After being interested in it for a while, I’ve started experimenting with Kohana (v 3.2). When I started working with the ORM-based user authentication it ships with, I immediately ran into some trouble. Searches turned up scant information, so I’m posting this to help people who run into the same problem.
The first problem is that the Kohana documentation leaves a lot to be desired. In this case, it says very little about using the ORM-based user authentication. There’s almost nothing in the User Guide part of the documentation, and I found the API documentation related to this functionality to be incomplete and misleading.
I enabled the auth and ORM modules in my bootstrap, and configured it (with some help from Mixu’s tech blog: Step-by-step guide to Kohana 3 auth).
Then I tried programatically creating a user, as follows, and ran into a brick wall:
$user = array( 'username' => 'abcdebug', 'password' => 'pass', 'email' => 'firstname.lastname@example.org' ); ORM::factory( 'user' )->create_user( $user, array_keys( $user ) );
That was based on the API documentation for Model_Auth_User::create_user(), which lead me to believe that I could just pass an array containing ‘username’, ‘password’, and ’email’ elements.
However, all that got me was the extremely unhelpful error message: “ORM_Validation_Exception [ 0 ]: Failed to validate array”
I later discovered that the default validation requires a password with min length 8, but that was not the whole problem.
I dug deeper and discovered (with some hints ) that the default validation also requires a
password_confirm element (that must match the value of
password, naturally) to be included in the first argument to
$user = array( 'username' => 'abcdebug', 'password' => 'password', 'email' => 'email@example.com' ); $post = $user; $post[ 'password_confirm' ] = $user[ 'password' ]; ORM::factory( 'user' )->create_user( $post, array_keys( $user ) );
That’s very counterintutive to me. I expected to easily be able to create a user programatically with the default setup, and when doing that I don’t expect to have to confirm the values I’m passing to the create method. I’d also expect that to be mentioned in the
create_user() documentation, especially since there’s nothing (that I’ve found) in the User Guide about this.
Oddly, it only failed on not providing the password confirmation value, when I’d consider the email address more important to confirm, since that’s probably the only recourse you have to “authenticate” the user’s identity if they forget their password.
In this case the error message could also have been a lot more helpful. It turns out if you
copy modules/orm/classes/model/auth/user.php to application/classes/model/auth/user.php and catch (say as
$e->errors( 'model' ) returns data that includes the message “password confirm must be the same as password confirm”. I don’t know why that error message is not displayed by the default exception handling. As an aside, that error message itself is a bit off. Should probably say “password confirm must be the same as password”.
I don’t know enough about Kohana to know if there’s a way to set this up that I would consider better. I guess it would be nice if out of the box you could easily programmatically create users as I was trying to do, and also easily create users based on registration form submissions, where confirming certain values might be desirable.