I get the following error when saving:
'_Token' was not found in request data.
Cake\Controller\Exception\AuthSecurityException
The edit template is simply copied over from CakeDC/Users and looks like:
// some code
<?= $this->Form->create($Users); ?>
// more code
<?= $this->Form->button(__d('cake_d_c/users', 'Submit')) ?>
<?= $this->Form->end() ?>
I have already deactivated the tampering for the edit action in the AppController, but the error remains.
public function beforeFilter(EventInterface $event)
{
parent::beforeFilter($event);
$this->FormProtection->setConfig('unlockedActions', ['edit']);
}
In Debug Kit at Post Data the field _Token is set
'_Token' => [
'fields' => 'e5b483a590a3b6c139a4032f7377eef64dfe5c9f%3A',
'unlocked' => '',
'debug' => '%5B%22%5C%2Fusers%5C%2Fedit%5C%2F8a0837d9-b457-451f-84d2-c219741b9fa1%22%2C%5B%22deconetwork_user_id%22%2C%22username%22%2C%22email%22%2C%22first_name%22%2C%22last_name%22%2C%22token%22%2C%22token_expires%22%2C%22api_token%22%2C%22activation_date%22%2C%22tos_date%22%2C%22active%22%5D%2C%5B%5D%5D',
],
config/permissions
return [
'CakeDC/Auth.permissions' => [
[
'role' => '*',
'plugin' => 'DebugKit',
'controller' => '*',
'action' => '*',
'bypassAuth' => true,
],
[
'role' => '*',
'controller' => 'Users',
'action' => ['login', 'logout'],
'bypassAuth' => true,
],
[
'role' => 'admin',
'controller' => '*',
'action' => '*',
],
[
'role' => 'user',
'controller' => 'Orders',
'action' => ['index', 'view'],
],
[
'role' => 'user',
'controller' => 'Users',
'action' => ['edit'],
'allowed' => function (App\Model\Entity\User $user, $role, ServerRequest $request) {
$userId = Hash::get($request->getAttribute('params'), 'pass.0');
if (!empty($userId)) {
return $userId === $user['id'];
}
return false;
},
],
],
];
a more details Error Log:
CORE/src/Controller/Component/SecurityComponent.php at line 258
throw new AuthSecurityException(sprintf($message, '_Token'));
CORE/src/Controller/Component/SecurityComponent.php at line229 in Cake\Controller\Component\SecurityComponent->_validToken
CORE/src/Controller/Component/SecurityComponent.php at line112 in Cake\Controller\Component\SecurityComponent->_validatePost
it looks like this happens within the Security Component, but i did not enabled this Component.
Application
class Application extends BaseApplication
{
public function bootstrap(): void
{
parent::bootstrap();
if (PHP_SAPI === 'cli') {
$this->bootstrapCli();
} else {
FactoryLocator::add(
'Table',
(new TableLocator())->allowFallbackClass(false)
);
}
if (Configure::read('debug')) {
Configure::write('DebugKit.safeTld', ['de', 'com']);
Configure::write('DebugKit.variablesPanelMaxDepth', 10);
$this->addPlugin('DebugKit');
}
$this->addPlugin(\CakeDC\Users\Plugin::class, ['routes' => true, 'bootstrap' => true]);
Configure::write('Users.config', ['users']);
}
public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue
{
$middlewareQueue
->add(new ErrorHandlerMiddleware(Configure::read('Error'), $this))
->add(new AssetMiddleware([
'cacheTime' => Configure::read('Asset.cacheTime'),
]))
->add(new RoutingMiddleware($this))
->add(new BodyParserMiddleware())
->add(new CsrfProtectionMiddleware([
'httponly' => true,
]));
return $middlewareQueue;
}
protected function bootstrapCli(): void
{
$this->addOptionalPlugin('Bake');
$this->addPlugin('Migrations');
// Load more plugins here
}
}
AppController
class AppController extends Controller
{
public function initialize(): void
{
parent::initialize();
$this->loadComponent('RequestHandler');
$this->loadComponent('Flash');
$this->loadComponent('FormProtection');
}
public function beforeFilter(EventInterface $event)
{
parent::beforeFilter($event);
$this->FormProtection->setConfig('unlockedActions', ['edit']);
}
}
How to fix this?