Hi, I have a REST JSON service with basic authentication. If the user enters a wrong password I want a JSON message informing the user authentication is wrong.
Conform https://medium.com/@classoutfit/restful-api-with-cakephp-2-9-91852c0a60ee I used unauthorizedRedirect for this.
But if I now do basic authentication with the wrong password I get the browsers login dialog and if I cancel I get default.ctp with an Unauthorized message.
What am I doing wrong or am I misunderstanding unauthorizedRedirect? Should I implement my Unauthorized JSON message differently, and if so how?
This is my code:
<?phpclass RestOffersController extends AppController {
public $uses = array('Offer', 'OfferContract');
public $helpers = array('Html', 'Form');
public $components = array('RequestHandler',
'Auth' => [
'authenticate' => [
'Basic' => [
'passwordHasher' => 'Blowfish',
],
],
'unauthorizedRedirect' => [
//'admin' => false,
'plugin' => false,
'controller' => 'users',
'action' => 'access_denied',
'ext' => 'json',
'prefix' => false
]
]
); public function index() {
//ini_set('memory_limit', '-1');
$offers = $this->Offer->find('all', array(
'fields' => array(
'Offer.id',
'Offer.offer_name',
'Offer.offer_description',
),
'recursive' => -1
));
$c = 0;
foreach($offers as $offer) {
$offer_contracts = $this->OfferContract->find('all', array(
'conditions' => array('OfferContract.offer_id' => $offer['Offer']['id']),
'fields' => array(
'OfferContract.offer_contract_id',
'OfferContract.geo',
'OfferContract.device',
'OfferContract.offer_link'
),
'recursive' => -1
));
foreach($offer_contracts as $offer_contract) {
$offers[$c]['Offer']['OfferContract'][] = array(
'offer_contract_id' => $offer_contract['OfferContract']['offer_contract_id'],
'geo' => $offer_contract['OfferContract']['geo'],
'device' => $offer_contract['OfferContract']['device'],
'offer_link' => $offer_contract['OfferContract']['offer_link'],
);
}
$c++;
}
$this->set(array(
'offers' => $offers,
'_serialize' => array('offers')
));
}
}
and in UsersController.php I have:
public function access_denied()
{
$loggedIn = $this->Auth->user('id');
$response = [
'result' => false,
'code' => 'access-denied',
'message' => 'Invalid credentials or access denied.'
];
$this->set(compact('loggedIn', 'response'));
$this->set('_serialize', ['loggedIn', 'response']);
}Thanks for helping me out on this one. greetings, Noud
Okay, i now know unauthorizedRedirect is not working like this.