Cookie support not working #13

Closed
LimeBlast opened this Issue Oct 2, 2012 · 1 comment

Projects

None yet

2 participants

@LimeBlast

(I don't know if this will make any major differences, but because I'm using CakePHP 2.2.2, I'm using the forked version by @josegonzalez)

I'm using authsome on my new project, and it works great, apart from the cookie login part.

I've follow the instructions suggested within the documentation (the only change being that LoginToken is called CookieToken), and when someone clicks the checkbox on the login page, a new row gets created in the tokens table, and a cookie gets set to the browser, but when the session expires, it doesn't log me in again.

Here is my (relevant) code:

Controllers/UsersController.php

class UsersController extends AppController
{

    public function login()
    {
        if (empty($this->data))
        {
            return;
        }

        $user = Authsome::login($this->data['User']);

        if (!$user)
        {
            $this->Session->setFlash(__('Unknown user or wrong password'), 'flashMessage/error');
            return;
        }

        $remember = (!empty($this->data['User']['remember']));
        if ($remember)
        {
            Authsome::persist('2 weeks');
        }

        // check for referer
        $referer = $this->Session->read('Sanction.referer');
        if (isset($referer))
        {
            // if referer available, redirect to it
            $redirect = $referer;
        }
        else
        {
            // otherwise, redirect to user's dashboard
            $redirect = array('action' => 'index');
        }

        $this->redirect($redirect);
    }
}

Models/Users.php

class User extends AppModel
{
    /**
     * Runs before any data gets saved to the database
     * @param type $options
     * @return boolean
     */
    public function beforeSave($options = array())
    {
        // If a password has been submitted, hash it before saving
        if (!empty($this->data['User']['password']))
        {
            $this->data['User']['password'] = Authsome::hash($this->data['User']['password']);
        }
        return true;
    }

    /**
     * Powers the authsome login
     * @param type $type
     * @param type $credentials
     * @return null
     */
    public function authsomeLogin($type, $credentials = array())
    {
        switch ($type)
        {
            case 'guest':
                // You can return any non-null value here, if you don't
                // have a guest account, just return an empty array
                return array();
            case 'credentials':
                $password = Authsome::hash($credentials['password']);

                // This is the logic for validating the login
                $conditions = array(
                    'User.email' => $credentials['email'],
                    'User.password' => $password,
                );
                break;
            case 'cookie':
                list($token, $userId) = split(':', $credentials['token']);
                $duration = $credentials['duration'];

                $cookieToken = $this->CookieToken->find('first', array(
                    'conditions' => array(
                        'user_id' => $userId,
                        'token' => $token,
                        'duration' => $duration,
                        'used' => false,
                        'expires <=' => date('Y-m-d H:i:s', strtotime($duration)),
                    ),
                    'contain' => false
                ));

                if (!$cookieToken)
                {
                    return false;
                }

                $cookieToken['CookieToken']['used'] = true;
                $this->CookieToken->save($cookieToken);

                $conditions = array(
                    'User.id' => $cookieToken['CookieToken']['user_id']
                );
                break;
            default:
                return null;
        }

        $user = $this->find('first', compact('conditions'));
        if (!$user)
        {
            return false;
        }
        $user['User']['loginType'] = $type;
        return $user;
    }

    /**
     * Powers the authsome cookie login
     * @param int $user
     * @param string $duration
     * @return type
     */
    public function authsomePersist($user, $duration)
    {
        $token = md5(uniqid(mt_rand(), true));
        $userId = $user['User']['id'];

        $this->CookieToken->create(array(
            'user_id' => $userId,
            'token' => $token,
            'duration' => $duration,
            'expires' => date('Y-m-d H:i:s', strtotime($duration)),
        ));
        $this->CookieToken->save();

        return "${token}:${userId}";
    }

}

Can someone help me? Thank you

@LimeBlast LimeBlast referenced this issue in josegonzalez/cakephp-sanction Nov 17, 2012
Closed

Post.user_id matches logged in user #17

@josegonzalez
Collaborator

Seems fine on my end, closing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment