Class FormAuthenticate
An authentication adapter for AuthComponent. Provides the ability to authenticate using POST data. Can be used by configuring AuthComponent to use it via the AuthComponent::$authenticate setting.
$this->Auth->authenticate = array( 'Form' => array( 'scope' => array('User.active' => 1) ) )
When configuring FormAuthenticate you can pass in settings to which fields, model and additional conditions are used. See FormAuthenticate::$settings for more information.
- BaseAuthenticate implements CakeEventListener
- FormAuthenticate
Direct Subclasses
Since: 2.0
See: AuthComponent::$authenticate
Copyright: Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
License: MIT License
Location: Cake/Controller/Component/Auth/FormAuthenticate.php
Inherited Properties
Method Summary
- _checkFields() protectedChecks the fields to ensure they are supplied.
- authenticate() public
Authenticates the identity contained in a request. Will use the
settings.userModel
, andsettings.fields
to find POST data that is used to find a matching record in thesettings.userModel
. Will return false if there is no post data, either username or password is missing, or if the scope conditions have not been met.
Method Detail
_checkFields()source protected
_checkFields( CakeRequest $request , string $model , array $fields )
Checks the fields to ensure they are supplied.
Parameters
-
CakeRequest
$request
- The request that contains login information.
- string
$model
- The model used for login verification.
- array
$fields
- The fields to be checked.
Returns
booleanFalse if the fields have not been supplied. True if they exist.
authenticate()source public
authenticate( CakeRequest $request , CakeResponse $response )
Authenticates the identity contained in a request. Will use the settings.userModel
, and settings.fields
to find POST data that is used to find a matching record in the settings.userModel
. Will return false if there is no post data, either username or password is missing, or if the scope conditions have not been met.
Parameters
-
CakeRequest
$request
- The request that contains login information.
-
CakeResponse
$response
- Unused response object.
Returns
mixedFalse on login failure. An array of User data on success.
Methods inherited from BaseAuthenticate
__construct()source public
__construct( ComponentCollection $collection , array $settings )
Constructor
Parameters
-
ComponentCollection
$collection
- The Component collection used on this request.
- array
$settings
- Array of settings to use.
_findUser()source protected
_findUser( string|array $username , string $password null )
Find a user record using the standard options.
The $username parameter can be a (string)username or an array containing conditions for Model::find('first'). If the $password param is not provided the password field will be present in returned array.
Input passwords will be hashed even when a user doesn't exist. This helps mitigate timing attacks that are attempting to find valid usernames.
Parameters
- string|array
$username
- The username/identifier, or an array of find conditions.
- string
$password
optional null - The password, only used if $username param is string.
Returns
boolean|arrayEither false on failure, or an array of user data.
_password()source protected
_password( string $password )
Hash the plain text password so that it matches the hashed/encrypted password in the datasource.
Deprecated
3.0.0 Since 2.4. Use a PasswordHasher class instead.Parameters
- string
$password
- The plain text password.
Returns
stringThe hashed form of the password.
getUser()source public
getUser( CakeRequest $request )
Get a user based on information in the request. Primarily used by stateless authentication systems like basic and digest auth.
Parameters
-
CakeRequest
$request
- Request object.
Returns
mixedEither false or an array of user information
implementedEvents()source public
implementedEvents( )
Implemented events
Returns
arrayof events => callbacks.
Implementation of
CakeEventListener::implementedEvents()
logout()source public
logout( array $user )
Allows you to hook into AuthComponent::logout(), and implement specialized logout behavior.
All attached authentication objects will have this method called when a user logs out.
Parameters
- array
$user
- The user about to be logged out.
passwordHasher()source public
passwordHasher( )
Return password hasher object
Returns
AbstractPasswordHasher
Password hasher instance
Throws
CakeException
If password hasher class not found or it does not extend AbstractPasswordHasher
unauthenticated()source public
unauthenticated( CakeRequest $request , CakeResponse $response )
Handle unauthenticated access attempt.
Parameters
-
CakeRequest
$request
- A request object.
-
CakeResponse
$response
- A response object.
Returns
mixedEither true to indicate the unauthenticated request has been dealt with and no more action is required by AuthComponent or void (default).
© 2005–2017 The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/2.10/class-FormAuthenticate.html