Breeding: Basic Authentication in CakePHP -

Monday, 15 February 2010

Basic Authentication in CakePHP -

i trying setup basic authentication cakephp app can utilize api upcoming mobile application. if pass following:

cameron:password@dev.driz.co.uk/basic/locked/

where cameron username, password password, , rest domain , application. locked method requires authentication. (obviously password wrong in example)

(q1) requested username , password in prompt... username , password in fact right if type them prompt work... why happen? haven't passed username , password?

i can't see wrong way have set in cakephp.

i set basic auth in appcontroller as:

public $components = array('auth');  function beforefilter() {     parent::beforefilter();      $this->auth->authorize = array('controller');     $this->auth->authenticate = array('basic');     $this->auth->sessionkey = false;     $this->auth->unauthorizedredirect = false;  }

(q2) have set both sessions false , redirect false, if user cancels prompt redirected login page? ideas on how stop happening? ideally want send json response or status code of 401 (depending if it's ajax request or not).

so like:

if ($this->request->is('ajax')) {      $response = json_encode(             array(                 'meta'=>array(                     'code'=>$this->response->statuscode(401),                     'in'=>round(microtime(true) - time_start, 4)                 ),                 'response'=>array(                     'status'=>'error',                     'message'=>'401 not authorized'                 )             )         );      // handle jsonp     if(isset($_get['callback'])) {         $response = $_get['callback'] . '(' . $response . ')';     }      //  homecoming json     $this->autorender = false;     $this->response->type('json');     $this->response->body($response);     } else {      header('http/1.0 401 unauthorized');  }

but go in application logic show this? needs happen requested methods require authentication , user fails or cancels authentication.

(q3) if come in wrong details shown prompt 1 time again until username/password right or nail cancel. how can create show error?

any ideas these 3 issues (marked sub questions numbers).

update: how send headers api:

"use strict";jquery.base64=(function($){var _padchar="=",_alpha="abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789+/",_version="1.0";function _getbyte64(s,i){var idx=_alpha.indexof(s.charat(i));if(idx===-1){throw"cannot decode base64"}return idx}function _decode(s){var pads=0,i,b10,imax=s.length,x=[];s=string(s);if(imax===0){return s}if(imax%4!==0){throw"cannot decode base64"}if(s.charat(imax-1)===_padchar){pads=1;if(s.charat(imax-2)===_padchar){pads=2}imax-=4}for(i=0;i<imax;i+=4){b10=(_getbyte64(s,i)<<18)|(_getbyte64(s,i+1)<<12)|(_getbyte64(s,i+2)<<6)|_getbyte64(s,i+3);x.push(string.fromcharcode(b10>>16,(b10>>8)&255,b10&255))}switch(pads){case 1:b10=(_getbyte64(s,i)<<18)|(_getbyte64(s,i+1)<<12)|(_getbyte64(s,i+2)<<6);x.push(string.fromcharcode(b10>>16,(b10>>8)&255));break;case 2:b10=(_getbyte64(s,i)<<18)|(_getbyte64(s,i+1)<<12);x.push(string.fromcharcode(b10>>16));break}return x.join("")}function _getbyte(s,i){var x=s.charcodeat(i);if(x>255){throw"invalid_character_err: dom exception 5"}return x}function _encode(s){if(arguments.length!==1){throw"syntaxerror: 1 argument required"}s=string(s);var i,b10,x=[],imax=s.length-s.length%3;if(s.length===0){return s}for(i=0;i<imax;i+=3){b10=(_getbyte(s,i)<<16)|(_getbyte(s,i+1)<<8)|_getbyte(s,i+2);x.push(_alpha.charat(b10>>18));x.push(_alpha.charat((b10>>12)&63));x.push(_alpha.charat((b10>>6)&63));x.push(_alpha.charat(b10&63))}switch(s.length-imax){case 1:b10=_getbyte(s,i)<<16;x.push(_alpha.charat(b10>>18)+_alpha.charat((b10>>12)&63)+_padchar+_padchar);break;case 2:b10=(_getbyte(s,i)<<16)|(_getbyte(s,i+1)<<8);x.push(_alpha.charat(b10>>18)+_alpha.charat((b10>>12)&63)+_alpha.charat((b10>>6)&63)+_padchar);break}return x.join("")}return{decode:_decode,encode:_encode,version:_version}}(jquery));              $(document).ready(function(){                  var username = 'cameron';                  var password = 'password';                  $.ajax({                     type: 'get',                     url: 'http://dev.driz.co.uk/basic/locked',                     beforesend : function(xhr) {                         var base64 = $.base64.encode(username + ':' + password);                         xhr.setrequestheader("authorization", "basic " + base64);                     },                     datatype: 'jsonp',                     success: function(data) {                          console.log(data);                      },                     error: function(a,b,c) {                         //console.log(a,b,c);                     }                 });              });

you don't specify how visit protected url (dev.driz.co.uk/basic/locked). sure way doing setting request headers properly? need base64 encode username/password.

when first request fails browser jumps in prompt , succeeding means browser sec time.

have @ request headers see send first time , browser sends second.

when basic auth fails server sends 401 header www-authenticate:basic picked browser , presented prompt. build in normal behavior browsers since ages, can't alter that.

about issue canceling , beingness redirected login, auth had api changes after 2.4 highlighted in book. before version 2.4 redirected loginaction.

finally, allow auth work setting , don't effort hardwire responses in code suggest. shouldn't ever using php's header() in cakephp, utilize cakerequest::header() instead.

answered in q2, can't have basic , 401 not trigger prompt. either alter required authentication header (by perhaps setting name basic-x instead of basic) or don't send response code 401 on failure send i.e. 200 or 400 , add together error message explaining situation.

cakephp basic-authentication

Breeding

Monday, 15 February 2010

Basic Authentication in CakePHP -

No comments:

Post a Comment