CODEWITHSUNDEEP
cakephpcakephp-3.xcakephp-3.4
Enrique Oquendo
Enrique Oquendo

Reputation: 13

Cakephp 3 unauthorizedRedirect not working

I'm doing a page trying to set the unauthorizedRedirect for the auth component in the AppController and is not working, it does nothing.

i have tried putting it on false and nothing works

This is the app controller 

public function initialize()
{
    parent::initialize();

    $this->loadComponent('RequestHandler');
    $this->loadComponent('Flash');
    $this->loadComponent('Auth', [
        'loginRedirect' => [
            'controller' => 'Pages',
            'action' => 'display'
        ],
        'authError' => 'Seems like you have to use some kind of magic word.',
        'logoutRedirect' => [
            'controller' => 'Pages',
            'action' => 'display',
            'home'
        ],
        'unauthorizedRedirect' => [
            'controller' => 'Users',
            'action' => 'unauthorized'
        ],
    ]);

    //use model companies in all controllers
    $tableCategories = $this->loadModel('Categories');

    $categories = $tableCategories->find()
        ->contain([]);

    $this->set(compact('categories'));
}

public function beforeFilter(Event $event)
{
    $this->set('current_user', $this->Auth->user());
}

}

this is UsersController

class UsersController extends AppController

{ var $breadcrump = 'Usuarios';

public function beforeFilter(Event $event)
{
    parent::beforeFilter($event);
    $this->Auth->allow(['login', 'unauthorized']);
}

public function login()
{
    $this->viewBuilder()->layout('login');
    if ($this->request->is('post')) {
        $user = $this->Auth->identify();
        if ($user) {
            $this->Auth->setUser($user);
            return $this->redirect(['controller' => 'pages', 'action' => 'display']);
        }
        $this->Flash->error(__('Invalid username or password, try again'));
    }
}

public function logout()
{
    return $this->redirect($this->Auth->logout());
}

public function unauthorized()
{
    var_dump();
    $this->autoRender = false;

    $message = false;

    echo json_encode($message);exit;
}

it only redirects to the login page

Upvotes: 1

Views: 516

Answers (1)

ascsoftw
ascsoftw

Reputation: 3476

From the Docs

unauthorizedRedirect Controls handling of unauthorized access. By default unauthorized user is redirected to the referrer URL or loginAction or ‘/’. If set to false, a ForbiddenException exception is thrown instead of redirecting.

The unauthorizedRedirect option only applies to authenticated users. If an authenticated user tries to go to a URL they are not authorized to access, they will be redirected back to the referrer. By specifying unauthorizedRedirect, you are now redirecting the User to the URL specified rather than to referrer.

If you want to redirect user on a wrong login attempt, you will have to do that manually in the login method.

Hope that clears any doubts.

Upvotes: 1

Related Questions