# |
May 11th 2021, 20:21 |
ndm |
You should generally be careful with association names, as tables are only instantiated once per alias, so you could easily create problems like for example cyclic references. Duplicate aliases can also cause problems with join based associations, as aliases must be unique on SQL level, so the ORM will only join them once IIRC. |
# |
May 11th 2021, 20:08 |
djinn.vsl |
Or maybe there's a proper way to get the details of `Proceedings->complaint->user` since I have the same user inside `Proceedings->users[]` but I prefer to let Cake do the job |
# |
May 11th 2021, 19:56 |
slackebot |
not error thrown by Cake and If I call `Complaints->Users` I can see the `Users` but not if, in the same query, I get `Proceedings->Users` Thank you! |
# |
May 11th 2021, 19:56 |
slackebot |
retrieve the following in the same query : ```Proceedings ->users ->measures ->users``` I reverted my changes and try to retrieve `Proceedings->find()->contain(['Users, 'Measures' => ['Users'], 'Complaints' => ['Users', 'Files']);`, I got no users inside `Complaints`: ``` Proceedings ->users ->measures ->users ->complaints ->files <----- no users inside complaints``` *Any idea why?* There is |
# |
May 11th 2021, 19:56 |
slackebot |
`Complaints`: ```Proceedings ->complaints ->users ->files``` Yesterday I thought It can't be done and renamed one of the associations from `Users` to `Complainants` and it worked: Now I was retrieving `Users` but named as `Complainants` ```Proceedings ->users ->complaints ->complainants ->files``` But, after changing all code in my project, today I found that it should work because I can |
# |
May 11th 2021, 19:56 |
djinn.vsl |
Hello. I'm trying to retrieve the same table in different associations in the same Query The table I'm trying to get is "Users". The problem is that if I do `Proceedings->find()->contain(['Users', 'Complaints' => ['Users', 'Files']);` I only get: ```Proceedings ->users ->complaints ->files <----- no users inside complaints``` If I remove `Proceedings->Users` from the contain, then I got `Users` inside |
# |
May 11th 2021, 15:39 |
paolo.bragagni |
probably you are right! |
# |
May 11th 2021, 15:38 |
ndm |
So, wouldn't it make sense then to only run your ID provider authentication mechanism on `POST` requests (when you have no token that you could refresh)? Assuming that the lack of such a check is responsible for your automatic re-login problem. |
# |
May 11th 2021, 15:38 |
paolo.bragagni |
(it doesnt work...) |
# |
May 11th 2021, 15:35 |
paolo.bragagni |
if I register from 'spid' it get username from idprovider |
# |
May 11th 2021, 15:35 |
paolo.bragagni |
when I go with register if I'm in 'smartcard' it takes username from smartcard |
# |
May 11th 2021, 15:34 |
paolo.bragagni |
I'd like that user can authenticate with User and passw, smartcard or IdProvider |
# |
May 11th 2021, 15:33 |
slackebot |
<paolo.bragagni> |
# |
May 11th 2021, 15:27 |
ndm |
Again, do you provide any login "form" in your users controller's login action, or does visiting that URL automatically send visitors to your ID provider? |
# |
May 11th 2021, 15:26 |
paolo.bragagni |
hum |
# |
May 11th 2021, 15:25 |
ndm |
Boy.. that wording... |
# |
May 11th 2021, 15:24 |
ndm |
All this basically does is invoke `clearIdentity()` being called on all authenticators that do implement `\Authentication\Authenticator\PersistenceInterface`, and dispatch an `Authentication.logout` event (it also returns a redirect URL btw). If your code doesn't use neither to do any authentication, then this shouldn't really be a problem. |
# |
May 11th 2021, 15:21 |
paolo.bragagni |
reauthenticate because my (terrible) autenticate is fired |
# |
May 11th 2021, 15:20 |
paolo.bragagni |
this line $this->Authentication->logout(); |
# |
May 11th 2021, 15:19 |
paolo.bragagni |
public function logout() { $this->Authorization->skipAuthorization(); $this->Authentication->logout(); return $this->redirect(['controller' => 'Users', 'action' => 'login']); } |
# |
May 11th 2021, 15:19 |
ndm |
As we all do, learning never stops :) |
# |
May 11th 2021, 15:19 |
paolo.bragagni |
the problem is that in my Users logout action |
# |
May 11th 2021, 15:17 |
paolo.bragagni |
thanks ndm trying o learn.. :S |
# |
May 11th 2021, 15:15 |
slackebot |
"login (with xyz provider)" button or the like? |
# |
May 11th 2021, 15:15 |
ndm |
First things first, never access superglobals with CakePHP directly, always use the request object for that, and never die in your code, use graceful returns or exceptions (for redirects in authenticators you can specifically use `\Authentication\Authenticator\AuthenticationRequiredException` with a `Location` header passed to it)! Besides that, this all happens automatically I guess, ie you're not showing logged out users a |
# |
May 11th 2021, 15:08 |
paolo.bragagni |
provider response with $_GET['code'] that I use for get the user via curl |
# |
May 11th 2021, 15:05 |
slackebot |
// PCKE NON ABILITATO SU ARPA ]); header('Location: ' . $authorize_url); exit; } |
# |
May 11th 2021, 15:05 |
paolo.bragagni |
if(!isset($_GET['code'])) { $_SESSION['state'] = bin2hex(random_bytes(5)); $authorize_url = $idp->authorization_endpoint.'?'.http_build_query([ 'response_type' => 'code', 'client_id' => $client_id, 'redirect_uri' => $url1, 'state' => $_SESSION['state'], 'scope' => 'openid profile', //'code_challenge' => $code_challenge, // PKCE NON ABILITATO SU ARPA //'code_challenge_method' => 'S256', |
# |
May 11th 2021, 15:05 |
paolo.bragagni |
first time that my Authenticator is fired: |
# |
May 11th 2021, 15:02 |
ndm |
That should be what you're using irrespective of the used authenticators, yes. Can't really give too much concrete advice, without seeing that juicy code I'm only shooting in the dark here :) |
# |
May 11th 2021, 14:59 |
paolo.bragagni |
probably I have to write my logout $this->Authentication->logout(); |
# |
May 11th 2021, 14:58 |
paolo.bragagni |
BUT I cant logout |
# |
May 11th 2021, 14:58 |
paolo.bragagni |
then I can login with that user ecc ecc |
# |
May 11th 2021, 14:57 |
paolo.bragagni |
then I can register (and it gets data from provider and write in local user table) in perfect way |
# |
May 11th 2021, 14:56 |
paolo.bragagni |
:) |
# |
May 11th 2021, 14:56 |
paolo.bragagni |
my app try to autenticate and redirect to login / register view in beautiful way |
# |
May 11th 2021, 14:55 |
paolo.bragagni |
we have our identity provider and I'll get a clientid and clientsecret for each app that we'll create |
# |
May 11th 2021, 14:54 |
paolo.bragagni |
is application specific |
# |
May 11th 2021, 14:48 |
slackebot |
your app shouldn't automatically try to authenticate in the first place? |
# |
May 11th 2021, 14:48 |
ndm |
@paolo.bragagni I mean, I'm not sure, in case the identity provider keeps state, then maybe, possibly, not sure... be careful I guess, most people misunderstand how OAuth is not ment for authentication, luckily I was mostly able to avoid touching SSOs so far. I guess if it all, you'd only do that if the provider is application specific, certainly you wouldn't want to log people out of all of their apps. That being said, maybe |
# |
May 11th 2021, 14:43 |
paolo.bragagni |
(and it reauthenticates) |