CakePHP form authentication for normal requests wi

2019-07-18 14:00发布

问题:

I'm attempting to to build a web application that can be view by a user in a browser but also has an API for developers to interface with my application. My question is how do I change the authentication based on what type of request it is in CakePHP?

I would like my application to prompt users using the site with form authentication but when a request comes in with a '.json' to use basic authentication.

I've tried this in my AppController:

class AppController extends Controller {

public $components = array(
    'Session',
    'Auth' => array(
         'loginRedirect' => array(
             'controller' => 'journeys', 
             'action' => 'index'
             ),
        'logoutRedirect' => array(
            'controller' => 'pages', 
            'action' => 'display', 'home'
            )
    ),
    'RequestHandler'
);

public function beforeFilter() {
    if($this->params['ext'] == 'json') {
        $this->Auth->authenticate = array('Basic');
    } else {
        $this->Auth->authenticate = array('Form');
    }
    $this->Auth->allow('display'); 
}

}

I have checked that the clause in the beforeFilter if works and it does but I seem to get redirected to my form authentication no matter what URL I try and access in my application

The login function in my UsersController file looks like:

if ($this->Auth->login()) {
    return $this->redirect($this->Auth->redirect());
} else {
    $this->Session->setFlash(__('Username or password is incorrect'), 'default', array(), 'auth');
}

I have read the docs on the CakePHP website but I can't seem to find an example that will help me. Any help would be appreciated.

EDITED FOR CORRECTION TO CODE AND MORE INFORMATION

I have carried on looking at this problem and Ive noticed that if I log the value of:

$this->Auth->authenticate

in the beforeFilter it says that it is basic but it's still sending me to the form log in.

回答1:

Excerp from the docs (see http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html):

Because basic and digest authentication don’t require an initial POST or a form so if using only basic / digest authenticators you don’t require a login action in your controller. Also you can set AuthComponent::$sessionKey to false to ensure AuthComponent doesn’t try to read user info from session.

So you do not require a login action. You could check for the authentication method in your users controller and skip the login action if the authentication method is "Basic".