Closed gooseleggs closed 2 years ago
Hi @gooseleggs,
Have you checked access logs and cakephp debug and error log files?
Also check if the time is correctly setup in your server, google authentication (OTP) will not work if not.
Yes - nothing is being written to the logs that is of any use. The time is correct.
What is interesting, is that it seems to be fine on some browsers/machines and not on others. For instance, using FF on a machine works, but Edge on the same machine does not. I dont know why this could be, considering it is the backend (PHP app) that is writing the cookie. Clearing out all cookies and testing, browsers that do not work only create, and continue to use the same cookie, so it is not like the cookie is changing constantly. Adding debug statements into the code, I can see that session variable is created - DebugKit see's it, but the session file on disk does not - it only writes out the 'remember me' variable. For browsers that do work, when you go to the verification page, the session file on disk contains that temporarySession variable.
Not sure where to go next.
@gooseleggs You could try to extend the controller to override the login action and add logs like \Cake\Log\Log::debug((string)$this->request->getUri());
@gooseleggs Have you found a solution for this?
Here are the logs between a 'good' logon and a bad login. If I override the controller, and have this..
public function login()
{
\Cake\Log\Log::debug((string)$this->request->getUri());
}
all browsers log in as expected, however the redirect does not happen, which is OK for testing purposes. If I disable this function (rem it out) then the issue exhibits itself. So, I then captured the logs with it disabled showing the permissions check, and I can see what it looks like doing multiple redirects. The next post details with the login function in use.
The following is in its default configuration. I have put notes as to where in the authentication process I am at
For a successful login
Browse to website 2022-03-19 09:21:36 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:21:36 debug: For {"prefix":null,"plugin":"DebugKit","extension":null,"controller":"Requests","action":"view","role":"user"} --> Rule matched {"role":"","plugin":"DebugKit","controller":"","action":"","bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:21:36 info: Cake Authorization plugin is enabled. If you would like to force DebugKit to ignore it, set
DebugKit.ignoreAuthorization
Configure option to true. 2022-03-19 09:21:36 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"*","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1At login page - entering credentials 2022-03-19 09:21:54 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"verify","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:21:54 debug: For {"prefix":null,"plugin":"DebugKit","extension":null,"controller":"Requests","action":"view","role":"user"} --> Rule matched {"role":"","plugin":"DebugKit","controller":"","action":"","bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:21:54 info: Cake Authorization plugin is enabled. If you would like to force DebugKit to ignore it, set
DebugKit.ignoreAuthorization
Configure option to true.At verify page - entering TOTP 2022-03-19 09:22:07 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"verify","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:22:07 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:22:07 debug: For {"prefix":"Admin","plugin":"DatabaseLog","extension":null,"controller":"Logs","action":"index","role":"user"} --> Rule matched {"role":"user","prefix":"Admin","extension":"","plugin":"DatabaseLog","controller":"","action":"","allowed":true} with result = 1 2022-03-19 09:22:07 debug: For {"prefix":null,"plugin":"DebugKit","extension":null,"controller":"Requests","action":"view","role":"user"} --> Rule matched {"role":"","plugin":"DebugKit","controller":"","action":"","bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:22:07 info: Cake Authorization plugin is enabled. If you would like to force DebugKit to ignore it, set
DebugKit.ignoreAuthorization
Configure option to true.We are in (redirected)
Now for the one that fails
Browse to website 2022-03-19 09:19:41 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:19:41 debug: For {"prefix":null,"plugin":"DebugKit","extension":null,"controller":"Requests","action":"view","role":"user"} --> Rule matched {"role":"","plugin":"DebugKit","controller":"","action":"","bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:19:41 info: Cake Authorization plugin is enabled. If you would like to force DebugKit to ignore it, set
DebugKit.ignoreAuthorization
Configure option to true. 2022-03-19 09:19:41 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:19:42 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 At Login page - entering credentials 2022-03-19 09:19:58 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"verify","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:19:58 debug: For {"prefix":null,"plugin":"DebugKit","extension":null,"controller":"Requests","action":"view","role":"user"} --> Rule matched {"role":"","plugin":"DebugKit","controller":"","action":"","bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:19:58 info: Cake Authorization plugin is enabled. If you would like to force DebugKit to ignore it, setDebugKit.ignoreAuthorization
Configure option to true. 2022-03-19 09:19:59 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:19:59 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 At verify page - entering TOTP code 2022-03-19 09:20:16 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"verify","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:20:16 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:20:16 debug: For {"prefix":null,"plugin":"DebugKit","extension":null,"controller":"Requests","action":"view","role":"user"} --> Rule matched {"role":"","plugin":"DebugKit","controller":"","action":"","bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:20:16 info: Cake Authorization plugin is enabled. If you would like to force DebugKit to ignore it, setDebugKit.ignoreAuthorization
Configure option to true. 2022-03-19 09:20:16 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:20:16 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"*","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 Back at login page - Could not find user data
So, sometimes it likes to bounce me through the login page to end up where I want to go. The difference between the two logs is only the browser that I am using. Same machine.
Doing the same test with the overridden login function being
public function login() { \Cake\Log\Log::debug((string)$this->request->getUri()); //$this->LoginTrait->login(); }
I get this:
Login from browser that faults
Browse to site: 2022-03-19 09:39:54 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:39:54 debug: https://test.example.com/ 2022-03-19 09:39:54 debug: For {"prefix":null,"plugin":"DebugKit","extension":null,"controller":"Requests","action":"view","role":"user"} --> Rule matched {"role":"","plugin":"DebugKit","controller":"","action":"","bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:39:54 info: Cake Authorization plugin is enabled. If you would like to force DebugKit to ignore it, set
DebugKit.ignoreAuthorization
Configure option to true. 2022-03-19 09:39:58 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:39:58 debug: https://test.example.com/?redirect=https%3A%2F%2Ftest.example.com%2Ffavicon.ico 2022-03-19 09:39:59 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:39:59 debug: https://test.example.com/?redirect=https%3A%2F%2Ftest.example.com%2Ffavicon.ico At login page - entering credentials 2022-03-19 09:40:24 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"verify","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:40:24 debug: For {"prefix":null,"plugin":"DebugKit","extension":null,"controller":"Requests","action":"view","role":"user"} --> Rule matched {"role":"","plugin":"DebugKit","controller":"","action":"","bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:40:24 info: Cake Authorization plugin is enabled. If you would like to force DebugKit to ignore it, setDebugKit.ignoreAuthorization
Configure option to true. 2022-03-19 09:40:25 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:40:25 debug: https://test.example.com/?redirect=https%3A%2F%2Ftest.example.com%2Ffavicon.ico 2022-03-19 09:40:25 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:40:25 debug: https://test.example.com/?redirect=https%3A%2F%2Ftest.example.com%2Ffavicon.ico At Verify - entering TOTP 2022-03-19 09:40:47 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"verify","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:40:47 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:40:47 debug: https://test.example.com/ 2022-03-19 09:40:48 debug: For {"prefix":null,"plugin":"DebugKit","extension":null,"controller":"Requests","action":"view","role":"user"} --> Rule matched {"role":"","plugin":"DebugKit","controller":"","action":"","bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:40:48 info: Cake Authorization plugin is enabled. If you would like to force DebugKit to ignore it, setDebugKit.ignoreAuthorization
Configure option to true. 2022-03-19 09:40:48 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"Favicon.ico","action":"index","role":"user"} --> Rule matched {"role":"user","prefix":"","extension":"","controller":"","action":"index","allowed":true} with result = 1 At login page - no errors, and I can manually direct to wanted page2022-03-19 09:41:21 debug: For {"prefix":"Admin","plugin":"DatabaseLog","extension":null,"controller":"Logs","action":"index","role":"user"} --> Rule matched {"role":"user","prefix":"Admin","extension":"","plugin":"DatabaseLog","controller":"","action":"","allowed":true} with result = 1 2022-03-19 09:41:22 debug: For {"prefix":null,"plugin":"DebugKit","extension":null,"controller":"Requests","action":"view","role":"user"} --> Rule matched {"role":"","plugin":"DebugKit","controller":"","action":"","bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:41:22 info: Cake Authorization plugin is enabled. If you would like to force DebugKit to ignore it, setDebugKit.ignoreAuthorization
Configure option to true.
On the browser where it was successful before
Browse to site
2022-03-19 09:45:48 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:45:48 debug: https://test.example.com/ 2022-03-19 09:45:49 debug: For {"prefix":null,"plugin":"DebugKit","extension":null,"controller":"Requests","action":"view","role":"user"} --> Rule matched {"role":"","plugin":"DebugKit","controller":"","action":"","bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:45:49 info: Cake Authorization plugin is enabled. If you would like to force DebugKit to ignore it, set
DebugKit.ignoreAuthorization
Configure option to true. 2022-03-19 09:45:49 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:45:49 debug: https://test.example.com/?redirect=https%3A%2F%2Ftest.example.com%2Ffavicon.ico Entering Credentials 2022-03-19 09:45:59 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"verify","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:46:00 debug: For {"prefix":null,"plugin":"DebugKit","extension":null,"controller":"Requests","action":"view","role":"user"} --> Rule matched {"role":"","plugin":"DebugKit","controller":"","action":"","bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:46:00 info: Cake Authorization plugin is enabled. If you would like to force DebugKit to ignore it, setDebugKit.ignoreAuthorization
Configure option to true. Entering TOTP code 2022-03-19 09:46:11 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"verify","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:46:11 debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"MyUsers","action":"login","role":"user"} --> Rule matched {"prefix":false,"plugin":"","controller":"MyUsers","action":["socialLogin","login","logout","socialEmail","verify","register","validateEmail","changePassword","resetPassword","requestResetPassword","resendTokenValidation","linkSocial","u2f","u2fRegister","u2fRegisterFinish","u2fAuthenticate","u2fAuthenticateFinish"],"bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:46:11 debug: https://test.example.com/ 2022-03-19 09:46:12 debug: For {"prefix":null,"plugin":"DebugKit","extension":null,"controller":"Requests","action":"view","role":"user"} --> Rule matched {"role":"","plugin":"DebugKit","controller":"","action":"","bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:46:12 info: Cake Authorization plugin is enabled. If you would like to force DebugKit to ignore it, setDebugKit.ignoreAuthorization
Configure option to true. Back at login screen - authenticated - browse to where redirect should take us 2022-03-19 09:46:29 debug: For {"prefix":"Admin","plugin":"DatabaseLog","extension":null,"controller":"Logs","action":"index","role":"user"} --> Rule matched {"role":"user","prefix":"Admin","extension":"","plugin":"DatabaseLog","controller":"","action":"","allowed":true} with result = 1 2022-03-19 09:46:32 debug: For {"prefix":null,"plugin":"DebugKit","extension":null,"controller":"Requests","action":"view","role":"user"} --> Rule matched {"role":"","plugin":"DebugKit","controller":"","action":"","bypassAuth":true,"allowed":true} with result = 1 2022-03-19 09:46:32 info: Cake Authorization plugin is enabled. If you would like to force DebugKit to ignore it, setDebugKit.ignoreAuthorization
Configure option to true.
@gooseleggs see this url from your log https://test.example.com/?redirect=https%3A%2F%2Ftest.example.com%2Ffavicon.ico
the browser is trying to load the file favicon.ico and since you don't have that file the request is passing to CakePHP resulting in permission redirect to login.
I see two options
Let me know if you have questions.
Thanks. This did indeed resolve the issue. I was too far into the weeds looking for this answer. Thanks
Team
I have a confusing problem. I was running Cake 4.2 with CakeDC/Users 9. I have upgraded to Cake 4.3.5, and CakeDC/Users 11. The problems exists both prior and now. I have enabled 2FA using google authenticator. Some users, when they log in get returned back to the login screen with "Could not find user data". Sometimes it works as expected. What will guarantee to work is the first account added to the users table using
bin/cake users addSuperuser
. However, other users are random if they work and from where. Sometimes it wont work, then all of a sudden it does.When I look at the session information, the temporaryUser is in the session before entering the GA code. If I disable the
$this->getRequest()->getSession()->delete(AuthenticationService::TWO_FACTOR_VERIFY_SESSION_KEY);
line in the login function of LoginTrait.php it works well. So, I think it is redirection related?.However, I have made modifications to the redirection, and doesn't seem to be any different. If I add another superuser it still exhibits the issue. I am not sure what I can put in here to assist.
src/application.php
users.php
routes.php
Looking at the DB table, there is nothing different between the first user compared to other users apart from the obvious expected details.
When I get the verification page, there is the temporarySession variable in the sessions section of DebugKit. However, when I go an look at what is being stored within the session variable on the disk, it only has the remember_me part. The following is what the cookie looks like when at the verification screen...
Config|a:1:{s:4:"time";i:1646807891;}Flash|a:0:{}CookieAuth|a:1:{s:11:"remember_me";s:1:"1";}
If you have any thoughts as to what could be causing the problem, I am interested to understand.