Remove htpasswd protection for a specific action

Question

I have a website in cakephp 3 with htpasswd protection. I want to access specific action without password for e.g /apis/models

I can remove password protection from specific file by putting the following code in webroot/.htaccess file but how can I achieve this for a specific action in cakephp 3.

<Files "test.php">
    Satisfy Any
</Files>

score 0 · Answer 1 · answered Feb 17 '18 at 14:20

I think if I had to do it, I'd do it in controller. In cakephp we can easily choose authenticate options including basic auth.

class AppController extends Controller
{

    public function initialize() {

        parent::initialize();

        $this->loadComponent('Auth', [
            'authenticate' => [
                'Basic' => [
                    'fields' => [
                        //  username and password from database
                        'username' => 'email', 
                        'password' => 'password'
                    ],
                ],
            ],
            'storage' => 'Memory',
            'unauthorizedRedirect' => false
        ]);     

        /**
         *  Allowed actions
         *  ['Controller' => ['method' => 1, 'method' => 1]]
         */
        $excluded_actions = [
            'Users' => [
                'index' => 1, 
                'edit' => 1
            ]
        ];

        $controller = $this->request->getParam('controller');
        $method = $this->request->getParam('action');

        if(isset($excluded_actions[$controller]) && isset($excluded_actions[$controller][$method])) {

            $this->Auth->allow();
        }

    }
}

Remove htpasswd protection for a specific action

1 Answers1