# |
May 12th 2021, 18:57 |
slackebot |
'_successfulIdentifier' => null, '_defaultConfig' => [], '_loaded' => [ (int) 0 => 'Password' ], '_config' => [], '_configInitialized' => true } [protected] _config => [ 'fields' => [ 'username' => 'username' ], 'sessionKey' => 'Auth', 'identify' => false, 'identityAttribute' => 'identity' ] [protected] _configInitialized => true } [protected] _result => |
# |
May 12th 2021, 18:57 |
slackebot |
'_configInitialized' => true } [protected] _successfulAuthenticator => object(Authentication\Authenticator\SessionAuthenticator) { [protected] _defaultConfig => [ 'fields' => [ 'username' => 'username' ], 'sessionKey' => 'Auth', 'identify' => false, 'identityAttribute' => 'identity' ] [protected] _identifier => object(Authentication\Identifier\IdentifierCollection) { '_errors' => [], |
# |
May 12th 2021, 18:57 |
slackebot |
'_config' => [], '_configInitialized' => true }, '_defaultConfig' => [], '_loaded' => [ (int) 0 => 'Session', (int) 1 => 'Form' ], '_config' => [], '_configInitialized' => true } [protected] _identifiers => object(Authentication\Identifier\IdentifierCollection) { '_errors' => [], '_successfulIdentifier' => null, '_defaultConfig' => [], '_loaded' => [ (int) 0 => 'Password' ], '_config' => [], |
# |
May 12th 2021, 18:57 |
thomas078 |
```it is wierd as it looks like that Session is loaded correctly. object(Authentication\AuthenticationService) { [protected] _authenticators => object(Authentication\Authenticator\AuthenticatorCollection) { '_identifiers' => object(Authentication\Identifier\IdentifierCollection) { '_errors' => [], '_successfulIdentifier' => null, '_defaultConfig' => [], '_loaded' => [ (int) 0 => 'Password' ], |
# |
May 12th 2021, 18:51 |
ndm |
You need to do some debugging as to what the request, session, etc looks like in your app when the test request runs |
# |
May 12th 2021, 18:51 |
thomas078 |
ok. That must be the issue |
# |
May 12th 2021, 18:50 |
ndm |
If everything works as intended, then the session authenticator will look up and return the value that you've configured for the session, and the authentication middleware will then use it to populate the request object with the identity attribute accordingly. |
# |
May 12th 2021, 18:47 |
thomas078 |
i think that the problem is that im trying to read $this->request->getAttribute('identity')->getIdentifier() in controller and on the test i write $this->session(['Auth' => $user]); |
# |
May 12th 2021, 18:45 |
thomas078 |
Because login works when i do it normally via browser. |
# |
May 12th 2021, 18:45 |
thomas078 |
I think it has something to do with that sesstion now. |
# |
May 12th 2021, 18:44 |
ndm |
eg you should receive the same error in a regular, real request |
# |
May 12th 2021, 18:43 |
ndm |
That's what you'd have to do when you do not apply any authorization checks in that request, but that shouldn't be dependent on the test environment. |
# |
May 12th 2021, 18:40 |
thomas078 |
Ok. Got it. When testing, Authentication works. Problem is Authorization plugin. if i $this->Authorization->skipAuthorization(); on controller it works |
# |
May 12th 2021, 18:26 |
ndm |
No, there is no such thing, all you do in integration tests is configuring the environment accordingly to what your authenticators would look up. So for the session authenticator you configure a user for the session, and that's all. |
# |
May 12th 2021, 18:23 |
thomas078 |
hmm. It is probably that $user = $this->Users->get($this->request->getAttribute('identity')->getIdentifier()); on that dashboard cannot read that Session. Should $this->Authentication->setIdentity($user); in the tests? |
# |
May 12th 2021, 18:14 |
thomas078 |
when using that session based, will get ```App\Test\TestCase\Controller\UsersControllerTest::testDashboard Possibly related to Authorization\Exception\AuthorizationRequiredException: "The request to `/users/dashboard` did not apply any authorization checks." ``` |
# |
May 12th 2021, 18:11 |
thomas078 |
How to login user when testing? ``` protected function login($userId = 3) { $users = TableRegistry::getTableLocator()->get('Users'); $user = $users->get($userId); #$this->session(['Auth' => $user]); //does not work?? $this->Authentication->setIdentity($user); //Gives error. Notice Error: Undefined property: App\Test\TestCase\Controller\UsersControllerTest::$Authentication }``` |
# |
May 12th 2021, 18:05 |
admad |
https://github.com/42wim/matterbridge |
# |
May 12th 2021, 18:04 |
virtudavi99 |
I'm not seeing anywhere in Slack to disable "Your team is working in Slack" email notifications for the channel. |
# |
May 12th 2021, 18:04 |
virtudavi99 |
How are they bridged? |
# |
May 12th 2021, 18:03 |
virtudavi99 |
I'm just posting what I did to see if I missed the solution. |
# |
May 12th 2021, 18:03 |
thomas078 |
Actually did not get it to work... |
# |
May 12th 2021, 17:44 |
slackebot |
Basically you just set it to a pseudo-random value and it'll be used in your hashes (along with an actual salt) and to encrypt and decrypt data using the `Cake/Utility/Security` class as well as being used to generate a pseudo-random CSRF token (again, along with an actual salt). You can read more about it here: https://en.wikipedia.org/wiki/Pepper_(cryptography) |
# |
May 12th 2021, 17:44 |
me1367 |
It's technically a wrong term. The correct term should be "pepper" (though a lot of people conflict the two). Basically it's an *app specific* pseudo-random string that should be kept secret and is used for things like hashing and encrypting. Unlike a salt (going by the true definition of a salt), a pepper *must* be kept secret where a salt _can_ be made public if need be (don't make your password hashed public tho). |
# |
May 12th 2021, 17:41 |
admad |
@virtudavi99 you can always switch to using our IRC or Discord support channel :). They are all bridged together so you won't be losing anything. |
# |
May 12th 2021, 17:33 |
thomas078 |
found it: https://book.cakephp.org/authentication/2/en/testing.html |
# |
May 12th 2021, 17:29 |
slackebot |
@'ed me and they're not direct messages. Am I missing something? I don't want to unsubscribe from all emails. |
# |
May 12th 2021, 17:29 |
virtudavi99 |
I'm getting these annoying Slack emails saying "Your team is working in Slack. Here’s what happened recently." with a copy of some recent posts here (in this channel), and when I click Unsubscribe, it takes me to a checklist where it appears the notification email checkbox is already unchecked... so I've gotten several of these this week for this channel, and it's apparently impossible to unsubscribe from them. Nobody's |
# |
May 12th 2021, 17:27 |
thomas078 |
How to test controllers using Authentication plugin? This is only for Auth component? https://book.cakephp.org/4/en/development/testing.html#testing-actions-that-require-authentication |
# |
May 12th 2021, 16:24 |
kushan |
Thanks @ndm |
# |
May 12th 2021, 16:20 |
slackebot |
session). |
# |
May 12th 2021, 16:20 |
ndm |
That would be a new request, so the information is gone after a redirect, unless you'd use an authenticator that can identify the user on every request (the session authenticator can be configured to do so), however that identifier could be different to the one used for the initial login. If you need the information from the initial login, then you need to store it yourself so that it is shared across requests (for example in the |
# |
May 12th 2021, 16:08 |
kushan |
I'm trying to get the identifier value in beforeRender(), that is after redirect |
# |
May 12th 2021, 15:52 |
ndm |
Where in your code and when exactly do you try to obtain that value? Note that it will only work in the same request where the user has been identified. |
# |
May 12th 2021, 15:48 |
steinkel |
that's SecurityComponent complaining about a POST being done, debug request data to check it's actually there... |
# |
May 12th 2021, 15:48 |
kushan |
could someone help me please? this is re. Authenticators.. I tried to get the identifier that identified the user similar to what described here https://book.cakephp.org/authentication/2/en/authenticators.html#getting-the-successful-authenticator-or-identifier but $service->getIdentificationProvider() returns null always. Users can login successfully. I am using Password and Ldap identifiers. thanks in advance. |
# |
May 12th 2021, 15:28 |
thomas078 |
got it! |
# |
May 12th 2021, 15:28 |
ndm |
That's how it's ment to work. Debug mode gives you more details to aid with development, production mode gives you less details to minimize exposing information that may make your application vulnerable to the outside world. |
# |
May 12th 2021, 15:18 |
thomas078 |
When i have debug on, authorization plugin gives correct error:Identity is not authorized to perform. When i set debug false, i get 404 error. Dont understand how debug affects error reporting |
# |
May 12th 2021, 13:33 |
neon1024 |
Apologies for being a pain, but what is this? `_Token was not found in request data.` I can see a hidden `_Token` field with debug token, fields token and such |
# |
May 12th 2021, 11:31 |
neon1024 |
Knowing Cake, I’m sure one of the Army of Marks will have updated it by now :,) |