if(!$this->RequestHandler->isPost()) {
>
> > > header('WWW-Authenticate: Basic' .'
> > > realm="' .
> > > Configure::read('Settings.title') . '"');
>
> > > header('HTTP/1.1 401 Unauthorized');
>
> > > $this->autoRender = false;
> > > $this->layout = '';
>
> > > die('HTTP/1.1 401 Unauthorized.
> > > Details incorrect.
> > > Please refresh.');
> > > }
> > > else {
> > > return true;
> > > }
>
> > > }
>
> > > thank you in advance for any help you can offer.
>
> > > Luke aka boobyW
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: HTTP-auth and Security Component cake 1.2 - POST a form cause me difficulty
Hi Luke -
I think you're making this process more difficult than it needs to
be. I haven't used HTTP auth in the Security component, so I can't
offer much insight in that realm. But you may just want to look into
using the Auth component, its pretty straightforward. Check out
Chris's article here:
http://www.littlehart.net/atthekeyboard/2007/09/11/a-hopefully-useful-tutorial-for-using-cakephps-auth-component/
On Nov 1, 7:03 am, luke BAKING barker <[EMAIL PROTECTED]> wrote:
> looking at the HTML of the form I am submitting, I see there is this
> token:
> style="display: none;"> value="451ed6fb6ba0df462ad05faad6f0bdaab07b667c" id="Token1063112810" /
>
>
>
> I suppose that is causing a mismatch upon a POST?
>
> regards
>
> luke
>
> On Nov 1, 12:55 pm, luke BAKING barker <[EMAIL PROTECTED]> wrote:
>
> > Hi,
>
> > I am using Cake 1.2 - 14th October nightly build. I have set up my
> > app_controller with admin routing, so that an admin function will ask
> > the user to authenticate with HTTP auth. (I had wanted to do a
> > simple .htaccess, with .htpasswd - so I thought I would try the Cake
> > way).
>
> > I have this working, BUT, when I submit an add form (e.g. submit
> > admin_Add or admin_edit) I get asked to authenticate again, which also
> > doesnt seem to work if correct details are put in. (The latter is to
> > do with my custom blackhole callback I think).
>
> > How can I tell the Security component not to ask for Auth again upon
> > a POST?
>
> > here is my app_controller code:
> > class AppController extends Controller {
>
> > var $helpers = array('Html','Form','Javascript');
>
> > var $components = array("Security");
>
> > function beforeFilter() {
> > if (isset($this->params["admin"])) {
>
> > $this->Security->blackHoleCallback = 'incorrect';
>
> >
> > $this->Security->requireLogin('*',array('type'=>'basic','realm' =>
> > Configure::read('Settings.title')));
>
> > $this->Security->loginUsers = array("admin" =>
> > 'password');
>
> > }
> > }
>
> > // added this callback because without, if a user enters wrong
> > details, auth prompt will not re-display
> > function incorrect () {
>
> > header('WWW-Authenticate: Basic' .'
> > realm="' .
> > Configure::read('Settings.title') . '"');
>
> > header('HTTP/1.1 401 Unauthorized');
>
> > $this->autoRender = false;
> > $this->layout = '';
>
> > die('HTTP/1.1 401 Unauthorized.
> > Details incorrect.
> > Please refresh.');
>
> > }
>
> > if I change my callback to this, it will work, but this is insecure,
> > obviously as it simply authenticates any POSTs!
>
> > function incorrect () {
> > if(!$this->RequestHandler->isPost()) {
>
> > header('WWW-Authenticate: Basic' .'
> > realm="' .
> > Configure::read('Settings.title') . '"');
>
> > header('HTTP/1.1 401 Unauthorized');
>
> > $this->autoRender = false;
> > $this->layout = '';
>
> > die('HTTP/1.1 401 Unauthorized.
> > Details incorrect.
> > Please refresh.');
> > }
> > else {
> > return true;
> > }
>
> > }
>
> > thank you in advance for any help you can offer.
>
> > Luke aka boobyW
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: HTTP-auth and Security Component cake 1.2 - POST a form cause me difficulty
looking at the HTML of the form I am submitting, I see there is this
token:
I suppose that is causing a mismatch upon a POST?
regards
luke
On Nov 1, 12:55 pm, luke BAKING barker <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I am using Cake 1.2 - 14th October nightly build. I have set up my
> app_controller with admin routing, so that an admin function will ask
> the user to authenticate with HTTP auth. (I had wanted to do a
> simple .htaccess, with .htpasswd - so I thought I would try the Cake
> way).
>
> I have this working, BUT, when I submit an add form (e.g. submit
> admin_Add or admin_edit) I get asked to authenticate again, which also
> doesnt seem to work if correct details are put in. (The latter is to
> do with my custom blackhole callback I think).
>
> How can I tell the Security component not to ask for Auth again upon
> a POST?
>
> here is my app_controller code:
> class AppController extends Controller {
>
> var $helpers = array('Html','Form','Javascript');
>
> var $components = array("Security");
>
> function beforeFilter() {
> if (isset($this->params["admin"])) {
>
> $this->Security->blackHoleCallback = 'incorrect';
>
>
> $this->Security->requireLogin('*',array('type'=>'basic','realm' =>
> Configure::read('Settings.title')));
>
> $this->Security->loginUsers = array("admin" =>
> 'password');
>
> }
> }
>
> // added this callback because without, if a user enters wrong
> details, auth prompt will not re-display
> function incorrect () {
>
> header('WWW-Authenticate: Basic' .' realm="' .
> Configure::read('Settings.title') . '"');
>
> header('HTTP/1.1 401 Unauthorized');
>
> $this->autoRender = false;
> $this->layout = '';
>
> die('HTTP/1.1 401 Unauthorized. Details
> incorrect.
> Please refresh.');
>
> }
>
> if I change my callback to this, it will work, but this is insecure,
> obviously as it simply authenticates any POSTs!
>
> function incorrect () {
> if(!$this->RequestHandler->isPost()) {
>
> header('WWW-Authenticate: Basic' .' realm="' .
> Configure::read('Settings.title') . '"');
>
> header('HTTP/1.1 401 Unauthorized');
>
> $this->autoRender = false;
> $this->layout = '';
>
> die('HTTP/1.1 401 Unauthorized. Details
> incorrect.
> Please refresh.');
> }
> else {
> return true;
> }
>
> }
>
> thank you in advance for any help you can offer.
>
> Luke aka boobyW
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
