CakePHP
  • Documentation
    • Book
    • API
    • Videos
    • Reporting Security Issues
    • Privacy Policy
    • Logos & Trademarks
  • Business Solutions
  • Swag
  • Road Trip
  • Team
  • Community
    • Community
    • Get Involved
    • Issues (Github)
    • Bakery
    • Featured Resources
    • Training
    • Meetups
    • My CakePHP
    • CakeFest
    • Newsletter
    • Linkedin
    • YouTube
    • Facebook
    • Twitter
    • Mastodon
    • Help & Support
    • Forum
    • Stack Overflow
    • IRC
    • Slack
    • Paid Support
CakePHP

C CakePHP 3.0 Red Velvet API

  • Project:
    • CakePHP
      • CakePHP
      • Chronos
      • Elastic Search
      • Queue
  • Version:
    • 3.0
      • 5.1
      • 5.0
      • 4.5
      • 4.4
      • 4.3
      • 4.2
      • 4.1
      • 4.0
      • 3.10
      • 3.9
      • 3.8
      • 3.7
      • 3.6
      • 3.5
      • 3.4
      • 3.3
      • 3.2
      • 3.1
      • 3.0
      • 2.10
      • 2.9
      • 2.8
      • 2.7
      • 2.6
      • 2.5
      • 2.4
      • 2.3
      • 2.2
      • 2.1
      • 2.0
      • 1.3
      • 1.2

Namespaces

  • Global
  • Cake
    • Auth
    • Cache
    • Collection
    • Console
    • Controller
    • Core
    • Database
    • Datasource
    • Error
    • Event
    • Filesystem
    • Form
    • I18n
    • Log
    • Network
    • ORM
    • Routing
    • Shell
    • TestSuite
    • Utility
    • Validation
    • View

Class FormAuthenticate

An authentication adapter for AuthComponent. Provides the ability to authenticate using POST data. Can be used by configuring AuthComponent to use it via the AuthComponent::$authenticate config.

 $this->Auth->authenticate = [
     'Form' => [
         'scope' => ['Users.active' => 1]
     ]
 ]

When configuring FormAuthenticate you can pass in config to which fields, model and additional conditions are used. See FormAuthenticate::$_config for more information.

Namespace: Cake\Auth
See: AuthComponent::$authenticate

Property Summary

  • $_config protected
    array

    Runtime config

  • $_configInitialized protected
    bool

    Whether the config property has already been configured with defaults

  • $_defaultConfig protected
    array

    Default config for this object.

  • $_needsPasswordRehash protected
    bool

    Whether or not the user authenticated by this class requires their password to be rehashed with another algorithm.

  • $_passwordHasher protected
    AbstractPasswordHasher

    Password hasher instance.

  • $_registry protected
    ComponentRegistry

    A Component registry, used to get more components.

Method Summary

  • __construct() public

    Constructor

  • _checkFields() protected

    Checks the fields to ensure they are supplied.

  • _configDelete() protected

    Delete a single config key

  • _configRead() protected

    Read a config variable

  • _configWrite() protected

    Write a config variable

  • _findUser() protected

    Find a user record using the username and password provided.

  • _query() protected

    Get query object for fetching user from database.

  • authenticate() public

    Authenticates the identity contained in a request. Will use the config.userModel, and config.fields to find POST data that is used to find a matching record in the config.userModel. Will return false if there is no post data, either username or password is missing, or if the scope conditions have not been met.

  • config() public

    Usage

  • configShallow() public

    Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.

  • getUser() public

    Get a user based on information in the request. Primarily used by stateless authentication systems like basic and digest auth.

  • implementedEvents() public

    Returns a list of all events that this authenticate class will listen to.

  • needsPasswordRehash() public

    Returns whether or not the password stored in the repository for the logged in user requires to be rehashed with another algorithm

  • passwordHasher() public

    Return password hasher object

  • unauthenticated() public

    Handle unauthenticated access attempt. In implementation valid return values can be:

Method Detail

__construct() ¶ public 

__construct(Cake\Controller\ComponentRegistry $registry, array $config = [])

Constructor

Parameters
Cake\Controller\ComponentRegistry $registry

The Component registry used on this request.

array $config optional

Array of config to use.

_checkFields() ¶ protected 

_checkFields(Cake\Network\Request $request, array $fields): bool

Checks the fields to ensure they are supplied.

Parameters
Cake\Network\Request $request

The request that contains login information.

array $fields

The fields to be checked.

Returns
bool

_configDelete() ¶ protected 

_configDelete(string $key): void

Delete a single config key

Parameters
string $key

Key to delete.

Returns
void
Throws
Cake\Core\Exception\Exception
if attempting to clobber existing config

_configRead() ¶ protected 

_configRead(string|null $key): mixed

Read a config variable

Parameters
string|null $key

Key to read.

Returns
mixed

_configWrite() ¶ protected 

_configWrite(string|array $key, mixed $value, bool|string $merge = false): void

Write a config variable

Parameters
string|array $key

Key to write to.

mixed $value

Value to write.

bool|string $merge optional

True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.

Returns
void
Throws
Cake\Core\Exception\Exception
if attempting to clobber existing config

_findUser() ¶ protected 

_findUser(string $username, string|null $password = null): bool|array

Find a user record using the username and password provided.

Input passwords will be hashed even when a user doesn't exist. This helps mitigate timing attacks that are attempting to find valid usernames.

Parameters
string $username

The username/identifier.

string|null $password optional

The password, if not provided password checking is skipped and result of find is returned.

Returns
bool|array

_query() ¶ protected 

_query(string $username): Cake\ORM\Query

Get query object for fetching user from database.

Parameters
string $username

The username/identifier.

Returns
Cake\ORM\Query

authenticate() ¶ public 

authenticate(Cake\Network\Request $request, Cake\Network\Response $response): mixed

Authenticates the identity contained in a request. Will use the config.userModel, and config.fields to find POST data that is used to find a matching record in the config.userModel. Will return false if there is no post data, either username or password is missing, or if the scope conditions have not been met.

Parameters
Cake\Network\Request $request

The request that contains login information.

Cake\Network\Response $response

Unused response object.

Returns
mixed

config() ¶ public 

config(string|array|null $key = null, mixed|null $value = null, bool $merge = true): mixed

Usage

Reading the whole config:

$this->config();

Reading a specific value:

$this->config('key');

Reading a nested value:

$this->config('some.nested.key');

Setting a specific value:

$this->config('key', $value);

Setting a nested value:

$this->config('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->config(['one' => 'value', 'another' => 'value']);
Parameters
string|array|null $key optional

The key to get/set, or a complete array of configs.

mixed|null $value optional

The value to set.

bool $merge optional

Whether to recursively merge or overwrite existing config, defaults to true.

Returns
mixed
Throws
Cake\Core\Exception\Exception
When trying to set a key that is invalid.

configShallow() ¶ public 

configShallow(string|array $key, mixed|null $value = null): $this

Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.

Setting a specific value:

$this->config('key', $value);

Setting a nested value:

$this->config('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->config(['one' => 'value', 'another' => 'value']);
Parameters
string|array $key

The key to set, or a complete array of configs.

mixed|null $value optional

The value to set.

Returns
$this

getUser() ¶ public 

getUser(Cake\Network\Request $request): mixed

Get a user based on information in the request. Primarily used by stateless authentication systems like basic and digest auth.

Parameters
Cake\Network\Request $request

Request object.

Returns
mixed

implementedEvents() ¶ public 

implementedEvents(): array

Returns a list of all events that this authenticate class will listen to.

An authenticate class can listen to following events fired by AuthComponent:

  • Auth.afterIdentify - Fired after a user has been identified using one of configured authenticate class. The callback function should have signature like afterIdentify(Event $event, array $user) when $user is the identified user record.

  • Auth.logout - Fired when AuthComponent::logout() is called. The callback function should have signature like logout(Event $event, array $user) where $user is the user about to be logged out.

Returns
array

needsPasswordRehash() ¶ public 

needsPasswordRehash(): bool

Returns whether or not the password stored in the repository for the logged in user requires to be rehashed with another algorithm

Returns
bool

passwordHasher() ¶ public 

passwordHasher(): AbstractPasswordHasher

Return password hasher object

Returns
AbstractPasswordHasher
Throws
RuntimeException
If password hasher class not found or it does not extend AbstractPasswordHasher

unauthenticated() ¶ public 

unauthenticated(Cake\Network\Request $request, Cake\Network\Response $response): void

Handle unauthenticated access attempt. In implementation valid return values can be:

  • Null - No action taken, AuthComponent should return appropriate response.
  • Cake\Network\Response - A response object, which will cause AuthComponent to simply return that response.
Parameters
Cake\Network\Request $request

A request object.

Cake\Network\Response $response

A response object.

Returns
void

Property Detail

$_config ¶ protected

Runtime config

Type
array

$_configInitialized ¶ protected

Whether the config property has already been configured with defaults

Type
bool

$_defaultConfig ¶ protected

Default config for this object.

  • fields The fields to use to identify a user by.
  • userModel The alias for users table, defaults to Users.
  • scope Additional conditions to use when looking up and authenticating users, i.e. ['Users.is_active' => 1].
  • contain Extra models to contain and store in session.
  • passwordHasher Password hasher class. Can be a string specifying class name or an array containing className key, any other keys will be passed as config to the class. Defaults to 'Default'.
Type
array

$_needsPasswordRehash ¶ protected

Whether or not the user authenticated by this class requires their password to be rehashed with another algorithm.

Type
bool

$_passwordHasher ¶ protected

Password hasher instance.

Type
AbstractPasswordHasher

$_registry ¶ protected

A Component registry, used to get more components.

Type
ComponentRegistry
OpenHub
Pingping
Linode
  • Business Solutions
  • Showcase
  • Documentation
  • Book
  • API
  • Videos
  • Reporting Security Issues
  • Privacy Policy
  • Logos & Trademarks
  • Community
  • Get Involved
  • Issues (Github)
  • Bakery
  • Featured Resources
  • Training
  • Meetups
  • My CakePHP
  • CakeFest
  • Newsletter
  • Linkedin
  • YouTube
  • Facebook
  • Twitter
  • Mastodon
  • Help & Support
  • Forum
  • Stack Overflow
  • IRC
  • Slack
  • Paid Support

Generated using CakePHP API Docs