Class FormAuthenticate

Form authentication adapter for AuthComponent.

Allows you to authenticate users based on form POST data. Usually, this is a login form that users enter information into.

Using Form auth

Load AuthComponent in your controller's initialize() and add 'Form' in 'authenticate' key

$this->loadComponent('Auth', [
    'authenticate' => [
        'Form' => [
            'fields' => ['username' => 'email', 'password' => 'passwd'],
            'finder' => 'auth',
        ]
    ]
]);

When configuring FormAuthenticate you can pass in config to which fields, model and finder are used. See BaseAuthenticate::$_defaultConfig for more information.

Namespace: Cake\Auth
See: https://book.cakephp.org/3/en/controllers/components/authentication.html

Property Summary

$_config protected

array

Runtime config
$_configInitialized protected

bool

Whether the config property has already been configured with defaults
$_defaultConfig protected

array

Default config for this object.
$_needsPasswordRehash protected

bool

Whether or not the user authenticated by this class requires their password to be rehashed with another algorithm.
$_passwordHasher protected

Cake\Auth\AbstractPasswordHasher|null

Password hasher instance.
$_registry protected

Cake\Controller\ComponentRegistry

A Component registry, used to get more components.
$_tableLocator protected

Cake\ORM\Locator\LocatorInterface

Table locator instance

Method Summary

__construct() public

Constructor
_checkFields() protected

Checks the fields to ensure they are supplied.
_configDelete() protected

Deletes a single config key.
_configRead() protected

Reads a config key.
_configWrite() protected

Writes a config key.
_findUser() protected

Find a user record using the username and password provided.
_query() protected

Get query object for fetching user from database.
authenticate() public

Authenticates the identity contained in a request. Will use the config.userModel, and config.fields to find POST data that is used to find a matching record in the config.userModel. Will return false if there is no post data, either username or password is missing, or if the scope conditions have not been met.
config() public deprecated

Gets/Sets the config.
configShallow() public

Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.
getConfig() public

Returns the config.
getConfigOrFail() public

Returns the config for this specific key.
getTableLocator() public

Gets the table locator.
getUser() public

Get a user based on information in the request. Primarily used by stateless authentication systems like basic and digest auth.
implementedEvents() public

Returns a list of all events that this authenticate class will listen to.
needsPasswordRehash() public

Returns whether or not the password stored in the repository for the logged in user requires to be rehashed with another algorithm
passwordHasher() public

Return password hasher object
setConfig() public

Sets the config.
setTableLocator() public

Sets the table locator.
tableLocator() public deprecated

Sets the table locator. If no parameters are passed, it will return the currently used locator.
unauthenticated() public

Handle unauthenticated access attempt. In implementation valid return values can be:

Method Detail

__construct() ¶ public

__construct(Cake\Controller\ComponentRegistry $registry, array $config = [])

Constructor

Parameters

Cake\Controller\ComponentRegistry $registry: The Component registry used on this request.
array $config optional: Array of config to use.

_checkFields() ¶ protected

_checkFields(Cake\Http\ServerRequest $request, array $fields): bool

Checks the fields to ensure they are supplied.

Parameters

Cake\Http\ServerRequest $request: The request that contains login information.
array $fields: The fields to be checked.

Returns

bool

_configDelete() ¶ protected

_configDelete(string $key): void

Deletes a single config key.

Parameters

string $key: Key to delete.

Returns

void

Throws

Cake\Core\Exception\Exception
if attempting to clobber existing config

_configRead() ¶ protected

_configRead(string|null $key): mixed

Reads a config key.

Parameters

string|null $key: Key to read.

Returns

mixed

_configWrite() ¶ protected

_configWrite(string|array $key, mixed $value, bool|string $merge = false): void

Writes a config key.

Parameters

string|array $key: Key to write to.
mixed $value: Value to write.
bool|string $merge optional: True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.

Returns

void

Throws

Cake\Core\Exception\Exception
if attempting to clobber existing config

_findUser() ¶ protected

_findUser(string $username, string|null $password = null): array|false

Find a user record using the username and password provided.

Input passwords will be hashed even when a user doesn't exist. This helps mitigate timing attacks that are attempting to find valid usernames.

Parameters

string $username: The username/identifier.
string|null $password optional: The password, if not provided password checking is skipped and result of find is returned.

Returns

array|false

_query() ¶ protected

_query(string $username): Cake\ORM\Query

Get query object for fetching user from database.

Parameters

string $username: The username/identifier.

Returns

Cake\ORM\Query

authenticate() ¶ public

authenticate(Cake\Http\ServerRequest $request, Cake\Http\Response $response): array|false

Authenticates the identity contained in a request. Will use the config.userModel, and config.fields to find POST data that is used to find a matching record in the config.userModel. Will return false if there is no post data, either username or password is missing, or if the scope conditions have not been met.

Parameters

Cake\Http\ServerRequest $request: The request that contains login information.
Cake\Http\Response $response: Unused response object.

Returns

array|false

config() ¶ public

config(string|array|null $key = null, mixed|null $value = null, bool $merge = true): mixed

Gets/Sets the config.

Usage

Reading the whole config:

$this->config();

Reading a specific value:

$this->config('key');

Reading a nested value:

$this->config('some.nested.key');

Setting a specific value:

$this->config('key', $value);

Setting a nested value:

$this->config('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->config(['one' => 'value', 'another' => 'value']);

Parameters

string|array|null $key optional: The key to get/set, or a complete array of configs.
mixed|null $value optional: The value to set.
bool $merge optional: Whether to recursively merge or overwrite existing config, defaults to true.

Returns

mixed

Throws

Cake\Core\Exception\Exception
When trying to set a key that is invalid.

configShallow() ¶ public

configShallow(string|array $key, mixed|null $value = null): $this

Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.

Setting a specific value:

$this->configShallow('key', $value);

Setting a nested value:

$this->configShallow('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->configShallow(['one' => 'value', 'another' => 'value']);

Parameters

string|array $key: The key to set, or a complete array of configs.
mixed|null $value optional: The value to set.

Returns

$this

getConfig() ¶ public

getConfig(string|null $key = null, mixed|null $default = null): mixed|null

Returns the config.

Usage

Reading the whole config:

$this->getConfig();

Reading a specific value:

$this->getConfig('key');

Reading a nested value:

$this->getConfig('some.nested.key');

Reading with default value:

$this->getConfig('some-key', 'default-value');

Parameters

string|null $key optional: The key to get or null for the whole config.
mixed|null $default optional: The return value when the key does not exist.

Returns

mixed|null

getConfigOrFail() ¶ public

getConfigOrFail(string|null $key): mixed

Returns the config for this specific key.

The config value for this key must exist, it can never be null.

Parameters

string|null $key: The key to get.

Returns

mixed

Throws

InvalidArgumentException

getTableLocator() ¶ public

getTableLocator(): Cake\ORM\Locator\LocatorInterface

Gets the table locator.

Returns

Cake\ORM\Locator\LocatorInterface

getUser() ¶ public

getUser(Cake\Http\ServerRequest $request): array|false

Get a user based on information in the request. Primarily used by stateless authentication systems like basic and digest auth.

Parameters

Cake\Http\ServerRequest $request: Request object.

Returns

array|false

implementedEvents() ¶ public

implementedEvents(): array

Returns a list of all events that this authenticate class will listen to.

An authenticate class can listen to following events fired by AuthComponent:

Auth.afterIdentify - Fired after a user has been identified using one of configured authenticate class. The callback function should have signature like afterIdentify(Event $event, array $user) when $user is the identified user record.
Auth.logout - Fired when AuthComponent::logout() is called. The callback function should have signature like logout(Event $event, array $user) where $user is the user about to be logged out.

Returns

array

needsPasswordRehash() ¶ public

needsPasswordRehash(): bool

Returns whether or not the password stored in the repository for the logged in user requires to be rehashed with another algorithm

Returns

bool

passwordHasher() ¶ public

passwordHasher(): Cake\Auth\AbstractPasswordHasher

Return password hasher object

Returns

Cake\Auth\AbstractPasswordHasher

Throws

RuntimeException
If password hasher class not found or it does not extend AbstractPasswordHasher

setConfig() ¶ public

setConfig(string|array $key, mixed|null $value = null, bool $merge = true): $this

Sets the config.

Usage

Setting a specific value:

$this->setConfig('key', $value);

Setting a nested value:

$this->setConfig('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->setConfig(['one' => 'value', 'another' => 'value']);

Parameters

string|array $key: The key to set, or a complete array of configs.
mixed|null $value optional: The value to set.
bool $merge optional: Whether to recursively merge or overwrite existing config, defaults to true.

Returns

$this

Throws

Cake\Core\Exception\Exception
When trying to set a key that is invalid.

setTableLocator() ¶ public

setTableLocator(Cake\ORM\Locator\LocatorInterface $tableLocator): $this

Sets the table locator.

Parameters

Cake\ORM\Locator\LocatorInterface $tableLocator: LocatorInterface instance.

Returns

$this

tableLocator() ¶ public

tableLocator(Cake\ORM\Locator\LocatorInterface|null $tableLocator = null): Cake\ORM\Locator\LocatorInterface

Sets the table locator. If no parameters are passed, it will return the currently used locator.

Parameters

Cake\ORM\Locator\LocatorInterface|null $tableLocator optional: LocatorInterface instance.

Returns

Cake\ORM\Locator\LocatorInterface

unauthenticated() ¶ public

unauthenticated(Cake\Http\ServerRequest $request, Cake\Http\Response $response): Cake\Http\Response|null|void

Handle unauthenticated access attempt. In implementation valid return values can be:

Null - No action taken, AuthComponent should return appropriate response.
Cake\Http\Response - A response object, which will cause AuthComponent to simply return that response.

Parameters

Cake\Http\ServerRequest $request: A request object.
Cake\Http\Response $response: A response object.

Returns

Cake\Http\Response|null|void

Property Detail

`$_config` ¶ protected

Runtime config

Type

array

`$_configInitialized` ¶ protected

Whether the config property has already been configured with defaults

Type

bool

`$_defaultConfig` ¶ protected

Default config for this object.

fields The fields to use to identify a user by.
userModel The alias for users table, defaults to Users.
finder The finder method to use to fetch user record. Defaults to 'all'. You can set finder name as string or an array where key is finder name and value is an array passed to Table::find() options. E.g. ['finderName' => ['some_finder_option' => 'some_value']]
passwordHasher Password hasher class. Can be a string specifying class name or an array containing className key, any other keys will be passed as config to the class. Defaults to 'Default'.
Options scope and contain have been deprecated since 3.1. Use custom finder instead to modify the query to fetch user record.

Type

array

`$_needsPasswordRehash` ¶ protected

Whether or not the user authenticated by this class requires their password to be rehashed with another algorithm.

Type

bool

`$_passwordHasher` ¶ protected

Password hasher instance.

Type

Cake\Auth\AbstractPasswordHasher|null

`$_registry` ¶ protected

A Component registry, used to get more components.

Type

Cake\Controller\ComponentRegistry

`$_tableLocator` ¶ protected

Table locator instance

Type

Cake\ORM\Locator\LocatorInterface

Namespaces

Class FormAuthenticate

Using Form auth

Property Summary

Method Summary

__construct() public

_checkFields() protected

_configDelete() protected

_configRead() protected

_configWrite() protected

_findUser() protected

_query() protected

authenticate() public

config() public deprecated

configShallow() public

getConfig() public

getConfigOrFail() public

getTableLocator() public

getUser() public

implementedEvents() public

needsPasswordRehash() public

passwordHasher() public

setConfig() public

setTableLocator() public

tableLocator() public deprecated

unauthenticated() public

Method Detail

__construct() ¶ public

Parameters

_checkFields() ¶ protected

Parameters

Returns

_configDelete() ¶ protected

Parameters

Returns

Throws

_configRead() ¶ protected

Parameters

Returns

_configWrite() ¶ protected

Parameters

Returns

Throws

_findUser() ¶ protected

Parameters

Returns

_query() ¶ protected

Parameters

Returns

authenticate() ¶ public

Parameters

Returns

config() ¶ public

Usage

Parameters

Returns

Throws

configShallow() ¶ public

Parameters

Returns

getConfig() ¶ public

Usage

Parameters

Returns

getConfigOrFail() ¶ public

Parameters

Returns

Throws

getTableLocator() ¶ public

Returns

getUser() ¶ public

Parameters

Returns

implementedEvents() ¶ public

Returns

needsPasswordRehash() ¶ public

Returns

passwordHasher() ¶ public

Returns

Throws

`$_config` ¶ protected

`$_configInitialized` ¶ protected

`$_defaultConfig` ¶ protected

`$_needsPasswordRehash` ¶ protected

`$_passwordHasher` ¶ protected

`$_registry` ¶ protected

`$_tableLocator` ¶ protected