CODEWITHSUNDEEP
phpcakephpauthenticationcakephp-3.0
Gui Imamura
Gui Imamura

Reputation: 690

CakePHP 3: users not allowed to logout?

I'm learning cakePHP 3 to apply for an internship, and I'm currently following the tutorial from the Official cookbook from cakePHP.org, but I hate this book. It's very confusing.

Anyway, I did the Bookmarker example's steps and it's kinda working, and I did everything just as the book told me to do until the login&logout section, but when I try to log out from the system, it tells me that "You are not authorized to access that location."

If you need any futher code from my project, please let me know.

To log out, I'm directing the users with the following code, which generates a hyperlink to server/users/logout:

<?= $this->Html->link(__('Log out'), ['controller' => 'Users', 'action' => 'logout']) ?>

/rootOfProject/src/Controller/AppController.php:

namespace App\Controller;
use Cake\Controller\Controller;

class AppController extends Controller {
    public function initialize() {
        $this->loadComponent('Flash');
        $this->loadComponent('Auth', [
            'authenticate' => [
                'Form' => [
                    'fields' => [
                        'username' => 'email',
                        'password' => 'password'
                    ]
                ]
            ],
            'unauthorizedRedirect' => [
                'controller' => 'Users',
                'action' => 'login'
            ],
            'authorize' => 'Controller'
        ]);
        $this->Auth->allow(['display']);
    }
    public function isAuthorized($user) {
        return false;
    }
}

/rootOfProject/src/Controller/UsersController.php:

namespace App\Controller;
use App\Controller\AppController;
class UsersController extends AppController {
    public function index() {
        $this->set('users', $this->paginate($this->Users));
    }
    public function view($id = null) {
        $user = $this->Users->get($id, [
            'contain' => ['Bookmarks']
        ]);
        $this->set('user', $user);
    }
    public function add() {
        $user = $this->Users->newEntity($this->request->data);
        if ($this->request->is('post')) {
            if ($this->Users->save($user)) {
                $this->Flash->success('The user has been saved.');
                return $this->redirect(['action' => 'index']);
            } else {
                $this->Flash->error('The user could not be saved. Please, try again.');
            }
        }
        $this->set(compact('user'));
    }
    public function edit($id = null) {
        $user = $this->Users->get($id, [
            'contain' => []
        ]);
        if ($this->request->is(['patch', 'post', 'put'])) {
            $user = $this->Users->patchEntity($user, $this->request->data);
            if ($this->Users->save($user)) {
                $this->Flash->success('The user has been saved.');
                return $this->redirect(['action' => 'index']);
            } else {
                $this->Flash->error('The user could not be saved. Please, try again.');
            }
        }
        $this->set(compact('user'));
    }
    public function delete($id = null) {
        $user = $this->Users->get($id);
        $this->request->allowMethod(['post', 'delete']);
        if ($this->Users->delete($user)) {
            $this->Flash->success('The user has been deleted.');
        } else {
            $this->Flash->error('The user could not be deleted. Please, try again.');
        }
        return $this->redirect(['action' => 'index']);
    }
    public function login() {
        if ($this->request->is('post')) {
            $user = $this->Auth->identify();
            if ($user) {
                $this->Auth->setUser($user);
                return $this->redirect($this->Auth->redirectUrl());
            }
            $this->Flash->error('Your username or password is incorrect.');
        }
    }
    public function logout() {
        $this->Flash->success('You are now logged out.');
        return $this->redirect($this->Auth->logout());
    }
    public function beforeFilter(\Cake\Event\Event $event) {
        $this->Auth->allow(['add']);
    }
}

Upvotes: 0

Views: 3105

Answers (2)

raffi
raffi

Reputation: 139

In your AppController add the following:

<?php
    public function isAuthorized($user)
    {
        $action = $this->request->params['action'];

        // The add and index actions are always allowed.
        if (in_array($action, ['logout'])) {
            return true;
        }else{
            return false;
        }
}
?>

Upvotes: -1

ndm
ndm

Reputation: 60473

You are denying access for all users with your isAuthorized() callback that just returns false. Consequently only the explicitly allowed actions ($this->Auth->allow()) as well as the implicit allowed login action will be accessible.

In case you don't want to implement any authorization (authentication != authorization) checks, remove the callback from your controller as well as the authorize option from the authentication component configuration.

See http://book.cakephp.org/3.0/en/controllers/components/authentication.html#authorization for more information about authorization.

Upvotes: 2

Related Questions