search

cakephp / authentication

Authentication plugin for CakePHP. Can also be used in PSR7 based applications.
MIT License
115 stars 100 forks source link

Issue when using Authentication Plugin and DebugKit in Dev Environments #595

Closed phpcss-ankue closed 1 year ago

phpcss-ankue commented 1 year ago

Since this cost me really some time figuring out, I wanted to share a bug for all DebugKit users using Authentication Plugin: According to the CakePHP Cookbook (Link), custom Identity Decorator Classes may be passed to the AuthenticationService either as a closure or by the class name. Using the first option will lead to an error preventing display of any content in the Request Panel because closures cannot be unserialized; passing by the class name (MyCustomIdentity::class) will fix this error.

markstory commented 1 year ago

Thanks for opening this issue. I can look into getting this fixed.

markstory commented 1 year ago

How could someone reproduce this issue? I wasn't able to get the Closure to show up as a request attribute. My AuthenticationService configuration looks like:

        $config = [
            'unauthenticatedRedirect' => '/login',
            'identityClass' => function ($data) {
                return new User($data->toArray());
            },
        ];
        $service = new AuthenticationService($config);
phpcss-ankue commented 1 year ago

I am using a custom LDAPIdentity class implementing Authentication\IdentityInterface and Authorization\IdentityInterface. 'identity' is one attribute of the request. My getAuthenticationService in Application.php looks like this:

    $identityDecorator = function ($data) {
        return new LDAPIdentity($data);
    };

    $service = new AuthenticationService([
        'identityClass' => $identityDecorator,
    ]);

    // Configure unauthenticated redirect to login page
    $name = '/' . Configure::read('App.name');
    $name = str_replace('//', '', $name);
    $service->setConfig([
        'unauthenticatedRedirect' => "$name/users/login",
        'queryParam' => 'redirect',
    ]);

    // Load identifiers
    // LDAP class is a custom resolver searching AD groups for the username from $_SERVER['AUTH_USER']
    $service->loadIdentifier('Authentication.Password', [
        'resolver' => [
            'className' => 'LDAP',
        ],
    ]);

    // Load the authenticators, you want session first
    // The Authenticator checks every time whether the given credentials (username) are still valid
    $service->loadAuthenticator('Authentication.Session', [
        'sessionKey' => 'Auth',
        'identify' => true,
    ]);

    return $service;
markstory commented 1 year ago

Thanks for that information. I'll see if I can reproduce this.