Auth configuration while testing api

CakeDC / users

Users Plugin for CakePHP

https://www.cakedc.com

Other

521 stars 297 forks source link

Auth configuration while testing api #908

Closed DrMickArtisan closed 3 years ago

DrMickArtisan commented 4 years ago

Hi, I'm currently writing an api with cakephp 3.9.3 / cakedc users 8.5.1 / cakedc auth 4.0.1 I had to build my own api_authenticate. I have this configuration for authentication (in config/users.php) : 'Auth' => [ 'authenticate' => [ 'all' => [ 'finder' => 'auth', ], 'MyApi', 'Form', ], 'authorize' => [ 'CakeDC/Auth.Superuser', 'Controller', ], 'checkAuthIn' => 'Controller.initialize', 'loginAction' => '/', 'unauthorizedRedirect' => false, ],

Problem is : when I try to unit test my api endpoints, (in a controller test case), nothing works. After many tests, it seems that CakeDC.users plugin use CakeDc/Auth.Apikey, even if I do not add it to the configuration file. In fact, it seems that in unit testing environment, CakeDC.users plugin does not take my configuration file. I don't know if it is something I failed to configure for the tests or a rea issue. If someone could help ?

DrMick

PhantomWatson commented 4 years ago

I wonder if this is related to #912 , where I also noticed users.php configuration data being overridden by default values.

rochamarcelo commented 3 years ago

@DrMickArtisan cakephp is merging your config with the default config. You'll need to add a Configure::write('Auth', [....]) after bootstrap instead of setting in users.php config file.

PhantomWatson commented 3 years ago

@rochamarcelo , are you sure that that's correct? bootstrap.php shows the plugin's config file being loaded first, then the app's config file(s) being loaded. By default, I think that Configure:: load() overwrites existing values. Otherwise, users.php wouldn't have much use if it couldn't replace the plugin's default configuration.

rochamarcelo commented 3 years ago

@PhantomWatson Yes, I am, you can check that Configure::load will merge.

PhantomWatson commented 3 years ago

@rochamarcelo , what I'm asking is if it's true that you can't use users.php to set configuration values because the plugin's bootstrap process replaces all of them with default values. That doesn't sound right (or it sounds like a tremendous bug if true), so I'm hoping for some clarification.

You're suggesting that when configuration arrays are merged, existing (default) values are preserved instead of overwritten, and that doesn't appear to be the case.

rochamarcelo commented 3 years ago

@PhantomWatson I'm saying that config keys are merged. The default config contain an array with numeric keys https://github.com/CakeDC/users/blob/8.next/config/users.php#L148 with

[
            'all' => [
                'finder' => 'auth',
            ],
            'CakeDC/Auth.ApiKey',
            'CakeDC/Auth.RememberMe',
            'Form',
        ],

This config is merged with the config define by the user

 [
        'all' => [
            'finder' => 'auth',
       ],
       'MyApi',
       'Form',
]

resulting in something like

[
            'all' => [
                'finder' => 'auth',
            ],
            'CakeDC/Auth.ApiKey',
            'CakeDC/Auth.RememberMe',
            'Form',
            'MyApi',
            'Form',
],

rochamarcelo commented 3 years ago

Closing due to inactivity.