Class FormAuthenticate

Form authentication adapter for AuthComponent.

Allows you to authenticate users based on form POST data. Usually, this is a login form that users enter information into.

Using Form auth

Load AuthComponent in your controller's initialize() and add 'Form' in 'authenticate' key

$this->loadComponent('Auth', [
    'authenticate' => [
        'Form' => [
            'fields' => ['username' => 'email', 'password' => 'passwd'],
            'finder' => 'auth',
        ]
    ]
]);

When configuring FormAuthenticate you can pass in config to which fields, model and finder are used. See BaseAuthenticate::$_defaultConfig for more information.

Namespace: Cake\Auth

Properties summary

  • $_config protected
    array

    Runtime config

  • $_configInitialized protected
    bool

    Whether the config property has already been configured with defaults

  • $_defaultConfig protected
    array

    Default config for this object.

  • $_needsPasswordRehash protected
    bool

    Whether or not the user authenticated by this class requires their password to be rehashed with another algorithm.

  • $_passwordHasher protected
    \Cake\Auth\AbstractPasswordHasher|null

    Password hasher instance.

  • $_registry protected
    \Cake\Controller\ComponentRegistry

    A Component registry, used to get more components.

  • $_tableLocator protected
    \Cake\ORM\Locator\LocatorInterface|null

    Table locator instance

Method Summary

  • __construct() public

    Constructor

  • _checkFields() protected

    Checks the fields to ensure they are supplied.

  • _configDelete() protected

    Deletes a single config key.

  • _configRead() protected

    Reads a config key.

  • _configWrite() protected

    Writes a config key.

  • _findUser() protected

    Find a user record using the username and password provided.

  • _query() protected

    Get query object for fetching user from database.

  • authenticate() public

    Authenticates the identity contained in a request. Will use the config.userModel, and config.fields to find POST data that is used to find a matching record in the config.userModel. Will return false if there is no post data, either username or password is missing, or if the scope conditions have not been met.

  • configShallow() public

    Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.

  • getConfig() public

    Returns the config.

  • getConfigOrFail() public

    Returns the config for this specific key.

  • getTableLocator() public

    Gets the table locator.

  • getUser() public

    Get a user based on information in the request. Primarily used by stateless authentication systems like basic and digest auth.

  • implementedEvents() public

    Returns a list of all events that this authenticate class will listen to.

  • needsPasswordRehash() public

    Returns whether or not the password stored in the repository for the logged in user requires to be rehashed with another algorithm

  • passwordHasher() public

    Return password hasher object

  • setConfig() public

    Sets the config.

  • setTableLocator() public

    Sets the table locator.

  • unauthenticated() public

    Handle unauthenticated access attempt. In implementation valid return values can be:

Method Detail

__construct() public 

__construct(\Cake\Controller\ComponentRegistry $registry, array $config)

Constructor

Parameters

\Cake\Controller\ComponentRegistry $registry

The Component registry used on this request.

array $config optional

Array of config to use.

_checkFields() protected 

_checkFields(\Cake\Http\ServerRequest $request, array $fields)

Checks the fields to ensure they are supplied.

Parameters

\Cake\Http\ServerRequest $request

The request that contains login information.

array $fields

The fields to be checked.

Returns

bool

False if the fields have not been supplied. True if they exist.

_configDelete() protected 

_configDelete(string $key)

Deletes a single config key.

Parameters

string $key

Key to delete.

Throws

Cake\Core\Exception\Exception
if attempting to clobber existing config

_configRead() protected 

_configRead(?string $key)

Reads a config key.

Parameters

string|null $key

Key to read.

Returns

mixed

_configWrite() protected 

_configWrite(mixed $key, mixed $value, mixed $merge)

Writes a config key.

Parameters

string|array $key

Key to write to.

mixed $value

Value to write.

bool|string $merge optional

True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.

Throws

Cake\Core\Exception\Exception
if attempting to clobber existing config

_findUser() protected 

_findUser(string $username, ?string $password)

Find a user record using the username and password provided.

Input passwords will be hashed even when a user doesn't exist. This helps mitigate timing attacks that are attempting to find valid usernames.

Parameters

string $username

The username/identifier.

string|null $password optional

The password, if not provided password checking is skipped and result of find is returned.

Returns

array|false

Either false on failure, or an array of user data.

_query() protected 

_query(string $username)

Get query object for fetching user from database.

Parameters

string $username

The username/identifier.

Returns

\Cake\ORM\Query

authenticate() public 

authenticate(\Cake\Http\ServerRequest $request, \Cake\Http\Response $response)

Authenticates the identity contained in a request. Will use the config.userModel, and config.fields to find POST data that is used to find a matching record in the config.userModel. Will return false if there is no post data, either username or password is missing, or if the scope conditions have not been met.

Parameters

\Cake\Http\ServerRequest $request

The request that contains login information.

\Cake\Http\Response $response

Unused response object.

Returns

array|false

False on login failure. An array of User data on success.

configShallow() public 

configShallow(mixed $key, mixed $value)

Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.

Setting a specific value:

$this->configShallow('key', $value);

Setting a nested value:

$this->configShallow('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->configShallow(['one' => 'value', 'another' => 'value']);

Parameters

string|array $key

The key to set, or a complete array of configs.

mixed|null $value optional

The value to set.

Returns

$this

getConfig() public 

getConfig(?string $key, mixed $default)

Returns the config.

Usage

Reading the whole config:

$this->getConfig();

Reading a specific value:

$this->getConfig('key');

Reading a nested value:

$this->getConfig('some.nested.key');

Reading with default value:

$this->getConfig('some-key', 'default-value');

Parameters

string|null $key optional

The key to get or null for the whole config.

mixed $default optional

The return value when the key does not exist.

Returns

mixed

Configuration data at the named key or null if the key does not exist.

getConfigOrFail() public 

getConfigOrFail(string $key)

Returns the config for this specific key.

The config value for this key must exist, it can never be null.

Parameters

string $key

The key to get.

Returns

mixed

Configuration data at the named key

Throws

InvalidArgumentException

getTableLocator() public 

getTableLocator()

Gets the table locator.

Returns

\Cake\ORM\Locator\LocatorInterface

getUser() public 

getUser(\Cake\Http\ServerRequest $request)

Get a user based on information in the request. Primarily used by stateless authentication systems like basic and digest auth.

Parameters

\Cake\Http\ServerRequest $request

Request object.

Returns

array|false

Either false or an array of user information

implementedEvents() public 

implementedEvents()

Returns a list of all events that this authenticate class will listen to.

An authenticate class can listen to following events fired by AuthComponent:

  • Auth.afterIdentify - Fired after a user has been identified using one of configured authenticate class. The callback function should have signature like afterIdentify(EventInterface $event, array $user) when $user is the identified user record.

  • Auth.logout - Fired when AuthComponent::logout() is called. The callback function should have signature like logout(EventInterface $event, array $user) where $user is the user about to be logged out.

Returns

array

List of events this class listens to. Defaults to [].

needsPasswordRehash() public 

needsPasswordRehash()

Returns whether or not the password stored in the repository for the logged in user requires to be rehashed with another algorithm

Returns

bool

passwordHasher() public 

passwordHasher()

Return password hasher object

Returns

\Cake\Auth\AbstractPasswordHasher

Password hasher instance

Throws

RuntimeException
If password hasher class not found or it does not extend AbstractPasswordHasher

setConfig() public 

setConfig(mixed $key, mixed $value, mixed $merge)

Sets the config.

Usage

Setting a specific value:

$this->setConfig('key', $value);

Setting a nested value:

$this->setConfig('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->setConfig(['one' => 'value', 'another' => 'value']);

Parameters

string|array $key

The key to set, or a complete array of configs.

mixed|null $value optional

The value to set.

bool $merge optional

Whether to recursively merge or overwrite existing config, defaults to true.

Returns

$this

Throws

Cake\Core\Exception\Exception
When trying to set a key that is invalid.

setTableLocator() public 

setTableLocator(\Cake\ORM\Locator\LocatorInterface $tableLocator)

Sets the table locator.

Parameters

\Cake\ORM\Locator\LocatorInterface $tableLocator

LocatorInterface instance.

Returns

$this

unauthenticated() public 

unauthenticated(\Cake\Http\ServerRequest $request, \Cake\Http\Response $response)

Handle unauthenticated access attempt. In implementation valid return values can be:

  • Null - No action taken, AuthComponent should return appropriate response.
  • Cake\Http\Response - A response object, which will cause AuthComponent to simply return that response.

Parameters

\Cake\Http\ServerRequest $request

A request object.

\Cake\Http\Response $response

A response object.

Returns

\Cake\Http\Response|null|void

Property Detail

$_config protected

Runtime config

Type

array

$_configInitialized protected

Whether the config property has already been configured with defaults

Type

bool

$_defaultConfig protected

Default config for this object.

  • fields The fields to use to identify a user by.
  • userModel The alias for users table, defaults to Users.
  • finder The finder method to use to fetch user record. Defaults to 'all'. You can set finder name as string or an array where key is finder name and value is an array passed to Table::find() options. E.g. ['finderName' => ['some_finder_option' => 'some_value']]
  • passwordHasher Password hasher class. Can be a string specifying class name or an array containing className key, any other keys will be passed as config to the class. Defaults to 'Default'.

Type

array

$_needsPasswordRehash protected

Whether or not the user authenticated by this class requires their password to be rehashed with another algorithm.

Type

bool

$_passwordHasher protected

Password hasher instance.

Type

\Cake\Auth\AbstractPasswordHasher|null

$_registry protected

A Component registry, used to get more components.

Type

\Cake\Controller\ComponentRegistry

$_tableLocator protected

Table locator instance

Type

\Cake\ORM\Locator\LocatorInterface|null

© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.0/class-Cake.Auth.FormAuthenticate.html