I am trying to use my Account
model instead of the standard user when calling Auth.
Auth is basing the login off of an email and token.
When Accounts are being added, they are going through the BlowfishPasswordHasher.
I just can't determine at what point it is failing to authenticate when logging in.
As far as I can see I've referenced Auth
to use Account
instead of User
, and use email/token instead of username/password wherever relevant.
Is there anything obvious that sticks out or additional debugging lines that I could try?
Account Model
App::uses('AppModel', 'Model');
App::uses('BlowfishPasswordHasher', 'Controller/Component/Auth');
class Account extends AppModel {
...
public function beforeSave($options = array()) {
if (isset($this->data['Account']['token'])) {
$passwordHasher = new BlowfishPasswordHasher();
$this->data['Account']['token'] = $passwordHasher->hash(
$this->data['Account']['token']
);
}
return true;
}
}
Accounts Controller
App::uses('AppController', 'Controller');
class AccountsController extends AppController {
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('add');
}
public function login() {
$this->layout = 'nosidemenu';
#debug($_SESSION);
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirectUrl());
}
$this->Flash->error(__('Invalid username or password, try again debug($this->Auth->login())'));
}
}
}
Login.ctp
<?php echo $this->Flash->render('auth'); ?>
<?php echo $this->Form->create('Account', array('action' => 'login')); ?>
<?php echo $this->Form->input('email', array('class' => 'form-control', 'type' => 'text', 'placeholder' => 'Email')); ?>
<?php echo $this->Form->input('token', array('class' => 'form-control', 'type' => 'password', 'placeholder' => 'Password')); ?>
<?php echo $this->Form->submit('Submit', array('class' => 'btn btn-primary btn-block btn-flat'));
echo $this->Form->end(); ?>
AppController
App::uses('Controller', 'Controller');
class AppController extends Controller {
public $components = array(
'Session',
'Flash',
'Auth' => array('authenticate' => array('Form' => array(
'userModel' => 'Account',
'passwordHasher' => 'Blowfish',
'fields' => array(
'username' => 'email',
'password' => 'token'
)
)
),
'loginRedirect' => array(
'controller' => 'accounts',
'action' => 'index'
),
'loginAction' => array(
'controller' => 'accounts',
'action' => 'login'
),
'logoutRedirect' => array(
'controller' => 'pages',
'action' => 'index',
'home'
),
'authError' => 'You don\'t have access here.',
),
);
public function beforeFilter() {
$this->Auth->allow('index', 'view');
$this->Auth->authError = sprintf(__('You are not authorized to access that location %s/%s .',true),$this->name,$this->action);
}
}
Additionally, I have the following debug lines in my login function:
EDIT:
So I've been playing with some debug lines, I've added debug($this->data);
in both my AppController beforeFilter() and AccountController login().
Both instances of that debug line report the same array of:
array(
'Account' => array(
'email' => '[email protected]',
'token' => 'password'
)
)
Shouldn't the debug message in login() report a hashed token? Even though Accounts are added to the database with a hashed password, could they not be getting hashed when being called through login?