Bugs & enhancements for Auth component in CakePHP v1.2 – Part 1

The auth component is supposed to handle the user login in your app but I was just not able to get that done and there have been similar complaints in the CakePHP mailing list.

Since I wanted it *NOW* I had no option but to once again dig into the source - but - hey it is not so bad, they give you the code so that you can change it! right?

As I started looking into the code several other things stuck me as being wrong. This is a brief account of what I found.....

Ticket #2993 - 1. The automatic user validation and automatic redirection after successful login not working
or rather the login not working.

The AuthComponent::startup() method contains code to check if current action is in the allowed actions list or not. If this check, i.e., the if condition is true then control is returned from that point and further code below that not executed. This is works fine for all actions other than login action. By reason it follows that login action should be an allowed action however the code which is used for automatic user validation and automatic redirection after successful login is below the said if condition and never gets executed after login form submission!!

To make it work - the if condition should be changed from

PLAIN TEXT
PHP:
  1. if ($this->allowedActions == array('*') || in_array($controller->action, $this->allowedActions)) {
  2.    return false;
  3. }
  4.  
  5. if (!isset($controller->params['url']['url'])) {
  6.    $url = '';
  7. } else {
  8.    $url = $controller->params['url']['url'];
  9. }

to

PLAIN TEXT
PHP:
  1. if (!isset($controller->params['url']['url'])) {
  2.    $url = '';
  3. } else {
  4.    $url = $controller->params['url']['url'];
  5. }
  6.  
  7. if ($this->allowedActions == array('*') || (in_array($controller->action, $this->allowedActions) && $this->_normalizeURL($this->loginAction) != $this->_normalizeURL($url))) {
  8.    return false;
  9. }

After above change, one more change is needed.

PLAIN TEXT
PHP:
  1. if($this->authorize) {

to

PLAIN TEXT
PHP:
  1. if ($this->authorize && $this->_normalizeURL($this->loginAction) != $this->_normalizeURL($url)) {

Once these changes are done your auth component will handle the login for you!

We have been promised that the auth component will soon be worked upon and hopefully this will be resolved... I also found a few more things in the auth component but this post is already too long - more soon...

Update: The CakePHP devs feel that the above patch is invalid and that the login action should be in the list of denied actions. Explicitly having to put login action as denied is in my opinion a needless effort, either the above patch should applied or the auth component startup should put the login action in the list of denied actions on its own

About this entry

You’re currently reading “ Bugs & enhancements for Auth component in CakePHP v1.2 – Part 1 ,” an entry on SANIsoft – PHP for E Biz

Published:
8.3.07 / 12:26pm
Category:
CakePHP, PHP
Author:
Amit Badkas
RSS for this Author