1

I'm doing a page trying to set the unauthorizedRedirect for the auth component in the AppController and is not working, it does nothing.

i have tried putting it on false and nothing works

This is the app controller 

public function initialize()
{
    parent::initialize();

    $this->loadComponent('RequestHandler');
    $this->loadComponent('Flash');
    $this->loadComponent('Auth', [
        'loginRedirect' => [
            'controller' => 'Pages',
            'action' => 'display'
        ],
        'authError' => 'Seems like you have to use some kind of magic word.',
        'logoutRedirect' => [
            'controller' => 'Pages',
            'action' => 'display',
            'home'
        ],
        'unauthorizedRedirect' => [
            'controller' => 'Users',
            'action' => 'unauthorized'
        ],
    ]);

    //use model companies in all controllers
    $tableCategories = $this->loadModel('Categories');

    $categories = $tableCategories->find()
        ->contain([]);

    $this->set(compact('categories'));
}

public function beforeFilter(Event $event)
{
    $this->set('current_user', $this->Auth->user());
}

}

this is UsersController

class UsersController extends AppController

{ var $breadcrump = 'Usuarios';

public function beforeFilter(Event $event)
{
    parent::beforeFilter($event);
    $this->Auth->allow(['login', 'unauthorized']);
}

public function login()
{
    $this->viewBuilder()->layout('login');
    if ($this->request->is('post')) {
        $user = $this->Auth->identify();
        if ($user) {
            $this->Auth->setUser($user);
            return $this->redirect(['controller' => 'pages', 'action' => 'display']);
        }
        $this->Flash->error(__('Invalid username or password, try again'));
    }
}

public function logout()
{
    return $this->redirect($this->Auth->logout());
}

public function unauthorized()
{
    var_dump();
    $this->autoRender = false;

    $message = false;

    echo json_encode($message);exit;
}

it only redirects to the login page

Enrique Oquendo
  • 13
  • 2

1 Answers1

1

From the Docs

unauthorizedRedirect Controls handling of unauthorized access. By default unauthorized user is redirected to the referrer URL or loginAction or ‘/’. If set to false, a ForbiddenException exception is thrown instead of redirecting.

The unauthorizedRedirect option only applies to authenticated users. If an authenticated user tries to go to a URL they are not authorized to access, they will be redirected back to the referrer. By specifying unauthorizedRedirect, you are now redirecting the User to the URL specified rather than to referrer.

If you want to redirect user on a wrong login attempt, you will have to do that manually in the login method.

Hope that clears any doubts.

ascsoftw
  • 3,466
  • 2
  • 15
  • 23
  • i'm trying to make a redirect when the not registered users try to access to some page that are restricted to see if you're not registered, the wrong login attempt is working fine – Enrique Oquendo Sep 11 '19 at 13:18
  • @EnriqueOquendo As stated in answer, unautorizedRedirect only handles Logged In Users. If a non Logged In User tries to access a Restricted Page, he will always be redirected to Login Page (loginAction) . This can not be customized. – ascsoftw Sep 12 '19 at 04:52