Re: HTTP-auth and Security Component cake 1.2 - POST a form cause me difficulty
Hi McFadly, hats interesting thanks. I normally use othAuth but I jsut wanted a very simple HTTP-Auth, and it seems to me that should be easily achievable with this Security component, although I have not been able to get it to work! All I would like to do is turn off the separate checking of POSTed data -- can anyone help? Or even someone who uses a HTTP-auth (with or without the digest) to post an example of their code to achieve it? I am not sure if a problem is arsing becasue my code is in the app_controller, maybe it would be better in each controller that needs the HTTP-auth; this seems to be the way of the OC presentation on Cake's example. thanks Luke On Nov 1, 4:58 pm, McFadly <[EMAIL PROTECTED]> wrote: > Hi Luke - > I think you're making this process more difficult than it needs to > be. I haven't used HTTP auth in theSecuritycomponent, so I can't > offer much insight in that realm. But you may just want to look into > using the Auth component, its pretty straightforward. Check out > Chris's article > here:http://www.littlehart.net/atthekeyboard/2007/09/11/a-hopefully-useful... > > On Nov 1, 7:03 am, luke BAKING barker <[EMAIL PROTECTED]> wrote: > > > looking at the HTML of the form I am submitting, I see there is this > > token: > > > style="display: none;"> > value="451ed6fb6ba0df462ad05faad6f0bdaab07b667c" id="Token1063112810" / > > > I suppose that is causing a mismatch upon a POST? > > > regards > > > luke > > > On Nov 1, 12:55 pm, luke BAKING barker <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > I am using Cake 1.2 - 14th October nightly build. I have set up my > > > app_controller with admin routing, so that an admin function will ask > > > the user to authenticate with HTTP auth. (I had wanted to do a > > > simple .htaccess, with .htpasswd - so I thought I would try the Cake > > > way). > > > > I have this working, BUT, when I submit an add form (e.g. submit > > > admin_Add or admin_edit) I get asked to authenticate again, which also > > > doesnt seem to work if correct details are put in. (The latter is to > > > do with my custom blackhole callback I think). > > > > How can I tell theSecuritycomponent not to ask for Auth again upon > > > a POST? > > > > here is my app_controller code: > > > class AppController extends Controller { > > > > var $helpers = array('Html','Form','Javascript'); > > > > var $components = array("Security"); > > > > function beforeFilter() { > > > if (isset($this->params["admin"])) { > > > > $this->Security->blackHoleCallback = 'incorrect'; > > > > > > > $this->Security->requireLogin('*',array('type'=>'basic','realm' => > > > Configure::read('Settings.title'))); > > > > $this->Security->loginUsers = array("admin" => > > > 'password'); > > > > } > > > } > > > > // added this callback because without, if a user enters wrong > > > details, auth prompt will not re-display > > > function incorrect () { > > > > header('WWW-Authenticate: Basic' .' > > > realm="' . > > > Configure::read('Settings.title') . '"'); > > > > header('HTTP/1.1 401 Unauthorized'); > > > > $this->autoRender = false; > > > $this->layout = ''; > > > > die('HTTP/1.1 401 Unauthorized. > > > Details incorrect. > > > Please refresh.'); > > > > } > > > > if I change my callback to this, it will work, but this is insecure, > > > obviously as it simply authenticates any POSTs! > > > > function incorrect () { > > > if(!$this->RequestHandler->isPost()) { > > > > header('WWW-Authenticate: Basic' .' > > > realm="' . > > > Configure::read('Settings.title') . '"'); > > > > header('HTTP/1.1 401 Unauthorized'); > > > > $this->autoRender = false; > > > $this->layout = ''; > > > > die('HTTP/1.1 401 Unauthorized. > > > Details incorrect. > > > Please refresh.'); > > > } > > > else { > > > return true; > > > } > > > > } > > > > thank you in advance for any help you can offer. > > > > Luke aka boobyW --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: HTTP-auth and Security Component cake 1.2 - POST a form cause me difficulty
Hi Luke - I think you're making this process more difficult than it needs to be. I haven't used HTTP auth in the Security component, so I can't offer much insight in that realm. But you may just want to look into using the Auth component, its pretty straightforward. Check out Chris's article here: http://www.littlehart.net/atthekeyboard/2007/09/11/a-hopefully-useful-tutorial-for-using-cakephps-auth-component/ On Nov 1, 7:03 am, luke BAKING barker <[EMAIL PROTECTED]> wrote: > looking at the HTML of the form I am submitting, I see there is this > token: > style="display: none;"> value="451ed6fb6ba0df462ad05faad6f0bdaab07b667c" id="Token1063112810" / > > > > I suppose that is causing a mismatch upon a POST? > > regards > > luke > > On Nov 1, 12:55 pm, luke BAKING barker <[EMAIL PROTECTED]> wrote: > > > Hi, > > > I am using Cake 1.2 - 14th October nightly build. I have set up my > > app_controller with admin routing, so that an admin function will ask > > the user to authenticate with HTTP auth. (I had wanted to do a > > simple .htaccess, with .htpasswd - so I thought I would try the Cake > > way). > > > I have this working, BUT, when I submit an add form (e.g. submit > > admin_Add or admin_edit) I get asked to authenticate again, which also > > doesnt seem to work if correct details are put in. (The latter is to > > do with my custom blackhole callback I think). > > > How can I tell the Security component not to ask for Auth again upon > > a POST? > > > here is my app_controller code: > > class AppController extends Controller { > > > var $helpers = array('Html','Form','Javascript'); > > > var $components = array("Security"); > > > function beforeFilter() { > > if (isset($this->params["admin"])) { > > > $this->Security->blackHoleCallback = 'incorrect'; > > > > > $this->Security->requireLogin('*',array('type'=>'basic','realm' => > > Configure::read('Settings.title'))); > > > $this->Security->loginUsers = array("admin" => > > 'password'); > > > } > > } > > > // added this callback because without, if a user enters wrong > > details, auth prompt will not re-display > > function incorrect () { > > > header('WWW-Authenticate: Basic' .' > > realm="' . > > Configure::read('Settings.title') . '"'); > > > header('HTTP/1.1 401 Unauthorized'); > > > $this->autoRender = false; > > $this->layout = ''; > > > die('HTTP/1.1 401 Unauthorized. > > Details incorrect. > > Please refresh.'); > > > } > > > if I change my callback to this, it will work, but this is insecure, > > obviously as it simply authenticates any POSTs! > > > function incorrect () { > > if(!$this->RequestHandler->isPost()) { > > > header('WWW-Authenticate: Basic' .' > > realm="' . > > Configure::read('Settings.title') . '"'); > > > header('HTTP/1.1 401 Unauthorized'); > > > $this->autoRender = false; > > $this->layout = ''; > > > die('HTTP/1.1 401 Unauthorized. > > Details incorrect. > > Please refresh.'); > > } > > else { > > return true; > > } > > > } > > > thank you in advance for any help you can offer. > > > Luke aka boobyW --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: HTTP-auth and Security Component cake 1.2 - POST a form cause me difficulty
looking at the HTML of the form I am submitting, I see there is this token: I suppose that is causing a mismatch upon a POST? regards luke On Nov 1, 12:55 pm, luke BAKING barker <[EMAIL PROTECTED]> wrote: > Hi, > > I am using Cake 1.2 - 14th October nightly build. I have set up my > app_controller with admin routing, so that an admin function will ask > the user to authenticate with HTTP auth. (I had wanted to do a > simple .htaccess, with .htpasswd - so I thought I would try the Cake > way). > > I have this working, BUT, when I submit an add form (e.g. submit > admin_Add or admin_edit) I get asked to authenticate again, which also > doesnt seem to work if correct details are put in. (The latter is to > do with my custom blackhole callback I think). > > How can I tell the Security component not to ask for Auth again upon > a POST? > > here is my app_controller code: > class AppController extends Controller { > > var $helpers = array('Html','Form','Javascript'); > > var $components = array("Security"); > > function beforeFilter() { > if (isset($this->params["admin"])) { > > $this->Security->blackHoleCallback = 'incorrect'; > > > $this->Security->requireLogin('*',array('type'=>'basic','realm' => > Configure::read('Settings.title'))); > > $this->Security->loginUsers = array("admin" => > 'password'); > > } > } > > // added this callback because without, if a user enters wrong > details, auth prompt will not re-display > function incorrect () { > > header('WWW-Authenticate: Basic' .' realm="' . > Configure::read('Settings.title') . '"'); > > header('HTTP/1.1 401 Unauthorized'); > > $this->autoRender = false; > $this->layout = ''; > > die('HTTP/1.1 401 Unauthorized. Details > incorrect. > Please refresh.'); > > } > > if I change my callback to this, it will work, but this is insecure, > obviously as it simply authenticates any POSTs! > > function incorrect () { > if(!$this->RequestHandler->isPost()) { > > header('WWW-Authenticate: Basic' .' realm="' . > Configure::read('Settings.title') . '"'); > > header('HTTP/1.1 401 Unauthorized'); > > $this->autoRender = false; > $this->layout = ''; > > die('HTTP/1.1 401 Unauthorized. Details > incorrect. > Please refresh.'); > } > else { > return true; > } > > } > > thank you in advance for any help you can offer. > > Luke aka boobyW --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
HTTP-auth and Security Component cake 1.2 - POST a form cause me difficulty
Hi, I am using Cake 1.2 - 14th October nightly build. I have set up my app_controller with admin routing, so that an admin function will ask the user to authenticate with HTTP auth. (I had wanted to do a simple .htaccess, with .htpasswd - so I thought I would try the Cake way). I have this working, BUT, when I submit an add form (e.g. submit admin_Add or admin_edit) I get asked to authenticate again, which also doesnt seem to work if correct details are put in. (The latter is to do with my custom blackhole callback I think). How can I tell the Security component not to ask for Auth again upon a POST? here is my app_controller code: class AppController extends Controller { var $helpers = array('Html','Form','Javascript'); var $components = array("Security"); function beforeFilter() { if (isset($this->params["admin"])) { $this->Security->blackHoleCallback = 'incorrect'; $this->Security->requireLogin('*',array('type'=>'basic','realm' => Configure::read('Settings.title'))); $this->Security->loginUsers = array("admin" => 'password'); } } // added this callback because without, if a user enters wrong details, auth prompt will not re-display function incorrect () { header('WWW-Authenticate: Basic' .' realm="' . Configure::read('Settings.title') . '"'); header('HTTP/1.1 401 Unauthorized'); $this->autoRender = false; $this->layout = ''; die('HTTP/1.1 401 Unauthorized. Details incorrect. Please refresh.'); } if I change my callback to this, it will work, but this is insecure, obviously as it simply authenticates any POSTs! function incorrect () { if(!$this->RequestHandler->isPost()) { header('WWW-Authenticate: Basic' .' realm="' . Configure::read('Settings.title') . '"'); header('HTTP/1.1 401 Unauthorized'); $this->autoRender = false; $this->layout = ''; die('HTTP/1.1 401 Unauthorized. Details incorrect. Please refresh.'); } else { return true; } } thank you in advance for any help you can offer. Luke aka boobyW --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
HTTP-auth and Security Component cake 1.2 - POST a form cause me difficulty
Hi, I am using Cake 1.2 - 14th October nightly build. I have set up my app_controller with admin routing, so that an admin function will ask the user to authenticate with HTTP auth. (I had wanted to do a simple .htaccess, with .htpasswd - so I thought I would try the Cake way). I have this working, BUT, when I submit an add form (e.g. submit admin_Add or admin_edit) I get asked to authenticate again, which also doesnt seem to work if correct details are put in. (The latter is to do with my custom blackhole callback I think). How can I tell the Security component not to ask for Auth again upon a POST? here is my app_controller code: class AppController extends Controller { var $helpers = array('Html','Form','Javascript'); var $components = array("Security"); function beforeFilter() { if (isset($this->params["admin"])) { $this->Security->blackHoleCallback = 'incorrect'; $this->Security->requireLogin('*',array('type'=>'basic','realm' => Configure::read('Settings.title'))); $this->Security->loginUsers = array("admin" => 'password'); } } // added this callback because without, if a user enters wrong details, auth prompt will not re-display function incorrect () { header('WWW-Authenticate: Basic' .' realm="' . Configure::read('Settings.title') . '"'); header('HTTP/1.1 401 Unauthorized'); $this->autoRender = false; $this->layout = ''; die('HTTP/1.1 401 Unauthorized. Details incorrect. Please refresh.'); } if I change my callback to this, it will work, but this is insecure, obviously as it simply authenticates any POSTs! function incorrect () { if(!$this->RequestHandler->isPost()) { header('WWW-Authenticate: Basic' .' realm="' . Configure::read('Settings.title') . '"'); header('HTTP/1.1 401 Unauthorized'); $this->autoRender = false; $this->layout = ''; die('HTTP/1.1 401 Unauthorized. Details incorrect. Please refresh.'); } else { return true; } } thank you in advance for any help you can offer. Luke aka boobyW --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---