milesj / auto-login Goto Github PK

One "gotcha" I struggled with a little is that in my login action I needed to check to see if the AutoLogin component had created my auth user before I was redirected to users/login. I had assumed it would handle this for me, but I was mistaken.

Adding this code to the top of the action solved my issues. If I missed some kind of callback or I'm not using this properly, please correct me.

//Already logged in?
$user = $this->Auth->user();
if(!empty($user)){
    return $this->redirect($this->Auth->redirect());
}

Hi miles,

I am testing your 2.0 version and it seems to me there is something to be better analyzed, I will share some temporary idea.

When you startup() method tries to login the user with the data stored in the cookie, it uses

if ($this->Auth->login($cookie)) {

I'm quite sure this is not working, see the book
http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html
where it says:

WARNING:
In 2.0 $this->Auth->login($this->request->data) will log the user in with whatever data is posted,
whereas in 1.3 $this->Auth->login($this->data) would try to identify the user first and only log in when successful.

So I made it working changing the code into something like:

$controller->request->data['User'] = array(
  'username' => $cookie['username'],
  'password' => 'banana' // test password before hashing
);

if ($this->Auth->login()) {

simulating a POST request from the user with the login data.

Problem is that the password from the cookie contained in $cookie['password'] is hashed and won't work for login...

I'll keep thinking about it and come back.

nt

After correct login the cookie is there but the component give a Cookie Mismatch error in debug mode

Any tips to fix this issue?

Thanks for time!

Info:
AutoLogin 3.5.1 on CakePHP 2.1.2

I was having major issues with your autologin not working, and after hours and hours of debugging I finally figured out the problem to be php5-suhosin. I don't know exactly what suhosin is doing, but maybe put a note in your readme about suhosin may cause problems.

Hopefully this helps somebody.

Hi,

I have never been able to get this to work properly. I always get [AutoLogin] Cookie Mismatch emails.

I'm using the latest version of 3.5.4 with the following settings:

AppController

public $components = array(
    'AutoLogin',
    'Auth'=> array(
        'authenticate' => array(
            'Form' => array(
                'fields' => array('username' => 'email', 'password' => 'password')
            )
        )
    ),
    'Session',
    'Cookie',
    'RequestHandler',
    'Security'
);  

function beforeFilter() 
    {
            $this->AutoLogin->settings = array(
            // Model settings
            'model' => 'User',
            'username' => 'email',
            'password' => 'password',

            // Controller settings
            'plugin' => '',
            'controller' => 'users',
            'loginAction' => 'login',
            'logoutAction' => 'logout',

            // Cookie settings
            'cookieName' => 'rememberMe',
            'expires' => '+1 month',

            // Process logic
            'active' => true,
            'redirect' => true,
            'requirePrompt' => true
        );
}

From the email I get:

[name] => CakeCookie
[time] =>
[path] => /
[domain] =>
[secure] =>
[key] => DYhG93b0qyJffdgsdgdf5454bWwvniR2G0FgaC9mi
[httpOnly] =>
[_values:protected] => Array
    (
        [CakeCookie] => Array
            (
                [autoLogin] => µµ&;Üf%ê◊h˜5˛àã#Zë»ïÀÃ∫â ÒÀíákÕÌhO‹¨òu= •@üo¬uú$(’ä} Tl R•˝2‡ÕÉg öƒ1“ÛíAˇ>≥rê°@ yx  ∑∆ãAÁflZŸ') ~“ÊÄêÌ…Œ;mÖ9 Kú¢˜≈SY ıπqx7& êtbi ¢dPËE7GS~BÌêÇ«˛ º
            )

        )

Any idea what is going on?

Thanks

I think there are some problems with the Cookie component.

Here is what I figured out.

(please forgive my english)

When a user's session expires, he is redirected to the loginAction. The AutoLogin logs him in, but without redirection. So I used the callback _autoLogin to do so. But while trying to redirect, AutoLogin::beforeRedirect() doesn't like it because we're actually in the loginAction !

Here is the patch I used :

Index: trunk/app/controllers/components/auto_login.php
===================================================================
--- trunk/app/controllers/components/auto_login.php (révision 50)
+++ trunk/app/controllers/components/auto_login.php (copie de travail)
@@ -137,15 +137,19 @@
            
            switch ($Controller->action) {
                case $loginAction:
-                   $username = $data[$Controller->Auth->userModel][$Controller->Auth->fields['username']];
-                   $password = $data[$Controller->Auth->userModel][$Controller->Auth->fields['password']];
-                   $autoLogin = (isset($data[$Controller->Auth->userModel]['auto_login'])) ? $data[$Controller->Auth->userModel]['auto_login'] : 0;
+
+                   if (isset($data[$Controller->Auth->userModel])) {
+                       $username = $data[$Controller->Auth->userModel][$Controller->Auth->fields['username']];
+                       $password = $data[$Controller->Auth->userModel][$Controller->Auth->fields['password']];
+                       $autoLogin = (isset($data[$Controller->Auth->userModel]['auto_login'])) ? $data[$Controller->Auth->userModel]['auto_login'] : 0;
                    
-                   if (!empty($username) && !empty($password) && $autoLogin == 1) {
-                       $this->save($username, $password, $Controller);
-                   } else if ($autoLogin == 0) {
-                       $this->delete();
+                       if (!empty($username) && !empty($password) && $autoLogin == 1) {
+                           $this->save($username, $password, $Controller);
+                       } else if ($autoLogin == 0) {
+                           $this->delete();
+                       }
                    }
+                   
                break;

Hello there,

this component is really great, and almost work out-of-the-box for CakePHP 1.3.

There are two things :

1/ CookieComponent::delete().
$this->Cookie->del() should be $this->Cookie->delete()

2/ CookieComponent has to be added to the AppController's Components

Thanks for this great job !

I made a small change in AutoLoginComponent.php line 215. It read "$cookie = array();", I changed it to "$cookie = $this->Auth->user();"
By doing this I stored all the original session data into the cookie, so when the autologin does its thing it has all the other data to go with it.
Before it would log a user in, but anything stored in $this->Auth->user() wouldn't be there, now it is.

I put

$this->AutoLogin->settings = array(
// Model settings
'model' => 'User',
'username' => 'mail',
'password' => 'password',

    // Controller settings
    'plugin' => '',
    'controller' => 'users',
    'loginAction' => 'login',
    'logoutAction' => 'logout',

    // Cookie settings
    'cookieName' => 'UsersLogin',
    'expires' => '+2 weeks',

    // Process logic
    'active' => true,
    'redirect' => true,
    'requirePrompt' => true
    );

in my beforeFilter() in app/appControllers but i get this message :

Notice (8): Undefined index: username [APP/Controller/Component/AutoLoginComponent.php, line 281]

I use autologin v 3.5.2 and cake v 2.1.3

Hi,

I know that probably it is a stupid question but I don't understand where is $this->Cookie (line 85) declared?

Cakephp 1.3.8

When not signedin user goes authorized zone, some errors fires. Problem seems that, AuthLoginComponent::startup() isn't
executed and $this->Controller = $Controller isn't assigned. Then cakephp fires AutoLoginComponent::beforeRedirect(),
but controlerio isn't assigned, so Auth component can't be accessed.

My cheap solution for this:
public function beforeRedirect($Controller) {
if(!isset($this->Auth))
return;

Notice (8): Undefined property: AutoLoginComponent::$Auth [APP/controllers/components/auto_login.php, line 151]
Notice (8): Trying to get property of non-object [APP/controllers/components/auto_login.php, line 151]
Notice (8): Undefined property: AutoLoginComponent::$Controller [APP/controllers/components/auto_login.php, line 166]
Notice (8): Trying to get property of non-object [APP/controllers/components/auto_login.php, line 166]
Notice (8): Undefined property: AutoLoginComponent::$Controller [APP/controllers/components/auto_login.php, line 167]
Notice (8): Trying to get property of non-object [APP/controllers/components/auto_login.php, line 167]
Notice (8): Undefined property: AutoLoginComponent::$Controller [APP/controllers/components/auto_login.php, line 169]
Notice (8): Trying to get property of non-object [APP/controllers/components/auto_login.php, line 169]

AutoLoginComponent::beforeRedirect() - APP/controllers/components/auto_login.php, line 151
Component::beforeRedirect() - CORE/cake/libs/controller/component.php, line 143
Controller::redirect() - CORE/cake/libs/controller/controller.php, line 678
AuthComponent::startup() - CORE/cake/libs/controller/components/auth.php, line 394
Component::triggerCallback() - CORE/cake/libs/controller/component.php, line 186
Controller::startupProcess() - CORE/cake/libs/controller/controller.php, line 523
Dispatcher::_invoke() - CORE/cake/dispatcher.php, line 187
Dispatcher::dispatch() - CORE/cake/dispatcher.php, line 171
[main] - APP/webroot/index.php, line 84

I'm using email address instead of username for login. I'm on Cakephp 2.1.0, and all other aspects follow convention.

When I set

$this->AutoLogin->settings = array('username' => 'email');

inside my AppController beforeFilter, I get a 'Cookie Mismatch' error in email debug during autoLogin.

If I set

protected $_defaults = array('username' => 'email');

inside the component itself, it seems to work correctly.

When setting my Auth, I use this:

    $this->Auth->loginAction = array(
        'plugin' => 'plugin_name',
        'controller' => 'users',
        'action' => 'login'
    );

Yet in AutoLoginComponent the $controller->plugin == 'PluginName'
So in the beforeRedirect() function, the IF statement is never true and the cookie never saves. My Auth settings won't allow PluginName as the plugin key value which I find strange and the AutoLogin->settings are overwritten in your beforeRedirect() function.