Feed on
Posts
Comments
« A Cakephp Gotcha For Migrating From 1.1 To 1.2+ On Model->create()
Fanout, A Super Useful Linux Script If You Manage Multiple, Similar Servers »

Darkauth For The Win!

Dec 2nd, 2009 by alan

I’ve been working with CakePHP for a few years now and am very happy with it.  I’ve been working with the 1.2 version for a few months (since it went stable) and playing with the Auth and ACL core components.

I’ve decided that ACL is too complicated for most setups, and Auth is fine, but not perfect.  So after some research, I switched to the DarkAuth component, which was much better suited to my needs.

The main reasons I prefer it are:

  • Role/Group based access out of the box, which is how I ususally provision security anyway
  • Easy to customize/tweak to suit my needs (more below)
  • Easy to setup permissions, easy to add to app_controller, without then having to explicitly allow public controllers/actions… instead I have to explicitly restrict controllers or actions.  Also it’s easy to check for prefixes and restrict based on that (more below)
  • Fast

So here are some of my customizations:

I like having some parameters set on the controller for easy access to “who is logged in”, so I put this in the bottom of the DarkAuth startup() function:

//finally give the view access to the data
$this->controller->user = $this->getAllUserInfo();
$this->controller->set('_DarkAuth',$this->controller->user);
$this->controller->isadmin = $this-> isAllowed("admin");
$this->controller->isloggedin = $this->isAllowed();

I like using the core security class for password hashing, which can easily be done like so:

var $securityImported = false;
function hasher($plain_text){
//$hashed = md5('dark'.$plain_text.'cake');
if (!$this->securityImported) {
App::import('Core','Security');
$this->securityImported = true;
}
return Security::hash($plain_text, null, true);
}

Here’s how to inject admin requirements based on the admin routing path (prefix):


if (isset($this->params["prefix") && $this->params["prefix"=='admin') {
$this->_DarkAuth = array('required' => array("admin"));
}

And some other useful controller tricks:


/**
* assigns the DarkAuth profile of a different member account, as if you had logged in as them
* also backs up your current DarkAuth profile so you can later "depersonate"
*/
function admin_impersonate($id) {
$this->Session->write('AdminDepersonate',array_intersect_key($this->user['Member',array('id'=>0,'username'=>0)));
$this->DarkAuth->authenticate('Auth',$this->Member->read(null,$id));
return $this->redirect("/members/home");
}

Posted in cakephp

One Response to “Darkauth For The Win!”

  1. Chaz says:
    4 March 2010 at 1:37 pm

    Hi Alan,
    Thank you for your insights on darkAuth, it is both helpful and insightful, especially the customizations.
    I have a question regarding your customization on admin requirements based on the ‘admin_’ prefix. I get syntax editors in my IDE when I paste it. Also, where should I paste this snippet?
    Thanks,
    Chaz

Leave a Reply

Bad Behavior has blocked 425 access attempts in the last 7 days.