php - Checking logged-in user info on CakePHP when using a custom auth adapter -


i'm using this jwtauth adapter use jwt authentication instead of cookie-based auth in cakephp 2.8 app. works great, except 1 hitch:

normally 1 of rest endpoints, can use $this->auth->user("id") logged-in users' id.

when try make controller action accessible non-members using $this->auth->allow(), problem occurs. if this, using $this->auth->loggedin() in controller returns false, meaning can not add additional logic logged-in users.

when using standard cookie auth:

  • $this->auth->user('id') available in controller::beforefilter().
  • $this->auth->loggedin() true in controller::beforefilter().
  • $this->auth->user('id') available in controller actions, public , members-only.
  • $this->auth->loggedin() true in controller actions, public , members-only.

when using jwt auth:

  • $this->auth->user('id') null in controller::beforefilter().
  • $this->auth->loggedin() false in controller::beforefilter().
  • $this->auth->user('id') available in members-only controller actions, , null in public controller actions.
  • $this->auth->loggedin() true in members-only controller actions, , false in public controller actions.

is there way can auth include information returned jwtauth component on actions have been made public $this->auth->allow()?

example controller here:

public function visible(){     // false, if valid jwt token sent     $this->set("loggedin", $this->auth->loggedin()); }  public function members_only(){     // unavailable if not logged in, , true if logged in     $this->set("loggedin", $this->auth->loggedin()); }  public function beforefilter($options = array()){     parent::beforefilter();      $this->auth->allow("visible"); }

and reference, appcontroller::components array;

public $components = array(     'debugkit.toolbar',     'auth' => array(         'authorize' => array(             'actions' => array(                 'actionpath' => 'controllers'             ),         ),         'authenticate' => array(             'form' => array(                 'fields' => array('username' => 'email'),                 'contain' => array(                     'userprofile',                 )             ),             'jwtauth.jwttoken' => array(                 'fields' => array(                     'username' => 'email',                     'token' => 'password',                 ),                 'header' => 'authtoken',                 'usermodel' => 'user',             ),         ),         'unauthorizedredirect' => false     ),     "acl",     "requesthandler",     "session" );

for stateless adapters authentication process triggerd in authcomponent::startup(). component's startup() methods run after controller::beforefilter(), why authcomponent::user() doesn't return info.

for other adapters when user authenticated identity info stored in session. getting info doesn't require authentication process why authcomponent::user() give user info in case of standard cookie based auth.


Comments

Post a Comment

Popular posts from this blog

aws api gateway - SerializationException in posting new Records via Dynamodb Proxy Service in API -

i getting "__type": "com.amazon.coral.service#serializationexception" as reply in postman & in test console in api gateway trying post record directly dynamodb using api proxy services.. referring aws article - https://aws.amazon.com/blogs/compute/using-amazon-api-gateway-as-a-proxy-for-dynamodb/ here's mapping { "tablename": "tablenamegoeshere", "item": { "id" : "$context.requestid" "eventname" : "$input.path('$.eventname')", "timestamp" : $input.path('$.timestamp'), "answers": "$util.parsejson($input.path('$.answers'))" } } update: did asked ... , worked if try add array of json objects gives me above same error - here's trying now. please - couldnt find on google well #set($inputroot = $input.path('$')) { "tablename": "answer", "item": {
Read more

asp.net - Problems sending emails from forum -

i have been redesigning site has message board, has been written guy looked after site. it has few problems , written in .asp , uses .mdb files database. you can see whole thing here . feel free post if helps, test thing have set using original files , new database. the basic problem when posts message, supposed email sent them, have posted it. when replies, originator supposed message, replier has been posted. i’d have thought @ point in process there should script/file in postmessage.asp? the postmessage.asp page below. <% option explicit %> <!-- #include virtual="common/adovbs.inc" --> <html> <head> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <meta name="generator" content="microsoft frontpage 4.0"> <meta name="progid" content="frontpage.editor.document"> <title>new page 2</title> <base target="_self"
Read more