CakePHP 3 Auth on model other than User

Question

I'm working on a project rebuild using CakePHP, and following the new Authentication documentation here: http://book.cakephp.org/3.0/en/controllers/components/authentication.html

From what I'm reading, Cake3 uses the userModel='User' by default, but it has the option to set it to whatever you want. In my case, I have all the auth data in the 'Account' model (i.e. userModel => 'Account').

So, in my Account Entity, I added the following code:

protected function _setPassword($password)
{
    return (new DefaultPasswordHasher)->hash($password);
}

Additionally, in my accounts table, my 'passwd' field is set to varchar(255) [I've read that's required for some reason].

When I use my default baked 'add' and 'edit' methods, the password is stored in plain text, and not hashed. The ONLY way I've found to get around this is to create a custom method in the AccountsTable class then call it using this kludge:

$this->request->data['passwd'] = $this->Accounts->hashPassword($this->request->data['passwd']);

My Auth component looks like this...

$this->loadComponent('Auth', [
        'loginAction' => [
            'controller' => 'Accounts',
            'action' => 'login'
        ],
        'authError' => 'Unauthorized Access',
        'authenticate' => [
            'Form' => [
                'fields' => [
                    'username' => 'username',
                    'password' => 'passwd'
                ],
                'userModel'=>'Accounts'
            ]
        ]
    ]);

Is there a way to do this without dinking around with the raw request data?

Answer 1

Your mutator is named wrongly, the convention for mutators is _set followed by the camel cased field/property name. So since your field name is passwd, not password, it has to be named _setPasswd instead.

protected function _setPasswd($password)
{
    return (new DefaultPasswordHasher)->hash($password);
}

See also Cookbook > Entities > Accessors & Mutators