Cakephp 2.x Authentication Login not working

0
votes

I started off creating a single form to create users/password records in my database. I realize that passwords being created were not being encrypted automatically so i grabbed some sample code from the internet to encrypt my passwords when user records are created.

The problem is my users still cannot log in.

Here is the User model, the code is supposed to sha256 the password (when creating the user record)

public function beforeSave($options = array()) {
    if (!empty($this->data['User']['password'])) {
        $passwordHasher = new SimplePasswordHasher(array('hashType' => 'sha256'));
        $this->data['User']['password'] = $passwordHasher->hash(
            $this->data['User']['password']
        );
    }
    return true;
}

This seems to result in the password being saved in the database as a string of encrypted looking gibberish. Hence i assume the encryption is working!

And now we move on to the login form.

Here is the LoginsController login code that displays login.ctp and processes the login.

public function login() {
    if ($this->request->is('post')) {
        if ($this->Auth->login()) {
            $this->redirect($this->Auth->redirect());
        } else {
            $this->Session->setFlash('Your username/password combination was incorrect');
        }
    }
}

Here is my login.ctp

<h2>Login</h2>

<?php

echo $this->Form->create();
echo $this->Form->input('username');
echo $this->Form->input('password');
echo $this->Form->end('Login');
?>

Since I have sha256 hashtype specified in my earlier User Model in the beforeSave function, I also then added into my AppController an Auth component 'authenticate' array to specify 'hashType' => 'sha256'. I assume this instructs Cakephp which hashtype to use when a user tries to log in.

public $components = array(
    'DebugKit.Toolbar',
    'Session',
    'Auth'=>array(
        'loginRedirect'=>array('controller'=>'logins', 'action'=>'login'),  
        'logoutRedirect'=>array('controller'=>'logins', 'action'=>'logout'), 
        'authError'=>'You cannot access that page', //Error message whenever someone access a page without auth
        'authorize'=>array('Controller') //Where in our application that authorization will occur

    ),
    'authenticate' => array(
        'Form' => array(
            'passwordHasher' => array(
                'className' => 'Simple',
                'hashType' => 'sha256'
            )
        )
    )
);

I realize whether or not I have this 'hashType' => 'sha256' in my AppController or not, the login does not work. When attempting to login, it always results in message "Your username/password combination was incorrect" which is from LoginsController login action.

Questions

1) How can I troubleshoot the user not being able to log in?

2) Why are there so many ways (i found on various sites) to encrypt password (e.g using alias, using Security::hash, and using SimplePasswordHasher, etc)

3) What is the default encryption expected by Auth component?

Thanks!

3
cakephpauthenticationencryptionlogin
Apologies. The actual error i'm getting now is that i cannot even get to the login screen because it is saying "Error: authenticateComponent could not be found. Error: Create the class authenticateComponent below in file: app\Controller\Component\authenticateComponent.php" - aDvo

3 Answers

0
votes

you need to pay attention to the error messages (they are usually pretty descriptive) and your casing (that is also very important when coding).

'authenticate' => array() !== 'Authenticate' => array()

The latter is the name of the component and needs to exactly match it.

Regarding 2) Some are deprecated ways of doing it. Using the PasswordHasher is the recommended future proof approach.

3) sha1 (as you can see by looking into the core code) for cake2

PS: If you are smart you are now using the cake3 default which is blowfish. Then you are all set for the far future.

0
votes

I changed it to 'Authenticate' in my AppController but i still got prompted the same error message.

What I did was I removed the entire Authenticate array from my Auth component in AppController, and I replaced the User Model beforeSave code with:

    if (isset($this->data[$this->alias]['password'])) {
        $passwordHasher = new SimplePasswordHasher();
        $this->data[$this->alias]['password'] = $passwordHasher->hash(
            $this->data[$this->alias]['password']
        );
    }
    return true;

Took this code straight off the Cakephp site http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html

Right now i'm not sure what hashing method is being used but it works now and created users can now login.

0
votes

1) How can I troubleshoot the user not being able to log in?

Start by paying attending to the error message. You get error Error: authenticateComponent could not be found. because your $components array in invalid. The authenticate key is a setting for Auth and hence should nested inside the array for Auth key.

2) Why are there so many ways (i found on various sites) to encrypt password (e.g using alias, using Security::hash, and using SimplePasswordHasher, etc)

Since 2.4 the proper way is to use the SimplePasswordHasher as shown in the book example. Prior to that Security class was directly used.

3) What is the default encryption expected by Auth component?

In 2.x the default encryption is sha1. Since you are using sha256 make sure the length of password field in db is large enough to store the complete hash. I don't remember off hand what the length is, you can just set field type to text to get things going.