1: <?php
 2: /**
 3:  * PHP 5
 4:  *
 5:  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
 6:  * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
 7:  *
 8:  * Licensed under The MIT License
 9:  * For full copyright and license information, please see the LICENSE.txt
10:  * Redistributions of the files must retain the above copyright notice.
11:  *
12:  * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
13:  * @link          http://cakephp.org CakePHP(tm) Project
14:  * @license       http://www.opensource.org/licenses/mit-license.php MIT License
15:  */
16: 
17: App::uses('FormAuthenticate', 'Controller/Component/Auth');
18: 
19: /**
20:  * An authentication adapter for AuthComponent. Provides the ability to authenticate using POST data using Blowfish
21:  * hashing. Can be used by configuring AuthComponent to use it via the AuthComponent::$authenticate setting.
22:  *
23:  * {{{
24:  *  $this->Auth->authenticate = array(
25:  *      'Blowfish' => array(
26:  *          'scope' => array('User.active' => 1)
27:  *      )
28:  *  )
29:  * }}}
30:  *
31:  * When configuring BlowfishAuthenticate you can pass in settings to which fields, model and additional conditions
32:  * are used. See FormAuthenticate::$settings for more information.
33:  *
34:  * For initial password hashing/creation see Security::hash(). Other than how the password is initially hashed,
35:  * BlowfishAuthenticate works exactly the same way as FormAuthenticate.
36:  *
37:  * @package Cake.Controller.Component.Auth
38:  * @since CakePHP(tm) v 2.3
39:  * @see AuthComponent::$authenticate
40:  */
41: class BlowfishAuthenticate extends FormAuthenticate {
42: 
43: /**
44:  * Authenticates the identity contained in a request. Will use the `settings.userModel`, and `settings.fields`
45:  * to find POST data that is used to find a matching record in the`settings.userModel`. Will return false if
46:  * there is no post data, either username or password is missing, or if the scope conditions have not been met.
47:  *
48:  * @param CakeRequest $request The request that contains login information.
49:  * @param CakeResponse $response Unused response object.
50:  * @return mixed False on login failure. An array of User data on success.
51:  */
52:     public function authenticate(CakeRequest $request, CakeResponse $response) {
53:         $userModel = $this->settings['userModel'];
54:         list(, $model) = pluginSplit($userModel);
55: 
56:         $fields = $this->settings['fields'];
57:         if (!$this->_checkFields($request, $model, $fields)) {
58:             return false;
59:         }
60:         $user = $this->_findUser(
61:             array(
62:                 $model . '.' . $fields['username'] => $request->data[$model][$fields['username']],
63:             )
64:         );
65:         if (!$user) {
66:             return false;
67:         }
68:         $password = Security::hash(
69:             $request->data[$model][$fields['password']],
70:             'blowfish',
71:             $user[$fields['password']]
72:         );
73:         if ($password === $user[$fields['password']]) {
74:             unset($user[$fields['password']]);
75:             return $user;
76:         }
77:         return false;
78:     }
79: }
80: