Cake3-CookieAuth icon indicating copy to clipboard operation
Cake3-CookieAuth copied to clipboard

Published 20 hours ago verified publisher icon Xety

Allow NULL password

Open johanvanderkuijl opened this issue 8 years ago • 0 comments

I user LDAP for authentication, so I don't store passwords in my users table.

// after authentication by LDAP
$this->Cookie->write('CookieAuth', [
    'username' => $this->request->data('username'),
    'password' => null 
]);

I still want users to be identified by the username, so I had to comment a line out

if (empty($cookies[$username]) /*|| empty($cookies[$password])*/) {
    return false;
}

// the user can be found by his username. The password field is not mandatory
// in BaseAuthenticate.php
$user = $this->_findUser($cookies[$username], $cookies[$password]);
if ($user) {
    return $user;
}

Is this reasonable?

johanvanderkuijl avatar Mar 11 '16 20:03 johanvanderkuijl