CODEWITHSUNDEEP
http-redirectcomponentscakephp-1.3authentication
mentes
mentes

Reputation: 118

cakephp auth component allow redirect issue

I am having problem with Auth component when I use $this->Auth->allow('index','view'); I am getting /users/login has resulted in too many redirects when I use $this->Auth->allow('*') it works fine. I am using cakephp 1.3.12 here is app_controller.php

class AppController extends Controller {
    var $components = array('Auth','Session');
    function beforeFilter(){    
         $this->Auth->allow('index','view');
    } 
}

I changed the app_controller.php

class AppController extends Controller {
    var $components = array('Auth','Session');
    function beforeFilter(){    
        $this->Auth->allow(array('index','view','display'));
    }
}

users_controller.php

class UsersController extends AppController {

var $name = 'Users';

function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow(array('login','logout'));
}

function login() {
    if ($this->Session->read('Auth.User')) {
        $this->redirect('/', null, false);
    }
}

routes.php

Router::connect('/', array('controller' => 'pages', 'action' => 'display', 'home'));
Router::connect('/pages/*', array('controller' => 'pages', 'action' => 'display'));

any suggestions? Thanks

Upvotes: 1

Views: 4535

Answers (3)

jack
jack

Reputation: 473

you are doing it wrong.How can app can get to know that which of your controller action you are trying to controller.Do it from your controller.

remove this from app

$this->Auth->allow(array('index','view','display'));

try this in your app controller with needed change

        $this->Auth->loginError = "Wrong credentials. Please provide a valid username and password.";

        $this->Auth->authError = "You don't have sufficient privilege to access this resource.";

        $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');

        $this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login');

        $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'dashboard');

do this from your user controller

$this->Auth->userModel = 'User';
$this->Auth->allow('*');

And in your login dont do anything all of your redirect and all will be doing by app controller.

If you have any doubt regarding this mail me

[email protected]

Upvotes: 0

Alex Luecke
Alex Luecke

Reputation: 197

Don't know but you might want to check if you have any request actions.

"If you are using requestAction in your layout or elements you should allow those actions in order to be able to open login page properly."
http://book.cakephp.org/1.3/en/view/1257/allow

This had me stumped for the longest time.

Let's say you render an element somewhere in your template:

echo $this->element('comments');

And in views/elements/comments.ctp you have something that requests an action like

$comments = $this->requestAction('comments/index');
foreach($comments as $comment) {
 // print stuff
}

In your CommentsController your have to:

function beforeFilter() {
    $this->Auth->allow('index');
}

Notice you are requesting an index action from your comments controller in your element. That's why you have to allow 'index' for that specific controller.

I haven't seen this problem properly addressed anywhere. Hope that's what is causing your error.

Upvotes: 2

pleasedontbelong
pleasedontbelong

Reputation: 20102

its an array =)

$this->Auth->allow(array('index','view'));

your getting the too many redirects message becasuse the /user/login action is not accessible. So the server tries to display the login page, but it can't, because regular non-connected users dont have acces to /user/login. And when a user doesn't have access to a page, the server will redirect him to the login page... so you see, its an infinite loop.

The /user/login action should be authorized to everyone. Your Users controller should look like this:

class UsersController extends AppController {

var $name = 'Users';
function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow(array('login','logout'));
}

function login(){
    if ($this->Session->read('Auth.User')) {
        $this->redirect('/', null, false);
    }
}

    //if you're using prefix routes. 
function admin_login(){
    $this->redirect('/users/login');
}

if this doesn't the problem, maybe you're redirecting the page in the routes.php

Hope this helps

Upvotes: 1

Related Questions