php - CakePHP 2.5.7 - Authentication failure on login with non-standard user

658

I am trying to use myAccount model instead of the standard user when callingAuth. Auth is basing the login off of an email and token.

When Accounts are being added, they are going through theBlowfishPasswordHasher.

I just can't determine at what point it is failing to authenticate when logging in.

As far as I can see I've referencedAuth to useAccount instead ofUser, and use email/token instead of username/password wherever relevant.

Is there anything obvious that sticks out or additional debugging lines that I could try?

Account Model

App::uses('AppModel', 'Model');
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');

class Account extends AppModel {
...
    public function beforeSave($options = array()) {
        if (isset($this->data['Account']['token'])) {
            $passwordHasher = new BlowfishPasswordHasher();
            $this->data['Account']['token'] = $passwordHasher->hash(
                $this->data['Account']['token']
            );
        }
        return true;
    }

}

Accounts Controller

App::uses('AppController', 'Controller');

class AccountsController extends AppController {

    public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->allow('add');
    }

    public function login() {
        $this->layout = 'nosidemenu';
        #debug($_SESSION);

        if ($this->request->is('post')) {
            if ($this->Auth->login()) {
                return $this->redirect($this->Auth->redirectUrl());
            }
            $this->Flash->error(__('Invalid username or password, try again debug($this->Auth->login())'));
        }
    }

}

Login.ctp

    <?php echo $this->Flash->render('auth'); ?>
    <?php echo $this->Form->create('Account', array('action' => 'login')); ?>

    <?php echo $this->Form->input('email', array('class' => 'form-control', 'type' => 'text', 'placeholder' => 'Email')); ?>    
    <?php echo $this->Form->input('token', array('class' => 'form-control', 'type' => 'password', 'placeholder' => 'Password')); ?> 

    <?php echo $this->Form->submit('Submit', array('class' => 'btn btn-primary btn-block btn-flat')); 
      echo $this->Form->end(); ?>

AppController

App::uses('Controller', 'Controller');
class AppController extends Controller {    
    public $components = array(
        'Session',
        'Flash',
        'Auth' => array('authenticate' => array('Form' => array(
                        'userModel' => 'Account',
                        'passwordHasher' => 'Blowfish',
                         'fields' => array(
                                           'username' => 'email',
                                           'password' => 'token'
                                           )
                       )
            ),
            'loginRedirect' => array(
                'controller' => 'accounts',
                'action' => 'index'
            ),
            'loginAction' => array(
                'controller' => 'accounts',
                'action' => 'login'
            ),
            'logoutRedirect' => array(
                'controller' => 'pages',
                'action' => 'index',
                'home'
            ),
            'authError' => 'You don\'t have access here.',
            ),
    );

    public function beforeFilter() {
        $this->Auth->allow('index', 'view');
        $this->Auth->authError = sprintf(__('You are not authorized to access that location %s/%s .',true),$this->name,$this->action);

    }

}

Additionally, I have the following debug lines in my login function:

EDIT:

So I've been playing with some debug lines, I've addeddebug($this->data); in both my AppController beforeFilter() and AccountController login(). Both instances of that debug line report the same array of:

array(
    'Account' => array(
         'email' => '[email protected]',
         'token' => 'password'
     )
)

Shouldn't the debug message in login() report a hashed token? Even though Accounts are added to the database with a hashed password, could they not be getting hashed when being called through login?

863

Answer

Solution:

You have to set data to your model

public function login() {
        $this->layout = 'nosidemenu';
        #debug($_SESSION);

        if ($this->request->is('post')) {
            /* Passed the request data in $this->Auth->login() */
            if ($this->Auth->login($this->request->data)) {
                return $this->redirect($this->Auth->redirectUrl());
            }
            $this->Flash->error(__('Invalid username or password, try again debug($this->Auth->login())'));
        }
    }

Here i got this from here

In 2.x$this->Auth->login($this->request->data) will log the user in with whatever data is posted, whereas in 1.3$this->Auth->login($this->data) would try to identify the user first and only log in when successful.

People are also looking for solutions to the problem: How to send email using SMTP and connected to proxy in PHP

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.