Log message #4204485

# At Username Text
# Sep 19th 2019, 20:23 daniel.upshaw There's a dump of ``` protected function _validToken(Controller $controller) { $check = $controller->getRequest()->getData(); dd($check);```
# Sep 19th 2019, 20:23 slackebot "%5B%22%5C%2Flogin%3Fredirect%3Dhttp%253A%252F%252Flocalhost%253A8765%252F%22%2C%5B%22username%22%2C%22password%22%5D%2C%5B%5D%5D" ] ]```
# Sep 19th 2019, 20:23 daniel.upshaw ```array:4 [▼ "_csrfToken" => "7ab19826360385ee559f3b65c6386499fa547e5bea2cdadbb0c88c332afc638f692c36f2326a91c39edda711a37207dea41eeec29a7c83781ef69b5fb73d0b39" "username" => "testing" "password" => "testing" "_Token" => array:3 [▼ "fields" => "1c5dedeb5f156fc4cc4ea1ec764018a91f12f4af%3A" "unlocked" => "" "debug" =>
# Sep 19th 2019, 20:23 challgren Wonder if the template is getting the security hash in it
# Sep 19th 2019, 20:21 daniel.upshaw Lol
# Sep 19th 2019, 20:21 daniel.upshaw Frustrating
# Sep 19th 2019, 20:21 challgren Ahh yeah that will do it 99% of the time
# Sep 19th 2019, 20:21 daniel.upshaw `hash_equals` is supposed to return `true`, but never does
# Sep 19th 2019, 20:20 slackebot = $this->_debugPostTokenNotMatching($controller, $hashParts); } throw new AuthSecurityException($msg); }```
# Sep 19th 2019, 20:20 daniel.upshaw ``` protected function _validatePost(Controller $controller) { $token = $this->_validToken($controller); $hashParts = $this->_hashParts($controller); $check = hash_hmac('sha1', implode('', $hashParts), Security::getSalt()); if (hash_equals($check, $token)) { return true; } $msg = self::DEFAULT_EXCEPTION_MESSAGE; if (Configure::read('debug')) { $msg
# Sep 19th 2019, 20:20 daniel.upshaw It happens in `SecurityComponent.php`
# Sep 19th 2019, 20:20 daniel.upshaw :,)
# Sep 19th 2019, 20:20 challgren Bah I guess I need to go to the bar already! :P
# Sep 19th 2019, 20:19 challgren Look through the stack on the bar request
# Sep 19th 2019, 20:19 daniel.upshaw Hmmm
# Sep 19th 2019, 20:19 daniel.upshaw It's a fresh install of 3.8
# Sep 19th 2019, 20:19 challgren https://github.com/CakeDC/users/blob/develop/src/Controller/Component/LoginComponent.php#L44
# Sep 19th 2019, 20:18 daniel.upshaw Ah same, I'm still learning it
# Sep 19th 2019, 20:18 challgren Ahh ok, yeah Im not good with the middleware version
# Sep 19th 2019, 20:18 daniel.upshaw https://github.com/CakeDC/users/blob/develop/src/Controller/UsersController.php https://github.com/CakeDC/users/blob/develop/src/Controller/Traits/LoginTrait.php
# Sep 19th 2019, 20:18 daniel.upshaw Trying the new stuff
# Sep 19th 2019, 20:18 daniel.upshaw Yep!
# Sep 19th 2019, 20:17 challgren Ohh you using the middleware version of component version?
# Sep 19th 2019, 20:17 daniel.upshaw Nice bot, it's the CakeDC default UserController, I'll find it
# Sep 19th 2019, 20:17 slackebot !gist
# Sep 19th 2019, 20:17 slackebot Command sent from Slack by challgren:
# Sep 19th 2019, 20:17 challgren Can you gist your controller method?
# Sep 19th 2019, 20:16 daniel.upshaw Ah okay, yes it contains the `username` and `password` fields
# Sep 19th 2019, 20:16 challgren Sorry I cant watch the video right now
# Sep 19th 2019, 20:16 challgren Is your post containing fields?
# Sep 19th 2019, 20:15 daniel.upshaw But every time I post the login, it throws that error
# Sep 19th 2019, 20:15 daniel.upshaw Well it does load on a GET request
# Sep 19th 2019, 20:15 daniel.upshaw Oh, like the login page itself
# Sep 19th 2019, 20:15 challgren Is your login page configured to allow all users?
# Sep 19th 2019, 20:13 slackebot <daniel.upshaw>
# Sep 19th 2019, 20:13 daniel.upshaw Looks like it's doubling it somewhere, that's odd
# Sep 19th 2019, 20:12 felipe.marinho I have an application that suddenly started to give me errors in the login, this message: ```URL mismatch in POST data (expected '/users/login?url=users/login' but found '/users/login?url=users/loginandurl=users/login')``` This is strange, because I don't change anything on this application...
# Sep 19th 2019, 20:10 daniel.upshaw Probably set it in there instead, actually
# Sep 19th 2019, 20:10 daniel.upshaw `'defaultLocale'`
# Sep 19th 2019, 20:10 slackebot 'fullBaseUrl' => false, 'imageBaseUrl' => 'img/', 'cssBaseUrl' => 'css/', 'jsBaseUrl' => 'js/', 'paths' => [ 'plugins' => [ROOT . DS . 'plugins' . DS], 'templates' => [APP . 'Template' . DS], 'locales' => [APP . 'Locale' . DS], ], ],```
# Sep 19th 2019, 20:10 daniel.upshaw See this section of your `app.php` config:``` 'App' => [ 'namespace' => 'App', 'encoding' => env('APP_ENCODING', 'UTF-8'), 'defaultLocale' => env('APP_DEFAULT_LOCALE', 'en_US'), 'defaultTimezone' => env('APP_DEFAULT_TIMEZONE', 'UTC'), 'base' => false, 'dir' => 'src', 'webroot' => 'webroot', 'wwwRoot' => WWW_ROOT, //'baseUrl' => env('SCRIPT_NAME'),