0

Sometimes, maybe when I stay long time enough without action, or when I try to access directly to a specific page, an "authentication required" popup is displayed asking for my login and password.

But even if I fill in the required fields, the authentication is not done and the refresh just display "Unauthorized.

It seems this popup doesn't call my login method.

Can you tell me how the credentials are supposed to be transmited to my user login controller?

Regards,

EDIT My login Form

<div class="container-fluid">
    <br/>
    <div class="container-fluid col-md-4 col-md-offset-4">
    <h1>Se connecter</h1>

        <div class="row">
            <div class="col-md-12">
                <?= $this->FormB->create(); ?>
                    <div class="panel panel-default">
                        <div class="panel-heading">
                            <h2><?= __("Saisissez vos identifiants") ?></h2>
                        </div>
                        <div class="panel-body">

                            <?= $this->FormB->input('username', ['label' => __("Nom d'utilisateur :"), 'placeholder' => __("Nom d'utilisateur")]); ?>

                            <?= $this->FormB->input('password', ['label' => __("Mot de passe :"), 'placeholder' => __("Mot de passe")]); ?>

                            <p><em><?= $this->Html->link(__("Mot de passe oublié ?"), ['action' => 'forgotPassword']); ?></em></p>

                            <br/>

                            <?php if ($activeLink == 1): ?>

                            <p><em><?= $this->Html->link(__("Renvoyer l'email d'activation ?"), ['controller' => 'Users', 'action' => 'resend', 'username' => $username]); ?></em></p>

                            <br/>

                            <?php endif ?>              
                        </div>
                    </div>
                    <div>
                        <?= $this->Form->button(isset($btnlabel) ? __("$btnlabel") : __("Enregistrer"), ["class" => "btn btn-primary btn-block"]) ?>
                    </div>
                <?= $this->FormB->end() ?>          
            </div>
        </div>
    </div>
</div>

** EDIT ** When I enter my login/password in the popup opened by the browser, Cake generates the following error

2016-03-24 16:53:11 Error: [Cake\Network\Exception\UnauthorizedException] Unauthorized
Request URL: /pros/Owners/account
Stack Trace:
#0 /home/MyApp/vendor/cakephp/cakephp/src/Controller/Component/AuthComponent.php(359): Cake\Auth\BasicAuthenticate->unauthenticated(Object(Cake\Network\Request), Object(Cake\Network\Response))
#1 /home/MyApp/vendor/cakephp/cakephp/src/Controller/Component/AuthComponent.php(296): Cake\Controller\Component\AuthComponent->_unauthenticated(Object(App\Controller\Pros\OwnersController))
#2 /home/MyApp/vendor/cakephp/cakephp/src/Controller/Component/AuthComponent.php(258): Cake\Controller\Component\AuthComponent->authCheck(Object(Cake\Event\Event))
#3 /home/MyApp/vendor/cakephp/cakephp/src/Event/EventManager.php(385): Cake\Controller\Component\AuthComponent->startup(Object(Cake\Event\Event))
#4 /home/MyApp/vendor/cakephp/cakephp/src/Event/EventManager.php(355): Cake\Event\EventManager->_callListener(Array, Object(Cake\Event\Event))
#5 /home/MyApp/vendor/cakephp/cakephp/src/Event/EventDispatcherTrait.php(78): Cake\Event\EventManager->dispatch(Object(Cake\Event\Event))
#6 /home/MyApp/vendor/cakephp/cakephp/src/Controller/Controller.php(495): Cake\Controller\Controller->dispatchEvent('Controller.star...')
#7 /home/MyApp/vendor/cakephp/cakephp/src/Routing/Dispatcher.php(109): Cake\Controller\Controller->startupProcess()
#8 /home/MyApp/vendor/cakephp/cakephp/src/Routing/Dispatcher.php(87): Cake\Routing\Dispatcher->_invoke(Object(App\Controller\Pros\OwnersController))
#9 /home/MyApp/webroot/index.php(37): Cake\Routing\Dispatcher->dispatch(Object(Cake\Network\Request), Object(Cake\Network\Response))
#10 {main}

So how am I supposed to intercept this authentication attempt?

fralbo
  • 2,534
  • 4
  • 41
  • 73
  • could you please post the login form – dav Mar 23 '16 at 11:16
  • @dav Hi Dav, it's done. – fralbo Mar 23 '16 at 17:58
  • if your guess is right and it is not going to right action you can try putting this `$this->FormB->create('Users', array( 'url' => '/users/your_login_action'))` - hence giving the exact url to submit the form – dav Mar 23 '16 at 19:23
  • @dav, I'm afraid to not understand you. My login perfectly works from my login page. My problem occurs when I try to access to a specific url and Firefox/Chrome opens a popup to ask for my login. In that specific case, I don't know how this popup is supposed to be processed. – fralbo Mar 24 '16 at 16:43
  • `Firefox/Chrome opens a popup` if that popup is usual html, means there is some element/view that has its code, that is where you should try to update the above code. If that popup is "browser's" popup - that requires login/password - most probably its digest authentication or smth like that (and is not a cake thing) http://php.net/manual/en/features.http-auth.php if you can make a screenshot I guess I might be able to say which one is that – dav Mar 24 '16 at 20:03
  • @dav, here is the screenshot of the Firefox authentication popup http://imgur.com/XlzIcx2 – fralbo Mar 25 '16 at 08:38
  • it is the php http authentication that I mentioned in the previous comment. It means you have that authentication code somewhere in ur code, most probably in some controller or config file. try to search your `src` directory's files by content for words `PHP_AUTH_USER` or `PHP_AUTH_PW`, also read the link above and you should be able figure it out ;) – dav Mar 25 '16 at 13:22
  • please do read the link above, this might help as well http://book.cakephp.org/3.0/en/controllers/components/authentication.html#using-digest-authentication – dav Mar 25 '16 at 13:42
  • 1
    @dav, ok, thanks So I see now what's my problem – fralbo Mar 25 '16 at 14:09
  • Hi 2ndGAB, I have the completely same issues like yours. please update how did you solve that problem. Thanks – TommyDo Aug 22 '16 at 09:33
  • @TommyDo, I explained it in an answer. – fralbo Aug 29 '16 at 16:23

2 Answers2

1

The problem was caused by a modification I made in AppController to authenticate from API request:
Normally, you should load Auth component like that:

    $this->loadComponent('Auth', [
        'authorize' => ['Controller'],
        'authenticate' => [
           'Form' => [
                'scope' => ['Users.active' => 1]
            ],
        ],
        'loginRedirect' => [
           'controller' => 'Users',
           'action' => 'account'
        ],
        'logoutRedirect' => [
            'controller' => 'Index',
            'action' => 'index'
        ]
    ]);

That way, you authenticate filling your credential in a Form.

Another way is to use Basic authentication. it's less used but it can be implemented like that.

    $this->loadComponent('Auth', [
        'authorize' => ['Controller'],
        'authenticate' => [
            'Basic' => [
                'fields' => ['username' => 'username', 'password' => 'password'],
                'userModel' => 'Users'
            ],
        ],
        'storage' => 'Memory',
        'unauthorizedRedirect' => false
    ]);

Doing like that, causes the login popup to be displayed if you try to access a web page.

I don't know if loading both Form and Basic authentication really makes sense, but it's what I did first and it's because I sometimes saw the popup displayed, notably when the session authenticated by Form expired.

If you need a normal authentication mechanism for your website, load Auth component with Form in your AppController.php. If you need a basic authentication mechanism for API access, I advise to create an ApiController.php where you will load Auth component with Basic as given above. Then, you API controller will extend ApiController instead of AppController.

It's what I can say from my knowledge. CakePHP guru could add more infos or correct me if necessary.

fralbo
  • 2,534
  • 4
  • 41
  • 73
0

I have completely same issue as post. I was considered helping by someone and I fixed that problem.

My config auth component before:

$this->loadComponent('Auth', [
            'authenticate' => array(
                'Form' => array(
                    // 'fields' => array('username' => 'email'),
                    'scope' => array('is_delete' => '0')
                )
            ),

and after I edited it, it was run perfectly.

$this->loadComponent('Auth', [
            'authenticate' => array(
                'Form' => array(
                'userModel' => 'MUsers', //Add this line
                'fields' => array('username' => 'username',
                                   'password' => 'password'), //Edited this line
                    'scope' => array('is_delete' => '0')
                )
            ),

If someone want to know to to fix please review my post at:

Cakephp 3 - Auth session cannot destroy

Community
  • 1
  • 1
TommyDo
  • 663
  • 8
  • 23