CakePHP Authsome - Debuggable's Xmas Gift
Posted on 25/12/09 by Felix Geisendörfer
Merry Xmas everybody. We hope you are having a lovely time and get to renew the batteries for an awesome 2010 over the holidays.
To ease the withdrawal symptoms, Tim and I decided to do some light development over the holidays in order to create a little Xmas gift for the CakePHP community:
The Authsome plugin: Authentication for people who hate the AuthComponent.
We have been using a system very similar to Authsome for all our CakePHP projects over the years, but it wasn't until now that we had a chance to properly decouple it from the individual projects we used it in. A big thanks for that goes to ThreeLeaf Creative, the makers of a fantastic CakePHP CMS system who paid for the refactoring.
Next on the radar is Righteful: Acl for people who hate the Acl component. We hope to have it ready at some point early next year.
Alright, so go ahead and read the authsome docs over at Github and let us know what you think.
Merry Xmas,
-- Tim & Felix
You can skip to the end and add a comment.
Good stuff, thanks for the efforts - also looking forward to Rightful :)
Merry Xmas to you, too!
-- Leo
Thanks for this, I'm not a huge fan of the AuthComponent and look forward to trying Authsome. One question: how well does it play with 1.3-dev?
Thanks a lot! already implemented and fully working :)
I did have a little problem or lack of direction checking for a logged in user. If I don't supply a guest solution, it throws an exception (as it's clearly marked). I replaced the Auth component for this one for the admin area of a site, so basically the "solution" was to manually supply a guest user with id 0, and check for that in the beforeFilter, if the params['admin'] was set. Im sure it's a bit messy. I would love to see an admin area implementation example for this component in the future.
Thanks a lot!
10drill: It should be 100% 1.3-dev compatible, if not let me know and I'll fix it.
Ramiro Araujo: I just made a small update that allows you to return an empty array for the 'guest' type. Now you can check for a guest account as simple as this:
// only do if logged in
}
Let me know if that helps!
(Commit is here: b096bc )
Thanks a lot! Seems to work very much like the stuff i did for projects, but in a way that is actually reusable, elegant and clever.
Confirming Authsome works fine with 1.3-alpha and 1.3-dev, I've (quickly!) added it to four 1.3 projects and not run into any problems. Thanks again!
Awesome stuff, as usual from debuggable.
Any good examples of how to integrate with Facebook Connect, Twitter/Google Oauth, etc? eg. would you pass a type to
?
@Hendler I don't have an example for you, but yes - you would hook this into authsomeLogin in your model.
Great work!! Thanks!!
But..... I can't help but notice that you said in 2008 that you would post every day!!!
Don't worry, I won't hold you to it lol.
Thankyou again for this...
BillyBob: I think that was a 30 day challenge IIRC : ).
Thank you so much for Authsome, I have been recommending it to anyone I can. I think it's as close as you can get to perfect Auth Control in Cake.
I know your busy and it's not that I don't appreciate what you have given us already but please, please, please hurry up Righteful. I'm writing my own component to extend Authsome to support ACL but as hard as I try I highly doubt it will be even close to this quality.
Keep up the good work, and please don't keep us hanging. :)
I have to second rich97's comments.
Thanks again for all your hard work...it does not go unappreciated!
Rob
Thanks for the component ! I'm trying to implement it on a fresh cakephp 1.3 app, but i'm having a bit of a hard time, especially with the cookie part.
I get an 'Undefined Property User::LoginToken' in my User::authSomeLogin function in the user.php model. Is this... normal ?
Cheers,
Authsome component! :)
Very easy to use and integrate into your projects. Kudos to Debuggable for making it available.
However:
I've found a bug in the component.
Well, it's not strictly a bug, but it has bug-like consequences.
In function login, there's this piece of innocent code:
$this->Session->write($this->settings['sessionKey'], $user);
return $user;
In my application, this meant that almost my entire database was stored in the session! :D
I changed it to this:
Configure::write($this->settings['configureKey'], $user);
$this->Session->write($this->settings['sessionKey'], $user);
return $user;
I know that I am relying on my user model being containable, but now my session is not carrying the entire database anymore.
Synoptase: Yes, the LoginToken code is not included with Authsome directly, it's only part of the tutorial which you need to follow step by step.
jacmoe: You can use the contain() call in your model's authsomeLogin function, I don't think authsome needs to be changed here.
Hey Felix,
i tried to figure out why you don't like the Auth Component?
Where do you ran in problems using auth component?
Regards,
AxlF
AxIF: It does more than it should, and makes the subset I'm interested in (authentication) much harder.
First, I love the Authsome component. I'm already using it in multiple projects. Second, I could really use the Righteful component. I've been thinking of writing my own in the same fashion of Authsome, but I'd rather help with Righteful. I like the way you guys think. Please let me know how I can help.
@Ryan:
I don't know what the current status of Righteful is, and if it is an already active project I would like to help with that. But I asked Felix about it briefly on IRC a while ago and he said something along the lines of; "no one has sponsored the development and we have no need for it yet so it has been put on hold". And I believe he is focusing on node.js right now judging from his github activity.
So I decided to start my own repository called "AclPlus". The name isn't as cool as "Righteful" but I'm trying to achieve a similar goal, cause I do love Authsome so very much.
It's still very young in development and has been neglected over the last few weeks but if you would like to have a look at the very basic functionality it does have, and possibly contribute, you can see/fork it here:
I have a question about Authsome.
It works great, and was easy to implement (even for a first time user of CakePHP such as myself).
Anyways, I'm currently doing some testing with the cookie login (I've made all the loginTokens stuff), and this is what I do.
I login to my application with user/pass and check off the 'remeber me' tickoff. I see that there is an loginToken created in my DB, and I get an CakeCookie[User] cookie.
Then I quit my browser, and delete the session from the server (if not, I'll have to wait for the session to time out).
I then open my browser again, and go straight to an action that has $this->log(Authsome::get('email'), 'debug'); to see if I can login with cookies and see my email.
The result I get in my logs are:
Notice: Notice (8): Undefined offset: 1 in [/home/turritt/public_html/test.turritt/app/models/user.php, line 25]
This line is the following in my authsomeLogin function:
list($token, $userId) = split(':', $credentials['token']);
So, after some checking, I print the $credentials['token'] in my authsomeLogin function, but this is empty.
I also try to print $token in authsome.php:__useCookieToken(), and here it returns:
?m??*w
{??o??$q???Q1??N?E???t??C?*??d
So, something is wrong somewhere, but I really don't know what...
Ofcourse, right after I posted the last post, I found the problem.
If I in authsome.php:persist set
return $this->Cookie->write(
$this->settings['cookieKey'],
$token,
true,
$duration
);
to
return $this->Cookie->write(
$this->settings['cookieKey'],
$token,
false,
$duration
);
it works.
So, there's something wrong with decrypting of the cookies somewhere...
This post is too old. We do not allow comments here anymore in order to fight spam. If you have real feedback or questions for the post, please contact us.
Thank you! And also thank ThreeLeaf. This just helps everybody, you guys write some elegant code and I would love for this to be picked up by the core. I look forward to Righteful.
Happy holidays and take some time off for the new year!