Hi bakers,
Just wanted to share my experience of integrating the Auth component
into a non-finished application in cake12.
Overall, the component is great and easy to implement, however I had
to deal with some "tricky" features.
First the application context:
I have users spread out in different centers. Basically a user belongs
to a center. I have then a "Center" model and a "User" model. User
belongsTo a Center.
I can have a user "John Smith" in center A, and another "John Smith"
in center B. Thus on login screen a field "Center name" is also
captured. I can also disabled a complete center, meaning that every
user of this center would fail to login.
Using the Auth component, I have set the following in my login
function :
if(!empty($this->data))
{
// Add the Center checks
$this->Auth->userScope = array( 'Center.disabled' => 0,
'Center.name' => $this->data['Center']['name']);
if(!$this->Auth->login($this->data))
{
That should do the trick I though ... well not exactly. That does not
work because the Auth component include a -1 as the recursive flag for
the call to User->find.
Workaround : I have added a $recursive variable to the component and
initialized it to -1. Now I just have to add $this->Auth->recursive =
1; prior to the Auth->login call.
Second "small" problem, I need to keep in the Session some fields of
the Center record. For now, the login function of the Auth stores only
$data['User'].
I did solve this, in a "dirty way" by changing the return of the
identify function :
return $this->recursive > 0 ? $data : $data[$this->userModel];
I am sure the above might give me some problems later, feel free to
give me hints.
Another problem that I faced, was the default hash parameters to use.
My DB already had some user password hashed using md5.
I did add a variable called $hashMethod in the component, and
initialized to 'sha1', I can then override the variable if I need
something else. I also added a $hashPrefix initialized to the
CAKE_SESSION_STRING, and I can override it.
The password function is modified as :
function password($password) {
return Security::hash($hashPrefix . $password, $hashMethod);
}
The hashPasswords implemented into the startup function gave me some
trouble as well. I have a "changeDetail" function used by any user to
change their details as well as their password. I have set a control
to enforce the password strength such as at least 6 different
characters among them 2 digits.
This rule can't be verified anymore since the startup function will
"hash" my password prior to my verification.
For now the WorkAround is to use another field than "password" into
the view and just add the "password" ($this->data['User']['password']
= $this->Auth->password($this->data['User']['passtrick']) prior to
save.
This is no really "elegant", maybe a "enable/disable" method (or an
array of controller/view to avoid the call to hashPasswords) could be
implemented into the Auth ?
That's about it for now. Do not get me wrong, I know I have listed
mainly problems but the Auth is great component. I could work without
the Auth component since my application requires login for every
action (except the login / logout actions of course), but my main
interest is to link it with the cake12 ACL (next step).
Again, some of the above might be due to my misunderstanding of the
component, please feel free to suggest or comments.
Thanks
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
