A bug that prevented the normal user screen and the administration screen from being separated using AuthenticationPlugin

emptymonkey · September 14, 2020, 10:07am

Please help me. I’m in a panic.

I use the AuthenticationPlugin.
I use a routing prefix to separate the normal screen from the admin screen.
However, users who log in on the normal screen come into the admin screen.
This is the worst thing. It kills the system.

Here are the contents of “config/routes.php”.

// ...
Router::prefix('admin', function ($routes) {
        $routes->fallbacks(DashedRoute::class);
        $routes->connect('/', ['controller' => 'AdminAccount', 'action' => 'admin-index']);
 });
// ...

Here are the contents of “src/Application.php”.

// ...
    public function getAuthenticationService(ServerRequestInterface $request): AuthenticationServiceInterface
        {
            $path = $request->getPath();
            $authenticationService = new AuthenticationService([
                'unauthenticatedRedirect' => '/',
                'queryParam' => 'redirect',
            ]);
            if (strpos($path, '/admin') === 0) {
                $authenticationService->loadIdentifier('Authentication.Password', [
                    'fields' => [
                        'username' => 'mail',
                        'password' => 'password',
                    ],
                    'resolver' => [
                        'className' => 'Authentication.Orm',
                        'userModel' => 'AdminAccount'
                    ],
                ]);

            $authenticationService->loadAuthenticator('Authentication.Session');
            $authenticationService->loadAuthenticator('Authentication.Form', [
                'fields' => [
                    'username' => 'mail',
                    'password' => 'password',
                ],
            ]);
            return $authenticationService;
        }

        $authenticationService->loadIdentifier('Authentication.Password', [
            'fields' => [
                'username' => 'mail',
                'password' => 'password',
            ],
            'resolver' => [
                'className' => 'Authentication.Orm',
                'userModel' => 'Users'
            ],
        ]);

        $authenticationService->loadAuthenticator('Authentication.Session');
        $authenticationService->loadAuthenticator('Authentication.Form', [
            'fields' => [
                'username' => 'mail',
                'password' => 'password',
            ],
            'loginUrl' => '/users/login',
        ]);

        return $authenticationService;
    }

I hope this helps you understand. I want to completely separate the users in the “UsersTable” and “AdminAccountTable”.

However, users logged in to the “UsersTable” are free to move around in the “Admin/AdminAccountController”. How can I restrain a normal user?

I would be happy to know. I’m sorry for your busy schedule. Please help me.

The link I referred to.

Topic		Replies	Views
How to use a separate authentication or Application.php Need Help	2	2017	February 26, 2021
Authentification Problem for all prefix Need Help	0	320	April 23, 2022
I want to get the model information of a user who has logged in with AuthenticationPlugin Need Help	2	337	September 15, 2020
How do you implement authentication for separate prefixes? Need Help	2	824	December 13, 2021
Authentication end of sessions Plugins	4	736	February 26, 2021

A bug that prevented the normal user screen and the administration screen from being separated using AuthenticationPlugin

Releases

Documentation

Community

A bug that prevented the normal user screen and the administration screen from being separated using AuthenticationPlugin

Related Topics

Releases

Documentation

Community