cakephp不会在登录时哈希密码，而仅在注册时

Question

我正在使用CakePHP 3.5。 我正在尝试创建一个简单的登录名，但是有问题：

1. 我可以使用未哈希的密码登录
2. 我的defaultpasswordhasher起作用了...密码实际上已被哈希处理，但登录时却没有
3. 所有用户（user1，user2，user3）具有相同的密码“ password”
4. user1密码未哈希

UserController.php

public function login(){
      if($this->request->is('post')){
      //  $data = $this->request->getData();
        //pr($data);
        $user = $this->Auth->identify();
          if($user){
            $this->Flash->success('Successful login');
            $this->Auth->setUser($user);
            return $this->redirect(['action' => 'index']);
          }else{
            $this->Flash->error(__('Please, try again.'));
          }

      }
    }


<?php
namespace App\Model\Entity;
use Cake\Auth\DefaultPasswordHasher;
use Cake\ORM\Entity;

/**
 * UsersTable Entity
 *
 * @property int $id
 * @property string $username
 * @property string $email
 * @property string $password
 */
class UsersTable extends Entity
{

    /**
     * Fields that can be mass assigned using newEntity() or patchEntity().
     *
     * Note that when '*' is set to true, this allows all unspecified fields to
     * be mass assigned. For security purposes, it is advised to set '*' to false
     * (or remove it), and explicitly make individual fields accessible as needed.
     *
     * @var array
     */
    protected $_accessible = [
        'username' => true,
        'email' => true,
        'password' => true
    ];

    /**
     * Fields that are excluded from JSON versions of the entity.
     *
     * @var array
     */
    protected $_hidden = [
        'password'
    ];

    protected function _setPassword($password){
      return(new  DefaultPasswordHasher)->hash($password);
    }
}
login.ctp
<?= $this->Form->create();?>
<?= $this->Form->control('email'); ?>
<?= $this->Form->control('password'); ?>
<?= $this->Form->button('login');?>

<?= $this->Form->end(); ?>

AppController.php
public function initialize()
    {
        parent::initialize();

        $this->loadComponent('RequestHandler', [
            'enableBeforeRedirect' => false,
        ]);
        $this->loadComponent('Flash');
        $this->loadComponent('Auth',[
            'authenticate' =>[
              'Form'  => [
                'fields' => [
                  'username' =>'email',
                  'password' =>'password'

                ]
              ]
            ],
            'loginAction' =>  [
              'controller' =>'UsersTable',
              'action' =>'login'
            ]
        ]);

Answer 1

https://book.cakephp.org/3.0/en/controllers/components/authentication.html

_setPassword函数仅在您添加或编辑表中的实体时起作用。

由于您是在用户实体中添加_setPassword之前添加了user1的，因此未对它进行哈希处理。

另外，登录时它不会对user1进行哈希处理，因为表中的用户实体没有任何变化。

如果要散列user1，只需在管理面板中对其进行编辑。