Kohana Auth on every request

0
votes

I’d like to build a stateless system with Kohana, so I don’t want to use sessions. I’d like to send a username and password with every request (how those credentials are transferred is irrelevant at this point), check that the credentials are correct with Kohana, and respond with the relevant data or a 401.

I understand I’ll probably need to extend the Auth module, but for some reason I keep getting 500s. Here’s what I’m trying:

classes/Auth.php

<?php defined('SYSPATH') OR die('No direct access allowed');

class Auth extends Kohana_Auth {

    public static function checkCredentials($username, $password) {
        return TRUE;
    }

    public function password($username) {
        parent::password($username);
    }

    public function check_password($password) {
        parent::check_password($password);
    }

    protected function _login($username, $password) {
        parent::_login($username, $password);
    }

}

classes/Controller/Frontdesk.php

<?php defined('SYSPATH') or die('No direct script access.');

abstract class Controller_Frontdesk extends Kohana_Controller {

    public function before() {
        parent::before();

        // If not logged in, throw exception
        if (!Auth::checkCredentials('[email protected]','fido')) throw new HTTP_Exception_401();

    }

}
1
phpkohanakohana-3
What do your PHP (or Apache) error logs say? Often you'll find more information about why you got a 500 Internal Server error in the log files for your application. - Jon
Ah, that helped. For some reason, the errors weren’t being logged to the Kohana logs like they normally would if I for example misspelled a class. I checked the logs and it showed that my declaration of _login() needed to be compatible with the method it was overriding. I was missing a parameter. - Jezen Thomas
Glad that helped! Could you answer your own question and mark it as accepted? Thanks - Jon

1 Answers

0
votes

As it turned out, I had incorrectly declared a method of a class that I was extending.

The Auth class in Kohana defines this method:

abstract protected functin _login($username, $password, $remember);

Since I didn’t need passwords to be remembered, I thought it would be alright to declare the method as:

protected function _login($username, $password) {};

I was wrong.