CakePHP 2.0 基本身份验证始终给出 302 重定向而不是 401 未经授权

发布于 2025-01-05 02:15:25 字数 1320 浏览 2 评论 0原文

我在一个简单的 CakePHP 2.0 应用程序中设置了基本身份验证。我首先将应用程序设置为使用常规表单身份验证，然后将以下行添加到 AppController.php 的 beforeFilter() 中以启用基本的 http 身份验证：

$this->Auth ->authenticate = array('Basic');

这是完整的 AppController：

<?php
class AppController extends Controller {

    public $components = array(
            "Session",
            "Auth" => array(
                'loginRedirect' => array('controller'=>'users','action'=>'index'),
                'logoutRedirect' => array('controller'=>'users','action'=>'index'),
                'authError' => "You are not authorized to view this page.",
                'authorize' => array('Controller'),
        )
    );

    public function isAuthorized($user) {
        return true;
    }

    public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->allow('index','view');
        $this->set('logged_in', $this->Auth->loggedIn());
        $this->set('current_user',$this->Auth->user());
        $this->Auth->authenticate = array('Basic');
    }
}
?>

理想情况下，我希望整个应用程序中有一个特定的控制器（将公开用于移动设备的 API 的控制器）仅使用基本 HTTP身份验证，其余控制器的行为就像普通的 Web 应用程序一样。

目前，如果我将不正确的凭据传递给控制器，我会收到 HTTP 302 响应，而我确实希望传回 HTTP 401。我该怎么做？

*已编辑错别字

原文

I have basic authentication set up in a simple CakePHP 2.0 application. I first set up the application to use regular form authentication, then I added the following line to the beforeFilter() of my AppController.php to enable basic http authentication:

$this->Auth->authenticate = array('Basic');

Here's the full AppController:

<?php
class AppController extends Controller {

    public $components = array(
            "Session",
            "Auth" => array(
                'loginRedirect' => array('controller'=>'users','action'=>'index'),
                'logoutRedirect' => array('controller'=>'users','action'=>'index'),
                'authError' => "You are not authorized to view this page.",
                'authorize' => array('Controller'),
        )
    );

    public function isAuthorized($user) {
        return true;
    }

    public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->allow('index','view');
        $this->set('logged_in', $this->Auth->loggedIn());
        $this->set('current_user',$this->Auth->user());
        $this->Auth->authenticate = array('Basic');
    }
}
?>

Ideally I'd like one specific controller (a controller which will expose an API for use with a mobile device) out of the entire application to use only Basic HTTP authentication, and the rest of the controllers to behave like a normal web application.

Currently if I pass incorrect credentials to the controller I get an HTTP 302 response, when I'd really like a HTTP 401 to be passed back. How can I do this?

*edited for typo

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

抚你发端 2025-01-12 02:15:25

public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow('index','view');
    $this->set('logged_in', $this->Auth->loggedIn());
    $this->set('current_user',$this->Auth->user());
    if($this->name == 'Specific') {
            // for the specific controller
            $this->Auth->authenticate = array('Basic');
    } else {
            // everything else
    }
}

查看 KVZ 的 Rest 插件，可能会感兴趣
https://github.com/kvz/cakephp-rest-plugin

public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow('index','view');
    $this->set('logged_in', $this->Auth->loggedIn());
    $this->set('current_user',$this->Auth->user());
    if($this->name == 'Specific') {
            // for the specific controller
            $this->Auth->authenticate = array('Basic');
    } else {
            // everything else
    }
}

checkout KVZ's rest plugin it may be of interest
https://github.com/kvz/cakephp-rest-plugin

回复收藏 0 原文

野稚 2025-01-12 02:15:25

我还没有尝试过 2.0，但通常 Auth 所做的是使用 setFlash 设置错误消息，然后将您重定向到某个地方以显示该消息。这可能就是您收到 302 重定向的原因。

手动设置标题然后退出怎么样？

例如

public function login() {
    if ($this->Auth->login()) {
        return $this->redirect($this->Auth->redirect());
    } else {
        header("HTTP/1.0 401 Unauthorized");
        exit;
    }
}

I haven't tried 2.0 yet, but usually what Auth does is use setFlash to set the error message, then redirect you somewhere to show you that message. That's probably why you're getting the 302 redirect.

How about manually setting the header and then exiting?

e.g.

public function login() {
    if ($this->Auth->login()) {
        return $this->redirect($this->Auth->redirect());
    } else {
        header("HTTP/1.0 401 Unauthorized");
        exit;
    }
}

回复收藏 0 原文

提赋 2025-01-12 02:15:25

在cakePHP 2.x中，您可以创建自定义状态代码例如

if ($this->Auth->login()) {
  return $this->redirect($this->Auth->redirect());
} else {
  throw new MissingWidgetHelperException('You are not authorized to view this page.', 401);
}

In cakePHP 2.x you can create a custom status code e.g.

if ($this->Auth->login()) {
  return $this->redirect($this->Auth->redirect());
} else {
  throw new MissingWidgetHelperException('You are not authorized to view this page.', 401);
}

回复收藏 0 原文

~没有更多了~