I've been working on a project and the first thing I did was adding the Authentication and Authorization plugins. I did not used AuthComponent at all since its deprecated.
Now I want to add extra logic on the database and installed the ACL Plugin. I haven't managed to find documentation and all the examples on the internet implement the plugin using the old AuthComponent.
What I need is find a way to make for the ACL to use the new Authentication plugin
This is my AppController.php:
public function initialize(): void
{
parent::initialize();
$this->loadComponent('RequestHandler');
$this->loadComponent('Flash');
// Add this line to check authentication result and lock your site
$this->loadComponent('Authentication.Authentication');
$this->loadComponent('Authorization.Authorization');
$this->loadComponent('Acl', [
'className' => 'Acl.Acl'
]);
$this->loadComponent('Auth', [
'authorize' => [
'Acl.Actions' => [
'actionPath' => 'controllers/',
'userModel' => 'Users'
]
],
'authenticate' => [
'Form' => [
'fields' => ['username' => 'email'],
'userModel' => 'Users'
],
],
'loginAction' => [
'plugin' => false,
'controller' => 'Users',
'action' => 'login'
],
'loginRedirect' => [
'plugin' => null,
'controller' => 'Users',
'action' => 'index'
],
'logoutRedirect' => [
'plugin' => null,
'controller' => 'Users',
'action' => 'login'
],
'unauthorizedRedirect' => [
'controller' => null,
'action' => 'login',
'prefix' => false
],
'authError' => 'You are not authorized to access that location.',
'flash' => [
'element' => 'error'
]
]);
/*
Found on stackoverflow that "These two plugins are not ment to work together, cakephp/acl is strictly ment for use with the deprecated auth component. If you want ACLs for cakephp/authorization, then you need to implement that yourself".
I have no idea how to do that, so Im still listening if anyone has any idea on how to do that or what could be another solution.
Related
jwt token are not generate
Example how to use please inform me
config/auth.php
'guards' => [
'api' => [
'driver' => 'jwt',
'provider' => 'admin_users',
],
'api' => [
'driver' => 'jwt',
'provider' => 'users',
],
],
I use the AuthComponent and I want when the session expires and the user press a link or refreshes, to redirect him on the login page.
However for some actions I don't want above redirect, even if user is logged out, as they are used as an API by another application also.
For example, I want to allow the 'view' action for logged-out users, but redirect the 'index' action.
My AppController.php is:
$this->loadComponent('Auth', [
'authorize' => [
'Acl.Actions' => ['actionPath' => 'controllers/']
],
'authenticate' => [
'Form' => [
'fields' => [
'username' => 'username',
'password' => 'password'
]
]
],
'loginAction' => [
'plugin' => false,
'controller' => 'Users',
'action' => 'login'
],
'loginRedirect' => [
'controller' => 'Pages',
'action' => 'index',
'plugin' => 'Pages'
],
'logoutRedirect' => [
'plugin' => false,
'controller' => 'Users',
'action' => 'login'
],
]);
If I add below, 'index' is also working if user is logged-out, even though it should be in deny state.
MyController.php
public function beforeFilter(\Cake\Event\Event $event)
{
$this->Auth->allow('view');
The only way I managed to do what I want is to add it in the controller action as:
MyController.php
public function index()
{
if (empty($this->auth_user['username'])) {
return $this->redirect($this->Auth->logout());
}
Is there a better way to do this?
i want to specify that i have almost no experience with php and yii framework
I am trying to setup a classified ads website with yii ,but after i did some seo audit i realised that almost all of my category pages have duplicates like this :
example.com/category?slug=cars -this url is a duplicate that i don't want
example.com/category/cars -this is the url that i want to have
This is my urlManager code :
'urlManager' => [
'enablePrettyUrl' => true,
'showScriptName' => false,
'enableStrictParsing' => false,
'rules' => [
'search' => 'site/search',
'contact' => 'site/contact',
'<controller:conversation>/<action:delete>' => '<controller>/<action>',
'<controller:conversation>/<action:reply>/<conversation_uid:[a-z0-9_\-]+>' => '<controller>/<action>',
'<controller:account>/<action:invoices>/<page:\d+>' => '<controller>/<action>',
'<controller:account>/<action:conversations>/<page:\d+>' => '<controller>/<action>',
'<controller:listing>/<action:index|update|package|preview>/<slug:[a-z0-9_\-]+>' => '<controller>/<action>',
'page/<slug:[a-z0-9_\-]+>' => 'pages/index',
'<controller:category>/<action:location|map-view|get-map-location>' => '<controller>/<action>',
[
'pattern' => 'category/<slug:[a-z0-9_\-]+>/<page:\d+>',
'route' => 'category/index',
],
[
'pattern' => 'category/<slug:[a-z0-9_\-]+>',
'route' => 'category/index',
],
[
'pattern' => 'category/map-view/<slug:[a-z0-9_\-]+>/<page:\d+>',
'route' => 'category/map-view',
],
[
'pattern' => 'category/map-view/<slug:[a-z0-9_\-]+>',
'route' => 'category/map-view',
],
[
'pattern' => 'store/<slug:[a-z0-9_\-]+>/<page:\d+>',
'route' => 'store/index',
],
[
'pattern' => 'store/<slug:[a-z0-9_\-]+>',
'route' => 'store/index',
],
'<url:.+/>' => 'site/redirect'
],
],
If you need any further detailes or specific code ask me and i will try to provide !
Thanks
Even when user is not logged in and tries to open homepage, after being redirected to login page, authError is displayed.Is there an elegant way to prevent this, without modifying Auth component? This is how I load Auth component(I am using TinyAuth as authorization adapter):
$this->loadComponent('Auth', [
'loginAction' => [
'controller' => 'Users',
'action' => 'login'
],
'loginRedirect' => [
'controller' => 'Home',
'action' => 'index'
],
'authError' => 'You dont have permissions for that action',
'authenticate' => [
'Form' => [
'fields' => [
'username' => 'email',
'password' => 'password'
],
'scope' => ['Users.active' => true],
'contain' => ['Roles']
]
],
'authorize' => [
'TinyAuth.Tiny' => [
'roleColumn' => 'role_id',
'rolesTable' => 'Roles',
'multiRole' => true,
'pivotTable' => 'roles_users',
'superAdminRole' => null,
'authorizeByPrefix' => false,
'prefixes' => [],
'allowUser' => false,
'adminPrefix' => null,
'autoClearCache' => true
]
]
]
);
According to CakePHP's documentation you can prevent the error message from being shown by setting authError to false.
Sometimes, you want to display the authorization error only after the
user has already logged-in. You can suppress this message by setting
its value to boolean false.
This should disable the error message:
if (!$this->Auth->user()) {
$this->Auth->config('authError', false);
}
HI I just discovered Yii framework and I need some guidelines to implement this...
Yii2 RBAC - Official Guide
...in my RESTful app. I know I have to override the method [checkAccess][3]() in my controllers but I can't found any example. My API has token based Beare autentication and sessions are disabled (stateless).
In your controller:
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => CompositeAuth::className(),
'authMethods' => [
HttpBearerAuth::className(),
],
];
// add CORS filter
$behaviors['corsFilter'] = [
'class' => Cors::className(),
'cors' => [
'Origin' => ['*'],
'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
'Access-Control-Request-Headers' => ['*'],
],
];
// avoid authentication on CORS-pre-flight requests (HTTP OPTIONS method)
$behaviors['authenticator']['except'] = ['options', 'login', 'signup'];
$behaviors['access'] = [
'class' => AccessControl::className(),
'only' => [
'update',
'delete',
'view',
'index',
],
'rules' => [
[
'actions' => [
'update',
'delete',
'view',
'index',
],
'allow' => true,
'roles' => ['#'],
],
],
];
$behaviors['verbFilter'] = [
'class' => VerbFilter::className(),
'actions' => [
'signup' => ['POST'],
'login' => ['POST'],
'update' => ['PUT'],
'delete' => ['DELETE'],
'view' => ['GET'],
'index' => ['GET'],
],
];
return $behaviors;
}