# |
May 12th 2021, 18:04 |
virtudavi99 |
How are they bridged? |
# |
May 12th 2021, 18:03 |
virtudavi99 |
I'm just posting what I did to see if I missed the solution. |
# |
May 12th 2021, 18:03 |
thomas078 |
Actually did not get it to work... |
# |
May 12th 2021, 17:44 |
slackebot |
Basically you just set it to a pseudo-random value and it'll be used in your hashes (along with an actual salt) and to encrypt and decrypt data using the `Cake/Utility/Security` class as well as being used to generate a pseudo-random CSRF token (again, along with an actual salt). You can read more about it here: https://en.wikipedia.org/wiki/Pepper_(cryptography) |
# |
May 12th 2021, 17:44 |
me1367 |
It's technically a wrong term. The correct term should be "pepper" (though a lot of people conflict the two). Basically it's an *app specific* pseudo-random string that should be kept secret and is used for things like hashing and encrypting. Unlike a salt (going by the true definition of a salt), a pepper *must* be kept secret where a salt _can_ be made public if need be (don't make your password hashed public tho). |
# |
May 12th 2021, 17:41 |
admad |
@virtudavi99 you can always switch to using our IRC or Discord support channel :). They are all bridged together so you won't be losing anything. |
# |
May 12th 2021, 17:33 |
thomas078 |
found it: https://book.cakephp.org/authentication/2/en/testing.html |
# |
May 12th 2021, 17:29 |
slackebot |
@'ed me and they're not direct messages. Am I missing something? I don't want to unsubscribe from all emails. |
# |
May 12th 2021, 17:29 |
virtudavi99 |
I'm getting these annoying Slack emails saying "Your team is working in Slack. Here’s what happened recently." with a copy of some recent posts here (in this channel), and when I click Unsubscribe, it takes me to a checklist where it appears the notification email checkbox is already unchecked... so I've gotten several of these this week for this channel, and it's apparently impossible to unsubscribe from them. Nobody's |
# |
May 12th 2021, 17:27 |
thomas078 |
How to test controllers using Authentication plugin? This is only for Auth component? https://book.cakephp.org/4/en/development/testing.html#testing-actions-that-require-authentication |
# |
May 12th 2021, 16:24 |
kushan |
Thanks @ndm |
# |
May 12th 2021, 16:20 |
slackebot |
session). |
# |
May 12th 2021, 16:20 |
ndm |
That would be a new request, so the information is gone after a redirect, unless you'd use an authenticator that can identify the user on every request (the session authenticator can be configured to do so), however that identifier could be different to the one used for the initial login. If you need the information from the initial login, then you need to store it yourself so that it is shared across requests (for example in the |
# |
May 12th 2021, 16:08 |
kushan |
I'm trying to get the identifier value in beforeRender(), that is after redirect |
# |
May 12th 2021, 15:52 |
ndm |
Where in your code and when exactly do you try to obtain that value? Note that it will only work in the same request where the user has been identified. |
# |
May 12th 2021, 15:48 |
steinkel |
that's SecurityComponent complaining about a POST being done, debug request data to check it's actually there... |
# |
May 12th 2021, 15:48 |
kushan |
could someone help me please? this is re. Authenticators.. I tried to get the identifier that identified the user similar to what described here https://book.cakephp.org/authentication/2/en/authenticators.html#getting-the-successful-authenticator-or-identifier but $service->getIdentificationProvider() returns null always. Users can login successfully. I am using Password and Ldap identifiers. thanks in advance. |
# |
May 12th 2021, 15:28 |
thomas078 |
got it! |
# |
May 12th 2021, 15:28 |
ndm |
That's how it's ment to work. Debug mode gives you more details to aid with development, production mode gives you less details to minimize exposing information that may make your application vulnerable to the outside world. |
# |
May 12th 2021, 15:18 |
thomas078 |
When i have debug on, authorization plugin gives correct error:Identity is not authorized to perform. When i set debug false, i get 404 error. Dont understand how debug affects error reporting |
# |
May 12th 2021, 13:33 |
neon1024 |
Apologies for being a pain, but what is this? `_Token was not found in request data.` I can see a hidden `_Token` field with debug token, fields token and such |
# |
May 12th 2021, 11:31 |
neon1024 |
Knowing Cake, I’m sure one of the Army of Marks will have updated it by now :,) |
# |
May 12th 2021, 11:30 |
ndm |
Oh and that, yeah |
# |
May 12th 2021, 11:30 |
ndm |
Yeah, it should probably say `FormProtector` component |
# |
May 12th 2021, 11:30 |
neon1024 |
It’s `FormProtectionComponent` |
# |
May 12th 2021, 11:30 |
neon1024 |
Urk, that PR has a typo |
# |
May 12th 2021, 11:29 |
neon1024 |
Seems my afternoon has a twist! |
# |
May 12th 2021, 11:29 |
neon1024 |
> Error Create the class FormProtectorComponent below in file: src/Controller/Component/FormProtectorComponent.php |
# |
May 12th 2021, 11:29 |
neon1024 |
:,) |
# |
May 12th 2021, 11:27 |
neon1024 |
Awesome! :clap: |
# |
May 12th 2021, 11:27 |
ndm |
The message has been improved recently. https://github.com/cakephp/cakephp/pull/15502/files |
# |
May 12th 2021, 11:26 |
neon1024 |
I wonder if the friendsofcake/bootstrap-ui form helper and crud support this properly :thinking_face: |
# |
May 12th 2021, 11:25 |
neon1024 |
It’s not a very helpful exception message to my brain. As my form does have create first :thinking_face: |
# |
May 12th 2021, 11:24 |
neon1024 |
Ah we meet again Mr Bond :raised_hands: |
# |
May 12th 2021, 08:48 |
neon1024 |
Just a random thought, but is it possible to have the router cast integer id values into `int` instead of passing them to my controller methods as `string` ? `function index(string $id){ ` seems a bit odd to me when I am using strict types. Or is this more of a job for a custom router class I’d create? |
# |
May 12th 2021, 08:34 |
erwane |
i always get fresh data in AppController::beforeFilter(). SQL queries are very fast and this prevent any "why it's not updated ??" |
# |
May 12th 2021, 08:20 |
hello106 |
Ah found it `_$this_->Authentication->setIdentity($user);` - couldn’t see that in the main docs anywhere, except within the migration notes (https://book.cakephp.org/authentication/2/en/migration-from-the-authcomponent.html) |
# |
May 12th 2021, 08:14 |
hello106 |
Hi all, could anyone guide me on how you can/should update an identity with newer data (using the Authentication plugin) if say a user update their name/avatar in their profile? We’re using the standard Identity object (https://book.cakephp.org/authentication/2/en/identity-object.html) - thanks |
# |
May 12th 2021, 08:08 |
naresh.thakur1987 |
I tried both ways |
# |
May 12th 2021, 08:08 |
admad |
Your are calling a non https url from a page with https. |
# |
May 12th 2021, 08:07 |
naresh.thakur1987 |
the code is replica |