Class BaseAuthenticate
Base Authentication class with common methods and properties.
- Cake\Auth\BaseAuthenticate implements Cake\Event\EventListenerInterface uses Cake\Core\InstanceConfigTrait
Direct Subclasses
Indirect Subclasses
Properties summary
-
$_defaultConfigprotectedarrayDefault config for this object. -
$_needsPasswordRehashprotectedbooleanWhether or not the user authenticated by this class requires their password to be rehashed with another algorithm.
-
$_passwordHasherprotectedPassword hasher instance. -
$_registryprotectedA Component registry, used to get more components.
Inherited Properties
Method Summary
-
__construct() public
Constructor -
_findUser() protected
Find a user record using the username and password provided. -
_query() protected
Get query object for fetching user from database. -
authenticate() abstract public
Authenticate a user based on the request information. -
getUser() public
Get a user based on information in the request. Primarily used by stateless authentication systems like basic and digest auth.
-
implementedEvents() public
Returns a list of all events that this authenticate class will listen to. -
needsPasswordRehash() public
Returns whether or not the password stored in the repository for the logged in user requires to be rehashed with another algorithm
-
passwordHasher() public
Return password hasher object -
unauthenticated() public
Handle unauthenticated access attempt. In implementation valid return values can be:
Method Detail
__construct() public ¶
__construct( Cake\Controller\ComponentRegistry $registry , array $config = [] )
Constructor
Parameters
-
Cake\Controller\ComponentRegistry$registry - The Component registry used on this request.
- array $config optional []
- Array of config to use.
_findUser() protected ¶
_findUser( string $username , string|null $password = null )
Find a user record using the username and password provided.
Input passwords will be hashed even when a user doesn't exist. This helps mitigate timing attacks that are attempting to find valid usernames.
Parameters
- string $username
- The username/identifier.
- string|null $password optional null
The password, if not provided password checking is skipped and result of find is returned.
Returns
Either false on failure, or an array of user data.
_query() protected ¶
_query( string $username )
Get query object for fetching user from database.
Parameters
- string $username
- The username/identifier.
Returns
authenticate() abstract public ¶
authenticate( Cake\Network\Request $request , Cake\Network\Response $response )
Authenticate a user based on the request information.
Parameters
-
Cake\Network\Request$request - Request to get authentication information from.
-
Cake\Network\Response$response - A response object that can have headers added.
Returns
Either false on failure, or an array of user data on success.
getUser() public ¶
getUser( Cake\Network\Request $request )
Get a user based on information in the request. Primarily used by stateless authentication systems like basic and digest auth.
Parameters
-
Cake\Network\Request$request - Request object.
Returns
Either false or an array of user information
implementedEvents() public ¶
implementedEvents( )
Returns a list of all events that this authenticate class will listen to.
An authenticate class can listen to following events fired by AuthComponent:
Auth.afterIdentify- Fired after a user has been identified using one of configured authenticate class. The callback function should have signature likeafterIdentify(Event $event, array $user)when$useris the identified user record.Auth.logout- Fired when AuthComponent::logout() is called. The callback function should have signature likelogout(Event $event, array $user)where$useris the user about to be logged out.
Returns
List of events this class listens to. Defaults to
[].Implementation of
needsPasswordRehash() public ¶
needsPasswordRehash( )
Returns whether or not the password stored in the repository for the logged in user requires to be rehashed with another algorithm
Returns
passwordHasher() public ¶
passwordHasher( )
Return password hasher object
Returns
Throws
If password hasher class not found or it does not extend AbstractPasswordHasher
unauthenticated() public ¶
unauthenticated( Cake\Network\Request $request , Cake\Network\Response $response )
Handle unauthenticated access attempt. In implementation valid return values can be:
- Null - No action taken, AuthComponent should return appropriate response.
- Cake\Network\Response - A response object, which will cause AuthComponent to simply return that response.
Parameters
-
Cake\Network\Request$request - A request object.
-
Cake\Network\Response$response - A response object.
Methods used from Cake\Core\InstanceConfigTrait
_configDelete() protected ¶
_configDelete( string $key )
Delete a single config key
Parameters
- string $key
- Key to delete.
Throws
_configRead() protected ¶
_configRead( string|null $key )
Read a config variable
Parameters
- string|null $key
- Key to read.
Returns
_configWrite() protected ¶
_configWrite( string|array $key , mixed $value , boolean|string $merge = false )
Write a config variable
Parameters
- string|array $key
- Key to write to.
- mixed $value
- Value to write.
- boolean|string $merge optional false
True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.
Throws
config() public ¶
config( string|array|null $key = null , mixed|null $value = null , boolean $merge = true )
Usage
Reading the whole config:
$this->config();
Reading a specific value:
$this->config('key');
Reading a nested value:
$this->config('some.nested.key');
Setting a specific value:
$this->config('key', $value);
Setting a nested value:
$this->config('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->config(['one' => 'value', 'another' => 'value']);
Parameters
- string|array|null $key optional null
- The key to get/set, or a complete array of configs.
- mixed|null $value optional null
- The value to set.
- boolean $merge optional true
- Whether to recursively merge or overwrite existing config, defaults to true.
Returns
Config value being read, or the object itself on write operations.
Throws
configShallow() public ¶
configShallow( string|array $key , mixed|null $value = null )
Merge provided config with existing config. Unlike config() which does
a recursive merge for nested keys, this method does a simple merge.
Setting a specific value:
$this->config('key', $value);
Setting a nested value:
$this->config('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->config(['one' => 'value', 'another' => 'value']);
Parameters
- string|array $key
- The key to set, or a complete array of configs.
- mixed|null $value optional null
- The value to set.
Returns
$this The object itself.
Properties detail
$_defaultConfig ¶
Default config for this object.
fieldsThe fields to use to identify a user by.userModelThe alias for users table, defaults to Users.finderThe finder method to use to fetch user record. Defaults to 'all'.passwordHasherPassword hasher class. Can be a string specifying class name or an array containingclassNamekey, any other keys will be passed as config to the class. Defaults to 'Default'.- Options
scopeandcontainhave been deprecated since 3.1. Use custom finder instead to modify the query to fetch user record.
[
'fields' => [
'username' => 'username',
'password' => 'password'
],
'userModel' => 'Users',
'scope' => [],
'finder' => 'all',
'contain' => null,
'passwordHasher' => 'Default'
]
$_needsPasswordRehash ¶
Whether or not the user authenticated by this class requires their password to be rehashed with another algorithm.
false
$_registry ¶
Cake\Controller\ComponentRegistry
A Component registry, used to get more components.