Reputation: 337
CakePHP auth: logout redirect wrong and with double url base
I know that there are plenty of questions about this topic, but as I anderstand there should have been a bugfix. So I figure my problem must be a different one since I am using CakePHP 2.5.6 which should have the bugfix already, correct?
Well, I am trying to adapt the "Simple Authentication and Authorization Application" to my project. As long as I don't add the line 'authorize' => array('Controller') I can add users, login, logout and the login and logout-redirects work fine.
As soon as I add that line the app behaves weird: 1. Login and login redirect work 2. users/logout leads too a Missing-Controller-Error, because it calls an url with double base. Also it calls the redirect url of the login redirect and not of the logout-redirect. When I call the /users/logout the app tries to acces localhost/project_xyz/project_xyz/tests
AppController:
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array(
'controller' => 'tests',
'action' => 'index'
),
'logoutRedirect' => array(
'controller' => 'pages',
'action' => 'display','home'
),
'authenticate' => array(
'Form' => array(
'passwordHasher' => 'Blowfish'
)
),
'authorize' => array('Controller'),
)
);
public function isAuthorized($user) {
// Admin can access every action
if (isset($user['role']) && $user['role'] === 'admin') {
return true;
}
// Default deny
return false;
}
public function beforeFilter() {
$this->Auth->allow('display');
}
}
Can somebody help?
[EDIT:]
I added this to the components-array:
'unauthorizedRedirect' => [
'controller' => 'users',
'action' => 'login',
'prefix' => false ]
The effect is, that when I call users/logout now, instead of the previous missing-controller-error, I will be redirected to users/login. Unfortunately the user has not been logged out. I can still access everything as if the user is still logged in.
[EDIT #2:]
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirectUrl());
}
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
public function logout() {
return $this->redirect($this->Auth->logout());
}
Upvotes: 0
Views: 1467
Answers (1)
Reputation: 337
What seemed to be the problem is that 'logout' has to be in the beforeFilter, which I missed:
public function beforeFilter() {
$this->Auth->allow('login','logout');
}
Still, this only works for me in combination with this in the components-array of the AppController:
'unauthorizedRedirect' => [
'controller' => 'users',
'action' => 'login',
'prefix' => false ]
If I leave this out and add some model-spedific isAuthorized-functions, I will still get the missing-controller-error with the double-base-url. There seems to be something wrong with the unauthorizedRedirect. This workaround will work for me though...
Upvotes: 3
Related Questions
- CakePHP 4 Authentication Redirect after successful login
- cakephp - auth logout redirect
- CakePHP - Auth logoutRedirect not working for Admin users
- Cakephp LogOut Not work
- CakePHP Auth->loginRedirect not working
- Cakephp Auth->loginredirect Problems
- Cakephp auth redirect issue
- CakePHP auth redirection not working
- CakePHP - BaseAuthenticate altering loginRedirect
- cakephp login redirect problem?