I have an issue with admin logout in CakePHP. Logout is not working for admin.
My admin logout function is:
public function logout()
{
return $this->redirect($this->Auth->logout());
}
I receive the following error: https://i.stack.imgur.com/pdENK.png
Related
I am creating a login server using Identityserver4. I am using ASP.net core 3.1 for functionality, and angular 9 project for serving static files for login/registeration screens. The angular project is being served from within the .netcore project's wwwroot folder.
My flow goes like this
javascript client calls OIDC user manager's signInRedirect() method with following configurations
This sends a call to my Login method to render the angular's login component. Once the user fills in credentials, a second call is sent to my Login method return this.http.post('Account/Login', {UserName, Password, ReturnUrl}, {headers, responseType:'text'});
On successfull login, I do a return Redirect(model.returnUrl);
[HttpGet]
public IActionResult Login(string returnUrl)
{
return Redirect("/login?ReturnUrl=" + WebUtility.UrlEncode(returnUrl));
}
[HttpPost]
public IActionResult Login([FromBody]LoginViewModel model)
{
if (ModelState.IsValid)
{
var user = _userManager.FindByNameAsync(model.UserName).Result;
var result = _signInManager.PasswordSignInAsync(model.UserName, model.Password, false, false).Result;
if(result.Succeeded)
{
return Redirect(model.ReturnUrl);
}
return Ok(new Error { ErrorMessage = "Invalid credentials" });
}
return Ok(new Error { ErrorMessage = "Some error" });
}
In my network tab, I can see that the return Url which is a call to IdentityServer's authorization endpoint /connect/authorize/callbackis successfull.
It has also made a second call to the actual javascript client in point 1 with the authentication successfull.
However, the problem arises here. This request is returning the HTML as string of the JS clients callback.html instead of actually redirecting to that URL(http://localhost:5003/callback.html)
I don't even have any way to access the URL of the returned HTML, otherwise I would have done a window.location.href. How do I capture the URL of the callback page in angular and redirect to it ?
I would need a few more details to remedy this particular situation. However, I did want to offer my expertise in the form of explaining how this is supposed to work. I have an NPM library imng-auth0-oidc that does this very thing, except that it uses NGRX.
Your callback.html should be a static (non-Angular) HTML page. You can find a copy here callback.html. The purpose of this page is to receive the OAUTH2 response and store the token in localStorage, then redirect the response to your Angular application. Once the application is loaded, you'll now have access to your token that is waiting in localStorage.
-Isaac
How can I show for example this route "example.com/parameter" to this "parameter.example.com" for site visitors .
the back-end of site is laravel 5.3 and web server is Apache.
I want to use parameter in laravel controller.
You can set up a subdomain route like this:
Route::group(['domain' => '{parameter}.example.com'], function () {
Route::get('/', 'UserController#showByParameter');
});
then in your controller you can do
public function showByParameter($parameter)
{
$user = \App\User::whereParameter($parameter)->firstOrFail();
return view('users.show', compact('user'));
}
i want to make a yii2 route which can receive POST data from other server (of course i know about all risk).
I tried to just send it like usual but i got this error message.
Error 400
Unable to verify your data submission.
more or less is just like this...
public function actionWriteSession()
{
if (isset($_POST))
{
print_r($_POST);
...
write to session
...
}
...
}
Any Advice?
Thanks..
You should disbale csrf verification E.g:
$this->enableCsrfValidation=false;//In your controller context
// Or if you only use this action for sending post from outer server
// you can disbalecsrf token verification only this action. So, in your controller
public function beforeAction($action)
{
if ($action->id == 'writeSession') {
Yii::$app->controller->enableCsrfValidation = false;
}
return parent::beforeAction($action);
}
Today i wanted to use Cakephp3 auth component.
I have studies cakephp3 blog tutorial and auth documentation.
I have followed Blog tutorial, and for now everything works fine, like login,logout etc...
I wanted to have UsersController to be protected and used only when i will logged in.
And this is ok, but now i saw that i need to login to other controllers actions, for example i have PagesController, which should be public.
I found this in docs:
// Allow only the view and index actions.
$this->Auth->allow(['view', 'index']);
But i have a lot of actions, and listing actions in this function may be problematic.
My question is: How can i globally set all actions of UsersController to be protected, and all the rest of controllers to be public ?
Thank You.
For UsersController
class UsersController extends AppController
{
public function beforeFilter(Event $event)
{
// allow only login, forgotpassword
$this->Auth->allow(['login', 'forgotpassword']);
}
}
For Other controller. (Example: PagesController)
class PagesController extends AppController
{
public function beforeFilter(Event $event)
{
// allow all action
$this->Auth->allow();
}
}
In your appsController, you can add below code. You must add all the view names in $this->Auth->allow('ViewName').
public function beforeFilter(Event $event)
{
parent::beforeFilter($event);
// Allow users to register and logout.
// You should not add the "login" action to allow list. Doing so would
// cause problems with normal functioning of AuthComponent.
$this->Auth->allow(['Index', 'View', 'Edit', 'CustomViewName']); // NOTE: DO NOT ADD VIEWS THAT ARE USED BY YOUR USERSCONTROLLER.
}
And from UsersController, you can remove $this->Auth->allow(['add', 'logout']);. This is how I would do it.
I think you can use ControllerAuthorize.It will allows you to handle authorization checks in a controller callback.Add this setting in your app component.
$this->loadComponent('Auth', [
'authorize' => 'Controller',
]);
Then you can prevent or allow access by isAuthorized()
example :
public function isAuthorized($user) {
if ( isset($user['role']) == 'yourRole' ) {
return TRUE;
}
else {
header("location: Router::url('/', true)");
exit();
}
}
For details
cake doc
Try:
$this->Auth->deny(['controllers name that you want to authorize']);
I have simple cakephp application, I build using this tutorial Simple Authentication and Authorization Application. I have the same exact code block as from the tutorial.
I run this on my computer using Apache/MySQL, it all works fine. When I deploy it to my shared hosting (Bluehost) I start getting login failures.
I checked the MySQL db on my local and the server. Difference is passwords in my local db is hashed but passwords on the hosting dbs are plain. (It is the same exact code running.) (I want to be clear on this point, this is not my intention and obviously a different behavior but I do not know what is the cause of it.)
This is my table:
CREATE TABLE users (
id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50),
password VARCHAR(50),
role VARCHAR(20),
created DATETIME DEFAULT NULL,
modified DATETIME DEFAULT NULL
);
These are the relevant methods from my controller for signup and login respectively:
public function add() {
if ($this->request->is('post')) {
$this->User->create();
if ($this->User->save($this->request->data)) {
$this->Session->setFlash(__('The user has been saved'));
$this->redirect(array('action' => 'index'));
} else {
$this->Session->setFlash(__('The user could not be saved. Please, try again.'));
}
}
}
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
}
and finally this is the beforeSave() method of my model:
public function beforeSave() {
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
}
return true;
}
On my local computer I can first add a user and later login with that user. On the server I can add a user but when I wanted to login I see the error message "Invalid username or password, try again"
Looks like you need to define the beforeSave function to accept a default parameter. This seems to be an issue between cakephp and php 5.4
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);
}
return true;
}
See here for more info:
http://community.webfaction.com/questions/8397/cakephp-2-auth-failing-on-production-only