"Auth->identify()" always returns false - CakePHP 3.5

0
votes

For some reason I can't login to accounts I registered. More info below.

Functions from UsersController.php 

public function login() {
    if ($this->request->is('post')) {
        $auth = $this->Auth->identify(); // Returns false
        debug($this->request->getData()); // Return email & with unhashed password
        debug($auth);
        if ($auth) {
            $this->Auth->setUser($auth);
            $this->redirect($this->Auth->redirectUrl());
        } else {
            $this->Flash->error('E-mail or password is wrong.');
        }
    }
}

public function register() {
    $user = $this->Users->newEntity();
    $this->set('user', $user);

    $this->loadModel('Groups');
    $group = $this->Groups->newEntity();
    $this->set('group', $user);

    if ($this->request->is('post')) {

        // Check if passwords matches
        $pass = $this->request->getData('password');
        $con_pass = $this->request->getData('password_confirm');

        if ($pass !== $con_pass) {
            return $this->Flash->error('Passwords don\'t match');
        }

        // Patch entities
        $group = $this->Groups->patchEntity($group, $this->request->getData());
        $user = $this->Users->patchEntity($user, $this->request->getData());

        // Make group and user
        if (empty($group->errors()) && empty($user->errors())) {
            // Group
            if (!$this->Groups->save($group)) {
                return $this->Flash->error('Something went wrong');
            }

            // User
            $user->group_id = $group->id;
            if ($this->Users->save($user)) {
                $this->Flash->success('Welkom ' . $user->name . '!');
                // return $this->redirect(['action' => 'register']);
            } else {
                return $this->Flash->error('something went wrong2');
            }
        }
    }
}

Auth component in AppController:

        $this->loadComponent('Auth', [
        'userModel' => 'Users',
        'loginAction' => [
            'controller' => 'Users',
            'action' => 'login'
        ],
        'authenticate' => [
            'Form' => [
                'fields' => [
                    'username' => 'email',
                    'password' => 'password'
                ]
            ]
        ],
        //'authError' => false,
        'storage' => 'Session'
    ]);

Login form:

    <?= $this->Form->create('User'); ?>
    <?= $this->Form->email('email', ['placeholder' => 'E-mail', 'maxlength' => '42', 'label' => false]) ?>
    <?= $this->Form->password('password', ['type' => 'password', 'placeholder' => 'Wachtwoord', 'maxlength' => '32', 'label' => false]) ?>
    <?= $this->Form->submit('Login', ['class' => 'button']) ?>
<?= $this->Form->end(); ?>

User entity:

class User extends Entity {

protected $_accessible = [
    'group_id' => true,
    'name' => true,
    'email' => true,
    'password' => true,
    'profile_img_url' => true,
    'pass_reset_time' => true,
    'creation_date' => true,
    'modified_date' => true
];

protected function _setPassword($password) {
    return (new DefaultPasswordHasher)->hash($password);
}

protected $_hidden = [
    'password'
];

}

The user gets saved correctly in the database with a hashed password.

When I try to login $this->Auth->identify(); always returns false.

I've tried to / Things to know:

  • I'm trying to login with email and password.
  • Table name in db is users
  • Renew salt (And create a new account and login with that account)
  • Password column length is 255.
  • Checked Auth docs
  • Checked Blog tutorial
  • Checked a lot of questions related to this on Stack and other websites but nothing has fixed my problem yet.
  • Users get stored correctly. But as soon as I try to login, it won't let me.
  • I tried to login without the password hasher function and with an unhashed password, Also didn't work.
  • Checked in different browsers & deleted cache.

Thanks!

2
phpauthenticationcakephpcakephp-3.x

2 Answers

2
votes

There doesn't seem to be any obvious errors, except for a missing emptiness check in the _setPassword() method that would prevent an empty $password from being hashed. You should do something similar to what is shown in the docs:

if (strlen($password) > 0) {
    return (new DefaultPasswordHasher)->hash($password);
}

See Cookbook > Controllers > Components > Authentication > Hashing Passwords

Also the FormHelper::create() method also doesn't take a string, it only doesn't error out there for backwards compatibility reasons IIRC. If you don't have a valid context to pass, then don't pass any value at all.

That being said, you'll have to do more debugging on your own. Start with manually validating the hashed password stored in the database using the DefaultPasswordHasher::validate() method to ensure that the correct value has been hashed.

Then go set some breakpoints in the authentication code flow to figure where things may go wrong, check:

  • FormAuthenticate::authenticate()
  • FormAuthenticate::_checkFields()
  • BaseAuthenticate::_findUser()
  • BaseAuthenticate::_query()

whether the correct request data is being read, whether the query conditions are built as expected, whether and what value is being returned for password verification, etc...

0
votes

Alright, I wasted my whole morning and afternoon.

I thought my password column length was 255 but it was actually 32. I checked the length of the wrong column like 4 times apparently.

Thanks for the help @ndm.