Point taken... Will put that on my todo list. I may even end up publishing a short bakery article for a change ;)
/Martin On Jan 18, 1:34 am, "Dardo Sordi Bogado" <[email protected]> wrote: > I think this is worth of become an bakery post... > > Regards, > - Dardo. > > On Mon, Jan 12, 2009 at 2:19 PM, Martin Westin > > <[email protected]> wrote: > > > Hi all, > > It is not overtly documented but you can check your http > > authentication against your normal users table, just like Auth > > Component does. I didn't know this before. I thought I had to make an > > loginUserrs array. But a simple change gave me the opportunity to > > check the login any way I wanted. > > > Generally speaking I'd say this is a bad idea. Letting users login > > using HTTP basic authentication is a bit of a security risk. It can be > > very useful at times though so i thought I'd post my code in case > > anyone else wants to use something like it... or just criticize the > > whole idea until I change my mind :) > > > My reason is that I want a "protected" RSS feed. The feed will include > > private information not intended for public use but I still like rss > > as a notification scheme. THis is the best solution I have come up > > with for protecting a feed. > > > Here is the relevant lines from my controller. Auth is globally > > configured in AppController much like in the numerous tutorials > > around. Nothing special there but it is active. > > > --- > > var $components = array('Security'); > > > function beforeFilter() { > > if ( $this->RequestHandler->isRss() ) { > > $this->Auth->allow('index'); > > $this->Security->loginOptions = array( > > 'type'=>'basic', > > 'login'=>'authenticate', > > 'realm'=>'My_RSS_Feeds' > > ); > > $this->Security->loginUsers = array(); > > $this->Security->requireLogin('index'); > > } > > parent::beforeFilter(); > > } > > > function authenticate($args) { > > $data[ $this->Auth->fields['username'] ] = $args['username']; > > $data[ $this->Auth->fields['password'] ] = $this->Auth->password > > ($args['password']); > > > if ( $this->Auth->login($data) ) { > > return true; > > } else { > > $this->Security->blackHole($this, 'login'); > > return false; > > } > > } > > --- > > > As you can see there is not much different from the cookbook (for > > example). The key is the login-key in the loginOptions hash. This lets > > me provide a method that will take care of allowing or disallowing a > > login. > > > The authenticate method re-packages the username and password to suit > > Auth and then tries to login.. and Voilà! > > > I noticed that returning true or false was not enough. I had to > > specify that the request should "blackHole" here. I could try digest > > authentication but I haven't gotten around to it yet. (My normal > > logins pass passwords in the clear already so...) > > > That's all > > /Martin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
