Geek asks and answers

CakePHP 2.3.2 BasicAuthentication not working

I tried the tutorial "Simple Acl controlled 1 and 2" located at http://book.cakephp.org/2.0/en/tutorials-and-examples/simple-acl-controlled-application/simple-acl-controlled-application .html .

After that, I tried to activate BasicAuth instead of FormAuth.

I re-executed the login () function im my UsersController as follows:

public function login() {
if ($this->Auth->login()) {
        return $this->redirect($this->Auth->redirect());
    } else {
        $this->Session->setFlash('Not able to login');
    }
}

and changed the $ components variable in my AppController to the following:

public $components = array(
    'Acl',
    'Auth' => array(
        'authorize' => array(
            'Actions' => array('actionPath' => 'controllers')
        ),
        'authenticate' => array('Basic')
    ),
    'DebugKit.Toolbar',
    'Session'
);

The BasicAuth popup window appears as expected, but when I try to log in, it returns to an infinite loop. I did not change anything after the tutorial, except for the inclusion of DebugKit.

? , - , CakePHP, !

AppController

public function beforeFilter() {
    //Configure AuthComponent
    $this->Auth->allow('display');
    $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
    $this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login');
    $this->Auth->loginRedirect = array('controller' => 'posts', 'action' => 'add');
}

UsersController

public function beforeFilter() {
    parent::beforeFilter();
}

, . /users/, , FormAuth, , . Logindata (admin: admin), .

2

Apache Log , , :

IP - - [16/Apr/2013: 18: 08: 37 +0200] "GET/users/login HTTP/1.0" 401 5179 "-" "Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv: 23.0) Gecko/20130414 Firefox/23.0"

3

- , , PHP. /lif/Cake/Controller/Auth/BasicAuthenticate , !

public function authenticate(CakeRequest $request, CakeResponse $response) {
    $_SERVER['PHP_AUTH_USER'] = $_SERVER['PHP_AUTH_PW'] = "admin";
    $result = $this->getUser($request);

    if (empty($result)) {
        $response->header($this->loginHeaders());
        $response->statusCode(401);
        $response->send();
        return false;
    }
    return $result;
}

4

, , Plesk 11, , .

5

, "thaJeztah" , , .

  • fcgid apache

    1,1. , ! , , , , "Active Logins", Firefox.

var_dump($this->Session->read('Auth.User'));

NULL

/users/login, .

print "<pre>";
print_r($this->Session->read('Auth.User'));
print "</pre>";

Array
(
    [id] => 1
    [username] => admin
    [group_id] => 1
    [created] => 2013-04-12 12:54:26
    [modified] => 2013-04-16 14:27:24
    [is_active] => 1
    [Group] => Array
        (
            [id] => 1
            [name] => Admin
            [created] => 2013-04-12 12:46:42
            [modified] => 2013-04-12 12:46:42
        )

)

  • .htaccess , , ( list(), , ).

    2,1. , , .

6

.:-) " ", , , /users/login /pages/home: http://guest:guest@my.domain/users/login

/users/logout , :

public function logout() {
    $user = $this->User->find('first', array('conditions' => array('username' => 'guest')));
    $this->Auth->login($user['User']['id']);
}

, , , , , ?

, http://admin:admin@my.domain/users/login. , Firefox.

, : , BasicAuth /users/login? , .

7

. , , , !

(Ps: ACL / isAuthorized(), , AppController, , ( , - $components, ), , isAuthorized().)

AppController.php

public function beforeFilter($redirectlogin = true) {
    //Configure AuthComponent
    $this->Auth->allow('display', '/users/login');
    $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
    $this->Auth->logoutRedirect = array('controller' => 'pages', 'action' => 'home');
    $this->Auth->loginRedirect = array('controller' => 'pages', 'action' => 'home');
    $this->Auth->unauthorizedRedirect = array('controller' => 'HTTPCODE', 'action' => 'c403');

    if($redirectlogin && $this->Session->read('Auth.needs_reauthenticate')) {
        if(!($this->request->params['controller'] == $this->Auth->loginRedirect['controller'] && $this->request->params['pass'][0] == $this->Auth->loginRedirect['action'])) {
            $this->redirect('/users/login');
        }
    }
 }

UsersController.php

public function beforeFilter() {
    parent::beforeFilter(false);
}

    public function login() {
        $this->autoRender = false;
        $this->Session->write('Auth.needs_reauthenticate', true);
        if(!$this->Session->check('Auth.count')) {
            $count = 1;
        } else {
            $count = $this->Session->read('Auth.count') + 1;
        }
        $this->Session->write('Auth.count', $count);

        if($this->Session->read('Auth.needs_reauthenticate')) {
            if((isset($_SERVER['HTTP_AUTHORIZATION']) && $this->Session->read('Auth.count') == 1) || (!isset($_SERVER['HTTP_AUTHORIZATION']) || empty($_SERVER['HTTP_AUTHORIZATION']) || !$this->Session->check('Auth.sent_header_step') || $this->Session->read('Auth.sent_header_step') < 1)) {
                unset($_SERVER['HTTP_AUTHORIZATION']);
                $this->Session->write('Auth.redirectTo', $this->Auth->redirect());

                $this->response->header(sprintf('WWW-Authenticate: Basic realm="%s"', env('SERVER_NAME')));
                $this->response->statusCode(401);
                $this->response->send();

                $this->Session->write('Auth.sent_header_step', 1);
            }       

            if(isset($_SERVER['HTTP_AUTHORIZATION'])) {
                $this->Session->write('Auth.sent_header_step', 0);
                $base64string = base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6));
                if(!(strlen($base64string) > 1 && substr($base64string, -1, 1) != ":")) {
                    $_SERVER['PHP_AUTH_USER'] = "";
                    $_SERVER['PHP_AUTH_PW'] = "";
                }

                $data = true;
            }

            $this->Auth->logout();

            if(isset($data) && $this->Session->read('Auth.count') > 1) {
                if($this->Auth->login()) {
                    $this->Session->write('Auth.needs_reauthenticate', false);
                    if($this->Session->check('Auth.redirectTo')) {
                        $redirectTo = $this->Session->read('Auth.redirectTo');
                        $this->Session->delete('Auth.redirectTo');
                        $this->Session->delete('Auth.count');

                        return $this->redirect($redirectTo);
                    } else {
                        return $this->redirect($this->Auth->redirect());
                    }
                } else {
                    $this->response->statusCode(403);
                    // my 403 message
                }
            } else {

                if(!isset($_SERVER['HTTP_AUTHORIZATION']) && $this->Session->read('Auth.count') > 1 && isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) && trim($_SERVER['PHP_AUTH_USER']) != "" && trim($_SERVER['PHP_AUTH_PW']) != "") {
                    if($this->Auth->login()) {
                        $this->Session->write('Auth.needs_reauthenticate', false);
                        if($this->Session->check('Auth.redirectTo')) {
                            $redirectTo = $this->Session->read('Auth.redirectTo');
                            $this->Session->delete('Auth.redirectTo');
                            $this->Session->delete('Auth.count');

                            unset($_SERVER['HTTP_AUTHORIZATION']);
                            unset($_SERVER['PHP_AUTH_USER']);
                            unset($_SERVER['PHP_AUTH_PW']);
                            return $this->redirect($redirectTo);
                        } else {
                            return $this->redirect($this->Auth->redirect());
                        }
                    } else {
                        $this->response->statusCode(403);
                        // my 403 message
                    }
                }

                $this->response->statusCode(403);
                // my 403 message
            }
        }
    }

+5
1

PHP () CGI

, - PHP () CGI, PHP_AUTH_USER PHP_AUTH_PWD $_SERVER. AuthComponent .

/- Plesk, php " apache" - BasicAuthenticate, .

:

PHP_AUTH_USER ?

Symfony -, , , ;

https://github.com/symfony/symfony/issues/1813

update:

basic authentication . - " ", , . ; "", . , , , .

- /.

:

http://en.wikipedia.org/wiki/Basic_access_authentication

http basic authentication "log out"

; . ( base64 ).

, ( ) , / . , IP / .

SSL, , .

"", :)

;

, , "" AppController::isAuthorized() (. ControllerAuthorize)

- (Mockup code):

/:

if ("usercredentials sent by browser" === "current logged in user in session") {
    // Mark session as 'needs-to-reauthenticate'
    $this->Session->write('Auth.needs_reauthenticate', true);

    // Need to find a clean approach to get the BasicAuth loginHeaders()
    // *including* the right settings (realm)
    $this->response->header(/*BasicAuth::loginHeaders()*/);

    // Access denied status
    $this->response->statusCode(401);
    return $this->response->send();
}

AppController:: isAuthorized()

if ($this->Session->read('Auth.needs_reauthenticate')) {
    return false;
} else {
    // Normal 'isAuthorized()' checks here
}

: , "" , , .

, cookie . cookie "" cookie , Session.cookieTimeout 0 (. Session Configuration

+3

More articles:


All Articles