Cakephp 4 logintest

Question

I'm doing the test for my UserController and I'm having trouble with my login test. I'm using cakephp4 with phpunit.

The test I'm doing is this:

   public function testLogin(): void
   {
       $this->enableSecurityToken();
       $this->enableCsrfToken();
       $this->get('/user/login');
       $this->assertResponseOk();
 
       $this->post('/user/login', [
           'DNI_CIF' => '22175395Z',
           'password' => '$2y$10$ND67aMGqm.qK86MW1wuW9OQLC9vyJQGUn2HnLuSInwrFbXQKBT.V.'
       ]);
 
       $this->assertResponseCode(302); //Si correcto redirige
   //    $this->assertSession(1, 'Auth.User.id');
   }

My UserController:

  public function login()
   {
       $this->request->allowMethod(['get', 'post']);
       $result = $this->Authentication->getResult();
       // regardless of POST or GET, redirect if user is logged in
       if ($result && $result->isValid()) {
        return $this->redirect('/');
       }
       // display error if user submitted and authentication failed
       if ($this->request->is('post') && !$result->isValid()) {
           $this->Flash->error(__('Alias de usuario o contraseña incorrecta.'));
       }
   }

My Application:

  public function getAuthenticationService(ServerRequestInterface $request): AuthenticationServiceInterface
   {
       $authenticationService = new AuthenticationService([
           'unauthenticatedRedirect' => Router::url('/user/login'),
           'queryParam' => 'redirect',
       ]);
  
       // Load identifiers, ensure we check email and password fields
       $authenticationService->loadIdentifier('Authentication.Password', [
           'resolver' => [
               'className' => 'Authentication.Orm',
               'userModel' => 'User',
               ],
           'fields' => [
               'username' => 'DNI_CIF',
               'password' => 'password',
           ]
       ]);
  
 
       // Load the authenticators, you want session first
       $authenticationService->loadAuthenticator('Authentication.Session');
       // Configure form data check to pick email and password
       $authenticationService->loadAuthenticator('Authentication.Form', [
           'fields' => [
               'username' => 'DNI_CIF',
               'password' => 'password',
           ],
           'loginUrl' => Router::url('/user/login'),
       ]);
  
       return $authenticationService;
   }

But I'm having this error:

.......object(Authentication\Authenticator\Result)#826 (3) {
  ["_status":protected]=>
  string(27) "FAILURE_CREDENTIALS_MISSING"
  ["_data":protected]=>
  NULL
  ["_errors":protected]=>
  array(1) {
    [0]=>
    string(27) "Login credentials not found"
  }
}

Can someone tell my what I'm doing wrong?

I tried several combinations like:

           'username' => '22175395Z',
           'password' => '$2y$10$ND67aMGqm.qK86MW1wuW9OQLC9vyJQGUn2HnLuSInwrFbXQKBT.V.'

or:

           'DNI_CIF' => '22175395Z',
           'password' => 'prueba'

or

           'username' => '22175395Z',
           'password' => 'prueba'

but nothing works.

Answer 1

In order to validate against a password stored in the database, the stored password must be hashed, and the submitted password must not be.

Answer 2

A want to add, in case of someone having the same problem, to be careful if you are using a user added in Fixture to login because it's password may not be hashed and login test will not work. I added a user and used it in the login test.