Class BlowfishAuthenticate
An authentication adapter for AuthComponent. Provides the ability to authenticate using POST data using Blowfish hashing. Can be used by configuring AuthComponent to use it via the AuthComponent::$authenticate setting.
$this->Auth->authenticate = array( 'Blowfish' => array( 'scope' => array('User.active' => 1) ) )
When configuring BlowfishAuthenticate you can pass in settings to which fields, model and additional conditions are used. See FormAuthenticate::$settings for more information.
For initial password hashing/creation see Security::hash(). Other than how the password is initially hashed, BlowfishAuthenticate works exactly the same way as FormAuthenticate.
- BaseAuthenticate implements CakeEventListener
- FormAuthenticate
- BlowfishAuthenticate
Deprecated: 3.0.0 Since 2.4. Just use FormAuthenticate with 'passwordHasher' setting set to 'Blowfish'
Copyright: Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
License: MIT License
Since: CakePHP(tm) v 2.3
See:
AuthComponent::$authenticate
Located at Cake/Controller/Component/Auth/BlowfishAuthenticate.php
Method Detail
__constructsource public
__construct( ComponentCollection $collection , array $settings )
Constructor. Sets default passwordHasher to Blowfish
Parameters
-
ComponentCollection
$collection
- The Component collection used on this request.
- array
$settings
- Array of settings to use.
Overrides
BaseAuthenticate::__construct()
Methods inherited from FormAuthenticate
_checkFieldssource protected
_checkFields( CakeRequest $request , string $model , array $fields )
Checks the fields to ensure they are supplied.
Parameters
-
CakeRequest
$request
- The request that contains login information.
- string
$model
- The model used for login verification.
- array
$fields
- The fields to be checked.
Returns
boolean
False if the fields have not been supplied. True if they exist.
authenticatesource public
authenticate( CakeRequest $request , CakeResponse $response )
Authenticates the identity contained in a request. Will use the settings.userModel
, and settings.fields
to find POST data that is used to find a matching record in the settings.userModel
. Will return false if there is no post data, either username or password is missing, or if the scope conditions have not been met.
Parameters
-
CakeRequest
$request
- The request that contains login information.
-
CakeResponse
$response
- Unused response object.
Returns
mixed
False on login failure. An array of User data on success.
Methods inherited from BaseAuthenticate
_findUsersource protected
_findUser( string|array $username , string $password null )
Find a user record using the standard options.
The $username parameter can be a (string)username or an array containing conditions for Model::find('first'). If the $password param is not provided the password field will be present in returned array.
Input passwords will be hashed even when a user doesn't exist. This helps mitigate timing attacks that are attempting to find valid usernames.
Parameters
- string|array
$username
- The username/identifier, or an array of find conditions.
- string
$password
optional null - The password, only used if $username param is string.
Returns
boolean|array
Either false on failure, or an array of user data.
_passwordsource protected
_password( string $password )
Hash the plain text password so that it matches the hashed/encrypted password in the datasource.
Parameters
- string
$password
- The plain text password.
Returns
string
The hashed form of the password.
getUsersource public
getUser( CakeRequest $request )
Get a user based on information in the request. Primarily used by stateless authentication systems like basic and digest auth.
Parameters
-
CakeRequest
$request
- Request object.
Returns
mixed
Either false or an array of user information
implementedEventssource public
implementedEvents( )
Implemented events
Returns
array
of events => callbacks.
Implementation of
CakeEventListener::implementedEvents()
logoutsource public
logout( array $user )
Allows you to hook into AuthComponent::logout(), and implement specialized logout behavior.
All attached authentication objects will have this method called when a user logs out.
Parameters
- array
$user
- The user about to be logged out.
passwordHashersource public
passwordHasher( )
Return password hasher object
Returns
AbstractPasswordHasher
Password hasher instance
Throws
CakeException
If password hasher class not found or it does not extend AbstractPasswordHasher
unauthenticatedsource public
unauthenticated( CakeRequest $request , CakeResponse $response )
Handle unauthenticated access attempt.
Parameters
-
CakeRequest
$request
- A request object.
-
CakeResponse
$response
- A response object.
Returns
mixed
Either true to indicate the unauthenticated request has been dealt with and no more action is required by AuthComponent or void (default).
Properties inherited from BaseAuthenticate
$_Collectionsource
protected ComponentCollection
A Component collection, used to get more components.
$settingssource
public array
Settings for this object.
-
fields
The fields to use to identify a user by. -
userModel
The model name of the User, defaults to User. -
userFields
Array of fields to retrieve from User model, null to retrieve all. Defaults to null. -
scope
Additional conditions to use when looking up and authenticating users, i.e.array('User.is_active' => 1).
-
recursive
The value of the recursive key passed to find(). Defaults to 0. -
contain
Extra models to contain and store in session. -
passwordHasher
Password hasher class. Can be a string specifying class name or an array containingclassName
key, any other keys will be passed as settings to the class. Defaults to 'Simple'.
array( 'fields' => array( 'username' => 'username', 'password' => 'password' ), 'userModel' => 'User', 'userFields' => null, 'scope' => array(), 'recursive' => 0, 'contain' => null, 'passwordHasher' => 'Simple' )
© 2005–2016 The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
http://api.cakephp.org/2.7/class-BlowfishAuthenticate.html