Login [ Auth->identify() ] always false on CakePHP 3

Question

I started using CakePHP 3 after a time using CakePHP 2 and I am having troubles to create the authentication login.

The new auth function $this->Auth->identify() always return false.

On the database, the password are encrypted perfect and the query who takes the user it's ok too.

My code:

AppController:

[...]
class AppController extends Controller{
    public function initialize(){
        $this->loadComponent('Flash');
        $this->loadComponent('Auth', [
            'loginRedirect' => [
                'controller' => 'Admin',
                'action' => 'index'
            ],
            'logoutRedirect' => [
                'controller' => 'Pages',
                'action' => 'display'
            ]
        ]);
    }

    public function beforeFilter(Event $event)
    {
        $this->Auth->allow(['display']);
    }
}

UserController:

[...]
class UsersController extends AppController{
    public function beforeFilter(Event $event)
    {
    parent::beforeFilter($event);
    $this->Auth->allow(['logout']);
    }
[...]
    public function login()
    {
        if ($this->request->is('post')) {
            $user = $this->Auth->identify();
            if ($user) {
                $this->Auth->setUser($user);
                return $this->redirect($this->Auth->redirectUrl());
            }
            $this->Flash->error(__('Invalid username or password, try again'));
        }
    }
[...]

User (Model Entity):

<?php
namespace App\Model\Entity;

use Cake\Auth\DefaultPasswordHasher;
use Cake\ORM\Entity;

class User extends Entity{
    protected $_accessible = [*];
    protected function _setPassword($password){
        return (new DefaultPasswordHasher)->hash($password);
    }
}

View:

<div class="users form">
<?= $this->Flash->render('auth') ?>
<?= $this->Form->create() ?>
    <fieldset>
        <legend><?= __('Please enter your username and password') ?></legend>
        <?= $this->Form->input('username') ?>
        <?= $this->Form->input('password') ?>
    </fieldset>
<?= $this->Form->button(__('Login')); ?>
<?= $this->Form->end() ?>
</div>

Can you write about your solution in the answer box provided? This is preferable to editing the word "solved" in the question. — Brian Tompsett - 汤莱恩
– Brian Tompsett - 汤莱恩, Commented Apr 26, 2015 at 16:07

cs01 · Accepted Answer · 2015-05-03 02:18:54Z

25

CakePHP3 uses a different hashing algorithm by default than 2 (bcrypt vs. SHA1), so you need to make your password length longer. Change your password field to VARCHAR(255) to be safe.

When CakePHP 3 tries to identify your in-memory hashed password from this->Auth->identify() vs. the hashed password in the database, it will never match because some characters are missing. Changing to 255 is more than needed, but can help future proof if an even more secure hash is used in the future. 255 is recommended because the the character count can be stored in one byte.

answered May 3, 2015 at 2:18

cs01

5,8612 gold badges33 silver badges29 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

Beto · Accepted Answer · 2015-05-03 16:18:57Z

5

Solved: The type on database was less than required. Changed to varchar(255) and now works fine :)

answered May 3, 2015 at 16:18

Beto

3332 gold badges3 silver badges10 bronze badges

2 Comments

Beto Over a year ago

I did not know this was possible (by clicking the green v) ... I updated. Thanks for the tip =)

mewc Over a year ago

CHECK THIS! This also was a problem for me, after being stubborn and not checking.

Neeraj · Accepted Answer · 2015-09-13 07:05:39Z

1

I had the same issue. The Login [ Auth->identify() ] was not working for me. Changing password length in db will resolve the issue.

edited Sep 13, 2015 at 7:05

answered Sep 13, 2015 at 6:28

Neeraj

415 bronze badges

2 Comments

aswzen Over a year ago

already change the length but have no results..still can get into ->is('post')

M.suleman Khan Over a year ago

I have also changed the length not working for me as well. facing same issue

Sergio · Accepted Answer · 2015-10-22 23:36:18Z

1

Hi share my snippets to Login Auth, all Testing is OK, in CakePHP 3.1, customs (Table + view login BootStrap 3 + SQL base + custom bootstrap.php for Spanish in Inflector::rules(*******))

All code in

https://bitbucket.org/snippets/eom/rLo49

answered Oct 22, 2015 at 23:36

Sergio

2,4991 gold badge18 silver badges22 bronze badges

Comments

Serge Kishiko · Accepted Answer · 2020-05-06 11:56:03Z

0

I came out with a solution just by adding use Cake\Auth\DefaultPasswordHasher; and its following override method _setPassword.

Here is the change:

Model/table.php

<?php

use Cake\Auth\DefaultPasswordHasher;

// Somewhere in the class
protected function _setPassword($password) {
    return (new DefaultPasswordHasher)->hash($password);
}

answered May 6, 2020 at 11:56

Serge Kishiko

4861 gold badge6 silver badges13 bronze badges

Collectives™ on Stack Overflow

Login [ Auth->identify() ] always false on CakePHP 3

5 Answers 5

Comments

2 Comments

2 Comments

Comments

Comments

Linked

Hot Network Questions

Collectives™ on Stack Overflow

5 Answers 5

Comments

2 Comments

2 Comments

Comments

Comments

Linked

Related