| # |
Mar 16th 2018, 15:24 |
 bez |
i just did, and it works |
| # |
Mar 16th 2018, 15:24 |
bez |
if I manually do the hashing with the password and salt (using the php function DefaultPasswordHasher uses) and save it on the database, I alway get the same hash and then I can login |
| # |
Mar 16th 2018, 15:23 |
dereuromark |
you need to look into their code |
| # |
Mar 16th 2018, 15:23 |
dereuromark |
the internal for default seems to be the password hasher of PHP, so yeah, some internal salt probably |
| # |
Mar 16th 2018, 15:23 |
dereuromark |
especially when form validation is relevant |
| # |
Mar 16th 2018, 15:23 |
dereuromark |
but the default usually is the same action for obvious usability reasons |
| # |
Mar 16th 2018, 15:22 |
dereuromark |
you can always post date from any action to any action |
| # |
Mar 16th 2018, 15:22 |
bez |
yah, i don't think cake is using the salt, as the password hash generated each time is very different from each other |
| # |
Mar 16th 2018, 15:21 |
patsuckow |
dereuromark, thanks again for the help, what I needed. But all the same, but tell me, in principle, is there a way to send data in one controller from one action to the action of the same POST controller? |
| # |
Mar 16th 2018, 15:11 |
generitter |
Good to know. |
| # |
Mar 16th 2018, 15:09 |
bez |
in the entity, this is what i did: ``` protected function _setPassword($password) { Security::setSalt('MYSALT'); return (new DefaultPasswordHasher)->hash($password); } ``` but still failing to sign in |
| # |
Mar 16th 2018, 15:08 |
bez |
oh, right, it did now |
| # |
Mar 16th 2018, 15:08 |
dereuromark |
there is no such thing as perfect here |
| # |
Mar 16th 2018, 15:08 |
dereuromark |
In general there is never a moratorium on docs :slightly_smiling_face: by its very definition this always has to be improved and completed etc |
| # |
Mar 16th 2018, 15:06 |
dereuromark |
So getSalt() will show it |
| # |
Mar 16th 2018, 15:06 |
dereuromark |
https://github.com/cakephp/app/blob/master/config/bootstrap.php#L149 |
| # |
Mar 16th 2018, 15:06 |
bez |
ah ok! was afraid that for some reason it was just being ignored |
| # |
Mar 16th 2018, 15:06 |
dereuromark |
it is probably consumed somewhere and then stored internally |
| # |
Mar 16th 2018, 15:05 |
bez |
in the entity, when trying to read the configuration for Security.salt it gives me an empty array, as if the salt is not defined, but it is =s ``` [Security] => Array ( ) ``` i was able to set a value there, are reading it again showed the correct salt, but it still does not login |
| # |
Mar 16th 2018, 15:04 |
generitter |
Thank you. |
| # |
Mar 16th 2018, 15:04 |
generitter |
Kk. |
| # |
Mar 16th 2018, 15:04 |
dereuromark |
people will then give you feedback on it |
| # |
Mar 16th 2018, 15:04 |
dereuromark |
give it a shot |
| # |
Mar 16th 2018, 15:00 |
generitter |
Anyone know if there is a moratorium on type hints in the database documentation? If I make an edit and add them would it be accepted? This would especially be helpful in the anonymous functions. |
| # |
Mar 16th 2018, 14:58 |
generitter |
@dereuromark Afternoon. |
| # |
Mar 16th 2018, 14:55 |
patsuckow |
dareuromark, Thank you!!! |
| # |
Mar 16th 2018, 14:54 |
dereuromark |
patsuckow: then read about prg, https://github.com/FriendsOfCake/search is what you want and need. |
| # |
Mar 16th 2018, 14:54 |
patsuckow |
dereumark, I need to do a search through the post. I can not describe it in more detail here. |
| # |
Mar 16th 2018, 14:54 |
dereuromark |
fallbackpasswordhashers |
| # |
Mar 16th 2018, 14:53 |
bez |
well the two applications were made with different salt codes (with cake 2), not sure how I could do that migration without disrupting the service |
| # |
Mar 16th 2018, 14:53 |
dereuromark |
or provide a way to cross-login etc |
| # |
Mar 16th 2018, 14:53 |
dereuromark |
but in that case wouldnt it be better to share the same? |
| # |
Mar 16th 2018, 14:52 |
dereuromark |
that should work |
| # |
Mar 16th 2018, 14:51 |
bez |
also could I from the model temporarily change the salt with configure::write, so that when saving this password it uses the salt of the other application? |
| # |
Mar 16th 2018, 14:50 |
bez |
i looked into to it and could not be sure, i also found some posts online on people discussing and none were sure. apparently most of them seem to believe it does not use the salt (but I agree with you that it does not make sense) |
| # |
Mar 16th 2018, 14:49 |
dereuromark |
but it seems likely, for obvious security reasons |
| # |
Mar 16th 2018, 14:49 |
dereuromark |
look into the code, if it uses the salt |
| # |
Mar 16th 2018, 14:49 |
bez |
even when using the DefaultPasswordHasher? because I tried to temporarily change the salt and yet it does not sign in.. |
| # |
Mar 16th 2018, 14:48 |
dereuromark |
yes, if they dont share the same salt. |
| # |
Mar 16th 2018, 14:48 |
bez |
i am creating an account in one cakephp application for 'managers', so that they could login in another cakephp app made just from them, however it appears that after saving the (hashed) password, they are not able to login due to incorrect password (and i am sure the password is correctly inputed). any clues? does this have do to with Security.salt? |
| # |
Mar 16th 2018, 14:46 |
dereuromark |
unless it is a real post with payload. you need to be a bit more verbose here |