Log message #4198358

# At Username Text
# Aug 15th 2019, 14:43 martin @ndm ok, will try that
# Aug 15th 2019, 14:42 ndm @neon1024 You're probably not sending the `X-CSRF-Token` header... and the security token is invalid because a) `fields` is supposed to be a hash (see `\Cake\Utility\Security\SecureFieldTokenTrait::_buildFieldToken()`, and `debug` should be an array where the first element is the current URL, the second element an array of fields, and the third element an array of unlocked fields.
# Aug 15th 2019, 14:39 neon1024 If it takes more than 30 minutes to setup, then it’s not worth using
# Aug 15th 2019, 14:39 neon1024 Although, I’ll be honest, I am close to removing both of them to solve the problem.
# Aug 15th 2019, 14:38 neon1024 I added the CsrfProtectionMiddleware and now I can’t login to my application due to `CSRF token mismatch. Cake\Http\Exception\InvalidCsrfTokenException` so I’m just working to try and find out why that is. Then I can go back to figuring out why my `_Token` used by SecurityComponent is causing a 400 Bad Request on my Ajax :slightly_smiling_face:
# Aug 15th 2019, 14:36 neon1024 I’ve worked myself into a circle here, and totally lost the plot. Sorry @ndm
# Aug 15th 2019, 14:35 ndm @neon1024 The debug token contains for example the fields in plain text, it's used by the security component to figure the cause for a token mismatch, so that it can tell you what exactly the problem is.
# Aug 15th 2019, 14:33 neon1024 This is a nightmare!
# Aug 15th 2019, 14:33 neon1024 Turning on the Csrf Middlware means I can’t even login!
# Aug 15th 2019, 14:25 neon1024 I wish the SecurityComponent was easy to use ,:(
# Aug 15th 2019, 14:25 ndm @martin Timezone conversion on read is coming in 4.x, you can backport the code to a custom type if you need it. Personally I'd go full UTC as mentioned by @ricksaccous, that makes avoiding pitfalls a lot easier.
# Aug 15th 2019, 14:17 neon1024 Well at least now I’m getting a 400 Bad Request
# Aug 15th 2019, 14:08 slackebot <neon1024>
# Aug 15th 2019, 14:07 neon1024 Anyone know what the `_Token[debug]` is supposed to be?
# Aug 15th 2019, 14:06 ricksaccous but i know that's the general idea
# Aug 15th 2019, 14:05 ricksaccous I'm actually not sure of the "right" way to do it, heh
# Aug 15th 2019, 14:05 ricksaccous and when you want to display the time to users you do a bit of handling however you see fit to display it in their timezone
# Aug 15th 2019, 14:04 ricksaccous @martin generally you set your default timezone to UTC so it will be set to UTC in db
# Aug 15th 2019, 14:02 neon1024 What a pain in the ass :(
# Aug 15th 2019, 13:57 martin I see in the “toDatabase” function in type something happens with the timezone. But with in the toPhp noting happens?
# Aug 15th 2019, 13:55 martin I’ve my default timezone to Europe/Amsterdam, I’ve added ‘timezone’ => ‘UTC’ to my database config, But when I read am item from database the timezone is of the time is Europe/Amsterdam. so it will not be converted to the Amsterdam time. Do I something wrong?
# Aug 15th 2019, 13:53 neon1024 Perhaps I’ll add it once I learn how to do that
# Aug 15th 2019, 13:53 neon1024 All it needs is a link with ‘Find out how to generate a token to send as a header’
# Aug 15th 2019, 13:52 slackebot <neothermic>
# Aug 15th 2019, 13:51 slackebot <neon1024>
# Aug 15th 2019, 13:51 neothermic (very dry sarcasm)
# Aug 15th 2019, 13:51 neothermic @neon1024 https://github.com/cakephp/docs/blob/3.0/en/controllers/components/csrf.rst ;)
# Aug 15th 2019, 13:44 neon1024 No code examples, links or forward user journey ,:(
# Aug 15th 2019, 13:44 neon1024 Top docs here! https://book.cakephp.org/3.0/en/controllers/components/csrf.html#csrf-protection-and-ajax-requests
# Aug 15th 2019, 13:38 maymeow in pm because its long :)
# Aug 15th 2019, 13:34 ricksaccous can you show me the dump of post before it's saved?
# Aug 15th 2019, 13:34 slackebot $this->Flash->error(__('The user could not be saved. Please, try again.')); } $roles = $this->Users->Roles->find('list', ['limit' => 200]); $this->set(compact('user', 'roles')); } ``` this function is saving model with association. In request data are field for user and address information for it... :slightly_smiling_face: So its standard and there is no problem but for update?....
# Aug 15th 2019, 13:34 maymeow ``` public function add() { $user = $this->Users->newEntity(); if ($this->request->is('post')) { $user = $this->Users->patchEntity($user, $this->request->getData()); if ($this->Users->save($user)) { $this->Flash->success(__('The user has been saved.')); return $this->redirect(['controller' => 'addresses', 'action' => 'index']); }
# Aug 15th 2019, 13:29 ricksaccous interesting
# Aug 15th 2019, 13:26 maymeow @ricksaccous i tried in dd() and field in_folder is dirty
# Aug 15th 2019, 13:21 ricksaccous you should prob make sure that post_metadata is marked as dirty @maymeow
# Aug 15th 2019, 13:20 greenmanspirit Hello, I am trying to find a way to use the table policy in the Authorization plugin to limit all finds, not just a scope on a particular action, is that possible?
# Aug 15th 2019, 13:20 ricksaccous also
# Aug 15th 2019, 13:19 ricksaccous also make sure you are setting the appropriate property values corresponding to the other models in the entity
# Aug 15th 2019, 13:19 ricksaccous save($post, ['associated' => 'PostMetaDatas.InFolders']}) or whatever your models are called
# Aug 15th 2019, 13:18 ricksaccous actually that's prob what you need to do