# |
May 11th 2021, 14:57 |
paolo.bragagni |
then I can register (and it gets data from provider and write in local user table) in perfect way |
# |
May 11th 2021, 14:56 |
paolo.bragagni |
:) |
# |
May 11th 2021, 14:56 |
paolo.bragagni |
my app try to autenticate and redirect to login / register view in beautiful way |
# |
May 11th 2021, 14:55 |
paolo.bragagni |
we have our identity provider and I'll get a clientid and clientsecret for each app that we'll create |
# |
May 11th 2021, 14:54 |
paolo.bragagni |
is application specific |
# |
May 11th 2021, 14:48 |
slackebot |
your app shouldn't automatically try to authenticate in the first place? |
# |
May 11th 2021, 14:48 |
ndm |
@paolo.bragagni I mean, I'm not sure, in case the identity provider keeps state, then maybe, possibly, not sure... be careful I guess, most people misunderstand how OAuth is not ment for authentication, luckily I was mostly able to avoid touching SSOs so far. I guess if it all, you'd only do that if the provider is application specific, certainly you wouldn't want to log people out of all of their apps. That being said, maybe |
# |
May 11th 2021, 14:43 |
paolo.bragagni |
(and it reauthenticates) |
# |
May 11th 2021, 14:41 |
paolo.bragagni |
it fires my authenticate method |
# |
May 11th 2021, 14:41 |
paolo.bragagni |
when I call $this->Authentication->logout(); |
# |
May 11th 2021, 14:33 |
paolo.bragagni |
thanks. probably oauth2 provider need to logout? |
# |
May 11th 2021, 14:28 |
ndm |
So you are probably best off allowing access to the logout. Why your authenticator is re-authenticating on logout (automatically I suppose?), that's not something anyone could really answer, you'd have to show the involved code. |
# |
May 11th 2021, 14:26 |
paolo.bragagni |
so... (??) |
# |
May 11th 2021, 14:26 |
ndm |
Yeah, the consistent response is a good argument, there's not really a need to fail hard on logout. The cleanup thing, I'm not too convinced, as the app's authentication should be able to handle "dirty" data when authenticating, as it cannot expect users do always gracefully logout. |
# |
May 11th 2021, 14:19 |
ndm |
@dereuromark I mean... yeah, maybe. I can't think of how such a partial logout could look like right now, but I'm it's possible :upside_down_face: |
# |
May 11th 2021, 14:15 |
ndm |
@etibor You might be lacking a dedicated `else` branch, hard to say without seeing your complete code. |
# |
May 11th 2021, 14:14 |
paolo.bragagni |
but when I logout in some way it reauthenticate |
# |
May 11th 2021, 14:13 |
paolo.bragagni |
my authenticate function is for oauth2 |
# |
May 11th 2021, 14:12 |
paolo.bragagni |
but I cant get logout work |
# |
May 11th 2021, 14:12 |
paolo.bragagni |
I've build a (probably tremendous) Authenticator and it seems that work |
# |
May 11th 2021, 14:12 |
etibor |
@ndm thank you, its almost good, actually i have two: $this->set('thesises', $this->paginate($documents)) one is inside a post in case of form submit the other is outside of the post, in case of just arrive to the index.ctp now probybly its not properly placed, becuse after the submit, outside of the post $this->set('thesises', $this->paginate($documents)) will be showed |
# |
May 11th 2021, 14:11 |
paolo.bragagni |
hihi you are right |
# |
May 11th 2021, 14:10 |
ndm |
Why would you allow non-authenticated users to log out? |
# |
May 11th 2021, 14:10 |
kevin.pfeifer |
in your controller |
# |
May 11th 2021, 14:09 |
kevin.pfeifer |
``` public function beforeFilter( \Cake\Event\EventInterface $event ) { parent::beforeFilter( $event ); // Configure the login action to not require authentication, preventing // the infinite redirect loop issue $this->Authentication->addUnauthenticatedActions( [ 'login', 'logout' ] ); }``` |
# |
May 11th 2021, 14:08 |
paolo.bragagni |
how can I bypass authenticator (for my logout?) |
# |
May 11th 2021, 14:06 |
ndm |
@etibor You catch that exception, and do whatever you want then, for example redirect to the first page like `return $this->redirect(['?' => ['page' => 1]]);`, see https://book.cakephp.org/4/en/controllers/components/pagination.html#out-of-range-page-requests |
# |
May 11th 2021, 14:00 |
etibor |
i created a form filter in an index.ctp page the issue is that i could not configure to jump to the first page after the submit now if i am at the 20th page(url show ?page=20), and the actual query does not have such as elements its arrive to an error page how can i define here: $this->set('thesises', $this->paginate($documents)) or some other places ? |
# |
May 11th 2021, 13:57 |
etibor |
hello evryone |
# |
May 11th 2021, 12:53 |
etibor |
how did you tried? |
# |
May 11th 2021, 12:07 |
paolo.bragagni |
Cant remove session in logout |
# |
May 11th 2021, 11:42 |
etibor |
from day-to-day there is less activity in the channel |
# |
May 11th 2021, 08:04 |
etibor |
this does not works : $this->request->getQuery('page',NULL); |
# |
May 11th 2021, 07:37 |
etibor |
okey maybe it is: ```$this->request->getQuery('does_not_exist', 'default val');``` |
# |
May 11th 2021, 07:34 |
etibor |
is there a way to set the request param when submit? i have a special case when the id in the url must not be used even it is in i tried somethin similar: $this->request->setParam('id',NULL); |
# |
May 11th 2021, 07:32 |
etibor |
hello evryone |
# |
May 11th 2021, 07:30 |
paolo.bragagni |
If the user is not in my user table, how can I take the uusername that I got in my Oauth2Authenticator and pass it to the register view? |
# |
May 11th 2021, 07:29 |
paolo.bragagni |
I've build my Oauth2Authenticator and it works. I mean if the username is registered in my user table ie authenticate ecc ecc.. |
# |
May 11th 2021, 06:06 |
kevin.pfeifer |
thanks, that was the solution :bow: |
# |
May 11th 2021, 04:08 |
admad |
@tyler.adam.lazenby I hope this is not a public app as you have provided a way to DDOS it by using for e.g. `?limit=99999999` |
# |
May 10th 2021, 23:04 |
tyler.adam.lazenby |
yeeeyahhh |