1: <?php
  2: /**
  3:  * PHP 5
  4:  *
  5:  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
  6:  * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
  7:  *
  8:  * Licensed under The MIT License
  9:  * For full copyright and license information, please see the LICENSE.txt
 10:  * Redistributions of files must retain the above copyright notice.
 11:  *
 12:  * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
 13:  * @link          http://cakephp.org CakePHP(tm) Project
 14:  * @license       http://www.opensource.org/licenses/mit-license.php MIT License
 15:  */
 16: 
 17: App::uses('Security', 'Utility');
 18: App::uses('Hash', 'Utility');
 19: 
 20: /**
 21:  * Base Authentication class with common methods and properties.
 22:  *
 23:  * @package       Cake.Controller.Component.Auth
 24:  */
 25: abstract class BaseAuthenticate {
 26: 
 27: /**
 28:  * Settings for this object.
 29:  *
 30:  * - `fields` The fields to use to identify a user by.
 31:  * - `userModel` The model name of the User, defaults to User.
 32:  * - `scope` Additional conditions to use when looking up and authenticating users,
 33:  *    i.e. `array('User.is_active' => 1).`
 34:  * - `recursive` The value of the recursive key passed to find(). Defaults to 0.
 35:  * - `contain` Extra models to contain and store in session.
 36:  *
 37:  * @var array
 38:  */
 39:     public $settings = array(
 40:         'fields' => array(
 41:             'username' => 'username',
 42:             'password' => 'password'
 43:         ),
 44:         'userModel' => 'User',
 45:         'scope' => array(),
 46:         'recursive' => 0,
 47:         'contain' => null,
 48:     );
 49: 
 50: /**
 51:  * A Component collection, used to get more components.
 52:  *
 53:  * @var ComponentCollection
 54:  */
 55:     protected $_Collection;
 56: 
 57: /**
 58:  * Constructor
 59:  *
 60:  * @param ComponentCollection $collection The Component collection used on this request.
 61:  * @param array $settings Array of settings to use.
 62:  */
 63:     public function __construct(ComponentCollection $collection, $settings) {
 64:         $this->_Collection = $collection;
 65:         $this->settings = Hash::merge($this->settings, $settings);
 66:     }
 67: 
 68: /**
 69:  * Find a user record using the standard options.
 70:  *
 71:  * The $conditions parameter can be a (string)username or an array containing conditions for Model::find('first'). If
 72:  * the password field is not included in the conditions the password will be returned.
 73:  *
 74:  * @param Mixed $conditions The username/identifier, or an array of find conditions.
 75:  * @param Mixed $password The password, only use if passing as $conditions = 'username'.
 76:  * @return Mixed Either false on failure, or an array of user data.
 77:  */
 78:     protected function _findUser($conditions, $password = null) {
 79:         $userModel = $this->settings['userModel'];
 80:         list(, $model) = pluginSplit($userModel);
 81:         $fields = $this->settings['fields'];
 82: 
 83:         if (!is_array($conditions)) {
 84:             if (!$password) {
 85:                 return false;
 86:             }
 87:             $username = $conditions;
 88:             $conditions = array(
 89:                 $model . '.' . $fields['username'] => $username,
 90:                 $model . '.' . $fields['password'] => $this->_password($password),
 91:             );
 92:         }
 93:         if (!empty($this->settings['scope'])) {
 94:             $conditions = array_merge($conditions, $this->settings['scope']);
 95:         }
 96:         $result = ClassRegistry::init($userModel)->find('first', array(
 97:             'conditions' => $conditions,
 98:             'recursive' => $this->settings['recursive'],
 99:             'contain' => $this->settings['contain'],
100:         ));
101:         if (empty($result) || empty($result[$model])) {
102:             return false;
103:         }
104:         $user = $result[$model];
105:         if (
106:             isset($conditions[$model . '.' . $fields['password']]) ||
107:             isset($conditions[$fields['password']])
108:         ) {
109:             unset($user[$fields['password']]);
110:         }
111:         unset($result[$model]);
112:         return array_merge($user, $result);
113:     }
114: 
115: /**
116:  * Hash the plain text password so that it matches the hashed/encrypted password
117:  * in the datasource.
118:  *
119:  * @param string $password The plain text password.
120:  * @return string The hashed form of the password.
121:  */
122:     protected function _password($password) {
123:         return Security::hash($password, null, true);
124:     }
125: 
126: /**
127:  * Authenticate a user based on the request information.
128:  *
129:  * @param CakeRequest $request Request to get authentication information from.
130:  * @param CakeResponse $response A response object that can have headers added.
131:  * @return mixed Either false on failure, or an array of user data on success.
132:  */
133:     abstract public function authenticate(CakeRequest $request, CakeResponse $response);
134: 
135: /**
136:  * Allows you to hook into AuthComponent::logout(),
137:  * and implement specialized logout behavior.
138:  *
139:  * All attached authentication objects will have this method
140:  * called when a user logs out.
141:  *
142:  * @param array $user The user about to be logged out.
143:  * @return void
144:  */
145:     public function logout($user) {
146:     }
147: 
148: /**
149:  * Get a user based on information in the request. Primarily used by stateless authentication
150:  * systems like basic and digest auth.
151:  *
152:  * @param CakeRequest $request Request object.
153:  * @return mixed Either false or an array of user information
154:  */
155:     public function getUser(CakeRequest $request) {
156:         return false;
157:     }
158: 
159: }
160: