1. 首頁
  2. 問答
  3. 摘要鑑別下CakePHP 3

摘要鑑別下CakePHP 3

2016-08-11 55 views
3

我想創建一個摘要身份驗證使用CakePHP 3.1下的身份驗證組件,我遇到了問題。我使用下面的代碼,並且在上一個彈出窗口輸入正確的用戶名和密碼後,彈出了HTTP-Authentication彈出窗口。然後,如果我按取消我有這個:Cake \ Auth \ BasicAuthenticate->未認證。摘要鑑別下CakePHP 3

有人能告訴我我做錯了什麼嗎?

AppController.php

$this->loadComponent('Auth', [ 
     'authorize' => 'Controller', 
     'loginRedirect' => [ 
      'controller' => 'Users', 
      'action' => 'index' 
     ], 
     'authenticate' => [ 
      'Digest' => [ 
       'fields' => ['username' => 'username', 'password' => 'digest_hash'], 
       'userModel' => 'Users', 
      ], 
     ], 
     'loginAction' => [ 
      'controller' => 'Users', 
      'action' => 'login', 
     ], 
     'storage' => 'Memory', 
     'unauthorizedRedirect' => false 
    ]);

UserTable.php

public function beforeSave(Event $event) 
{ 
    $entity = $event->data['entity']; 

    // Make a password for digest auth. 
    $entity->digest_hash = DigestAuthenticate::password(
     $entity->username, 
     $entity->plain_password, 
     env('SCRIPT_NAME') 
    ); 
    return true; 
}

在客戶端部分

public function digest(){ 
    $http = new Client(); 
    $response = $http->get('http://localhost/project/api/v1/users/view/22', [], [ 
     'auth' => [ 
      'type' => 'digest', 
      'username' => 'Digest', 
      'password' => 'my_password', 
     ] 
    ]);

當我在調試-kit的環境檢查,我有這樣的:

PHP_AUTH_DIGEST  username="Digest", realm="localhost", nonce="57ac3609a5b79", uri="/project/api/v1/users/view/22", response="af0e1fe455aa7f1475df715ef5231b56", opaque="421aa90e079fa326b6494f812ad13e79", qop=auth, nc=00000001, cnonce="0bb461453700ebc1"

來源

2016-08-11 Mickaël Pastor

回答

1

這可能太晚了,但對某人仍然有幫助!

那麼使用$this->Auth->unauthorizedRedirect = false,。會導致AuthComponent拋出ForbiddenException異常,而不是重定向到其他頁面,除非您提交了有效的用戶名和密碼。

獲得註冊信息正確:

顯然,這是註冊的重要/正確添加用戶的摘要密碼,使摘要式身份驗證成爲可能。

正如documentation提到的,我們可以通過在UsersTable.php通常添加以下代碼添加消化哈希密碼:

public function beforeSave(Event $event) 
    { 
    $entity = $event->data['entity']; 

    // Make a password for digest auth. 
    $entity->digest_hash = DigestAuthenticate::password(
     $entity->username, 
     $entity->plain_password, 
     env('SERVER_NAME') 
    ); 
    return true; 
    }

但我們應該小心上述變量/學期:

1. $entity->digest_hash (this should be equivalent to the field you have made to 
    save password, eg. password_hash) 

2. $entity->username (this should be equivalent to the field you have made to 
    save username, eg. email) 

3. $entity->plain_password (again this should be equivalent to the field you have made to 
    save password, eg. password_hash) 

4. env('SERVER_NAME') (this is third parameter for making digest password, 
    "SERVER_NAME" is default value and we can left it this way.)

總之,如果我們有一封電子郵件(用於用戶名)和password_hash(用於密碼),那麼上面的功能將是:

public function beforeSave(Event $event) 
{ 
    $entity = $event->data['entity']; 

    // Make a password for digest auth. 
    $entity->password_hash= DigestAuthenticate::password(
    $entity->email, 
    $entity->password_hash, 
    env('SERVER_NAME') 
); 
    return true; 
}

我之所以關注上述事情是因爲他們是犯錯誤的可能性。

來源

2017-02-10 17:34:08

相關問題

 相關問題