Re: Blowfish password hashing in 2.4.0-RC2 issues
Okay, I've finally managed to resolve the issue - but I'm not sure *why* it resolves the issue. I'd appreciate any input. Here's what I did: Note: my users table is named customer_users (with a habtm relationship with customer_orgs associated by 'customer_orgs_customer_users') In app/Model/User.php I have I debugged the post data and saw that in $this-request-data, my login fields were under the key -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups CakePHP group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.
Re: Blowfish password hashing in 2.4.0-RC2 issues
Okay, I've finally managed to resolve this, it was a basic mistake. Here's
what I did:
I debugged the post data and saw that in $this-request-data, my login
fields were under the key 'customer_users' (which is the name of my users
table)
Array
(
[customer_users] = Array
(
[username] = u...@domain.com
[password] = abcdefg1234567
)
)
I had assumed that so long as there was a username and password field in my
POST data, the login would work.
In my login.ctp, I have the following code to generate my login form:
echo $this-Form-create(),
$this-Form-input('username'),
$this-Form-password('password'),
$this-Form-end(Log In);
I changed it to the following:
echo $this-Form-create('User'),
$this-Form-input('username'),
$this-Form-password('password'),
$this-Form-end(Log In);
.. and the logins now work. I didn't see any error specifying that the Auth
component couldn't see any credentials in the post - it'd have saved me a
lot of time.
My users table has a habtm relationship with customer_orgs, is there a way
to have the Auth component return data from linked tables?
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
CakePHP group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.
Re: Blowfish password hashing in 2.4.0-RC2 issues
In response to my own question, setting recursive to 1 in the AppController Auth definition allowed me to pull in associated customer_orgs rows in the Auth-login() call. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups CakePHP group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.
Blowfish password hashing in 2.4.0-RC2 issues
Hi all, I'm new here and in the process of building my first CakePHP app,
using a recently upgraded 2.3.5 2.4.0-RC2.
I've managed to get the new BlowfishPasswordHasher working with my User
model beforeSave() function, and can verify in the database that users are
created with a blowfish hash in the password field. My issue is that the
User model's login function is failing when trying to log in with the
correct credentials.
Here is my $components variable from AppController:
public $components = array(
'Session',
'Security',
'Cookie',
'DebugKit.Toolbar',
'Auth' = array(
'loginAction' = array(
'controller' = 'users',
'action' = 'login'
),
'authError' = 'You must be
logged in to view this page',
'loginError' = 'Invalid
username/password combination',
'authenticate' = array(
'Form' = array(
'userModel' = 'User',
'passwordHasher' = 'Blowfish',
),
),
'loginRedirect' =
array('controller' = 'DevelopmentPages', 'action' = 'index'),
'logoutRedirect' =
array('controller' = 'users', 'action' = 'login'),
),
);
This is my beforeSave from the User model:
public function beforeSave($options = array()) {
if(isset($this-data[$this-alias]['password'])) {
$passwordHasher = new BlowfishPasswordHasher();
$this-data[$this-alias]['password'] =
$passwordHasher-hash($this-data[$this-alias]['password']);
}
return true;
}
Is there something obvious that I am missing? Any pointers appreciated :)
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
CakePHP group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.
