cakebaker » authentication http://cakebaker.42dh.com baking cakes with CakePHP Tue, 20 Dec 2011 15:29:40 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 How to use the OpenID component with the Auth component http://cakebaker.42dh.com/2008/12/09/how-to-use-the-openid-component-with-the-auth-component/ http://cakebaker.42dh.com/2008/12/09/how-to-use-the-openid-component-with-the-auth-component/#comments Tue, 09 Dec 2008 16:02:39 +0000 cakebaker http://cakebaker.42dh.com/?p=994 Please note that the hack described in this article no longer works with CakePHP 1.2.3.8166! See Peter’s comment for a possible solution for the current CakePHP release (1.2.5.x).

Some days ago I got asked how you can use the OpenID component together with the Auth component from CakePHP.

As I didn’t knew the answer, I had to experiment a bit. Even though it was a quite frustrating experience (thanks to the strange design of the Auth component and too much automagic), I finally managed to find a “solution”. It is rather a hack, but it seems to work ;-)

Ok, here we go.

The first step is to create the login form. Because the Auth component expects the login credentials to consist of username and password, we have to add a (hidden) field for the password.

<?php
// app/views/users/login.ctp
$session->flash('auth');

echo $form->create('User', array('action' => 'login'));
echo $form->input('username', array('label' => 'OpenID:'));
echo $form->input('password', array('type' => 'hidden'));
echo $form->end('Login');
?>

The next step is to create the UsersController. The login() method is a bit special in this case, it is called three times: when you visit the login form, when you submit the login form, and when you come back from the OpenID provider. The rest of the code should be self-explanatory (if not, please leave a comment).

// app/controllers/users_controller.php
class UsersController extends AppController {
    public $components = array('Auth', 'Openid', 'RequestHandler');
 
    public function beforeFilter() {
        $this->Auth->loginError = 'Login failed';
    }
    
    public function login() { 
        $returnTo = 'http://'.$_SERVER['SERVER_NAME'].'/users/login';
		
        if ($this->RequestHandler->isPost()) {   
    	    $this->makeOpenIDRequest($this->data['User']['username'], $returnTo);
        }
    	
        if ($this->isOpenIDResponse()) {
            $this->handleOpenIDResponse($returnTo);
        }
    }
    
    private function makeOpenIDRequest($openid, $returnTo) {
        try {
            $this->Openid->authenticate($openid, $returnTo, 'http://'.$_SERVER['SERVER_NAME']);
        } catch (Exception $e) {
            // empty
        }
    }
    
    private function isOpenIDResponse() {
        return (count($_GET) > 1);
    }
    
    private function handleOpenIDResponse($returnTo) {
        $response = $this->Openid->getResponse($returnTo);
        $this->Auth->login($response);
        $this->redirect($this->Auth->redirect());
    }
    
    public function logout() {
        $this->redirect($this->Auth->logout());
    }
}

As you can see in the handleOpenIDResponse() method, we pass the OpenID response object to the login method of the Auth component. As the Auth component cannot know how to deal with that object, we have to write some functionality to deal with the response object. For this purpose we have to override the find() method of the User model, as it is the method which is eventually called by the Auth component if you call its login() method. The response object is passed to the find() method in the $conditions array and is available via the strange “`User`.`id`” key. The implementation itself is quite simple: you have to return an array with user data if the login was successful, or an empty array if the login was not successful. 

// app/models/user.php
class User extends AppModel {
    public function find($conditions = null, $fields = array(), $order = null, $recursive = null) {	
        if (is_array($conditions) && isset($conditions['`User`.`id`'])) {
            $response = $conditions['`User`.`id`'];
			
            if ($response->status == Auth_OpenID_SUCCESS) {
                return array('User' => array('openid' => $response->identity_url));
            }
			
            return array();
        }

        if (is_array($conditions) && isset($conditions['User.username']) && isset($conditions['User.password'])) {
            return array();
        }
		
        return parent::find($conditions, $fields, $order, $recursive);
    }
}

Especially if you have only an OpenID column in your table you have to hinder the Auth component from performing a find() operation using the non-existing columns “username” and “password”, hence the check in the example whether those conditions are set.

With that, it should now be possible to login with your OpenID into your application protected by the Auth component.

I hope this is useful for some of you!

Update (2008-12-24): Fixing some small issues mentioned by lboy in the comments.

]]> http://cakebaker.42dh.com/2008/12/09/how-to-use-the-openid-component-with-the-auth-component/feed/ 28