If all your problems was because of forgotten parent::beforeFilter() call it is only your problem, not cake one.
On Sep 26, 12:38 am, gparra <[email protected]> wrote: > Does anyone have a good sense of whether this is could be considered a > bug and if so, how can i submit it as one to the CakePhp community? > > My code works how I want it to work, but it certainly doesn't look > like what I think CakePhp intended, I don't want to build my whole > site using it and one day have to change everything when an update of > CakePhp breaks it all. > > I'd rather submitt a bug, track it, help if i can and make sure it > works as intended in the future versions. > > I'll appreciate any comments. > > Thank you. > > On Sep 17, 11:56 pm, gparra <[email protected]> wrote: > > > > > Oh, by the way, I realized afterwards. > > > Make sure you users_controller either doesn't have a beforeFilter() > > function or if it does, it calls parent::beforeFilter() as the first > > thing it does. Otherwise you won't be able to login or out with the > > custom hash in the model. (I know this makes it even more confusing to > > figure out how the whole thing is working, but at least it is, and > > that's really where I wanted it to be in the first place.) > > > On Sep 17, 11:41 pm, gparra <[email protected]> wrote: > > > > Ok, so basically I left it working as intended, but I'm not sure this > > > is the way CakePHP intended for me to write it so it would work. > > > > I tried removing isAuthorized and that made any controller without a > > > beforeFilter() function claiming for a definition of isAuthorized. > > > > I tried four different controllers with the above mentioned > > > app_controller: > > > > 1. No before filter function - Everything is accessible without a > > > password, but add and edit don't send you to the form, put you back on > > > index displaying the flash "The controller has been saved" > > > 2. Before filter function with: > > > function beforeFilter(){ > > > parent::beforeFilter(); > > > $this->Auth->allow('index'); > > > } > > > In this case, nothing requires a login and Add and Edit behave the > > > same way as with 1. > > > 3. Before filter function with only $this->Auth->allow('index'); - > > > Here everything works as intended, index doesn't require a password > > > and add and edit work just fine. Note the fact again that this only > > > happens if I DONT call parent:beforeFilter() > > > 4. Empty beforeFilter() function - Everything requires a password > > > (even though the app_controller says allow('*'), but after the > > > password is entered, everything behaves as it should. > > > > Thus since i was uncomfortable with the fact that my solution combined > > > an allow('*') in the app_controller with an empty beforeFilter() > > > function, i decided to try allow('display') again and combined it with > > > number 3 above. This way It would at least make sense that everything > > > would require a password except for index and display, even though not > > > calling parent::beforeFilter() wasn't being called. > > > > And that worked. so my final combination 'weird solution' looks like > > > this: > > > app_controller: > > > <?php > > > class AppController extends Controller { > > > var $components = array('Auth'); > > > > function beforeFilter() { > > > Security::setHash('md5'); > > > $this->Auth->authenticate = ClassRegistry::init('User'); > > > $this->Auth->fields = array( > > > 'username' => 'name', > > > 'password' => 'pass', > > > ); > > > $this->Auth->loginAction = array('controller' => 'users', > > > 'action' => 'login'); > > > $this->Auth->loginRedirect = array('controller' => 'pages', > > > 'action' => 'display', 'home'); > > > $this->Auth->allow('display'); > > > $this->Auth->authorize = 'controller'; > > > > } > > > > function isAuthorized() { > > > return true; > > > }} > > > > ?> > > > > controller before filter: > > > function beforeFilter(){ > > > $this->Auth->allow('index'); > > > } > > > > User model hashpasswords: > > > function hashPasswords($data) { > > > $data['User']['pass'] = md5($data['User']['pass']); > > > return $data; > > > } > > > > This allows me to move forward with an authenticated app that allows > > > index without credentials and lets me leave everything else working as > > > it should. > > > > The downside is that if this is a bug I'm going to have to re-write > > > all the stuff once it gets fixed and that will be a big pain since I > > > have to put either and empty beforeFilter() function or one with the > > > allow index in every single controller I need to have authentication. > > > > I hope my solution helps someone else in the future, or is at least > > > used for debugging of Cake. If I'm wrong though and I'm doing > > > something silly that is making me have this not so nice behavior I'll > > > be happy to swallow my words and venerate CakePHP accordingly so > > > please let me know if I am! > > > > Thank you! > > > > On Sep 17, 9:41 am, gparra <[email protected]> wrote: > > > > > I'll give the authorize thing a try again, although I didn't have it > > > > in the previous version, I don't think it will make a difference. > > > > > I did read a lot about whether to use the salt or not, for other > > > > things rather than just the password hashing and Cake doesn't only use > > > > it for the password hashing but also for other things, like cookies I > > > > believe. So I rather keep using the Cake salt, just not for password > > > > hashing. > > > > > I will give it a shot removing it from the core config and removing my > > > > own hashpassword function. Just to see if I get the right behavior. > > > > > I'm pretty confused at the last thing though. Empty beforeFilter() > > > > functions make the controllers behave as intended? that's just > > > > weird :) > > > > > And everything else does look correct. > > > > > Will give the authorize and salt thing a try tonight, I won't be able > > > > to work on it until late today. > > > > > Maybe the session is confusing the salt when opening an add or edit > > > > function and spitting me out straight to "The controller has been > > > > saved". (Which would be a bug since if there's problems with the salt > > > > and its not letting me into the add or edit form, the flash should say > > > > something like "Cannot add controller" or "Cannot edit controller" > > > > instead of the message I'm getting. > > > > > Thanks. > > > > > On Sep 17, 9:17 am, Miles J <[email protected]> wrote: > > > > > > Try removing the isAuthorized, especially if there is no logic in it. > > > > > That may be the problem, not sure. Everything else looks correct > > > > > though. > > > > > > Also, if you want to use md5() hashing but not use a salt, just set > > > > > the salt to empty in the core config. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
