Class FormAuthenticate

An authentication adapter for AuthComponent. Provides the ability to authenticate using POST data. Can be used by configuring AuthComponent to use it via the AuthComponent::$authenticate config.

$this->Auth->authenticate = [
     'Form' => [
         'finder' => ['auth' => ['some_finder_option' => 'some_value']]
     ]
 ]

When configuring FormAuthenticate you can pass in config to which fields, model and additional conditions are used. See FormAuthenticate::$_config for more information.

Cake\Auth\BaseAuthenticate implements Cake\Event\EventListenerInterface uses Cake\Core\InstanceConfigTrait

Cake\Auth\FormAuthenticate

Namespace: Cake\Auth
See: \Cake\Controller\Component\AuthComponent::$authenticate
Location: Auth/FormAuthenticate.php

Inherited Properties

_defaultConfig, _needsPasswordRehash, _passwordHasher, _registry _config, _configInitialized

Method Summary

_checkFields() protected
Checks the fields to ensure they are supplied.
authenticate() public

Authenticates the identity contained in a request. Will use the config.userModel, and config.fields to find POST data that is used to find a matching record in the config.userModel. Will return false if there is no post data, either username or password is missing, or if the scope conditions have not been met.

Method Detail

_checkFields()source protected

_checkFields( Cake\Network\Request $request , array $fields )

Checks the fields to ensure they are supplied.

Parameters

Cake\Network\Request $request: The request that contains login information.
array $fields: The fields to be checked.

Returns

boolean
False if the fields have not been supplied. True if they exist.

authenticate()source public

authenticate( Cake\Network\Request $request , Cake\Network\Response $response )

Authenticates the identity contained in a request. Will use the config.userModel, and config.fields to find POST data that is used to find a matching record in the config.userModel. Will return false if there is no post data, either username or password is missing, or if the scope conditions have not been met.

Parameters

Cake\Network\Request $request: The request that contains login information.
Cake\Network\Response $response: Unused response object.

Returns

mixed
False on login failure. An array of User data on success.

Methods inherited from Cake\Auth\BaseAuthenticate

__construct()source public

__construct( Cake\Controller\ComponentRegistry $registry , array $config [] )

Constructor

Parameters

Cake\Controller\ComponentRegistry $registry: The Component registry used on this request.
array $config optional []: Array of config to use.

_findUser()source protected

_findUser( string $username , string|null $password null )

Find a user record using the username and password provided.

Input passwords will be hashed even when a user doesn't exist. This helps mitigate timing attacks that are attempting to find valid usernames.

Parameters

string $username: The username/identifier.
string|null $password optional null: The password, if not provided password checking is skipped and result of find is returned.

Returns

boolean|array
Either false on failure, or an array of user data.

_query()source protected

_query( string $username )

Get query object for fetching user from database.

Parameters

string $username: The username/identifier.

Returns

Cake\ORM\Query

getUser()source public

getUser( Cake\Network\Request $request )

Get a user based on information in the request. Primarily used by stateless authentication systems like basic and digest auth.

Parameters

Cake\Network\Request $request: Request object.

Returns

mixed
Either false or an array of user information

implementedEvents()source public

implementedEvents( )

Returns a list of all events that this authenticate class will listen to.

An authenticate class can listen to following events fired by AuthComponent:

Auth.afterIdentify - Fired after a user has been identified using one of configured authenticate class. The callback function should have signature like afterIdentify(Event $event, array $user) when $user is the identified user record.
Auth.logout - Fired when AuthComponent::logout() is called. The callback function should have signature like logout(Event $event, array $user) where $user is the user about to be logged out.

Returns

array
List of events this class listens to. Defaults to [].

Implementation of

Cake\Event\EventListenerInterface::implementedEvents()

needsPasswordRehash()source public

needsPasswordRehash( )

Returns whether or not the password stored in the repository for the logged in user requires to be rehashed with another algorithm

Returns

boolean

passwordHasher()source public

passwordHasher( )

Return password hasher object

Returns

Cake\Auth\AbstractPasswordHasher
Password hasher instance

Throws

RuntimeException

If password hasher class not found or it does not extend AbstractPasswordHasher

unauthenticated()source public

unauthenticated( Cake\Network\Request $request , Cake\Network\Response $response )

Handle unauthenticated access attempt. In implementation valid return values can be:

Null - No action taken, AuthComponent should return appropriate response.
Cake\Network\Response - A response object, which will cause AuthComponent to simply return that response.

Parameters

Cake\Network\Request $request: A request object.
Cake\Network\Response $response: A response object.

Methods used from Cake\Core\InstanceConfigTrait

_configDelete()source protected

_configDelete( string $key )

Delete a single config key

Parameters

string $key: Key to delete.

Throws

Cake\Core\Exception\Exception
if attempting to clobber existing config

_configRead()source protected

_configRead( string|null $key )

Read a config variable

Parameters

string|null $key: Key to read.

Returns

mixed

_configWrite()source protected

_configWrite( string|array $key , mixed $value , boolean|string $merge false )

Write a config variable

Parameters

string|array $key: Key to write to.
mixed $value: Value to write.
boolean|string $merge optional false: True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.

Throws

Cake\Core\Exception\Exception
if attempting to clobber existing config

config()source public

config( string|array|null $key null , mixed|null $value null , boolean $merge true )

Usage

Reading the whole config:

$this->config();

Reading a specific value:

$this->config('key');

Reading a nested value:

$this->config('some.nested.key');

Setting a specific value:

$this->config('key', $value);

Setting a nested value:

$this->config('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->config(['one' => 'value', 'another' => 'value']);

Parameters

string|array|null $key optional null: The key to get/set, or a complete array of configs.
mixed|null $value optional null: The value to set.
boolean $merge optional true: Whether to recursively merge or overwrite existing config, defaults to true.

Returns

mixed
Config value being read, or the object itself on write operations.

Throws

Cake\Core\Exception\Exception
When trying to set a key that is invalid.

configShallow()source public

configShallow( string|array $key , mixed|null $value null )

Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.

Setting a specific value:

$this->config('key', $value);

Setting a nested value:

$this->config('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->config(['one' => 'value', 'another' => 'value']);

Parameters

string|array $key: The key to set, or a complete array of configs.
mixed|null $value optional null: The value to set.

Returns

$this The object itself.

© 2005–2016 The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
http://api.cakephp.org/3.2/class-Cake.Auth.FormAuthenticate.html