3

I am trying to create a digest authentication using the Authentification component under Cakephp 3.1 and I have encountered a problem. I am using the code below and I have the HTTP-Authentication popup that pops up right after entering the correct username and password on the previous popup. Then if I press cancel I have this : Cake\Auth\BasicAuthenticate->unauthenticated.

Can someone please tell me what I am doing wrong ?

AppController.php

$this->loadComponent('Auth', [
        'authorize' => 'Controller',
        'loginRedirect' => [
            'controller' => 'Users',
            'action' => 'index'
        ],
        'authenticate' => [
            'Digest' => [
                'fields' => ['username' => 'username', 'password' => 'digest_hash'],
                'userModel' => 'Users',
            ],
        ],
        'loginAction' => [
            'controller' => 'Users',
            'action' => 'login',
        ],
        'storage' => 'Memory',
        'unauthorizedRedirect' => false
    ]);

UserTable.php

public function beforeSave(Event $event)
{
    $entity = $event->data['entity'];

    // Make a password for digest auth.
    $entity->digest_hash = DigestAuthenticate::password(
        $entity->username,
        $entity->plain_password,
        env('SCRIPT_NAME')
    );
    return true;
}

In the client part 

    public function digest(){
    $http = new Client();
    $response = $http->get('http://localhost/project/api/v1/users/view/22', [], [
        'auth' => [
            'type' => 'digest',
            'username' => 'Digest',
            'password' => 'my_password',
        ]
    ]);

When I check in the Debug-kit Environment, I have this : 

PHP_AUTH_DIGEST     username="Digest", realm="localhost", nonce="57ac3609a5b79", uri="/project/api/v1/users/view/22", response="af0e1fe455aa7f1475df715ef5231b56", opaque="421aa90e079fa326b6494f812ad13e79", qop=auth, nc=00000001, cnonce="0bb461453700ebc1"
Mickaël Pastor
  • 33
  • 2

1 Answers1

1

This might be too late but would be still helpful to someone!

Well using $this->Auth->unauthorizedRedirect = false,. causes AuthComponent to throw a ForbiddenException exception instead of redirecting to another page unless you submit valid username and password.

Get Registration Correctly:

Obviously it is important to register/add user's digest password correctly to make digest authentication possible.

As mentioned in documentation we can add digest hashed password by adding following code generally in UsersTable.php:

  public function beforeSave(Event $event)
  {
    $entity = $event->data['entity'];

    // Make a password for digest auth.
    $entity->digest_hash = DigestAuthenticate::password(
        $entity->username,
        $entity->plain_password,
        env('SERVER_NAME')
    );
    return true;
  }

But we should be careful about the above mentioned variable/term:

1. $entity->digest_hash (this should be equivalent to the field you have made to
   save password, eg. password_hash)

2. $entity->username (this should be equivalent to the field you have made to
   save username, eg. email)

3. $entity->plain_password (again this should be equivalent to the field you have made to
   save password, eg. password_hash)

4. env('SERVER_NAME') (this is third parameter for making digest password,
   "SERVER_NAME" is default value and we can left it this way.)

As a conclusion,if we have a email (for username) and password_hash (for password) then above function would be:

 public function beforeSave(Event $event)
 {
  $entity = $event->data['entity'];

  // Make a password for digest auth.
  $entity->password_hash= DigestAuthenticate::password(
    $entity->email,
    $entity->password_hash,
    env('SERVER_NAME')
  );
  return true;
 }

The reason why I am focusing on above things is that their is possibility of making mistakes.

Manohar Khadka
  • 2,186
  • 2
  • 18
  • 30