Class AuthComponent
Authentication control component class
Binds access control with user authentication and session management.
- Object
- AuthComponent
Copyright: Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
License: The MIT License
Location: controller/components/auth.php
Properties summary
-
$_loggedIn
publicboolean
Maintains current user login state. -
$_methods
publicarray
Method list for bound controller -
$actionMap
publicarray
Maps actions to CRUD operations. Used for controller-based validation ($validate = 'controller'). -
$actionPath
publicstring
If using action-based access control, this defines how the paths to action ACO nodes is computed. If, for example, all controller nodes are nested under an ACO node named 'Controllers', $actionPath should be set to "Controllers/".
-
$ajaxLogin
publicstring
The name of an optional view element to render when an Ajax request is made with an invalid or expired session
-
$allowedActions
publicarray
Controller actions for which user validation is not required. -
$authError
publicstring
Error to display when user attempts to access an object or action to which they do not have acccess.
-
$authenticate
publicobject
A reference to the object used for authentication -
$authorize
publicmixed
The name of the component to use for Authorization or set this to 'controller' will validate against Controller::isAuthorized() 'actions' will validate Controller::action against an AclComponent::check() 'crud' will validate mapActions against an AclComponent::check() array('model'=> 'name'); will validate mapActions against model $name::isAuthorized(user, controller, mapAction) 'object' will validate Controller::action against object::isAuthorized(user, controller, action)
-
$autoRedirect
publicboolean
Determines whether AuthComponent will automatically redirect and exit if login is successful. -
$components
publicarray
Other components utilized by AuthComponent -
$data
publicarray
Form data from Controller::$data -
$fields
publicarray
Allows you to specify non-default login name and password fields used in $userModel, i.e. array('username' => 'login_name', 'password' => 'passwd').
-
$loginAction
publicmixed
A URL (defined as a string or array) to the controller action that handles logins.
-
$loginError
publicstring
Error to display when user login fails. For security purposes, only one error is used for all login failures, so as not to expose information on why the login failed.
-
$loginRedirect
publicmixed
Normally, if a user is redirected to the $loginAction page, the location they were redirected from will be stored in the session so that they can be redirected back after a successful login. If this session value is not set, the user will be redirected to the page specified in $loginRedirect.
-
$logoutRedirect
publicmixed
The the default action to redirect to after the user is logged out. While AuthComponent does not handle post-logout redirection, a redirect URL will be returned from AuthComponent::logout(). Defaults to AuthComponent::$loginAction.
-
$object
publicstring
The name of model or model object, or any other object has an isAuthorized method. -
$params
publicarray
Parameter data from Controller::$params -
$sessionKey
publicstring
The session key name where the record of the current user is stored. If unspecified, it will be "Auth.{$userModel name}".
-
$userModel
publicstring
The name of the model that represents users which will be authenticated. Defaults to 'User'. -
$userScope
publicarray
Additional query conditions to use when looking up and authenticating users, i.e. array('User.is_active' => 1).
Inherited Properties
Method Summary
-
__authType() public
Get authorization type -
__setDefaults() public
Attempts to introspect the correct values for object properties including $userModel and $sessionKey.
-
action() public
Returns the path to the ACO node bound to a controller/action. -
allow() public
Takes a list of actions in the current controller for which authentication is not required, or no parameters to allow all actions.
-
deny() public
Removes items from the list of allowed actions. -
getModel() public
Returns a reference to the model object specified, and attempts to load it if it is not found.
-
hashPasswords() public
Hash any passwords found in $data using $userModel and $fields['password'] -
identify() public
Identifies a user based on specific criteria. -
initialize() public
Initializes AuthComponent for use in the controller -
isAuthorized() public
Determines whether the given user is authorized to perform an action. The type of authorization used is based on the value of AuthComponent::$authorize or the passed $type param.
-
login() public
Manually log-in a user with the given parameter data. The $data provided can be any data structure used to identify a user in AuthComponent::identify(). If $data is empty or not specified, POST data from Controller::$data will be used automatically.
-
logout() public
Logs a user out, and returns the login action to redirect to. -
mapActions() public
Maps action names to CRUD operations. Used for controller-based authentication. -
password() public
Hash a password with the application's salt value (as defined with Configure::write('Security.salt'); -
redirect() public
If no parameter is passed, gets the authentication redirect URL. -
shutdown() public
Component shutdown. If user is logged in, wipe out redirect. -
startup() public
Main execution method. Handles redirecting of invalid users, and processing of login form data.
-
user() public
Get the current user from the session. -
validate() public
Validates a user against an abstract object.
Method Detail
__authType() public ¶
__authType( string $auth = null )
Get authorization type
Parameters
- string $auth optional null
- Type of authorization
Returns
Associative array with: type, object
__setDefaults() public ¶
__setDefaults( object $controller ,… )
Attempts to introspect the correct values for object properties including $userModel and $sessionKey.
Parameters
- object $controller ,…
- A reference to the instantiating controller object
Returns
action() public ¶
action( string $action = ':controller/:action' )
Returns the path to the ACO node bound to a controller/action.
Parameters
- string $action optional ':controller/:action'
Optional. The controller/action path to validate the user against. The current request action is used if none is specified.
Returns
ACO node path
allow() public ¶
allow( string $action ,…, string $action ,… )
Takes a list of actions in the current controller for which authentication is not required, or no parameters to allow all actions.
Parameters
- string $action ,…
- Controller action name
- string $action ,…
- Controller action name
deny() public ¶
deny( string $action ,…, string $action ,… )
Removes items from the list of allowed actions.
Parameters
- string $action ,…
- Controller action name
- string $action ,…
- Controller action name
See
getModel() public ¶
getModel( string $name = null )
Returns a reference to the model object specified, and attempts to load it if it is not found.
Parameters
- string $name optional null
- Model name (defaults to AuthComponent::$userModel)
Returns
A reference to a model object
hashPasswords() public ¶
hashPasswords( array $data )
Hash any passwords found in $data using $userModel and $fields['password']
Parameters
- array $data
- Set of data to look for passwords
Returns
Data with passwords hashed
identify() public ¶
identify( mixed $user = null , array $conditions = null )
Identifies a user based on specific criteria.
Parameters
- mixed $user optional null
Optional. The identity of the user to be validated. Uses the current user session if none specified.
- array $conditions optional null
- Optional. Additional conditions to a find.
Returns
User record data, or null, if the user could not be identified.
initialize() public ¶
initialize( object $controller )
Initializes AuthComponent for use in the controller
Parameters
- object $controller
- A reference to the instantiating controller object
isAuthorized() public ¶
isAuthorized( string $type = null , mixed $object = null , mixed $user = null )
Determines whether the given user is authorized to perform an action. The type of authorization used is based on the value of AuthComponent::$authorize or the passed $type param.
Types: 'controller' will validate against Controller::isAuthorized() if controller instance is passed in $object 'actions' will validate Controller::action against an AclComponent::check() 'crud' will validate mapActions against an AclComponent::check() array('model'=> 'name'); will validate mapActions against model $name::isAuthorized(user, controller, mapAction) 'object' will validate Controller::action against object::isAuthorized(user, controller, action)
Parameters
- string $type optional null
- Type of authorization
- mixed $object optional null
- object, model object, or model name
- mixed $user optional null
- The user to check the authorization of
Returns
True if $user is authorized, otherwise false
login() public ¶
login( mixed $data = null )
Manually log-in a user with the given parameter data. The $data provided can be any data structure used to identify a user in AuthComponent::identify(). If $data is empty or not specified, POST data from Controller::$data will be used automatically.
After (if) login is successful, the user record is written to the session key specified in AuthComponent::$sessionKey.
Parameters
- mixed $data optional null
- User object
Returns
True on login success, false on failure
logout() public ¶
logout( mixed $url ,… )
Logs a user out, and returns the login action to redirect to.
Parameters
- mixed $url ,…
- Optional URL to redirect the user to after logout
Returns
AuthComponent::$loginAction
See
mapActions() public ¶
mapActions( array $map = array() )
Maps action names to CRUD operations. Used for controller-based authentication.
Parameters
- array $map optional array()
- Actions to map
password() public ¶
password( string $password )
Hash a password with the application's salt value (as defined with Configure::write('Security.salt');
Parameters
- string $password
- Password to hash
Returns
Hashed password
redirect() public ¶
redirect( mixed $url = null )
If no parameter is passed, gets the authentication redirect URL.
Parameters
- mixed $url optional null
- Optional URL to write as the login redirect URL.
Returns
Redirect URL
shutdown() public ¶
shutdown( object $controller )
Component shutdown. If user is logged in, wipe out redirect.
Parameters
- object $controller
- Instantiating controller
startup() public ¶
startup( object $controller )
Main execution method. Handles redirecting of invalid users, and processing of login form data.
Parameters
- object $controller
- A reference to the instantiating controller object
Returns
user() public ¶
user( string $key = null )
Get the current user from the session.
Parameters
- string $key optional null
- field to retrive. Leave null to get entire User record
Returns
User record. or null if no user is logged in.
validate() public ¶
validate( mixed $object , mixed $user = null , string $action = null )
Validates a user against an abstract object.
Parameters
- mixed $object
- The object to validate the user against.
- mixed $user optional null
Optional. The identity of the user to be validated. Uses the current user session if none specified. For valid forms of identifying users, see AuthComponent::identify().
- string $action optional null
- Optional. The action to validate against.
Returns
True if the user validates, false otherwise.
See
Methods inherited from Object
Object() public ¶
Object( )
A hack to support __construct() on PHP 4 Hint: descendant classes have no PHP4 class_name() constructors, so this constructor gets called first and calls the top-layer __construct() which (if present) should call parent::__construct()
Returns
__openPersistent() public ¶
__openPersistent( string $name , string $type = null )
Open the persistent class file for reading Used by Object::_persist()
Parameters
- string $name
- Name of persisted class
- string $type optional null
- Type of persistance (e.g: registry)
_persist() public ¶
_persist( string $name , string $return , $object , $type = null )
Checks for a persistent class file, if found file is opened and true returned If file is not found a file is created and false returned If used in other locations of the model you should choose a unique name for the persistent file There are many uses for this method, see manual for examples
Parameters
- string $name
- name of the class to persist
- string $return
- $object the object to persist
- $object
- $type optional null
Returns
Success
_savePersistent() public ¶
_savePersistent( string $name , object $object )
You should choose a unique name for the persistent file
There are many uses for this method, see manual for examples
Parameters
- string $name
- name used for object to cache
- object $object
- the object to persist
Returns
true on save, throws error if file can not be created
_set() public ¶
_set( array $properties = array() )
Allows setting of multiple properties of the object in a single line of code.
Parameters
- array $properties optional array()
- An associative array containing properties and corresponding values.
_stop() public ¶
_stop( $status = 0 )
Stop execution of the current script
Parameters
- $status optional 0
- http://php.net/exit for values
cakeError() public ¶
cakeError( string $method , array $messages = array() )
Used to report user friendly errors. If there is a file app/error.php or app/app_error.php this file will be loaded error.php is the AppError class it should extend ErrorHandler class.
Parameters
- string $method
- Method to be called in the error class (AppError or ErrorHandler classes)
- array $messages optional array()
- Message that is to be displayed by the error class
Returns
message
dispatchMethod() public ¶
dispatchMethod( string $method , array $params = array() )
Calls a method on this object with the given parameters. Provides an OO wrapper for call_user_func_array, and improves performance by using straight method calls in most cases.
Parameters
- string $method
- Name of the method to call
- array $params optional array()
- Parameter list to use when calling $method
Returns
Returns the result of the method call
log() public ¶
log( string $msg , integer $type = LOG_ERROR )
API for logging events.
Parameters
- string $msg
- Log message
- integer $type optional LOG_ERROR
- Error type constant. Defined in app/config/core.php.
Returns
Success of log write
requestAction() public ¶
requestAction( mixed $url , array $extra = array() )
Calls a controller's method from any location.
Parameters
- mixed $url
- String or array-based url.
- array $extra optional array()
- if array includes the key "return" it sets the AutoRender to true.
Returns
Boolean true or false on success/failure, or contents of rendered action if 'return' is set in $extra.
toString() public ¶
toString( )
Object-to-string conversion. Each class can override this method as necessary.
Returns
The name of this class
Properties detail
$actionMap ¶
Maps actions to CRUD operations. Used for controller-based validation ($validate = 'controller').
See
array( 'index' => 'read', 'add' => 'create', 'edit' => 'update', 'view' => 'read', 'remove' => 'delete' )
$actionPath ¶
If using action-based access control, this defines how the paths to action ACO nodes is computed. If, for example, all controller nodes are nested under an ACO node named 'Controllers', $actionPath should be set to "Controllers/".
null
$ajaxLogin ¶
The name of an optional view element to render when an Ajax request is made with an invalid or expired session
null
$allowedActions ¶
Controller actions for which user validation is not required.
See
array()
$authError ¶
Error to display when user attempts to access an object or action to which they do not have acccess.
null
$authorize ¶
The name of the component to use for Authorization or set this to 'controller' will validate against Controller::isAuthorized() 'actions' will validate Controller::action against an AclComponent::check() 'crud' will validate mapActions against an AclComponent::check() array('model'=> 'name'); will validate mapActions against model $name::isAuthorized(user, controller, mapAction) 'object' will validate Controller::action against object::isAuthorized(user, controller, action)
false
$autoRedirect ¶
Determines whether AuthComponent will automatically redirect and exit if login is successful.
true
$components ¶
Other components utilized by AuthComponent
array('Session', 'RequestHandler')
$fields ¶
Allows you to specify non-default login name and password fields used in $userModel, i.e. array('username' => 'login_name', 'password' => 'passwd').
array('username' => 'username', 'password' => 'password')
$loginAction ¶
A URL (defined as a string or array) to the controller action that handles logins.
null
$loginError ¶
Error to display when user login fails. For security purposes, only one error is used for all login failures, so as not to expose information on why the login failed.
null
$loginRedirect ¶
Normally, if a user is redirected to the $loginAction page, the location they were redirected from will be stored in the session so that they can be redirected back after a successful login. If this session value is not set, the user will be redirected to the page specified in $loginRedirect.
null
$logoutRedirect ¶
The the default action to redirect to after the user is logged out. While AuthComponent does not handle post-logout redirection, a redirect URL will be returned from AuthComponent::logout(). Defaults to AuthComponent::$loginAction.
See
AuthComponent::logout()
null
$object ¶
The name of model or model object, or any other object has an isAuthorized method.
null
$sessionKey ¶
The session key name where the record of the current user is stored. If unspecified, it will be "Auth.{$userModel name}".
null
$userModel ¶
The name of the model that represents users which will be authenticated. Defaults to 'User'.
'User'
$userScope ¶
Additional query conditions to use when looking up and authenticating users, i.e. array('User.is_active' => 1).
array()