Strange Auth issue on CakePHP 3.x

I have two identical servers with identical DB schema, PHP and CakePHP versions:

\- dev

\-prod

On dev, $this->Auth->identify() returns true if the username and password are correct.

For some reason, on prod, $this->Auth->identify() always returns false. Tried everything I can find online such as:

\- Check password field length. It is set to 255

\- Security salt is same on both temporarily

\- Source code on both dev and prod are the same (using git to track). It is working on he dev server, but not on the prod server.

\- Checked that the Hash is stored correctly in the DB using (new DefaultPasswordHasher)->check($pwd, $hash). This returns true when I test it with the password string and the hash stored in prod db.

What could be the issue? Thank you very much for any help or pointers on how to debug it.

3 thoughts on “Strange Auth issue on CakePHP 3.x”

  1. You say the hash is same temporarily. Are you trying to login to an existing user created before you altered the hash? If so, the hash wouldn’t match that user anymore.

    For your original issue, are you familiar with working with a debugger? That way you can step through the code and see where the issue arises.

    If you are using the `FormAuthenticator` when loading the component, you can check the method `authenticate()`, which is likely where your login is rejected. It will first check if all the required login fields (username/email and password) are filled and is a string. If that passes, it will use the configured finder to try and find a user with the credentials. Finding a user happens in the method `_findUser()` in the `Cake\Auth\BaseAuthenticate` class.

    Reply
  2. There are certainly some differences between the two otherwise they’d be operating the same. Have you verified the installed php extensions are the same version? Are the installed composer packages the same versions? What about differences in unversioned files?

    Reply

Leave a Comment