cakeDC用户插件获得blackholed与注册 [英] cakeDC users plugin gets blackholed with register
问题描述
我已经添加了cakeDC用户插件到一个干净的安装的cakePHP 2.2.3 。我首先有路由问题,但通过将用户插件路由移动到配置路由,我能够得到我期望的路由。
所以,而不是用户/用户/注册,移动路由后我得到用户/注册工作。
我现在的问题是与寄存器。一旦电子邮件已配置,我可以提交注册表单,我得到以下错误:
错误:请求的地址'/ cakeDC /
这是'注册'路由到的'添加'操作:
public function add(){
if($ this-> Auth-> user()){
$ this-> Session-> setFlash(__ d('users','您已经注册并登录!'));
$ this-> redirect('/');
}
if(!empty($ this-> request-> data)){
$ user = $ this-> User-> register this-> request->数据);
if($ user!== false){
$ this-> _sendVerificationEmail($ this-> User-> data);
$ this-> Session-> setFlash(__ d('users','您的帐户已创建,您很快就会收到一封电子邮件来验证您的帐户。验证后,您将可以登录。 '));
$ this-> redirect(array('action'=>'login'));
} else {
unset($ this-> request-> data [$ this-> modelClass] ['password']);
unset($ this-> request-> data [$ this-> modelClass] ['temppassword']);
$ this-> Session-> setFlash(__ d('users','无法创建您的帐户,请重试。'),'default',array('class'=>消息警告));
}
}
}
p>
< div class =users form>
< h2><?php echo __d('users','添加用户'); ?>< / h2>
< fieldset>
<?php
echo $ this-> Form-> create($ model);
echo $ this-> Form-> input('username',array(
'label'=> __d('users','Username')));
echo $ this-> Form-> input('email',array(
'label'=> __d('users','E-mail(用作登录)')
'error'=> array('isValid'=> __d('users','必须是有效的电子邮件地址'),
'isUnique'=& '该电子邮件的帐户已存在'))));
echo $ this-> Form-> input('password',array(
'label'=> __d('users','Password'),
'type' =>'password'));
echo $ this-> Form-> input('temppassword',array(
'label'=> __d('users','Password(confirm)'),
'type'=>'password'));
$ tosLink = $ this-> Html-> link(__ d('users','Terms of Service'),array('controller'=>'pages','action'=& tos'));
echo $ this-> Form-> input('tos',array(
'label'=> __d('users','我已阅读并同意')$ tosLink ));
echo $ this-> Form-> end(__ d('users','Submit'));
?>
< / fieldset>
< / div>
以下是Stack Trace中的信息:
CORE \Cake\Controller\Component\SecurityComponent.php第232行
}
if ($ isPost& $ isNotRequestAction&& $ this-> csrfCheck){
if($ this-> _validateCsrf($ controller)=== false){
return $ this - > blackHole($ controller,'csrf');
}
SecurityComponent-> blackHole(UsersController,string)
object(UsersController){
name => 'users'
helpers =>数组(
[达到最大深度]
)
components =>数组(
[达到最大深度]
)
presetVars => array(
[达到最大深度]
)
uses => array(
[达到最大深度]
)
request => object(CakeRequest){}
response => object(CakeResponse){}
viewPath => 'Users'
layoutPath => null
viewVars => array(
[达到最大深度]
)
view => add'
layout => 'default'
autoRender => true
autoLayout => true
Components => object(ComponentCollection){}
viewClass => 'View'
View => null
ext => '.ctp'
plugin => 'Users'
cacheAction => false
passedArgs =>数组([达到的最大深度])
scaffold => false
methods => array(
[达到最大深度]
)
modelClass => 'user'
modelKey => 'user'
validationErrors => null
Session => object(SessionComponent){}
Auth => object(AuthComponent){}
Cookie => object(CookieComponent){}
Paginator => object(PaginatorComponent){}
Security => object(SecurityComponent){}
Prg => object(PrgComponent){}
}
'csrf'
插件应该是开箱的,但我没有看到任何明显的原因,不处理注册表单和黑洞。
安全组件正在考虑将其作为CRSF攻击。请确保:
- 您不会重新加载表单(重新发送数据)
- 正在创建。我建议使用插件提供的基本表单进行测试。
- 它不使用AJAX。它适用于AJAX,但我认为您需要设置一些东西。
- 您的浏览器正在发送所有标题。也许你有一个调试的插件,是篡改请求,因此创建一个CRSF攻击
安全组件看起来很明智,请求作为潜在攻击。
I have read through other cakeDC user plugin questions prior to asking this question.
I've added the cakeDC users plugin to a clean install of cakePHP 2.2.3. I did have routing problems at first, but by moving the user plugins routing to the config routing I was able to get the routing I expected.
So, instead of users/users/register, after moving the routing I got users/register to work.
The problem I'm having now is with register. Once the email has been configured and I'm able to submit the registration form, I get the following error:
Error: The requested address '/cakeDC/users/add' was not found on this server.
Here is the 'add' action the 'register' is routed to:
public function add() {
if ($this->Auth->user()) {
$this->Session->setFlash(__d('users', 'You are already registered and logged in!'));
$this->redirect('/');
}
if (!empty($this->request->data)) {
$user = $this->User->register($this->request->data);
if ($user !== false) {
$this->_sendVerificationEmail($this->User->data);
$this->Session->setFlash(__d('users', 'Your account has been created. You should receive an e-mail shortly to authenticate your account. Once validated you will be able to login.'));
$this->redirect(array('action' => 'login'));
} else {
unset($this->request->data[$this->modelClass]['password']);
unset($this->request->data[$this->modelClass]['temppassword']);
$this->Session->setFlash(__d('users', 'Your account could not be created. Please, try again.'), 'default', array('class' => 'message warning'));
}
}
}
Here's the form:
<div class="users form">
<h2><?php echo __d('users', 'Add User'); ?></h2>
<fieldset>
<?php
echo $this->Form->create($model);
echo $this->Form->input('username', array(
'label' => __d('users', 'Username')));
echo $this->Form->input('email', array(
'label' => __d('users', 'E-mail (used as login)'),
'error' => array('isValid' => __d('users', 'Must be a valid email address'),
'isUnique' => __d('users', 'An account with that email already exists'))));
echo $this->Form->input('password', array(
'label' => __d('users', 'Password'),
'type' => 'password'));
echo $this->Form->input('temppassword', array(
'label' => __d('users', 'Password (confirm)'),
'type' => 'password'));
$tosLink = $this->Html->link(__d('users', 'Terms of Service'), array('controller' => 'pages', 'action' => 'tos'));
echo $this->Form->input('tos', array(
'label' => __d('users', 'I have read and agreed to ') . $tosLink));
echo $this->Form->end(__d('users', 'Submit'));
?>
</fieldset>
</div>
Here is the information in the Stack Trace:
CORE\Cake\Controller\Component\SecurityComponent.php line 232
}
if ($isPost && $isNotRequestAction && $this->csrfCheck) {
if ($this->_validateCsrf($controller) === false) {
return $this->blackHole($controller, 'csrf');
}
SecurityComponent->blackHole(UsersController, string)
object(UsersController) {
name => 'Users'
helpers => array(
[maximum depth reached]
)
components => array(
[maximum depth reached]
)
presetVars => array(
[maximum depth reached]
)
uses => array(
[maximum depth reached]
)
request => object(CakeRequest) {}
response => object(CakeResponse) {}
viewPath => 'Users'
layoutPath => null
viewVars => array(
[maximum depth reached]
)
view => 'add'
layout => 'default'
autoRender => true
autoLayout => true
Components => object(ComponentCollection) {}
viewClass => 'View'
View => null
ext => '.ctp'
plugin => 'Users'
cacheAction => false
passedArgs => array([maximum depth reached])
scaffold => false
methods => array(
[maximum depth reached]
)
modelClass => 'User'
modelKey => 'user'
validationErrors => null
Session => object(SessionComponent) {}
Auth => object(AuthComponent) {}
Cookie => object(CookieComponent) {}
Paginator => object(PaginatorComponent) {}
Security => object(SecurityComponent) {}
Prg => object(PrgComponent) {}
}
'csrf'
I understand this plugin should work out of the box, but I don't see any obvious reason for not processing the registration form and the black hole.
Security component is considering it a CRSF attack. Be sure that:
- You are not reloading the form (resending the data)
- The form is being created properly. I suggest testing with the basic form the plugin offers.
- It is not using AJAX. It works with AJAX, but I think you need to setup a few things.
- Your browser is sending all the headers properly. Perhaps you have an addon for debugging that is tampering requests, hence creating a CRSF attack
The Security component seems quite sensible and easily flags unusual requests as potential attack.
这篇关于cakeDC用户插件获得blackholed与注册的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
