-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FormAuthenticator::_checkLoginUrl() fails when accessing alternative route #137
Comments
I think you would have to compare array values as well. |
@markstory exactly my thought but then it is required that you run the routing middleware before authentication. But this brings up a problem if we want to do authorization against routes. authorization requires the identity. |
Couldn't the 'loginAction' be defined as a string URL if people have multiple possible routes a login page can be reached at? |
We would always require a string then and turn the URI from the request also into an array and then compare them. Or am I missing something? If not I'll do the change. |
That sounds like it should work to me. |
@markstory does that look OK? protected function _checkLoginUrl(ServerRequestInterface $request)
{
$loginUrl = $this->getConfig('loginUrl');
if (!empty($loginUrl)) {
$requestUrl = Router::parseRequest($request);
if (is_string($loginUrl)) {
$loginUrl = Router::parseRequest((new ServerRequest([
'uri' => $loginUrl
])));
$this->setConfig('loginUrl', $loginUrl);
}
$keysToCompare = array_keys($loginUrl);
foreach ($keysToCompare as $key) {
if (!array_key_exists($key, $requestUrl)
|| $requestUrl[$key] !== $loginUrl[$key]
) {
return false;
}
}
}
return true;
} |
You could use |
@markstory I've pushed the code to the branch |
Sure, I'll try to take a look in the next few days. |
Closing as #146 covers this. |
For testing I've been accessing the direct controller/action URL
http://cake3.world-architects.com/en/users/login
but we have a route for that as well/en/login
.But the FormAuthenticator compares only a string URL and not if the passed array really matches the resolved controller action but instead only the first route that machtes:
I'm not sure if there is a better way than to compare the arrays to resolve this?
The text was updated successfully, but these errors were encountered: