0

I have an application made in CakePHP 2 that has a HTTP protection through .htaccess file. Already have an exception in a certain directory in webroot and works well.

AuthType Basic
AuthName "My Application"
AuthUserFile /my/application/path/.htpasswd
Require valid-user

SetEnvIf Request_URI "files/photos/" allow

Order allow,deny
Allow from env=allow
Satisfy any

But now also need an exception for a specific URL, which is a View of a certain Controller. I tried to simply add this line but it did not work, still requesting username and password.

SetEnvIf Request_URI "users/confirmation/" allow

I have UsersController and confirmation() method. The point is that one is a physical path and the other is "virtual".

Any idea for resolve this issue?

Paulo Rodrigues
  • 5,273
  • 7
  • 35
  • 58

2 Answers2

0

If you are using cakephp Auth then you can exclude some actions of controller from authentication. So write the line below in particular controller e.g. UsersController.

public function beforeFilter()
 {
  parent::beforeFilter();
  $this->Auth->allow('register','forgot_password','reset_password','password','login','logout');
 }

Actions written in allow() can be accessed even after there is no authentication. Pass nothing if want to allow whole controller. e.g. $this->Auth->allow();

Fawkes
  • 401
  • 1
  • 8
  • 20
  • Unfortunately this does not answer my question, because I'm using HTTP authentication through `.htaccess` file and not directly on the Auth library. Anyway, thanks for the reply. – Paulo Rodrigues Dec 02 '14 at 16:42
  • Ok. I understood. I'll try for solution. Thank you. – Fawkes Dec 03 '14 at 04:51
0

Solved by changing the lines containing the paths to be ignored by authentication:

SetEnvIf Request_URI "files/photos/" noauth=1
SetEnvIf Request_URI "users/confirmation/*" noauth=1

And then, adding the exception with the REDIRECT_ prefix:

Allow from env=REDIRECT_noauth
Paulo Rodrigues
  • 5,273
  • 7
  • 35
  • 58