1: <?php
2: /**
3: * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
4: * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
5: *
6: * Licensed under The MIT License
7: * For full copyright and license information, please see the LICENSE.txt
8: * Redistributions of files must retain the above copyright notice.
9: *
10: * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
11: * @link http://cakephp.org CakePHP(tm) Project
12: * @license http://www.opensource.org/licenses/mit-license.php MIT License
13: */
14:
15: App::uses('BaseAuthenticate', 'Controller/Component/Auth');
16:
17: /**
18: * An authentication adapter for AuthComponent. Provides the ability to authenticate using POST
19: * data. Can be used by configuring AuthComponent to use it via the AuthComponent::$authenticate setting.
20: *
21: * ```
22: * $this->Auth->authenticate = array(
23: * 'Form' => array(
24: * 'scope' => array('User.active' => 1)
25: * )
26: * )
27: * ```
28: *
29: * When configuring FormAuthenticate you can pass in settings to which fields, model and additional conditions
30: * are used. See FormAuthenticate::$settings for more information.
31: *
32: * @package Cake.Controller.Component.Auth
33: * @since 2.0
34: * @see AuthComponent::$authenticate
35: */
36: class FormAuthenticate extends BaseAuthenticate {
37:
38: /**
39: * Checks the fields to ensure they are supplied.
40: *
41: * @param CakeRequest $request The request that contains login information.
42: * @param string $model The model used for login verification.
43: * @param array $fields The fields to be checked.
44: * @return bool False if the fields have not been supplied. True if they exist.
45: */
46: protected function _checkFields(CakeRequest $request, $model, $fields) {
47: if (empty($request->data[$model])) {
48: return false;
49: }
50: foreach (array($fields['username'], $fields['password']) as $field) {
51: $value = $request->data($model . '.' . $field);
52: if (empty($value) && $value !== '0' || !is_string($value)) {
53: return false;
54: }
55: }
56: return true;
57: }
58:
59: /**
60: * Authenticates the identity contained in a request. Will use the `settings.userModel`, and `settings.fields`
61: * to find POST data that is used to find a matching record in the `settings.userModel`. Will return false if
62: * there is no post data, either username or password is missing, or if the scope conditions have not been met.
63: *
64: * @param CakeRequest $request The request that contains login information.
65: * @param CakeResponse $response Unused response object.
66: * @return mixed False on login failure. An array of User data on success.
67: */
68: public function authenticate(CakeRequest $request, CakeResponse $response) {
69: $userModel = $this->settings['userModel'];
70: list(, $model) = pluginSplit($userModel);
71:
72: $fields = $this->settings['fields'];
73: if (!$this->_checkFields($request, $model, $fields)) {
74: return false;
75: }
76: return $this->_findUser(
77: $request->data[$model][$fields['username']],
78: $request->data[$model][$fields['password']]
79: );
80: }
81:
82: }
83: