Auth->login() always logging in user

Question

In my AppController:

public $components = array('Auth' => array(
    'authenticate' => array('Blowfish')
),

In my UsersController:

public function login() {    

if($this->request->isPost()) {
        $this->autoRender = false;
        if($this->Auth->login()) {
            $this->response->statusCode(200);
        }
        else {
            $this->response->statusCode(401);
        }
    }

}

And whatever data are POSTed to /users/login the reponse is always 200 and user is logged in. How I can force Auth not to login but check username and password in db?

Please make sure you are following the directions here: book.cakephp.org/2.0/en/core-libraries/components/… — swiecki
Do you have something in Auth->allow() in your before filter for example? — Borislav Sabev
For those of you who are lost in the eternal quagmire that is CakePHP's auth system, consider giving up and doing: $this->User->findByUsernameAndPassword() instead of Auth->login. It's not best practice, but it's reliable and you can still use encryption and make sure your actions/controllers aren't touched by unregistered users. — Vael Victus

Antonio Giordano Antonio Giordano · Accepted Answer · 2013-03-08T13:15:46

I'm having troubles with blowfish too.

But, did you remember to change the way passwords are stored in DB?

You have to do this in your "User" model:

App::uses('Security', 'Utility');

class User extends AppModel {

public function beforeSave($options = array()) {
    // Use bcrypt
    if (isset($this->data['User']['password'])) {
        $hash = Security::hash($this->data['User']['password'], 'blowfish');
        $this->data['User']['password'] = $hash;
    }
    return true;
}

}

Auth->login() always logging in user

1 Answers