CakePHP 3 下的摘要认证
Posted
技术标签:
【中文标题】CakePHP 3 下的摘要认证【英文标题】:Digest Authentification under CakePHP 3 【发布时间】:2016-08-11 08:53:30 【问题描述】:我正在尝试使用 Cakephp 3.1 下的 Authentification 组件创建摘要式身份验证,但遇到了问题。我正在使用下面的代码,并且在上一个弹出窗口中输入正确的用户名和密码后立即弹出 HTTP 身份验证弹出窗口。然后,如果我按取消,我有这个:Cake\Auth\BasicAuthenticate->unauthenticated。
有人可以告诉我我做错了什么吗?
AppController.php
$this->loadComponent('Auth', [
'authorize' => 'Controller',
'loginRedirect' => [
'controller' => 'Users',
'action' => 'index'
],
'authenticate' => [
'Digest' => [
'fields' => ['username' => 'username', 'password' => 'digest_hash'],
'userModel' => 'Users',
],
],
'loginAction' => [
'controller' => 'Users',
'action' => 'login',
],
'storage' => 'Memory',
'unauthorizedRedirect' => false
]);
UserTable.php
public function beforeSave(Event $event)
$entity = $event->data['entity'];
// Make a password for digest auth.
$entity->digest_hash = DigestAuthenticate::password(
$entity->username,
$entity->plain_password,
env('SCRIPT_NAME')
);
return true;
在客户端部分
public function digest()
$http = new Client();
$response = $http->get('http://localhost/project/api/v1/users/view/22', [], [
'auth' => [
'type' => 'digest',
'username' => 'Digest',
'password' => 'my_password',
]
]);
当我检查调试工具包环境时,我有这个:
PHP_AUTH_DIGEST username="Digest", realm="localhost", nonce="57ac3609a5b79", uri="/project/api/v1/users/view/22", response="af0e1fe455aa7f1475df715ef5231b56", opaque="421aa90e079fa326b6494f812ad13e79", qop=auth, nc=00000001, cnonce="0bb461453700ebc1"
【问题讨论】:
【参考方案1】:这可能为时已晚,但对某人仍有帮助!
使用
$this->Auth->unauthorizedRedirect = false,
。导致 AuthComponent 抛出 ForbiddenException 除非您提交有效的用户名和密码,否则不会重定向到另一个页面。
正确注册:
显然,正确注册/添加用户的摘要密码以使摘要身份验证成为可能非常重要。
正如documentation中提到的,我们可以通过在UsersTable.php中添加以下代码来添加摘要哈希密码:
public function beforeSave(Event $event)
$entity = $event->data['entity'];
// Make a password for digest auth.
$entity->digest_hash = DigestAuthenticate::password(
$entity->username,
$entity->plain_password,
env('SERVER_NAME')
);
return true;
但是我们应该小心上面提到的变量/术语:
1. $entity->digest_hash (this should be equivalent to the field you have made to
save password, eg. password_hash)
2. $entity->username (this should be equivalent to the field you have made to
save username, eg. email)
3. $entity->plain_password (again this should be equivalent to the field you have made to
save password, eg. password_hash)
4. env('SERVER_NAME') (this is third parameter for making digest password,
"SERVER_NAME" is default value and we can left it this way.)
作为结论,如果我们有一个 email(用于用户名)和 password_hash(用于密码),那么上面的函数将是:
public function beforeSave(Event $event)
$entity = $event->data['entity'];
// Make a password for digest auth.
$entity->password_hash= DigestAuthenticate::password(
$entity->email,
$entity->password_hash,
env('SERVER_NAME')
);
return true;
我之所以把注意力集中在上面的事情上,是因为它们有犯错的可能性。
【讨论】:
以上是关于CakePHP 3 下的摘要认证的主要内容,如果未能解决你的问题,请参考以下文章