CakePHP 3.0 Authentication about app HOT 18 CLOSED

You DB column is probably too short, bcrypt hashes are much longer than sha1's. If you are using a fixed length column they will be truncated.

from app.

what is not working exactly? Password hasher were recently changed in 3.0, you may want to take a look at the auth tutorial again and perhaps manually reset passwords for your current database if it is an option for you. In the future, please open tickets in cakephp/cakephp

from app.

I am not able to login after submit on login button, always going in else part.
I am giving right username and password.please look in to my auth login code.
I followed all steps for authentication.
https://gist.github.com/archanavhire/1460ebc16a7510d8d589

from app.

Can you debug if the hashed password match? Go into the BaseAuthenticate class and debug the hashed password value and compared to the one in the database

from app.

I found the bug, which is in FormAuthenticate class. _checkFields of FormAuthenticate class return false because of username field(In my form it is email). but I already mention in app controller for email field instead of username.
Still not able to fix this bug.

from app.

The problem was in your config

$this->Auth->config('authenticate', ['Form'=>['username'=>'email','password'=>'password']]);

you are missing the fields key. It should be

$this->Auth->config('authenticate', ['Form'=>['fields' =>['username'=>'email','password'=>'password']]]);

from app.

problem is in $this->passwordHasher()->check($password, $result[$fields['password']]) function which is in BaseAuthenticate class.
function is returning false even if I got result array.

from app.

Can you go into the hasher code and compare what it produces versus what you have stored in the database?

from app.

Yes I did it and I found record in database. It is also returning result in $result variable.
But after that its again checking passwordHasher which is returning false.

from app.

you're still not answering my question, how does the password stored in your database compare to what the password hasher is producing?

from app.

I stored password in blowfish hash code which is 50 char.
App\Model\Entity\User.php

from app.

can you paste here the password stored in your database and the one that is checked in the password hasher class?

from app.

In database :
$2y$10$6dab8w1rJ0RP411hkl.B8OBwzwaK0ZgnZoR7/XjmBPo
in result variable:
[password] => $2y$10$6dab8w1rJ0RP411hkl.B8OBwzwaK0ZgnZoR7/XjmBPo

from app.

ok, I got it.
In $this->passwordHasher()->check($password, $result[$fields['password']]) function
$password is in simple text and $result[$fields['password']] is hashed so that its returning false.

from app.

Both passwords are the same, how come the password checker returns false then? Can you help us debug that?

from app.

If you are using the laters CakePHP 3.0, please use SimplePasswordHasher instead of Blowfish

from app.

As you suggested me, I switched from Blowfish to SimplePasswordHasher. But still authentication is not working because password is not matching.following code returning false.
password_verify($password, $hashedPassword);

password return by hasher :
'$2y$10$dDcxwWtDJVYnRfNX.wIBJuQdokyX65ZpaQCcqvQSQOiGH7yf7HMAG'
password in my db:
'$2y$10$HJ9urHeVBzXezb0Hh13AJeU3PquK2f4yLIrl9bHNVWl'

My updated gist link is:
https://gist.github.com/archanavhire/842266d5953c0df413f2

from app.

Thank you very much. Now its working.
:)

from app.