Avoid CakePHP's Auth component to display authentication error messages

cakephp components authentication

14,315

Solution 1

just remove $this->Session->flash('auth') from your view/layout.

http://book.cakephp.org/view/1467/flash

Solution 2

In CakePHP 2.1 in my AppController, I am using this to override my "auth" flash messages. Here is my $components:

  public $components = array(
      'Acl',
      'Auth' => array(
          'flash' => array(
            'element' => 'info',
            'key' => 'auth',
            'params' => array()
          ),
          'authorize' => array(
              'Actions' => array('actionPath' => 'controllers')
          ),
      ),
      'Session',
  );

I am uncertain about if you can do this in previous versions of Cake. Also, you can do:

function beforeFilter() {
  //Configure AuthComponent.
  $this->Auth->authorize = 'actions';
  $this->Auth->actionPath = 'controllers/';
  $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login', 'plugin' => NULL);
  $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'login', 'plugin' => NULL);
  $this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login', 'plugin' => NULL);
  $this->Auth->authError = __('You must be logged in to view this page.');
  $this->Auth->loginError = __('Invalid Username or Password entered, please try again.');
  $this->Auth->flash = array(
    'element' => 'info',
    'key' => 'auth',
    'params' => array()
  );
}

That works too! Nice!

Solution 3

There's another way to make the Auth component more personalized.You can copy

/cake/libs/controller/components/auth.php

/app/controllers/components/auth.php

and edit the __setDefaults function in the new copy.You can specify your own auth error message by change the value of key authError in $defaults.Set it an empty string if you want to show nothing.

Solution 4

I just tested this in Cake 2.x and it worked. Put this in your Controller's beforeFilter() function:

$this->Session->delete('Message.auth');

View more solutions

14,315

Author by

elitalon

Updated on June 05, 2022

Comments

elitalon almost 2 years
I would like to get rid of Auth component error messages, specially the authError message that comes whenever I try to access a non-allowed action.

Just to be sure, I double check that there is no $this->Session->flash() call anywhere in the layout. Besides, setting an empty value does not work, as the component has a default message value.

I am using the Auth component with the following configuration in AppController class:
```
class AppController extends Controller {
    var $components = array(
        'Auth' => array(
            'userModel' => 'WebUser',
            'loginAction' => '/login',
            'loginRedirect' => '/',
            'logoutRedirect' => '/login',
            'autoRedirect' => false,
        ),
        'Session',
        ...
     ...
}
```
For login and logout redirections I have setup two routes:
```
Router::connect('/', array('controller' => 'posts', 'action' => 'index'));
Router::connect('/login', array('controller' => 'web_users', 'action' => 'login'));
```
The login action within WebUser controller is almost empty; I only change the default layout:
```
function login() {
    $this->layout = 'login';
    $this->set('title_for_layout', 'Sign in');
}
```
Finally, I have a very simple login.ctp layout file:
```
<html>
    <head>
        ...
    </head>
    <body>
        ...
        <?php echo $content_for_layout; ?>
        ...
    </body>
</html>
```
When I access http://example.com/login there is no problem, no messages, just the login form. However I get the default authError message when requesting any other action, just after the Auth component redirects to the login action. Two questions arise:
1. ~~Why is the Auth component displaying flash messages when there is no $this->Session->flash() call anywhere?~~ (see update 2 below)
2. How can I setup an empty/null value in authError attribute?
Thanks!

UPDATE

I came up with a really ugly solution: I created an element login_error.ctp and assigned to the flashElement attribute in Auth component initialization:
```
class AppController extends Controller {
    var $components = array(
        'Auth' => array(
            'flashElement' => 'login_error',
        ...
     ...
}
```
In login_error.ctp I just compare with the authError default message:
```
<?php if ( $message !== 'You are not authorized to access that location.' ): ?>
<div id="flashMessage" class="message"><?php echo $message; ?></div>
<?php endif; ?>
```
It works, but I hate it!

UPDATE 2

Thanks to dogmatic69 answer I forced myself to check everything again. I finally found where the call to $this->Session->flash() was being made. It was on a little view element that I had wrote before. It had nothing to do with login/logout stuff so I did not pay attention to that file.

UPDATE 3

Thanks to SpawnCxy answer as well. Copying the Auth component and making custom modifications is a better approach than string comparison.
elitalon about 13 years

Thanks! I checked everything again (even with a grep -R auth), and I finally found the call. It was on a little element that I had wrote before. It had nothing to do with login/logout stuff so I did not pay attention to that file.
elitalon about 13 years

Indeed! Is it possible to mark two answers? SpawnCxy answer helped me as well :)
dogmatic69 about 13 years

only one correct answer per question, you can up vote a few though