Cakephp中的摘要身份验证

时间:2018-07-18 01:23:58

标签: cakephp cakephp-3.x digest-authentication

我正在尝试在Cakephp3中实现摘要身份验证。在执行$ this-> Auth-> identify()

时,我不断得到“ false”

我已经阅读了https://book.cakephp.org/3.0/en/controllers/components/authentication.html#using-digest-authentication,并且它与Basic Auth兼容(下面的代码中未包含)。

用户名为“ land.com”,密码为“ 1”。我有一个名为“ digest_hash”的必要列,其值为“ 93476ce5943ff6f42d37edd98ef034e5”的数据库设置。 Database-image

我的设置正确吗?我是否还缺少其他步骤?

使用POSTMAN发送,cakephp接收摘要标题,如下所示: Postman-image

'Authorization' => [
    (int) 0 => 'Digest username="land.com", realm="test", nonce="random", uri="/users/mlogin", qop=auth, nc=, cnonce="", response="52cca0984c1c9e4547d1e01d9ef2a22e", opaque="nochange"'
],

AppController.php

<?php
    namespace App\Controller;

    use Cake\Controller\Controller;
    use Cake\Event\Event;

    class AppController extends Controller
    {

        public function initialize()
        {
            parent::initialize();

            $this->loadComponent('RequestHandler', [
                'enableBeforeRedirect' => false,
            ]);
            $this->loadComponent('Flash');

            $this->loadComponent('Auth', [
                'authenticate' => [
                    'Digest' => [
                        'fields' => ['username' => 'username', 'password' => 'digest_hash'],
                        'userModel' => 'Users',

                        'realm' => 'test',
                        'nonce' => 'nonce',
                        // 'qop' => 'auth',
                        'opaque' => 'nochange',

                    ],
                ],
                'storage' => 'Memory',
                'unauthorizedRedirect' => false
            ]);


        }


    }

UsersTable.php

    <?php

    namespace App\Model\Table;

    use Cake\Auth\DigestAuthenticate;
    use Cake\Event\Event;
    use Cake\ORM\Table;

    class UsersTable extends Table
    {
        public function beforeSave(Event $event)
        {
            $entity = $event->getData('entity');

            // Make a password for digest auth.
            $entity->digest_hash = DigestAuthenticate::password(
                $entity->username,
                $entity->plain_password,
                'test'
            );
            return true;
        }
    }

    ?>

UsersController.php

    <?php
    namespace App\Controller;
    use App\Controller\AppController;
    use Cake\Controller\Controller;
    use Cake\Event\Event;

    class UsersController extends AppController
    {


        function beforeFilter(Event $event) {
            parent::beforeFilter($event);
            $this->Auth->allow( );
        }

        public function mlogin() {

            debug( $this->request->getHeaders() );
            $user = $this->Auth->identify();
            debug( $user );

        }

    }

0 个答案:

没有答案