Noud DeBROUWER
Aug 28, 2017 · 2 min read

Hi, I have a REST JSON service with basic authentication. If the user enters a wrong password I want a JSON message informing the user authentication is wrong.

Conform https://medium.com/@classoutfit/restful-api-with-cakephp-2-9-91852c0a60ee I used unauthorizedRedirect for this.

But if I now do basic authentication with the wrong password I get the browsers login dialog and if I cancel I get default.ctp with an Unauthorized message.

What am I doing wrong or am I misunderstanding unauthorizedRedirect? Should I implement my Unauthorized JSON message differently, and if so how?

This is my code:

<?phpclass RestOffersController extends AppController {
public $uses = array('Offer', 'OfferContract');
public $helpers = array('Html', 'Form');
public $components = array('RequestHandler',
'Auth' => [
'authenticate' => [
'Basic' => [
'passwordHasher' => 'Blowfish',
],
],
'unauthorizedRedirect' => [
//'admin' => false,
'plugin' => false,
'controller' => 'users',
'action' => 'access_denied',
'ext' => 'json',
'prefix' => false
]
]
);
public function index() {
//ini_set('memory_limit', '-1');
$offers = $this->Offer->find('all', array(
'fields' => array(
'Offer.id',
'Offer.offer_name',
'Offer.offer_description',
),
'recursive' => -1
));
$c = 0;
foreach($offers as $offer) {
$offer_contracts = $this->OfferContract->find('all', array(
'conditions' => array('OfferContract.offer_id' => $offer['Offer']['id']),
'fields' => array(
'OfferContract.offer_contract_id',
'OfferContract.geo',
'OfferContract.device',
'OfferContract.offer_link'
),
'recursive' => -1
));
foreach($offer_contracts as $offer_contract) {
$offers[$c]['Offer']['OfferContract'][] = array(
'offer_contract_id' => $offer_contract['OfferContract']['offer_contract_id'],
'geo' => $offer_contract['OfferContract']['geo'],
'device' => $offer_contract['OfferContract']['device'],
'offer_link' => $offer_contract['OfferContract']['offer_link'],
);
}
$c++;
}
$this->set(array(
'offers' => $offers,
'_serialize' => array('offers')
));
}
}

and in UsersController.php I have:

public function access_denied()
{
$loggedIn = $this->Auth->user('id');
$response = [
'result' => false,
'code' => 'access-denied',
'message' => 'Invalid credentials or access denied.'
];
$this->set(compact('loggedIn', 'response'));
$this->set('_serialize', ['loggedIn', 'response']);
}

Thanks for helping me out on this one. greetings, Noud

Okay, i now know unauthorizedRedirect is not working like this.

See: https://github.com/cakephp/cakephp/issues/11111

)
Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade