Wednesday, March 16, 2022

[FIXED] CakePHP Authentication Middleware not called

      , ,      No comments   

Issue

I used AuthComponent a lot but am new to AuthenticationMiddleware. I follow almost exactly https://book.cakephp.org/authentication/2/en/index.html except the username field is username instead of email. But when I try to get a page requiring authentication, Cake throws UnauthenticatedException in AuthenticationComponent::doIdentityCheck(). This can be understood because Cake should have redirected me to /users/login, which it did not. I tried

$service->loadAuthenticator('Authentication.Form', [
   'loginUrl' => '/users/login' // case 1
   // or case 2 'loginUrl' => \Cake\Routing\Router::url('/users/login'),
   // or case 3 omit this to use the default

In all the above cases Cakes throws UnauthenticatedException with the message:

No identity found. You can skip this check by configuring requireIdentity to be false.

Also http://localhost:8765/users/login leads me to the correct page, also I can see the list of users by http://localhost:8765/users/ if I allow unauthenticated as this: 

// UsersController.php
public function initialize() : void {
    parent::initialize();
    $this->Authentication->allowUnauthenticated(['index', 'login']);
}

My environment: CakePHP 4.0, authentication plugin 2.0. Is there a way to verify that AuthenticationMiddleware has indeed been set up and added to the middleware queue?


Solution

You'd get a different error if the middleware didn't ran, one that would complain about the authentication attribute missing on the request object.

You need to configure the unauthenticatedRedirect option on the service object in order for redirects being issued for unauthenticated requests, without that option being configured you'll receive exceptions instead. Additionally you may need to set the queryParam option (that's the query string parameter that will hold the initially accessed URL) if you want to be able to redirect users after successfully logging in.

$service->setConfig([
    'unauthenticatedRedirect' => '/users/login',
    'queryParam' => 'redirect',
]);

That seems to be missing from the docs, it's only mentioned in the migration notes. You may want to open an issue for that over at GitHub. The quickstart guide example has been updated to include the redirect configuration.



Answered By - ndm

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...