php - Allow both Ejabberd and CakePHP 3 use same users table and passwords
Get the solution ↓↓↓Im developing a web app which uses cakePHP 3. I have the app working, and i need to add ejabberd 15.x chat to my app.
I have configured the jabber to use odbc mysql and users database table( the same users table that cakephp uses ).
Now, the problem, is, my web app can log in/register users just fine, using cakephp's bcrypt password hasher. However, because passwords are hashed, ejabberd cant log those users in because it uses plain text passwords.
I could disable password hashing in cakephp and make it work that way, but, i would rather prefer the extra security that hashing provides, and enable exact same bcrypt hashing on ejabberd side, so it could log in using hashes that cakephp generated.
Is there a way to make ejabberd and cakephp3 hash passwords exactly the same way ?.
Answer
Solution:
Creating a class extendingAbstractPasswordHasher
should do the trick. Follow the pattern(s) used for FallbackPasswordHasher
.
http://api.cakephp.org/3.0/class-Cake.Auth.AbstractPasswordHasher.html
Then configure your system to use the new class:
(quoted below, as an example)
Changing Hashing Algorithms
CakePHP provides a clean way to migrate your users’ passwords from one algorithm to another, this is achieved through the FallbackPasswordHasher class. Assuming you are migrating your app from CakePHP 2.x which uses sha1 password hashes, you can configure the AuthComponent as follows:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'passwordHasher' => [
'className' => 'Fallback',
'hashers' => [
'Default',
'Weak' => ['hashType' => 'sha1']
]
]
]
]
]);
}
The first name appearing in the hashers key indicates which of the classes is the preferred one, but it will fallback to the others in the list if the check was unsuccessful.
Share solution ↓
Additional Information:
Link To Answer People are also looking for solutions of the problem: http failure during parsing for
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Similar questions
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.