search

benedmunds / CodeIgniter-Ion-Auth

Simple and Lightweight Auth System for CodeIgniter
http://benedmunds.com/ion_auth/
MIT License
2.34k stars 1.14k forks source link

cleaning the cache database #979

Closed arturplo closed 7 years ago

arturplo commented 8 years ago

Hey, I have included automatic cache for the database, how can I clear the cache created by Ion Auth automatically after the operation correctly add / edit or delete a user or group by the administrator?

PS Sorry for my bad english

benedmunds commented 8 years ago

Ion Auth doesn't have its own cache. Are you referencing CI's DB query caching?

-Ben Edmunds

On September 15, 2016 at 3:55:24 PM, arturplo (notifications@github.com) wrote:

Hey, I have included automatic cache for the database, how can I clear the cache created by Ion Auth automatically after the operation correctly add / edit or delete a user or group by the administrator?

PS Sorry for my bad english

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/979, or mute the thread https://github.com/notifications/unsubscribe-auth/AAJkl0b4WsdShkuysUoUsprl-oUqJDM7ks5qqaKsgaJpZM4J-R9L .

arturplo commented 8 years ago

So I have included the caching of queries by the CI. In config / database.php in $ db [ 'default'] = array (... "cache_on" => TRUE, ....) which makes you think by default all requests, including those from Ion Auth enroll in cache. So what to do for the actions edit / add / delete user groups or users, delete the cache created by using libraries in contollers

PS. Sorry for my bad english

benedmunds commented 8 years ago

Well yea I'd guess they would be but why do you want to clear the cache?

arturplo commented 8 years ago

Thank you for your response. I want to clear the cache so that when you add a new user group can not see this new group on the list because the system retrieves data from the cache. If clear the cache already seen everything.

benedmunds commented 8 years ago

Looks like you can just call cache_delete or cache_delete_all https://www.codeigniter.com/userguide3/database/caching.html#this-db-cache-delete

arturplo commented 8 years ago

thanks, working, have not worked because I was in the code $this->db->cache_delete ('admin/people', 'index') I thought that if I have a controller People in controllers/admin/People.php i must give a full path in cache_delete ( ) $this->db->cache_delete('admin', 'people'); solved the problem.

afagard commented 6 years ago

To be honest I think it is strange to not take into account caching CI's db caching with regards to an authentication system where data changes frequently and deleting/deactivating a user may result in them still be able to login. This is potentially a huge security issue that should be accounted for if you are using CI's db caching.

Here is how I completely removed caching from Ion_Auth.

All controller/model functions outside Ion Auth access the $this->ion_auth object which in turn either (1) calls an ion_auth_model function through the ion_auth library __call magic function or (2) a library object which in turn calls an ion_auth_model function. All interactions happen through the library class, and thus, it is only the file we have to edit.

First in the __call method I do the following; turn the cache off before a function is called and back to the desired state after the function returns something.

public function __call($method, $arguments)
{
    if (!method_exists($this->ion_auth_model, $method)) {
        throw new Exception('Undefined method Ion_auth::' . $method . '() called');
    }
    $this->db->cache_off();
    $return = call_user_func_array(array($this->ion_auth_model, $method), $arguments);
    $this->localization->cache_default_state(); // returns the system to the desired cache state
    return $return;
}

Then in all functions in the ion_auth library where ion_auth_model is called that does a get() from the database I do something like:

public function forgotten_password($identity)    //changed $email to $identity
    {
        $this->db->cache_off();
        $forgotten_password = $this->ion_auth_model->forgotten_password($identity);
        $this->localization->cache_default_state();

        if ($forgotten_password) {   //changed

This assures that whether I am getting a group, user, or whatever, it is always not cached.

Ideally you could just do $this-> to access the __call method in the library and completely avoid $this->ion_auth_model but some of the functions have the same name in the model as the library and would cause an infinite loop.

benedmunds commented 6 years ago

Really good idea there @afagard

If you submit a PR with a config flag for this that defaults to false for backwards compatibility I’d be happy to merge it in.