Geek Answers Handbook

CakePHP Authentication for REST APIs

So, I am creating a REST API for the web application that I am developing, and I know that the main authentication methods are either to send credentials for each request, or to send a token.

Since I have not used a token before, I can send credentials for each request. The fact is that I can not find examples of how to deal with this in the controller. Would there be something like this?

public function api_index() { if(!$this->Auth->login()) return; $this->set(array( 'models' => $this->Model->find('all'), '_serialize' => array('models') )); }

I really don't think this AuthComponent::login() method works, can I get some directions here, please?

+6
source share
3 answers

Ok, first clarify how AuthComponent :: login works. In Cake 2.x, this method does not perform any authentication, but creates an Auth.User array in your session. You need to implement authentication itself (the User model is the natural place to do this). The basic authentication method might look like this:

 App::uses('AuthComponent', 'Controller/Component'); public function authenticate($data) { $user = $this->find('first', array( 'conditions' => array('User.login' => $data['login']), )); if($user['User']['password'] !== AuthComponent::password($data['password']) { return false; } unset($user['User']['password']); // don't forget this part return $user; // the reason I return the user is so I can pass it to Authcomponent::login if desired }

Now you can use this from any controller while the user model is loaded. You may know that you can load it by calling Controller::loadModel('User') .

If you want to authenticate each request, then you must enter the beforeFilter method for the AppController:

 public function beforeFilter() { $this->loadModel('User'); if(!$this->User->authenticate($this->request->data)) { throw new UnauthorizedException(__('You don\'t belong here.')); } }

All of the above assumes that you pass POST values ​​for login and password each time. I think token authentication is definitely the best way to go, but in order to get up and running, this should work. Some of the disadvantages include sending a password to cleartext (if you do not need ssl) every request and probably a high level of use of the hashing algorithm every time. However, I hope this gives you a better idea of ​​how to do authentication with cakephp.

Let me know if something needs clarification.

Update: After posting this question, I found out that you can use AuthComponent :: login without parameters, but I'm not a fan of this. From the CakePHP documentation:

 In 2.x $this->Auth->login($this->request->data) will log the user in with whatever data is posted, whereas in 1.3 $this->Auth->login($this->data) would try to identify the user first and only log in when successful.
+5
source

AuthComponent :: login () creates a session variable that stores user data, so say you had data that was something like.

 $data = array('User' => array('id' => 1, 'username' => 'johndoe'));

Then you should use

 $this->Auth->login($data);

And access data using

 $this->Auth->user('User');

To get the user id

 $this->Auth->user('User.id');

In your AppControllers beforefilter app, add $this->Auth->deny(); , which will reject all actions for someone who is not logged in. Then in each controller before the filter you want $this->Auth->allow(array('view')); 'view' be the name of the action you want to publish,

http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html

+1
source

Cakephp 2.X. After numerous studies about this on the Internet, I did not find a satisfactory answer. So I found a way to do this. Maybe this answer will help some people in the future. This answer applies only to the REST API in the php of the cake.

Add the following line to your REST API logical operation before checking $this->Auth->login().

  $this->request->data['User'] = $this->request->data ; if($this->Auth->login()){ echo "Hurray You are logged In from REST API."; } else { throw new UnauthorizedException(__('You don\'t belong here.')); }

Description: as @threeve said in one of the answers that $this->Auth->login() does not perform any authentication. but rather creates an Auth.User array in your session. For authentication, we require that our $ this-> request-> data be inside the User array, since User is the model that will verify the credentials in the database. Therefore, we must pass data to Auth, as required, if not using the REST API. The rest of the stuff will be handled by Cake and Auth themselves.

Any improvements or suggestions on this subject are welcome.

+1
source

More articles:


All Articles