Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
SimpleAuth - logged user not saved in session
  • Hi there, there's an strange behavior when we try to modify Simpleauth configuration in runtime.
    Simpleauth works perfect against a single user table, but our system has several user tables, so we have to override simpleauth configuration in runtime using following statement before any Auth instantiation:

    Config::set('simpleauth.table_name', Variables::USER_TABLE_NAME);

    That works fine on login method, but it doesn't saves logged user in session object, so on following requests Auth::check() returns always false.

    Is there any way to allow our requirement?

    Thanks in advance
    A. Altes
  • That would suggest that when check() is called, the incorrect table is defined, and the user id stored in the session can not be found?

    Where are you doing this Config::set() ?
  • Hi Harro.
    We're doing that just before of accesing Auth, in the login action.

        public function action_login()
        {

            $val = Validation::forge();

            if (Input::method() == 'POST')
            {
                $val->add('email', 'Email or Username')
                    ->add_rule('required');
                $val->add('password', 'Password')
                    ->add_rule('required');

                if ($val->run())
                {
                    Config::set('simpleauth.table_name', Variables::USUARIO_TABLE_NAME);
                    $auth = Auth::instance();

                    // check the credentials. This assumes that you have the previous table created
                    if (Auth::check() or $auth->login(Input::post('email'), Input::post('password')))
                    {
                        // credentials ok, go right in
                        if (Config::get('auth.driver', 'Simpleauth') == 'Ormauth')
                        {
                            $current_user = Auth_User::find_by_username(Auth::get_screen_name());
                        }
                        else
                        {
                            $userInfo = Auth::get_user_id();
                            $current_user = \Model\Usuario::getById($userInfo[1], new \Model\Repository\UsuarioRepository(new \Model\Dao\UsuarioDaoDb));
                        }
                        Session::set_flash('success', e('Welcome, '.$current_user->getNombre()));
                        Response::redirect('dashboard');
                    }
                    else
                    {
                        $this->template->set_global('login_error', 'Fail');
                    }
                }
            }

            $this->template->title = 'Login';
            $this->template->content = View::forge('login', array('val' => $val), false);
        }

    Alter loggin, next screen  (dashboard) has no user in session.
  • Of course, in "dashboard" index action, it does something like:

                    Config::set('simpleauth.table_name', Variables::USUARIO_TABLE_NAME);
                    $auth = Auth::instance();

                    // check the credentials. This assumes that you have the previous table created
                    if (Auth::check())
                    {
    //do some staff here
    ...

    In this action, Auth::check() returns always false.

    Thanks in advance

  • I don't think that will work, because the Auth (and Simpleauth) config files are only loaded in the Auth class init, so after your Config::set() call.

    So I think your value is overwritten as soon as you call Auth::instance().

    Looking at the code, it's even worse. The Auth_Login_Simpleauth class, which loads the simpleauth config file, does a forced reload of the file. So even if you load it manually and change it's value, this will flush all previously loaded config.

    So in a nutshell, you can't do what you want to do, Unless you force a load manually:

    new \Auth\Auth_Login_Simpleauth;
    Config::set('simpleauth.table_name', Variables::USUARIO_TABLE_NAME);

    This should work.
  • Hi Harro, it raises the following exception:

    Fatal error: Call to protected Auth\Auth_Driver::__construct() from context 'Controller_Login'

    In any case, let me point that after login redirection and before any instantiation to the Auth class, we check following session variables and they're uninitialized, but before redirection they were properly set.
    Session::get('login_hash')
    Session::get('username')

    Thanks again




  • Then you have an entirely different issue.

    What do you use for session storage? Cookies? What else is stored in the session?
  • HI!
    We're using the default config, cookie storage.
    Nothing else is stored in session during the login process.

    In the meanwhile I've been testing a little bit more our code, maybe that helps: if we comment following line (obviously avoiding the ability to login with several "user" tables) in the login action it works perfect. At the end, thats a very simple "Simpleauth" use case:
    //Config::set('simpleauth.table_name', Variables::USUARIO_TABLE_NAME);

    So in a nutshell, when we override the user table name in the login action, something makes session won't persist in the next post back.


  • As with regards to the table name, I already said that the first time you access the Auth class, it will load all support classes, and one of them, Auth_Login_Simpleauth, will load the simpleauth config file, and will reload it if it was already loaded.

    So if Auth::check() is the first access of the Auth class, it will use the wrong table, no matter what you have tried to set before. If it is not, you can override the config, and Auth::check() works.

    Have you configured the Auth package to always load in the config? If so, you could add in your app/bootstrap.php, after the Fuel::init call:

    // trigger the load of the Auth classes
    \Auth::instance();
    // set the correct table name
    \Config::set('simpleauth.table_name', Variables::USUARIO_TABLE_NAME);
  • Hi Harro.
    I've tested your indications and session comes still empty in the post back.

    I've been trying also more things... I've made a kind of hack and, after loggin properly, I deleted 'auth' from package autoload section in fuel config file. Afterwards, any call to Auth failed beause of Auth classes aren't loaded, but, Session::get("username") still had my appreciated logged user.
    After that, I tried to load Auth package manually in bootstrap.php, so file had this commands:

    // Initialize the framework with the config file.
    Fuel::init('config.php');

    Package::load('auth');

    // trigger the load of the Auth classes
    \Auth::instance();
    // set the correct table name
    \Config::set('simpleauth.table_name', Variables::USUARIO_TABLE_NAME);

    Surprisingly, in the Auth package loading is when session restarts. DB::last_qery() executed by Package::load('auth') says me that it checks things in the primary user table (the table I want to override), so as you said that loads the original configuration and performs operations.
    We should find the way to load Auth package after overriding the configuration, or set desired config as parameter of the load operation... but it seems that's not possible.

    I think we're close to a cul-de-sac, any idea?

    Your support is greatly appreciated!
  • The main issue is that the Auth package seems to reload the configuration files, which is why you can't load then before and change a value. So that needs to be addressed instead of worked around.

    Can you create an issue for this at https://github.com/fuel/auth/issues linking in this thread so it can be addressed?
  • Sure I will.
    Thanks for your support, Harro.

    Best,
    Toni.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion