1: <?php
 2: /**
 3:  *
 4:  *
 5:  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
 6:  * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
 7:  *
 8:  * Licensed under The MIT License
 9:  * For full copyright and license information, please see the LICENSE.txt
10:  * Redistributions of files must retain the above copyright notice.
11:  *
12:  * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
13:  * @link          http://cakephp.org CakePHP(tm) Project
14:  * @license       http://www.opensource.org/licenses/mit-license.php MIT License
15:  */
16: 
17: App::uses('BaseAuthenticate', 'Controller/Component/Auth');
18: 
19: /**
20:  * An authentication adapter for AuthComponent. Provides the ability to authenticate using POST
21:  * data. Can be used by configuring AuthComponent to use it via the AuthComponent::$authenticate setting.
22:  *
23:  * {{{
24:  *  $this->Auth->authenticate = array(
25:  *      'Form' => array(
26:  *          'scope' => array('User.active' => 1)
27:  *      )
28:  *  )
29:  * }}}
30:  *
31:  * When configuring FormAuthenticate you can pass in settings to which fields, model and additional conditions
32:  * are used. See FormAuthenticate::$settings for more information.
33:  *
34:  * @package       Cake.Controller.Component.Auth
35:  * @since 2.0
36:  * @see AuthComponent::$authenticate
37:  */
38: class FormAuthenticate extends BaseAuthenticate {
39: 
40: /**
41:  * Checks the fields to ensure they are supplied.
42:  *
43:  * @param CakeRequest $request The request that contains login information.
44:  * @param string $model The model used for login verification.
45:  * @param array $fields The fields to be checked.
46:  * @return boolean False if the fields have not been supplied. True if they exist.
47:  */
48:     protected function _checkFields(CakeRequest $request, $model, $fields) {
49:         if (empty($request->data[$model])) {
50:             return false;
51:         }
52:         foreach (array($fields['username'], $fields['password']) as $field) {
53:             $value = $request->data($model . '.' . $field);
54:             if (empty($value) || !is_string($value)) {
55:                 return false;
56:             }
57:         }
58:         return true;
59:     }
60: 
61: /**
62:  * Authenticates the identity contained in a request. Will use the `settings.userModel`, and `settings.fields`
63:  * to find POST data that is used to find a matching record in the `settings.userModel`. Will return false if
64:  * there is no post data, either username or password is missing, or if the scope conditions have not been met.
65:  *
66:  * @param CakeRequest $request The request that contains login information.
67:  * @param CakeResponse $response Unused response object.
68:  * @return mixed False on login failure. An array of User data on success.
69:  */
70:     public function authenticate(CakeRequest $request, CakeResponse $response) {
71:         $userModel = $this->settings['userModel'];
72:         list(, $model) = pluginSplit($userModel);
73: 
74:         $fields = $this->settings['fields'];
75:         if (!$this->_checkFields($request, $model, $fields)) {
76:             return false;
77:         }
78:         return $this->_findUser(
79:             $request->data[$model][$fields['username']],
80:             $request->data[$model][$fields['password']]
81:         );
82:     }
83: 
84: }
85: