Friday, January 14, 2022

[FIXED] Cakephp 3 unauthorizedRedirect not working

      , ,      No comments   

Issue

I'm doing a page trying to set the unauthorizedRedirect for the auth component in the AppController and is not working, it does nothing.

i have tried putting it on false and nothing works

This is the app controller 

public function initialize()
{
    parent::initialize();

    $this->loadComponent('RequestHandler');
    $this->loadComponent('Flash');
    $this->loadComponent('Auth', [
        'loginRedirect' => [
            'controller' => 'Pages',
            'action' => 'display'
        ],
        'authError' => 'Seems like you have to use some kind of magic word.',
        'logoutRedirect' => [
            'controller' => 'Pages',
            'action' => 'display',
            'home'
        ],
        'unauthorizedRedirect' => [
            'controller' => 'Users',
            'action' => 'unauthorized'
        ],
    ]);

    //use model companies in all controllers
    $tableCategories = $this->loadModel('Categories');

    $categories = $tableCategories->find()
        ->contain([]);

    $this->set(compact('categories'));
}

public function beforeFilter(Event $event)
{
    $this->set('current_user', $this->Auth->user());
}

}

this is UsersController

class UsersController extends AppController

{ var $breadcrump = 'Usuarios';

public function beforeFilter(Event $event)
{
    parent::beforeFilter($event);
    $this->Auth->allow(['login', 'unauthorized']);
}

public function login()
{
    $this->viewBuilder()->layout('login');
    if ($this->request->is('post')) {
        $user = $this->Auth->identify();
        if ($user) {
            $this->Auth->setUser($user);
            return $this->redirect(['controller' => 'pages', 'action' => 'display']);
        }
        $this->Flash->error(__('Invalid username or password, try again'));
    }
}

public function logout()
{
    return $this->redirect($this->Auth->logout());
}

public function unauthorized()
{
    var_dump();
    $this->autoRender = false;

    $message = false;

    echo json_encode($message);exit;
}

it only redirects to the login page


Solution

From the Docs

unauthorizedRedirect Controls handling of unauthorized access. By default unauthorized user is redirected to the referrer URL or loginAction or ‘/’. If set to false, a ForbiddenException exception is thrown instead of redirecting.

The unauthorizedRedirect option only applies to authenticated users. If an authenticated user tries to go to a URL they are not authorized to access, they will be redirected back to the referrer. By specifying unauthorizedRedirect, you are now redirecting the User to the URL specified rather than to referrer.

If you want to redirect user on a wrong login attempt, you will have to do that manually in the login method.

Hope that clears any doubts.



Answered By - ascsoftw

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...