# |
Feb 11th 2020, 14:21 |
lpj145 |
you have Password identifier ? |
# |
Feb 11th 2020, 14:20 |
lpj145 |
ok |
# |
Feb 11th 2020, 14:20 |
damiano |
but i load the component there because i do not need it for other pagescontroller's actions |
# |
Feb 11th 2020, 14:20 |
damiano |
i load it and check if the user is ok or not...if yes i redirect the logged user to protected area |
# |
Feb 11th 2020, 14:20 |
damiano |
yes look at the login action() |
# |
Feb 11th 2020, 14:19 |
lpj145 |
only Auth plugin can be auth if result is ok, redirect to company route. |
# |
Feb 11th 2020, 14:19 |
damiano |
```because if i load the Authentication components inside the main AppController i need to putt all the other PagesController actions in the $this->Authentication->allowUnauthenticated([here])``` |
# |
Feb 11th 2020, 14:18 |
lpj145 |
understand, but, why block all routes and enable only you need to be public ? |
# |
Feb 11th 2020, 14:18 |
slackebot |
$this->Flash->error('Invalid username or password'); } } |
# |
Feb 11th 2020, 14:18 |
damiano |
public function login() { $this->loadComponent('Authentication.Authentication'); $result = $this->Authentication->getResult(); // If the user is logged in send them away. if ($result->isValid()) { return $this->redirect(['controller' => 'Companies', 'action' => 'dashboard', 'plugin' => 'Companies']; } if ($this->request->is('post') andand !$result->isValid()) { |
# |
Feb 11th 2020, 14:16 |
slackebot |
there...because all the controller/action of the companies plugin must be protected |
# |
Feb 11th 2020, 14:16 |
damiano |
@lpj145 what do you mean? my entire PagesControler should be visible without authentication i only would like to enable the authentication component in /login and /logout because i need to call component's methods so i must enable it in those two actions... then after login when i check ->isValid() i willr edirect the logged user to CompaniesCOntroller inside Companies plugin...and i thought to enable "globally" the authentication components |
# |
Feb 11th 2020, 14:14 |
lpj145 |
@damiano you need to have public paths ? |
# |
Feb 11th 2020, 14:12 |
damiano |
my companiescontroller is inside a plugin i will enable the authentication there) NOT in the main AppController |
# |
Feb 11th 2020, 14:10 |
slackebot |
all the action must be protected |
# |
Feb 11th 2020, 14:10 |
damiano |
guys is it correct to enable $this->loadComponent('Authentication.Authentication'); in the /login action ONLY? because all the other action of that controller (PagesController) should be allowed, i would like to avoid write every action, so i thought to load the component in the login and logout only,,,,and then redirect to CompaniesController the logged user (that obviously will enable the Authentication component in AppController) because |
# |
Feb 11th 2020, 14:10 |
sebastian.krzewinski. |
CMS Tutorial - Tags and Users - after all |
# |
Feb 11th 2020, 14:06 |
spriz |
Awesome @admad - I will add `$this->setupEventListeners();` and add the logic there :shrug: :) |
# |
Feb 11th 2020, 14:05 |
neon1024 |
There is some scope difference, which I can’t remember |
# |
Feb 11th 2020, 14:05 |
spriz |
@neon1024 That's not going to work - it could as well be a command from the CLI :) |
# |
Feb 11th 2020, 14:05 |
challgren |
I just want to be able to bake without errors! |
# |
Feb 11th 2020, 14:05 |
admad |
@challgren so is mine, but i'll figure it out :) |
# |
Feb 11th 2020, 14:05 |
neon1024 |
I used the static EventManager instance in AppController |
# |
Feb 11th 2020, 14:05 |
admad |
@spriz Application::bootstrap() :) |
# |
Feb 11th 2020, 14:05 |
challgren |
Sorry @admad my twig knowledge is very limited |
# |
Feb 11th 2020, 14:04 |
spriz |
I want those events to kick in no matter from where they are fired after all - it being cli workers/http requests - controllers or models |
# |
Feb 11th 2020, 14:03 |
spriz |
Like where would I put those 3 first lines in this example for best practises? https://book.cakephp.org/3/en/core-libraries/events.html#interacting-with-existing-listeners |
# |
Feb 11th 2020, 14:03 |
spriz |
Hey peeps! Where do you generally put all your `$foo->getEventManager->on('Claim.claimActionAdded', new EventListener())` code? In `bootstrap.php` ? |
# |
Feb 11th 2020, 14:00 |
sebastian.krzewinski. |
it should be? |
# |
Feb 11th 2020, 13:59 |
sebastian.krzewinski. |
but view/ edit from related articles (in tags) dont work |
# |
Feb 11th 2020, 13:58 |
sebastian.krzewinski. |
i do everything in tut |
# |
Feb 11th 2020, 13:58 |
sebastian.krzewinski. |
can someone help me with (CMS Tutorial - Tags and Users)? |
# |
Feb 11th 2020, 13:52 |
challgren |
Ok, I’ll have to hack it together. Coming from 8.5 I was expecting it to be less painful |
# |
Feb 11th 2020, 13:52 |
rochasmarcelo |
@challgren does it make sense? |
# |
Feb 11th 2020, 13:52 |
rochasmarcelo |
So a new handler to behave like this could also help |
# |
Feb 11th 2020, 13:51 |
rochasmarcelo |
in Authorization plugin the user does not goes back to the page they came from as it happen in AuthComponent |
# |
Feb 11th 2020, 13:50 |
rochasmarcelo |
I found this on AuthComponent doc page ``` If all checks fail, the user will be redirected to the page they came from. Additionally, you can halt all authorization by throwing an exception. You will need to catch any thrown exceptions and handle them.``` |
# |
Feb 11th 2020, 13:49 |
rochasmarcelo |
Extending https://github.com/cakephp/authorization/blob/master/src/Middleware/UnauthorizedHandler/CakeRedirectHandler.php |
# |
Feb 11th 2020, 13:49 |
rochasmarcelo |
I see two options here, first always redirects to one public action like '/' and second create a new unauthorized handler to redirect non logged user to /login and logged user to '/my-protected-action' |
# |
Feb 11th 2020, 13:34 |
challgren |
Is this valid twig? `{% for alias, details in associations.BelongsTo if field == details.foreignKey %}` |
# |
Feb 11th 2020, 13:20 |
challgren |
Ok so with 8.5 if I wasnt allowed to access that location, it would flash `You are not authorized to access that location.` But my loginRedirect is the same URL as AuthorizationMiddleware.unauthorizedRedirect URL |