CakePHP 2.5.7 - Authentication failure on login with non-standard user

2
votes

I am trying to use my Account model instead of the standard user when calling Auth. Auth is basing the login off of an email and token.

When Accounts are being added, they are going through the BlowfishPasswordHasher.

I just can't determine at what point it is failing to authenticate when logging in.

As far as I can see I've referenced Auth to use Account instead of User, and use email/token instead of username/password wherever relevant.

Is there anything obvious that sticks out or additional debugging lines that I could try?

Account Model

App::uses('AppModel', 'Model');
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');

class Account extends AppModel {
...
    public function beforeSave($options = array()) {
        if (isset($this->data['Account']['token'])) {
            $passwordHasher = new BlowfishPasswordHasher();
            $this->data['Account']['token'] = $passwordHasher->hash(
                $this->data['Account']['token']
            );
        }
        return true;
    }

}

Accounts Controller

App::uses('AppController', 'Controller');

class AccountsController extends AppController {

    public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->allow('add');
    }

    public function login() {
        $this->layout = 'nosidemenu';
        #debug($_SESSION);

        if ($this->request->is('post')) {
            if ($this->Auth->login()) {
                return $this->redirect($this->Auth->redirectUrl());
            }
            $this->Flash->error(__('Invalid username or password, try again debug($this->Auth->login())'));
        }
    }

}

Login.ctp

    <?php echo $this->Flash->render('auth'); ?>
    <?php echo $this->Form->create('Account', array('action' => 'login')); ?>

    <?php echo $this->Form->input('email', array('class' => 'form-control', 'type' => 'text', 'placeholder' => 'Email')); ?>    
    <?php echo $this->Form->input('token', array('class' => 'form-control', 'type' => 'password', 'placeholder' => 'Password')); ?> 

    <?php echo $this->Form->submit('Submit', array('class' => 'btn btn-primary btn-block btn-flat')); 
      echo $this->Form->end(); ?>

AppController

App::uses('Controller', 'Controller');
class AppController extends Controller {    
    public $components = array(
        'Session',
        'Flash',
        'Auth' => array('authenticate' => array('Form' => array(
                        'userModel' => 'Account',
                        'passwordHasher' => 'Blowfish',
                         'fields' => array(
                                           'username' => 'email',
                                           'password' => 'token'
                                           )
                       )
            ),
            'loginRedirect' => array(
                'controller' => 'accounts',
                'action' => 'index'
            ),
            'loginAction' => array(
                'controller' => 'accounts',
                'action' => 'login'
            ),
            'logoutRedirect' => array(
                'controller' => 'pages',
                'action' => 'index',
                'home'
            ),
            'authError' => 'You don\'t have access here.',
            ),
    );

    public function beforeFilter() {
        $this->Auth->allow('index', 'view');
        $this->Auth->authError = sprintf(__('You are not authorized to access that location %s/%s .',true),$this->name,$this->action);

    }

}

Additionally, I have the following debug lines in my login function:

EDIT:

So I've been playing with some debug lines, I've added debug($this->data); in both my AppController beforeFilter() and AccountController login(). Both instances of that debug line report the same array of:

array(
    'Account' => array(
         'email' => '[email protected]',
         'token' => 'password'
     )
)

Shouldn't the debug message in login() report a hashed token? Even though Accounts are added to the database with a hashed password, could they not be getting hashed when being called through login?

1
phpcakephp
Asking your question in this way will not get you much help, if any. Please see this helpful guide on how to ask the right type of question stackoverflow.com/help/how-to-askRelequestual
What about my question is not the right type of question? I've seen similar requests to this so I thought I would provide a dump of what I've gotten so far already before someone ended up asking for that. I've provided all the relevant code that is related to this error, given some background before posting code, etc. Looking through that list I don't see much difference from what I have posted - this comment is vague.user2936644
Now that you've edited your question, it is OK. Previously it was not. =]Relequestual

1 Answers

1
votes

You have to set data to your model

public function login() {
        $this->layout = 'nosidemenu';
        #debug($_SESSION);

        if ($this->request->is('post')) {
            /* Passed the request data in $this->Auth->login() */
            if ($this->Auth->login($this->request->data)) {
                return $this->redirect($this->Auth->redirectUrl());
            }
            $this->Flash->error(__('Invalid username or password, try again debug($this->Auth->login())'));
        }
    }

Here i got this from here

In 2.x $this->Auth->login($this->request->data) will log the user in with whatever data is posted, whereas in 1.3 $this->Auth->login($this->data) would try to identify the user first and only log in when successful.