Automatic login when I logout from site in cakephp 5.x

Question

Automatic login when I logout from site in cakephp 5.x

Closed this issue 2 months ago · 3 comments

When I logout of the site the site logs me in again automatically.
This is the code for login action:

	public function login()
	{
		$this->Observations = $this->fetchTable('Observations');
		$this->Controllers = $this->fetchTable('Controllers');
		$this->ControllersRoles = $this->fetchTable('ControllersRoles');
		$this->MenuGroups = $this->fetchTable('MenuGroups');
		$result = $this->Authentication->getResult();
        if ($result->isValid()) {
            $user = $this->request->getAttribute('identity')->getOriginalData();
			$last_login = $user->last_login;
			$this->last_login = $last_login;
			$this->set('last_login', $last_login);
			$now = DateTime::now();
			$user->last_login = $now;
			$this->MyUsers->save($user);
			$observations = $this->Observations->newEmptyEntity();
			$user_id = $user->id;
			$username = $user->username;
			$observations->user_id = $user_id;
			$observations->observation = __('El usuario {0} ha ingresado al sistema', $username);
			$this->Observations->save($observations);

			$target = $this->Authentication->getLoginRedirect() ?? '/home';
			return $this->redirect($target);
        }
        if ($this->request->is('post')) {
			$this->Flash->error(__('Nombre de usuario o contraseña incorrectos.'));
        }
		$countControllers = $this->Controllers->find('all')->matching('ControllersTranslations')->count();
		$this->set('countControllers', $countControllers);
		$countMenu = $this->MenuGroups->find('all')->count();
		$this->set('countMenu', $countMenu);
		$countPermissions = $this->ControllersRoles->find('all')->count();
		$this->set('countPermissions', $countPermissions);
		$countRoles = $this->MyUsers->Roles->find('all')->count();
		$this->set('countRoles', $countRoles);
		$countUsers = $this->MyUsers->find('all')->count();
		$this->set('countUsers', $countUsers);
	}

This is the code for logout action:

	public function logout()
	{
		$this->Observations = $this->fetchTable('Observations');
        $user = $this->Authentication->getIdentity();
		$observations = $this->Observations->newEmptyEntity();
		$observations->user_id = $user->id;
		$observations->observation = __('El usuario {0} salió del sistema', $user->username);
		$this->Observations->save($observations);
		$session = $this->request->getSession();
		$session->destroy();
		$this->Flash->success(__d('cake_d_c/users', 'You\'ve successfully logged out'));
		return $this->redirect($this->Authentication->logout());
	}

And I have the default code for /config/users.php and /config/permissions.php
Let me clarify that the getAuthenticationService and getAuthorizationService from App\Application look different than what you put in the tutorial to configure the Authentication and Authorization services in this plugin, this is the code for getAuthenticationService method in Application.php:

    public function getAuthenticationService(ServerRequestInterface $request): AuthenticationServiceInterface
    {
        $service = new AuthenticationService();

        $fields = [
            'username' => 'username',
            'password' => 'password'
        ];

        // Load identifiers
        $service->loadIdentifier('Authentication.Password', compact('fields'));

        // Load the authenticators, you want session first
        $service->loadAuthenticator('Authentication.Session', [
            'skipTwoFactorVerify' => true
        ]);
        $service->loadAuthenticator('Authentication.Form', [
            'fields' => $fields,
            'loginUrl' => Router::url(['controller' => 'MyUsers', 'action' => 'login'])
        ]);

        return $service;
    }

And this is the code for getAuthorizationService method in Application.php:

    public function getAuthorizationService(ServerRequestInterface $request): AuthorizationServiceInterface
    {
        $map = new MapResolver();
		$map->map(
			ServerRequest::class,
			new CollectionPolicy([
				SuperuserPolicy::class,
				RbacPolicy::class,
			])
		);

		$orm = new OrmResolver();

		$resolver = new ResolverCollection([$map, $orm]);

		return new AuthorizationService($resolver);
    }

As you can see my version of both methods doesn't have the ResponseInterface parameter because it gives me this error:

How can I solve this issue?

Answer 1 · 2024-01-16T18:40:11.000Z

If you are using the defaults, check this line > https://github.com/CakeDC/users/blob/11.next-cake4/config/users.php#L178 that enables the CookieAuthentication, also check your browser for a cookie set named CookieAuth, I think that could be the reason of the user auto-login.

About the type issues, check you are correctly importing the classes, it could be a class or interface not imported.

Answer 2 · 2024-01-30T12:05:58.000Z

@mdeanquin0520 when using the plugin you have authentication|authorization pre-configured, check https://github.com/CakeDC/users/blob/11.next-cake4/Docs/Documentation/Authentication.md , https://github.com/CakeDC/users/blob/11.next-cake4/Docs/Documentation/Authorization.md and make sure to create a config/permissions.php file to allow access your controllers (https://github.com/CakeDC/users/blob/11.next-cake4/config/permissions.php)

Answer 3 · 2024-06-28T05:54:59.000Z

@mdeanquin0520 have you tried suggestions? Can we close the issue?