Avoid CakePHP's Auth component to display authentication error messages
Solution 1
just remove $this->Session->flash('auth')
from your view/layout.
http://book.cakephp.org/view/1467/flash
Solution 2
In CakePHP 2.1 in my AppController, I am using this to override my "auth" flash messages. Here is my $components:
public $components = array(
'Acl',
'Auth' => array(
'flash' => array(
'element' => 'info',
'key' => 'auth',
'params' => array()
),
'authorize' => array(
'Actions' => array('actionPath' => 'controllers')
),
),
'Session',
);
I am uncertain about if you can do this in previous versions of Cake. Also, you can do:
function beforeFilter() {
//Configure AuthComponent.
$this->Auth->authorize = 'actions';
$this->Auth->actionPath = 'controllers/';
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login', 'plugin' => NULL);
$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'login', 'plugin' => NULL);
$this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login', 'plugin' => NULL);
$this->Auth->authError = __('You must be logged in to view this page.');
$this->Auth->loginError = __('Invalid Username or Password entered, please try again.');
$this->Auth->flash = array(
'element' => 'info',
'key' => 'auth',
'params' => array()
);
}
That works too! Nice!
Solution 3
There's another way to make the Auth component more personalized.You can copy
/cake/libs/controller/components/auth.php
to
/app/controllers/components/auth.php
and edit the __setDefaults
function in the new copy.You can specify your own auth error message by change the value of key authError
in $defaults
.Set it an empty string if you want to show nothing.
Solution 4
I just tested this in Cake 2.x and it worked. Put this in your Controller's beforeFilter()
function:
$this->Session->delete('Message.auth');
elitalon
Updated on June 05, 2022Comments
-
elitalon almost 2 years
I would like to get rid of Auth component error messages, specially the authError message that comes whenever I try to access a non-allowed action.
Just to be sure, I double check that there is no
$this->Session->flash()
call anywhere in the layout. Besides, setting an empty value does not work, as the component has a default message value.I am using the Auth component with the following configuration in AppController class:
class AppController extends Controller { var $components = array( 'Auth' => array( 'userModel' => 'WebUser', 'loginAction' => '/login', 'loginRedirect' => '/', 'logoutRedirect' => '/login', 'autoRedirect' => false, ), 'Session', ... ... }
For login and logout redirections I have setup two routes:
Router::connect('/', array('controller' => 'posts', 'action' => 'index')); Router::connect('/login', array('controller' => 'web_users', 'action' => 'login'));
The login action within WebUser controller is almost empty; I only change the default layout:
function login() { $this->layout = 'login'; $this->set('title_for_layout', 'Sign in'); }
Finally, I have a very simple login.ctp layout file:
<html> <head> ... </head> <body> ... <?php echo $content_for_layout; ?> ... </body> </html>
When I access
http://example.com/login
there is no problem, no messages, just the login form. However I get the default authError message when requesting any other action, just after the Auth component redirects to the login action. Two questions arise:-
Why is the Auth component displaying flash messages when there is no(see update 2 below)$this->Session->flash()
call anywhere? - How can I setup an empty/null value in authError attribute?
Thanks!
UPDATE
I came up with a really ugly solution: I created an element login_error.ctp and assigned to the flashElement attribute in Auth component initialization:
class AppController extends Controller { var $components = array( 'Auth' => array( 'flashElement' => 'login_error', ... ... }
In login_error.ctp I just compare with the authError default message:
<?php if ( $message !== 'You are not authorized to access that location.' ): ?> <div id="flashMessage" class="message"><?php echo $message; ?></div> <?php endif; ?>
It works, but I hate it!
UPDATE 2
Thanks to dogmatic69 answer I forced myself to check everything again. I finally found where the call to
$this->Session->flash()
was being made. It was on a little view element that I had wrote before. It had nothing to do with login/logout stuff so I did not pay attention to that file.UPDATE 3
Thanks to SpawnCxy answer as well. Copying the Auth component and making custom modifications is a better approach than string comparison.
-
-
elitalon about 13 yearsThanks! I checked everything again (even with a
grep -R auth
), and I finally found the call. It was on a little element that I had wrote before. It had nothing to do with login/logout stuff so I did not pay attention to that file. -
elitalon about 13 yearsIndeed! Is it possible to mark two answers? SpawnCxy answer helped me as well :)
-
dogmatic69 about 13 yearsonly one correct answer per question, you can up vote a few though