Authentication plugin: install & use

Will try to get the authentication working using the corresponding cookbook page:
Quick Start - 2.x CakePHP Authentication

First command to use, ‘php composer.phar require cakephp/authentication:^2’, gives trouble, composer.phar cannot be found. This file is on my Win10 system somewhere in a composer directory. Guess if I put the path in front of the file it will work.

I tried ‘composer require cakephp/authentication:^2’ and things started working.

Don’t have knowledge of composer to know if both ways wil give the same results?

Next question is composer warns me not to use the jakob-underkaa package, so where can I read what to do next? Guess it isn’t a problem yet using the package …

Next is adding code in src/Application.php:

public function bootstrap(): void



The function is already present in Application.php, with a comment where to put extra plugin’s.


Doesn’t matter how you run composer. The manual assumes that you have a functioning copy and know how to reference it. You can ignore the warning message, it’s just a suggestion.

Guessed it wouldn’t matter how to run composer.

When browsing the cookbook, i saw the composer-command without the php and phar. For consistency, think it’s better to just use one command. Being a noob, you suspect there could be a difference.

When the writer assumes you will know how to use composer, i think it’s better to state ‘install with composer’ and leave it by that, an experienced developer wil know what to do. When giving a command, it has to work correctly. The experienced developer won’t even look at it, the noob get’s in trouble :slight_smile:

Moreover, when a noob wants to get help and the experienced developer tries to help, 9 out of 10 times the first question of the one who is helping: What did you do? Did you exactly the same thing as described? …

As a noob, the warnings give me questions like, who put those abandoned package in my install in the first place? How and when have i to replace them? What are the consequences of keeping them in place?

It’s not in my scope of what i’m trying to do now, getting authorization at work, and I’m sure it won’t effect the working at all, but at some point i hope i can get this clear. For now, it’s not important, just a reminder.

Next is adding authetication to the middleware.

It took me some time to understand that I had to stay in ‘apllication.php’ after adding the line for the loading of the plugin. Somehow the heading ‘Getting started’ gave me the impression that I had to edit some other file. After reading some documentation on middleware, i recognized the code in the still open file in my editor.

This docs seems more and more for the developer who writes from scratch? As a noob, I start with the file as it is supplied with the install of cakephp, and want to know where I have to replace or add code. Hope that I do the tight things at the right place, will continue.

Loading the authentication component (AppController.php) gives an expected error. A missing controller, the UsersController can not be found.

It’s assumed that you have the users table up and running, guess it could be mentioned as a prerequisite before the ‘Getting started’?

After building an empty users-tabel, a ‘cake bake all users’, two things happen:
a redirect to users/login, and the redirecting seems to loop. No page shows up.

The code of the function ‘login’ is added to the freshly baked UsersController.php so users/login wil be available. The looping is stopped by adding the ‘beforeFilter’-code, unauthenticated have to be able to access the login-function.

Now the login-view is missing. A login.php is constructed in './templates/Users/ and the page gets visible.

(Still have to figure-out why it is called a MVC-model, or why it is implemented in this way in CakePHP. I think of the login.php as a view, but it is called a template. I regard a template as something generic to build all pages allike. The view is inside the src-directory, the templates are outside the src-directory. Someday it will be evident, I hope :slight_smile: ).

login.php is a template that generates a view. The concept of a template applies at various levels.

Everything inside the src directory is using PRS-4 namespace/autoloading standards. Templates were moved outside src because they are not namespace.

In earlier versions, templates was inside src but the design team chose this for (I imagine) organizational reasons.

On a large complex project it’s helpful to have the organization of the many parts hint at their role and purpose. This feels like a choice made for just such a reason.

My ‘problem’ is that to understand the MVC-model, I have to map the data-process-presentation model I’m familiar working with onto the MVC-model. In that respect I’m prone to map the presentation-layer to the view-part. Since login.php would belong to the presentation-layer, I intend to categorize it to the view-part.

I know that’s not the way to think. Your responses tend to let me think/realize that the templates are not part of the MVC-model. If I mentally rename the ‘scr’-directory to ‘mvc’, for me, at this moment, things fall into place.

Whatever page you want to visit, you have to login. Added the mentioned code to the controllers of the tabels who’s data should be public.

public function beforeFilter(\Cake\Event\EventInterface $event)

// Make view and index not require a logged in user.
$this->Authentication->allowUnauthenticated(['view', 'index']);

As expected, ‘localhost:8765’ can’t still be visited without logging in. Haven’t searched yet, but there will be something to have done higher up in the controller-tree.

The Authentication configuration is all done in src\Application.php just as the Middleware starts up:

I’ll leave that one on the to-do list, first I want the authenticatation to work.

‘allowUnauthenticated’ in the beforeFilter-function of the UsersController has to be extended with ‘add’ to make it possible to access the page for adding users.

Surprise 1: Tooltips use the system language, expected them to be in English…
Surprise 2: After succesfully adding users, can’t log-in, ‘invalid username or password’.

Because not using the hashing-mechanism yet, phpMyAdmin shows me the users are present and I’m not making typo’s.

To be able to update my password, I have to be logged in, which I can’t …

But I will enable hashing.

After adding the given code to src/Model/Entity/User.php (and truncate the users-tabel), I’m able to add users and log-in, see the page at localhost:8765, edit records etc.

After log-in, I’m looking at the view of the users-table. Think I’m getting in the scope of authorization … That will be another post.

After adding the logout-function to the users-controller, the basics of authenticatation are working.
I can login and logout, when I’m not logged-in, I’m not able to do things for which I have to be authenticated (edit, delete).

Having this in place, you’re going to look for things that should be available, like an indicator that I’m logged in, the forgotten password button. After that, integration with other login-systems? That’s more a functional extension of the ‘Further Reading’ I’m missing I think.

Trying to find out how to access ‘localhost:8765’ without having to log in.

The post Allowing a specific page in CakePHP shows the way to go, but it’s 3 code.

‘Rebuilding’ it to something like used in the table-controller to get access to ‘index’ and ‘view’, it would be:

class PagesController extends AppController

public function beforeFilter(\Cake\Event\EventInterface $event)

// Make page 'home' not require a logged in user.

But that doesn’t work.

Wonders me why searching with ‘allowUnauthenticated’ doesn’t give any hits, especially not within the cookbook.

What code will work?