I use the ADmad/CakePHP-HybridAuth for login in with google emails.
My AppController::initialize is:
$this->loadComponent(‘Auth’, [
‘authorize’ => ‘Controller’,
‘loginAction’ => [
‘controller’ => ‘Users’,
‘action’ => ‘login’
],
‘logoutRedirect’ => ‘/’,
‘loginRedirect’ => [‘controller’ => ‘Users’, ‘action’ => ‘index’, ‘plugin’ => false],
‘authError’ => ‘No access’,
‘authenticate’ => [
‘Form’ => [
‘fields’ => [‘username’ => ‘email’, ‘password’ => ‘password’],
‘passwordHasher’ => [
‘className’ => ‘Fallback’,
‘hashers’ => [
‘Default’,
‘Weak’ => [‘hashType’ => ‘sha1’]
]
]
],
‘ADmad/HybridAuth.HybridAuth’ => [
// All keys shown below are defaults
’fields’ => [
‘provider’ => ‘provider’,
‘openid_identifier’ => ‘openid_identifier’,
‘email’ => ‘email’
],
‘profileModel’ => ‘ADmad/HybridAuth.SocialProfiles’,
‘profileModelFkField’ => ‘user_id’,
// The URL Hybridauth lib should redirect to after authentication.
// If no value is specified you are redirect to this plugin's
// HybridAuthController::authenticated() which handles persisting
// user info to AuthComponent and redirection.
'hauth_return_to' => null
]
]
]);
Since it is in AppController should Authentication apply to every controller? Because when I visit another URL (e.g /baskets/add/22929) the authentication isn’t checked. I haven’t put any code in the add action, but since I have not Auth->allow the action, shoudn’t I be redirected to login?