| # |
May 17th 2021, 15:05 |
 kevin.pfeifer |
so you already got a custom bake plugin working |
| # |
May 17th 2021, 15:05 |
kevin.pfeifer |
well basically yes but probably i can help you in more detail :) |
| # |
May 17th 2021, 15:05 |
paolo.bragagni |
no.. or.. yes.. you said to look at https://book.cakephp.org/bake/2/en/development.html#bake-events |
| # |
May 17th 2021, 14:57 |
neon1024 |
https://book.cakephp.org/authorization/2/en/request-authorization-middleware.html |
| # |
May 17th 2021, 14:57 |
neon1024 |
Ah found it |
| # |
May 17th 2021, 14:57 |
kevin.pfeifer |
so my comment from yesterday (or whenever I tried to explain that) didn't help? |
| # |
May 17th 2021, 14:50 |
neon1024 |
I don’t fancy updating all our tests and re-doing a big chunk of the project |
| # |
May 17th 2021, 14:49 |
neon1024 |
Sadly the Authorization docs don’t have a section on migrating from AuthComponent like the Authentication plugin docs do |
| # |
May 17th 2021, 14:48 |
neon1024 |
Is there a neat upgrade path from a customer 3.x Authorize class to the new Authorization plugin? Or do I need to make some Frankensteins Monster RoleAuthorizePolicy class? |
| # |
May 17th 2021, 14:09 |
virtudavi99 |
Yes/No? |
| # |
May 17th 2021, 13:09 |
neon1024 |
I guess it just looks big compared to `$this->Auth->user('id')` |
| # |
May 17th 2021, 13:05 |
ndm |
IMHO it's pretty straightforward |
| # |
May 17th 2021, 13:04 |
ndm |
I mean... |
| # |
May 17th 2021, 13:03 |
neon1024 |
Short of some nifty class aliases |
| # |
May 17th 2021, 13:03 |
neon1024 |
Thanks @ndm so I guess no elegant way then |
| # |
May 17th 2021, 13:02 |
neon1024 |
Perhaps that’s what the docblock means when it says path |
| # |
May 17th 2021, 13:01 |
neon1024 |
Strange that `getOriginalData` doesn’t take a dot hash |
| # |
May 17th 2021, 13:01 |
ndm |
`$this->Authentication->getIdentity()->organisation_id` `$this->Authentication->getIdentity()->get('organisation_id')` `$this->Authentication->getIdentityData('organisation_id')` |
| # |
May 17th 2021, 12:57 |
neon1024 |
Both seem very long |
| # |
May 17th 2021, 12:57 |
neon1024 |
`$this->getRequest()->getSession()->read('Auth.organisation_id');` |
| # |
May 17th 2021, 12:57 |
neon1024 |
`$this->Authentication->getIdentity()->getOriginalData()['organisation_id']` |
| # |
May 17th 2021, 12:57 |
neon1024 |
Is there a more elegant way to get Authentication data from the session? |
| # |
May 17th 2021, 12:36 |
richard |
@ndm thanks for your input, it does feel more appropriate to handle it with apache |
| # |
May 17th 2021, 12:35 |
ndm |
@richard I'd always use server level solutions for that, doing it on PHP level is just a waste of performance... so with Apache using rewrite rules would most likely the most fitting approach. |
| # |
May 17th 2021, 12:33 |
slackebot |
`$identity = new \Authentication\Identity($modifiedData);`. |
| # |
May 17th 2021, 12:33 |
ndm |
@kushan You'd have to be a bit more specific about what exactly it is that you don't understand about using it. It's just a callback, and it expects that you return an object that implements `\Authentication\IdentityInterface`, so basically you modify the data that it receives (in case required), and wrap it an object that satisfies the required contract. The most basic option would be to use the built in identity class, eg |
| # |
May 17th 2021, 12:13 |
richard |
is using apache my best bet or is cake application code a better way to tackle this |
| # |
May 17th 2021, 12:13 |
richard |
What is the best solution when redirecting urls from an old site to urls on a new site, the harder part is query string params from the old site have to be translated to query string params on the new site |
| # |
May 17th 2021, 12:03 |
kushan |
thanks @ndm but I believe, if I can set a custom decorator for LDAP auth, I can sort this issue without creating a new entity. I believe this is the answer, but I don't know how to use it https://book.cakephp.org/authentication/2/en/identity-object.html#using-a-custom-identity-decorator |
| # |
May 17th 2021, 12:00 |
slackebot |
that is concerned, you'd either need to supply the role ID (you could query the role entity by name maybe) to avoid the unique validation error, or disable validation, or set the entity properties on the object instead of passing them to `newEntity()`. |
| # |
May 17th 2021, 12:00 |
ndm |
Well, that doesn't really answer my question, as LDAP usernames might not be identical to your DB usernames, ie you could still have a matching profile for an LDAP user. I'm pressing on the DB querying because that would be the cleaner approach IMHO. However, if you do not have profiles for LDAP users, and do not intend to create any for them, so you really need to create "dummy entities" for them so to speak... then as far as |
| # |
May 17th 2021, 11:57 |
kushan |
as you could see when a user enters usernam/password, it first check in the app's db for a matching user. If it cannot find a matching user, then look for LDAP |
| # |
May 17th 2021, 11:57 |
kushan |
2. ldap |
| # |
May 17th 2021, 11:56 |
kushan |
1. password |
| # |
May 17th 2021, 11:56 |
kushan |
there are 2 ways |
| # |
May 17th 2021, 11:56 |
slackebot |
LDAP_OPT_NETWORK_TIMEOUT => 5, ], ]); return $service; }``` @ndm The above might explain how i'm authenticating users |
| # |
May 17th 2021, 11:56 |
slackebot |
$service->loadIdentifier('CustomLdap', [ 'fields' => ['username' => 'username', 'password' => 'password'], 'host' => Configure::readOrFail('LdapHost'), 'bindDN' => function ($username) use ($baseDN) { return "cn=$username,$baseDN"; }, 'baseDN' => $baseDN, 'ldap' => 'CustomExtensionAdapter', 'options' => [ LDAP_OPT_PROTOCOL_VERSION => 3, |
| # |
May 17th 2021, 11:56 |
slackebot |
'fields' => $formAuthFields, 'loginUrl' => '/', ]); // Load identifiers $service->loadIdentifier('Authentication.Password', [ 'fields' => $formAuthFields, 'resolver' => [ 'className' => 'CustomOrm', 'customerId' => Router::getRequest()->getAttribute('customer')->id ], ]); // add LDAP identifier $baseDN = Configure::readOrFail('LdapBaseDN'); |
| # |
May 17th 2021, 11:56 |
slackebot |
$service->setConfig([ 'unauthenticatedRedirect' => '/', 'queryParam' => 'redirect', ]); $formAuthFields = [ IdentifierInterface::CREDENTIAL_USERNAME => 'email', IdentifierInterface::CREDENTIAL_PASSWORD => 'password', ]; // Load the authenticators. Session should be first. $service->loadAuthenticator('Authentication.Session'); $service->loadAuthenticator('Authentication.Form', [ |
| # |
May 17th 2021, 11:56 |
kushan |
```/** * Returns a service provider instance. * * @param \Psr\Http\Message\ServerRequestInterface $request Request * @return \Authentication\AuthenticationServiceInterface */ public function getAuthenticationService(ServerRequestInterface $request): AuthenticationServiceInterface { $service = new AuthenticationService(); // Define where users should be redirected to when they are not authenticated |
| # |
May 17th 2021, 11:54 |
ndm |
I'm not quite sure I understand, do you _not_ have any matching users in your DB, or are you just not able to query them (for example because you have no unique value by which you could identify them)? |