I have attempted to use digest authentication with cakephp 3 to make a scalable system. The client is only asked for a password when needed, but the details entered do not permit access, instead the dialog requesting credentials pops up again. Any advice or help is greatly appreciated!
AppController::initialize()
$this->loadComponent('Auth', [
'authenticate' => [
'Digest' => [
'fields' => ['username' => 'username', 'password' => 'password_hash'],
'userModel' => 'Users',
'finder' => 'auth'
],
],
'authError' => 'incorrect username or password',
'storage' => 'Memory',
'unauthorizedRedirect' => false
]);
UsersTable:
public function beforeSave(\Cake\Event\Event $event)
{
$entity = $event->data['entity'];
// Make a password for digest auth.
$entity->password_hash = DigestAuthenticate::password(
$entity->username,
$entity->plain_password,
env('SERVER_NAME')
);
$entity->created = Time::now();
return true;
}
public function findAuth(\Cake\ORM\Query $query, array $options)
{
$query
->select(['id', 'username', 'password_hash']);
return $query;
}
Edit: removed code from entity
I decided to delve into the digest getuser function (Function code) and output some data into my unauthorized page so I can see whats going on.
$Password: 8a3575d301f04f08dd461f93e3d55a21
$digest[username]: James
$digest['response']: 4fa261678c753da8e78e4bf98057fd72
$hash: a627c3e68061937e454c321d55e986d3
$request->env('ORIGINAL_REQUEST_METHOD'): GET
Ok so it turns out I made a really silly mistake! Changes:
$entity->password_hash = DigestAuthenticate::password(
$entity->username,
$entity->password_hash, // was plain_password which was not in my model!
env('SERVER_NAME')
);