Class AuthComponent
Authentication control component class.
Binds access control with user authentication and session management.
- Cake\Controller\Component implements Cake\Event\EventListenerInterface uses Cake\Core\InstanceConfigTrait , Cake\Log\LogTrait
- Cake\Controller\Component\AuthComponent uses Cake\Event\EventDispatcherTrait
Link: https://book.cakephp.org/3.0/en/controllers/components/authentication.html
Location: Controller/Component/AuthComponent.php
Constants summary
-
string
ALL
'all'
-
string
QUERY_STRING_REDIRECT
'redirect'
Properties summary
-
$_authenticateObjects
protected -
$_authenticationProvider
protectedThe instance of the Authenticate provider that was used for successfully logging in the current user after calling
login()
in the same request -
$_authorizationProvider
protectedThe instance of the Authorize provider that was used to grant access to the current user to the URL they are requesting.
-
$_authorizeObjects
protected -
$_defaultConfig
protectedDefault configarray
-
$_storage
protected -
$allowedActions
publicController actions for which user validation is not required.array
-
$components
publicOther components utilized by AuthComponentarray
-
$request
public -
$response
public -
$session
public
Magic properties summary
-
$Flash
public -
$RequestHandler
public
Inherited Properties
Method Summary
- __get() publicMagic accessor for backward compatibility for property
$sessionKey
. - __set() publicMagic setter for backward compatibility for property
$sessionKey
. - _getUrlToRedirectBackTo() protectedReturns the URL to redirect back to or / if not possible.
- _getUser() protected
Similar to AuthComponent::user() except if user is not found in configured storage, connected authentication objects will have their getUser() methods called.
- _isAllowed() protectedChecks whether current action is accessible without authentication.
- _isLoginAction() protectedNormalizes config
loginAction
and checks if current request URL is same as login action. - _loginActionRedirectUrl() protectedReturns the URL of the login action to redirect to.
- _setDefaults() protectedSets defaults for configs.
- _unauthenticated() protected
Handles unauthenticated access attempt. First the
unauthenticated()
method of the last authenticator in the chain will be called. The authenticator can handle sending response or redirection as appropriate and returntrue
to indicate no further action is necessary. If authenticator returns null this method redirects user to login action. If it's an AJAX request and configajaxLogin
is specified that element is rendered else a 403 HTTP status code is returned. - _unauthorized() protectedHandle unauthorized access attempt
- allow() public
Takes a list of actions in the current controller for which authentication is not required, or no parameters to allow all actions.
- authCheck() public
Main execution method, handles initial authentication check and redirection of invalid users.
- authenticationProvider() public
If login was called during this request and the user was successfully authenticated, this function will return the instance of the authentication object that was used for logging the user in.
- authorizationProvider() public
If there was any authorization processing for the current request, this function will return the instance of the Authorization object that granted access to the user to the current address.
- constructAuthenticate() publicLoads the configured authentication objects.
- constructAuthorize() publicLoads the authorization objects configured.
- deny() publicRemoves items from the list of allowed/no authentication required actions.
- flash() publicSet a flash message. Uses the Flash component with values from
flash
config. - getAuthenticate() publicGetter for authenticate objects. Will return a particular authenticate object.
- getAuthorize() publicGetter for authorize objects. Will return a particular authorize object.
- identify() public
Use the configured authentication adapters, and attempt to identify the user by credentials contained in $request.
- implementedEvents() publicEvents supported by this component.
- initialize() publicInitialize properties.
- isAuthorized() publicCheck if the provided user is authorized for the request.
- logout() publicLog a user out.
- redirectUrl() publicGet the URL a user should be redirected to upon login.
- setUser() publicSet provided user info to storage as logged in user.
- startup() publicCallback for Controller.startup event.
- storage() publicGet/set user record storage object.
- user() publicGet the current user from storage.
Method Detail
__get()source public
__get( string $name )
Magic accessor for backward compatibility for property $sessionKey
.
Parameters
- string
$name
- Property name
Returns
mixedOverrides
Cake\Controller\Component::__get()
__set()source public
__set( string $name , mixed $value )
Magic setter for backward compatibility for property $sessionKey
.
Parameters
- string
$name
- Property name.
- mixed
$value
- Value to set.
_getUrlToRedirectBackTo()source protected
_getUrlToRedirectBackTo( )
Returns the URL to redirect back to or / if not possible.
This method takes the referrer into account if the request is not of type GET.
Returns
string_getUser()source protected
_getUser( )
Similar to AuthComponent::user() except if user is not found in configured storage, connected authentication objects will have their getUser() methods called.
This lets stateless authentication methods function correctly.
Returns
booleantrue If a user can be found, false if one cannot.
_isAllowed()source protected
_isAllowed( Cake\Controller\Controller $controller )
Checks whether current action is accessible without authentication.
Parameters
-
Cake\Controller\Controller
$controller
A reference to the instantiating controller object
Returns
booleanTrue if action is accessible without authentication else false
_isLoginAction()source protected
_isLoginAction( Cake\Controller\Controller $controller )
Normalizes config loginAction
and checks if current request URL is same as login action.
Parameters
-
Cake\Controller\Controller
$controller
- A reference to the controller object.
Returns
booleanTrue if current action is login action else false.
_loginActionRedirectUrl()source protected
_loginActionRedirectUrl( )
Returns the URL of the login action to redirect to.
This includes the redirect query string if applicable.
Returns
array|string_unauthenticated()source protected
_unauthenticated( Cake\Controller\Controller $controller )
Handles unauthenticated access attempt. First the unauthenticated()
method of the last authenticator in the chain will be called. The authenticator can handle sending response or redirection as appropriate and return true
to indicate no further action is necessary. If authenticator returns null this method redirects user to login action. If it's an AJAX request and config ajaxLogin
is specified that element is rendered else a 403 HTTP status code is returned.
Parameters
-
Cake\Controller\Controller
$controller
- A reference to the controller object.
Returns
Cake\Http\Response
|nullNull if current action is login action else response object returned by authenticate object or Controller::redirect().
Throws
Cake\Core\Exception\Exception
_unauthorized()source protected
_unauthorized( Cake\Controller\Controller $controller )
Handle unauthorized access attempt
Parameters
-
Cake\Controller\Controller
$controller
- A reference to the controller object
Returns
Cake\Http\Response
Throws
Cake\Http\Exception\ForbiddenException
allow()source public
allow( string|array|null $actions = null )
Takes a list of actions in the current controller for which authentication is not required, or no parameters to allow all actions.
You can use allow with either an array or a simple string.
$this->Auth->allow('view'); $this->Auth->allow(['edit', 'add']);
or to allow all actions
$this->Auth->allow();
Parameters
- string|array|null
$actions
optional null - Controller action name or array of actions
Link
https://book.cakephp.org/3.0/en/controllers/components/authentication.html#making-actions-publicauthCheck()source public
authCheck( Cake\Event\Event $event )
Main execution method, handles initial authentication check and redirection of invalid users.
The auth check is done when event name is same as the one configured in checkAuthIn
config.
Parameters
-
Cake\Event\Event
$event
- Event instance.
Returns
Cake\Http\Response
|nullThrows
ReflectionExceptionauthenticationProvider()source public
authenticationProvider( )
If login was called during this request and the user was successfully authenticated, this function will return the instance of the authentication object that was used for logging the user in.
Returns
Cake\Auth\BaseAuthenticate
|nullauthorizationProvider()source public
authorizationProvider( )
If there was any authorization processing for the current request, this function will return the instance of the Authorization object that granted access to the user to the current address.
Returns
Cake\Auth\BaseAuthorize
|nullconstructAuthenticate()source public
constructAuthenticate( )
Loads the configured authentication objects.
Returns
array|nullThe loaded authorization objects, or null on empty authenticate value.
Throws
Cake\Core\Exception\Exception
constructAuthorize()source public
constructAuthorize( )
Loads the authorization objects configured.
Returns
array|nullThe loaded authorization objects, or null when authorize is empty.
Throws
Cake\Core\Exception\Exception
deny()source public
deny( string|array|null $actions = null )
Removes items from the list of allowed/no authentication required actions.
You can use deny with either an array or a simple string.
$this->Auth->deny('view'); $this->Auth->deny(['edit', 'add']);
or
$this->Auth->deny();
to remove all items from the allowed list
Parameters
- string|array|null
$actions
optional null - Controller action name or array of actions
See
\Cake\Controller\Component\AuthComponent::allow()Link
https://book.cakephp.org/3.0/en/controllers/components/authentication.html#making-actions-require-authorizationflash()source public
flash( string $message )
Set a flash message. Uses the Flash component with values from flash
config.
Parameters
- string
$message
- The message to set.
getAuthenticate()source public
getAuthenticate( string $alias )
Getter for authenticate objects. Will return a particular authenticate object.
Parameters
- string
$alias
- Alias for the authenticate object
Returns
Cake\Auth\BaseAuthenticate
|nullgetAuthorize()source public
getAuthorize( string $alias )
Getter for authorize objects. Will return a particular authorize object.
Parameters
- string
$alias
- Alias for the authorize object
Returns
Cake\Auth\BaseAuthorize
|nullidentify()source public
identify( )
Use the configured authentication adapters, and attempt to identify the user by credentials contained in $request.
Triggers Auth.afterIdentify
event which the authenticate classes can listen to.
Returns
array|booleanUser record data, or false, if the user could not be identified.
implementedEvents()source public
implementedEvents( )
Events supported by this component.
Returns
arrayOverrides
Cake\Controller\Component::implementedEvents()
initialize()source public
initialize( array $config )
Initialize properties.
Parameters
- array
$config
- The config data.
Overrides
Cake\Controller\Component::initialize()
isAuthorized()source public
isAuthorized( array|ArrayAccess|null $user = null , Cake\Http\ServerRequest $request = null )
Check if the provided user is authorized for the request.
Uses the configured Authorization adapters to check whether or not a user is authorized. Each adapter will be checked in sequence, if any of them return true, then the user will be authorized for the request.
Parameters
- array|ArrayAccess|null
$user
optional null The user to check the authorization of. If empty the user fetched from storage will be used.
-
Cake\Http\ServerRequest
$request
optional null The request to authenticate for. If empty, the current request will be used.
Returns
booleanTrue if $user is authorized, otherwise false
logout()source public
logout( )
Log a user out.
Returns the logout action to redirect to. Triggers the Auth.logout
event which the authenticate classes can listen for and perform custom logout logic.
Returns
stringNormalized config
logoutRedirect
Link
https://book.cakephp.org/3.0/en/controllers/components/authentication.html#logging-users-outredirectUrl()source public
redirectUrl( string|array|null $url = null )
Get the URL a user should be redirected to upon login.
Pass a URL in to set the destination a user should be redirected to upon logging in.
If no parameter is passed, gets the authentication redirect URL. The URL returned is as per following rules:
- Returns the normalized redirect URL from storage if it is present and for the same domain the current app is running on.
- If there is no URL returned from storage and there is a config
loginRedirect
, theloginRedirect
value is returned. - If there is no session and no
loginRedirect
, / is returned.
Parameters
- string|array|null
$url
optional null - Optional URL to write as the login redirect URL.
Returns
stringRedirect URL
setUser()source public
setUser( array|ArrayAccess $user )
Set provided user info to storage as logged in user.
The storage class is configured using storage
config key or passing instance to AuthComponent::storage().
Parameters
- array|ArrayAccess
$user
- User data.
Link
https://book.cakephp.org/3.0/en/controllers/components/authentication.html#identifying-users-and-logging-them-instartup()source public
startup( Cake\Event\Event $event )
Callback for Controller.startup event.
Parameters
-
Cake\Event\Event
$event
- Event instance.
Returns
Cake\Http\Response
|nullstorage()source public
storage( Cake\Auth\Storage\StorageInterface $storage = null )
Get/set user record storage object.
Parameters
-
Cake\Auth\Storage\StorageInterface
$storage
optional null Sets provided object as storage or if null returns configured storage object.
Returns
Cake\Auth\Storage\StorageInterface
|nulluser()source public
user( string|null $key = null )
Get the current user from storage.
Parameters
- string|null
$key
optional null - Field to retrieve. Leave null to get entire User record.
Returns
mixed|nullEither User record or null if no user is logged in, or retrieved field if key is specified.
Link
https://book.cakephp.org/3.0/en/controllers/components/authentication.html#accessing-the-logged-in-userMethods inherited from Cake\Controller\Component
__construct()source public
__construct( Cake\Controller\ComponentRegistry $registry , array $config = [] )
Constructor
Parameters
-
Cake\Controller\ComponentRegistry
$registry
- A ComponentRegistry this component can use to lazy load its components
- array
$config
optional [] - Array of configuration settings.
__debugInfo()source public
__debugInfo( )
Returns an array that can be used to describe the internal state of this object.
Returns
arraygetController()source public
getController( )
Get the controller this component is bound to.
Returns
Cake\Controller\Controller
The bound controller.
Methods used from Cake\Event\EventDispatcherTrait
dispatchEvent()source public
dispatchEvent( string $name , array|null $data = null , object|null $subject = null )
Wrapper for creating and dispatching events.
Returns a dispatched event.
Parameters
- string
$name
- Name of the event.
- array|null
$data
optional null Any value you wish to be transported with this event to it can be read by listeners.
- object|null
$subject
optional null The object that this event applies to ($this by default).
Returns
Cake\Event\Event
eventManager()source public deprecated
eventManager( Cake\Event\EventManager $eventManager = null )
Returns the Cake\Event\EventManager manager instance for this object.
You can use this instance to register any new listeners or callbacks to the object events, or create your own events and trigger them at will.
Deprecated
3.5.0 Use getEventManager()/setEventManager() instead.Parameters
-
Cake\Event\EventManager
$eventManager
optional null - the eventManager to set
Returns
Cake\Event\EventManager
getEventManager()source public
getEventManager( )
Returns the Cake\Event\EventManager manager instance for this object.
You can use this instance to register any new listeners or callbacks to the object events, or create your own events and trigger them at will.
Returns
Cake\Event\EventManager
setEventManager()source public
setEventManager( Cake\Event\EventManager $eventManager )
Returns the Cake\Event\EventManager manager instance for this object.
You can use this instance to register any new listeners or callbacks to the object events, or create your own events and trigger them at will.
Parameters
-
Cake\Event\EventManager
$eventManager
- the eventManager to set
Returns
$this
Methods used from Cake\Core\InstanceConfigTrait
_configDelete()source protected
_configDelete( string $key )
Deletes a single config key.
Parameters
- string
$key
- Key to delete.
Throws
Cake\Core\Exception\Exception
if attempting to clobber existing config
_configRead()source protected
_configRead( string|null $key )
Reads a config key.
Parameters
- string|null
$key
- Key to read.
Returns
mixed_configWrite()source protected
_configWrite( string|array $key , mixed $value , boolean|string $merge = false )
Writes a config key.
Parameters
- string|array
$key
- Key to write to.
- mixed
$value
- Value to write.
- boolean|string
$merge
optional false True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.
Throws
Cake\Core\Exception\Exception
if attempting to clobber existing config
config()source public deprecated
config( string|array|null $key = null , mixed|null $value = null , boolean $merge = true )
Gets/Sets the config.
Usage
Reading the whole config:
$this->config();
Reading a specific value:
$this->config('key');
Reading a nested value:
$this->config('some.nested.key');
Setting a specific value:
$this->config('key', $value);
Setting a nested value:
$this->config('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->config(['one' => 'value', 'another' => 'value']);
Deprecated
3.4.0 use setConfig()/getConfig() instead.Parameters
- string|array|null
$key
optional null - The key to get/set, or a complete array of configs.
- mixed|null
$value
optional null - The value to set.
- boolean
$merge
optional true - Whether to recursively merge or overwrite existing config, defaults to true.
Returns
mixedConfig value being read, or the object itself on write operations.
Throws
Cake\Core\Exception\Exception
When trying to set a key that is invalid.
configShallow()source public
configShallow( string|array $key , mixed|null $value = null )
Merge provided config with existing config. Unlike config()
which does a recursive merge for nested keys, this method does a simple merge.
Setting a specific value:
$this->configShallow('key', $value);
Setting a nested value:
$this->configShallow('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->configShallow(['one' => 'value', 'another' => 'value']);
Parameters
- string|array
$key
- The key to set, or a complete array of configs.
- mixed|null
$value
optional null - The value to set.
Returns
$this
getConfig()source public
getConfig( string|null $key = null , mixed $default = null )
Returns the config.
Usage
Reading the whole config:
$this->getConfig();
Reading a specific value:
$this->getConfig('key');
Reading a nested value:
$this->getConfig('some.nested.key');
Reading with default value:
$this->getConfig('some-key', 'default-value');
Parameters
- string|null
$key
optional null - The key to get or null for the whole config.
- mixed
$default
optional null - The return value when the key does not exist.
Returns
mixedConfig value being read.
setConfig()source public
setConfig( string|array $key , mixed|null $value = null , boolean $merge = true )
Sets the config.
Usage
Setting a specific value:
$this->setConfig('key', $value);
Setting a nested value:
$this->setConfig('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->setConfig(['one' => 'value', 'another' => 'value']);
Parameters
- string|array
$key
- The key to set, or a complete array of configs.
- mixed|null
$value
optional null - The value to set.
- boolean
$merge
optional true - Whether to recursively merge or overwrite existing config, defaults to true.
Returns
$this
Throws
Cake\Core\Exception\Exception
When trying to set a key that is invalid.
Methods used from Cake\Log\LogTrait
log()source public
log( mixed $msg , integer|string $level = LogLevel::ERROR , string|array $context = [] )
Convenience method to write a message to Log. See Log::write() for more information on writing to logs.
Parameters
- mixed
$msg
- Log message.
- integer|string
$level
optional LogLevel::ERROR - Error level.
- string|array
$context
optional [] - Additional log data relevant to this message.
Returns
booleanSuccess of log write.
Properties detail
$_authenticateObjectssource
protected Cake\Auth\BaseAuthenticate[]
Objects that will be used for authentication checks.
[]
$_authenticationProvidersource
protected Cake\Auth\BaseAuthenticate
The instance of the Authenticate provider that was used for successfully logging in the current user after calling login()
in the same request
$_authorizationProvidersource
protected Cake\Auth\BaseAuthorize
The instance of the Authorize provider that was used to grant access to the current user to the URL they are requesting.
$_authorizeObjectssource
protected Cake\Auth\BaseAuthorize[]
Objects that will be used for authorization checks.
[]
$_defaultConfigsource
protected array
Default config
-
authenticate
- An array of authentication objects to use for authenticating users. You can configure multiple adapters and they will be checked sequentially when users are identified.$this->Auth->setConfig('authenticate', [ 'Form' => [ 'userModel' => 'Users.Users' ] ]);
Using the class name without 'Authenticate' as the key, you can pass in an array of config for each authentication object. Additionally you can define config that should be set to all authentications objects using the 'all' key:
$this->Auth->setConfig('authenticate', [ AuthComponent::ALL => [ 'userModel' => 'Users.Users', 'scope' => ['Users.active' => 1] ], 'Form', 'Basic' ]);
-
authorize
- An array of authorization objects to use for authorizing users. You can configure multiple adapters and they will be checked sequentially when authorization checks are done.$this->Auth->setConfig('authorize', [ 'Crud' => [ 'actionPath' => 'controllers/' ] ]);
Using the class name without 'Authorize' as the key, you can pass in an array of config for each authorization object. Additionally you can define config that should be set to all authorization objects using the AuthComponent::ALL key:
$this->Auth->setConfig('authorize', [ AuthComponent::ALL => [ 'actionPath' => 'controllers/' ], 'Crud', 'CustomAuth' ]);
~~
ajaxLogin
~~ - The name of an optional view element to render when an Ajax request is made with an invalid or expired session. This option is deprecated since 3.3.6. Your client side code should instead check for 403 status code and show appropriate login form.-
flash
- Settings to use when Auth needs to do a flash message with FlashComponent::set(). Available keys are:-
key
- The message domain to use for flashes generated by this component, defaults to 'auth'. -
element
- Flash element to use, defaults to 'default'. -
params
- The array of additional params to use, defaults to ['class' => 'error']
-
loginAction
- A URL (defined as a string or array) to the controller action that handles logins. Defaults to/users/login
.loginRedirect
- Normally, if a user is redirected to theloginAction
page, the location they were redirected from will be stored in the session so that they can be redirected back after a successful login. If this session value is not set, redirectUrl() method will return the URL specified inloginRedirect
.logoutRedirect
- The default action to redirect to after the user is logged out. While AuthComponent does not handle post-logout redirection, a redirect URL will be returned fromAuthComponent::logout()
. Defaults tologinAction
.authError
- Error to display when user attempts to access an object or action to which they do not have access.-
unauthorizedRedirect
- Controls handling of unauthorized access.- For default value
true
unauthorized user is redirected to the referrer URL or$loginRedirect
or '/'. - If set to a string or array the value is used as a URL to redirect to.
- If set to false a
ForbiddenException
exception is thrown instead of redirecting.
- For default value
storage
- Storage class to use for persisting user record. When using stateless authenticator you should set this to 'Memory'. Defaults to 'Session'.checkAuthIn
- Name of event for which initial auth checks should be done. Defaults to 'Controller.startup'. You can set it to 'Controller.initialize' if you want the check to be done before controller's beforeFilter() is run.
[ 'authenticate' => null, 'authorize' => null, 'ajaxLogin' => null, 'flash' => null, 'loginAction' => null, 'loginRedirect' => null, 'logoutRedirect' => null, 'authError' => null, 'unauthorizedRedirect' => true, 'storage' => 'Session', 'checkAuthIn' => 'Controller.startup' ]
$allowedActionssource
public array
Controller actions for which user validation is not required.
See
\Cake\Controller\Component\AuthComponent::allow()[]
$componentssource
public array
Other components utilized by AuthComponent
['RequestHandler', 'Flash']
$sessionsource
public Cake\Http\Session
Instance of the Session object
Deprecated
3.1.0 Will be removed in 4.0Magic properties detail
$Flashsource
$RequestHandlersource
© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/3.6/class-Cake.Controller.Component.AuthComponent.html