Community Auth Token Name - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: External Resources (https://forum.codeigniter.com/forumdisplay.php?fid=7) +--- Forum: Addins (https://forum.codeigniter.com/forumdisplay.php?fid=13) +--- Thread: Community Auth Token Name (/showthread.php?tid=69785) Pages:
1
2
|
Community Auth Token Name - reesethebeast - 01-17-2018 I am using Codeigniter 3 and Community Auth. My login was working fine until I recently turned off CI CSRF due to AJAX issues and I am now using the tokens helper. All of my JQuery code references a specific token name, let's call it my_token. So I want to continue to use this token name versus Community Auth's default token name "token". I am using form_open() on my login form and I added a hidden element for my_token and I changed the Community Auth token name in /application/third_party/community_auth/config/authentication.php to "my_token". When I try to log in nothing happens. When I check the log file, the submitted form token is not in the jar. I've tried several changes to get this to work, however it only works if I leave the token name as "token". Am I missing some other setting? My site is live so any help would be greatly appreciated. DEBUG - 2018-01-18 01:57:52 --> string = myusername password = abc123 form_token = e03cc701 token_jar = {"0":"f0c0d018","1":"e1610819","2":"8e9a3ac9","3":"3fa0bedb","4":"35144229","5":"579e4e9d","6":"8097b9a7","7":"3330737d","8":"34814180","9":"2835bd8c","11":"7d232b67"} RE: Community Auth Token Name - skunkbad - 01-18-2018 I think this needs a look, but if I recall correctly, the login token is different because if it was the same as your other forms CA might think you other form post is a login attempt. Give me a couple days to look at this, and see what I can do. RE: Community Auth Token Name - reesethebeast - 01-18-2018 (01-18-2018, 12:27 AM)skunkbad Wrote: I think this needs a look, but if I recall correctly, the login token is different because if it was the same as your other forms CA might think you other form post is a login attempt. Give me a couple days to look at this, and see what I can do. OK, thank you. Based on your comments, I think in the mean time that I will change the name back to token and modify the Auth form helper to add hidden element my_token as well, when using form_open(). RE: Community Auth Token Name - reesethebeast - 01-18-2018 Modifying /community_auth/helpers/MY_form_helper.php for now has resolved the issue. I added $form .= '<input type="hidden" name="my_token" value="'.html_escape($value).'" style="display:none;" />'."\n"; right before return $form;. If this needs to be a permanent solution, I will add a custom CI config variable for the name versus hard coding. RE: Community Auth Token Name - skunkbad - 01-18-2018 (01-18-2018, 08:14 AM)reesethebeast Wrote: Modifying /community_auth/helpers/MY_form_helper.php for now has resolved the issue. I'd still like to take a look at CA and see what needs to be done. I just need to make the time to do it. I can't say what the solution is, but maybe CA should not allow for the login token to be renamed as a config var. As the name is hard coded into the Authentication library, its that way because the Authentication library needs a unique name. I think what you're asking is, do we need two token names ... and the answer may be yes. RE: Community Auth Token Name - reesethebeast - 01-18-2018 (01-18-2018, 09:04 AM)skunkbad Wrote:(01-18-2018, 08:14 AM)reesethebeast Wrote: Modifying /community_auth/helpers/MY_form_helper.php for now has resolved the issue. Thanks for the reply. Yes, I think 2 tokens are needed or at least 2 names. This solution is working for now and I will await the results of your research. RE: Community Auth Token Name - reesethebeast - 01-18-2018 (01-18-2018, 09:29 AM)reesethebeast Wrote:(01-18-2018, 09:04 AM)skunkbad Wrote:(01-18-2018, 08:14 AM)reesethebeast Wrote: Modifying /community_auth/helpers/MY_form_helper.php for now has resolved the issue. Sorry, I spoke too soon. It looks like any AJAX request is now killing my session/logging me out. RE: Community Auth Token Name - skunkbad - 01-18-2018 I made two commits this morning: https://bitbucket.org/skunkbad/community-auth-for-codeigniter-3/commits/all These commits have not been merged into the master branch, but you could test them out and tell me what your experience is. RE: Community Auth Token Name - reesethebeast - 01-18-2018 Thanks. I will implement these changes and test. RE: Community Auth Token Name - reesethebeast - 01-18-2018 Skunkbad, After some trial and error, I just decided to change all of my AJAX code to use token versus my_token. This seems to work, for the first submission. In a previous forum post of mine you stated "Since using a token removes it from the array of tokens, if you are using AJAX then you need to pass back a new token, and apply it to the hidden form element. You get a new token with $this->tokens->token();". I have a table of records and a delete button on each row. As the first deletion works and the subsequent clicks fails, this means the token was removed from the jar. So based on your statement, I should pass back a new token from the AJAX call in my JSON response and update (via JQuery) the current hidden form element to contain the new token value, correct? |