tomcur / cookietokenauth Goto Github PK
View Code? Open in Web Editor NEWA CakePHP plugin to provide secure cookie authentication
License: MIT License
A CakePHP plugin to provide secure cookie authentication
License: MIT License
Release 1.2.0 does not include the migrations files needed for migrate to run successfully.
Hello!
I am implementing your plugin conditionally as described in the "Disable automatic generation of token cookies" section of the readme.
My Auth Component load (in AppController) looks like this:
$this->loadComponent('Auth', [
'authenticate' => [
'Beskhue/CookieTokenAuth.CookieToken' => [
'fields' => ['username' => 'email'],
'setCookieAfterIdentify' => false,
'minimizeCookieExposure' => true,
],
'Form' => [
'fields' => ['username' => 'email'],
],
],
'logoutRedirect' => [
'controller' => 'Users',
'action' => 'login'
],
'unauthorizedRedirect' => [
'controller' => 'Users',
'action' => 'login'
]
]);
My Login method in UsersController contains the following:
if( $this->request->getData('remember_me') ) {
$this->loadComponent(
'Beskhue/CookieTokenAuth.CookieToken',
$this->Auth->getConfig('authenticate')['Beskhue/CookieTokenAuth.CookieToken']
);
$this->CookieToken->setCookie($user);
}
When I login and don't check remember me, It creates a token and adds a record to the auth_tokens table despite 'setCookieAfterIdentify' => false,
Is this expected behavior?
When I login and do check remember me, I get the following error:
The "CookieToken" alias has already been loaded with the following config: array ( 'fields' => array ( 'username' => 'email', 'password' => 'password', ), 'userModel' => 'Users', 'scope' => array ( ), 'finder' => 'all', 'contain' => NULL, 'passwordHasher' => 'Default', 'hash' => 'sha256', 'cookie' => array ( 'name' => 'userdata', 'expires' => '+10 weeks', ), 'minimizeCookieExposure' => true, 'setCookieAfterIdentify' => false, ) which differs from array ( 'fields' => array ( 'username' => 'email', ), 'setCookieAfterIdentify' => false, 'minimizeCookieExposure' => true, )
This leads me to believe the Beskhue/CookieTokenAuth.CookieToken component should not be loaded in the AppController if it is being loaded in the UserController conditionally. Is that correct?
Do you have any suggestions or things I should look at that may help resolve this for me?
I'm trying to use CookieTokenAuth in some CakePHP3 project, where user data table is not users
.
In Current implementation, though, users
model is hard-coded, and specifying userModel
doesn't work well.
// AuthTokensTable.php
public function initialize(array $config)
{
$this->addBehavior('Timestamp');
$this->belongsTo('Users');
}
// CookieTokenAuthenticate.php
$tokenEntity = $authTokens->findBySeries($series)->contain('Users')->first();
It caused the error, Error: [Cake\Database\Exception] SQLSTATE[42S02]: Base table or view not found: 1146 Table 'project_name.users' doesn't exist
.
In README this is in AppController's beforeFilter:
if(!$this->Auth->user())
{
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
return $this->redirect($this->Auth->redirectUrl());
}
}
This code will be executed for Cookie and Form logins. With Form logins, redirect() prevents the code in UserController's login() from being run where setCookie() is called.
So I changed the code in AppController to:
if(!$this->Auth->user())
{
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
if ($this->request->params['controller'] != 'Users' && $this->request->params != 'login' && !$this->request->is('post')) {
return $this->redirect($this->Auth->redirectUrl());
}
}
}
And the code in UsersController to:
public function login()
{
$this->loadComponent('Beskhue/CookieTokenAuth.CookieToken');
if ($this->request->is('post')) {
$user = $this->Auth->user();
if ($user) {
$this->CookieToken->setCookie($user);
return $this->redirect($this->Auth->redirectUrl());
} else {
$this->Flash->error(__('Username or password is incorrect.'));
}
}
}
This is definitely not elegant. Maybe you have a better idea for that.
I'm setup the plugin in a CakePHP 3 project as described in the readme. I'm getting an error when I go to the first page of my application, which doesn't require a user to be logged in (ie. It's open to everyone).
Error: A route matching "array ( 'controller' => 'Portfolios', 'action' => 'view', '_base' => false, 'plugin' => 'Beskhue/CookieTokenAuth', '_ext' => NULL, )" could not be found.
More data as follows:
None of the currently connected routes match the provided parameters. Add a matching route to config/routes.php
The passed context was:
[
'_base' => '',
'_port' => '80',
'_scheme' => 'http',
'_host' => 'localhost',
'params' => [
'plugin' => 'Beskhue/CookieTokenAuth',
'controller' => 'CookieTokenAuth',
'action' => 'index',
'_ext' => null,
'pass' => [],
'_matchedRoute' => '/auth/cookie-token-auth'
]
]
Hi,
if you logout the user, you'll have an error of "index "userModel" undefined".
The fix is to add the config array to the TableRegistry::get of "logout function" inside your component.
in CookieTokenAuthenticate :
before
$authTokens = \Cake\ORM\TableRegistry::get('Beskhue/CookieTokenAuth.AuthTokens');
after
$authTokens = \Cake\ORM\TableRegistry::get('Beskhue/CookieTokenAuth.AuthTokens',
['userModel' => $this->_config['userModel']]);
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.