Tag Archives: authentification

Simple webservice authentication using cakephp. A closer look.

After bringing up a very simple way to get authentification done in an older post, it is time to give it a closer look and bring up some code that will help to get things done.

I use one single controller to handle all external requests the webservice could receive, i do not know if that is “best practice”, but it seems reasonable
to me at this point. All responses are JSON, so i simply named the controller “json_controller“… šŸ˜‰

Of course the user must log in first. For that he makes a request on “/json/login“.
The process is pretty much standard, the user logs in with his credentials as in the normal web application.
For this (my first) approach it was important to make it work before i start with (at this point) unnecessary security stuff.

public function login () {
	if($this->request->is('post')) {
		$post['username'] = $this->request->data['username'];
		$post['password'] = $this->request->data['password'];
		$post['android_registration_id'] = $this->request->data['reg_id'];
		$data['hash'] = $this->Auth->password($post['password']);
		$check = $this->User->find('first',
			array(
				'conditions' => array(
					'username' => $post['username'],
					'password' => $data['hash']
				)
			)
		);
		$save = array();
		$return = array();
		if($check) {
			$save['id'] = $check['User']['id'];
			$save['token'] = $this->Auth->password($post['username'].date('dmY'));
			$save['android_registration_id'] = $this->request->data['reg_id'];
			$save['last_mobile_login'] = date('Y-m-d H:i:s');
			if($this->User->save($save)) {
				$return['return']['token'] = $save['token'];
				$return['return']['hash'] = $data['hash'];
				$return['return']['id'] = $check['User']['id'];
				$return['return']['username'] = $check['User']['username'];
			} else {
				$return = false;
			}
		} else {
			$return = false;
		}
	}
	return new CakeResponse(array('body' => json_encode($return, JSON_NUMERIC_CHECK)));
}

The credentials will be checked against the request and the necessary data will be given back to the request source. As you can see i am saving the additional information (android_registration_id) already, so extending the code will be done quickly.
The returned JSON object will contain the token and the hash that will be needed for any further requests on the webservice and needs to be saved in the app on the device.
Continue reading “Simple webservice authentication using cakephp. A closer look.” »

Create a simple authentication used by a smartphone app with a cakephp webservice

Everybody is using smartphones to get there information on the go. To provide the necessary information there a several ways to do so, e.g.:

  • your usual web page
  • your usual web page with a special mobile layout
  • a native smartphone app retrieving its information via a provided web service.

In this post i take a closer look at the last point in a very simple way, which gives you an idea of how things can work and you can play around with.

For this simple approach the smartphone app needs to be able to store data on the device.

This is how the entire process works in my case:
The already registered User logs in via his smartphone app, which will send the username and password via post request to an url.

All the authentification happens on the website, so there will be no encryption done on the mobile device, which means there is no extra work to be done, when some thing on theĀ webserviceĀ needs to be changed.

if username and password are correct the website will generate a token, saves it and send a response with either false or an array with the token and the encrypted password (i used the already encrypted password from database) that needs to be saved in the app.
From now on, the web service expects those values on every request and authenticates this device and therefor the user.

As long as this token is sent the app will be authenticated and on every login the token will be renwed for this user, which means that a login from another device will delete the current token and writes a new one that will be different. That means, that only one device can be logged in at the same time.

Continue reading “Create a simple authentication used by a smartphone app with a cakephp webservice” »