Class AuthenticationService
Authentication Service
Property Summary
-
$_authenticators protected
Authentication\Authenticator\AuthenticatorCollection|null
Authenticator collection
-
$_config protected
array<string, mixed>
Runtime config
-
$_configInitialized protected
bool
Whether the config property has already been configured with defaults
-
$_defaultConfig protected
array
Default configuration
-
$_identifiers protected
Authentication\Identifier\IdentifierCollection|null
Identifier collection
-
$_result protected
Authentication\Authenticator\ResultInterface|null
Result of the last authenticate() call.
-
$_successfulAuthenticator protected
Authentication\Authenticator\AuthenticatorInterface|null
Authenticator that successfully authenticated the identity.
Method Summary
-
__construct() public
Constructor
-
_configDelete() protected
Deletes a single config key.
-
_configRead() protected
Reads a config key.
-
_configWrite() protected
Writes a config key.
-
authenticate() public
Authenticate the request against the configured authentication adapters.
-
authenticators() public
Access the authenticator collection
-
buildIdentity() public
Builds the identity object
-
clearIdentity() public
Clears the identity from authenticators that store them and the request
-
configShallow() public
Merge provided config with existing config. Unlike
config()
which does a recursive merge for nested keys, this method does a simple merge. -
getAuthenticationProvider() public
Gets the successful authenticator instance if one was successful after calling authenticate.
-
getConfig() public
Returns the config.
-
getConfigOrFail() public
Returns the config for this specific key.
-
getIdentificationProvider() public
Convenient method to gets the successful identifier instance.
-
getIdentity() public
Gets an identity object
-
getIdentityAttribute() public
Return the name of the identity attribute.
-
getImpersonationProvider() protected
Get impersonation provider
-
getLoginRedirect() public
Return the URL that an authenticated user came from or null.
-
getResult() public
Gets the result of the last authenticate() call.
-
getUnauthenticatedRedirectUrl() public
Return the URL to redirect unauthenticated users to.
-
identifiers() public
Access the identifier collection
-
impersonate() public
Impersonates a user
-
isImpersonating() public
Returns true if impersonation is being done
-
loadAuthenticator() public
Loads an authenticator.
-
loadIdentifier() public
Loads an identifier.
-
persistIdentity() public
Sets identity data and persists it in the authenticators that support it.
-
setConfig() public
Sets the config.
-
stopImpersonating() public
Stops impersonation
Method Detail
__construct() ¶ public
__construct(array $config = [])
Constructor
Parameters
-
array
$config optional Configuration options.
_configDelete() ¶ protected
_configDelete(string $key): void
Deletes a single config key.
Parameters
-
string
$key Key to delete.
Returns
void
Throws
Cake\Core\Exception\CakeException
if attempting to clobber existing config
_configRead() ¶ protected
_configRead(string|null $key): mixed
Reads a config key.
Parameters
-
string|null
$key Key to read.
Returns
mixed
_configWrite() ¶ protected
_configWrite(array<string, mixed>|string $key, mixed $value, string|bool $merge = false): void
Writes a config key.
Parameters
-
array<string, mixed>|string
$key Key to write to.
-
mixed
$value Value to write.
-
string|bool
$merge optional True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.
Returns
void
Throws
Cake\Core\Exception\CakeException
if attempting to clobber existing config
authenticate() ¶ public
authenticate(Psr\Http\Message\ServerRequestInterface $request): Authentication\Authenticator\ResultInterface
Authenticate the request against the configured authentication adapters.
Parameters
-
Psr\Http\Message\ServerRequestInterface
$request The request.
Returns
Authentication\Authenticator\ResultInterface
Throws
RuntimeException
Throws a runtime exception when no authenticators are loaded.
authenticators() ¶ public
authenticators(): Authentication\Authenticator\AuthenticatorCollection
Access the authenticator collection
Returns
Authentication\Authenticator\AuthenticatorCollection
buildIdentity() ¶ public
buildIdentity(ArrayAccess|array $identityData): Authentication\IdentityInterface
Builds the identity object
Parameters
-
ArrayAccess|array
$identityData Identity data
Returns
Authentication\IdentityInterface
clearIdentity() ¶ public
clearIdentity(Psr\Http\Message\ServerRequestInterface $request, Psr\Http\Message\ResponseInterface $response): array
Clears the identity from authenticators that store them and the request
Parameters
-
Psr\Http\Message\ServerRequestInterface
$request The request.
-
Psr\Http\Message\ResponseInterface
$response The response.
Returns
array
configShallow() ¶ public
configShallow(array<string, mixed>|string $key, mixed|null $value = null): $this
Merge provided config with existing config. Unlike config()
which does
a recursive merge for nested keys, this method does a simple merge.
Setting a specific value:
$this->configShallow('key', $value);
Setting a nested value:
$this->configShallow('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->configShallow(['one' => 'value', 'another' => 'value']);
Parameters
-
array<string, mixed>|string
$key The key to set, or a complete array of configs.
-
mixed|null
$value optional The value to set.
Returns
$this
getAuthenticationProvider() ¶ public
getAuthenticationProvider(): Authentication\Authenticator\AuthenticatorInterface|null
Gets the successful authenticator instance if one was successful after calling authenticate.
Returns
Authentication\Authenticator\AuthenticatorInterface|null
getConfig() ¶ public
getConfig(string|null $key = null, mixed $default = null): mixed
Returns the config.
Usage
Reading the whole config:
$this->getConfig();
Reading a specific value:
$this->getConfig('key');
Reading a nested value:
$this->getConfig('some.nested.key');
Reading with default value:
$this->getConfig('some-key', 'default-value');
Parameters
-
string|null
$key optional The key to get or null for the whole config.
-
mixed
$default optional The return value when the key does not exist.
Returns
mixed
getConfigOrFail() ¶ public
getConfigOrFail(string $key): mixed
Returns the config for this specific key.
The config value for this key must exist, it can never be null.
Parameters
-
string
$key The key to get.
Returns
mixed
Throws
InvalidArgumentException
getIdentificationProvider() ¶ public
getIdentificationProvider(): Authentication\Identifier\IdentifierInterface|null
Convenient method to gets the successful identifier instance.
Returns
Authentication\Identifier\IdentifierInterface|null
getIdentity() ¶ public
getIdentity(): Authentication\IdentityInterface|null
Gets an identity object
Returns
Authentication\IdentityInterface|null
getIdentityAttribute() ¶ public
getIdentityAttribute(): string
Return the name of the identity attribute.
Returns
string
getImpersonationProvider() ¶ protected
getImpersonationProvider(): Authentication\Authenticator\ImpersonationInterface
Get impersonation provider
Returns
Authentication\Authenticator\ImpersonationInterface
Throws
InvalidArgumentException
getLoginRedirect() ¶ public
getLoginRedirect(Psr\Http\Message\ServerRequestInterface $request): string|null
Return the URL that an authenticated user came from or null.
This reads from the URL parameter defined in the queryParam
option.
Will return null if this parameter doesn't exist or is invalid.
Parameters
-
Psr\Http\Message\ServerRequestInterface
$request The request
Returns
string|null
getResult() ¶ public
getResult(): Authentication\Authenticator\ResultInterface|null
Gets the result of the last authenticate() call.
Returns
Authentication\Authenticator\ResultInterface|null
getUnauthenticatedRedirectUrl() ¶ public
getUnauthenticatedRedirectUrl(Psr\Http\Message\ServerRequestInterface $request): string|null
Return the URL to redirect unauthenticated users to.
If the unauthenticatedRedirect
option is not set,
this method will return null.
If the queryParam
option is set a query parameter
will be appended with the denied URL path.
Parameters
-
Psr\Http\Message\ServerRequestInterface
$request The request
Returns
string|null
identifiers() ¶ public
identifiers(): Authentication\Identifier\IdentifierCollection
Access the identifier collection
Returns
Authentication\Identifier\IdentifierCollection
impersonate() ¶ public
impersonate(Psr\Http\Message\ServerRequestInterface $request, Psr\Http\Message\ResponseInterface $response, ArrayAccess $impersonator, ArrayAccess $impersonated): array
Impersonates a user
Parameters
-
Psr\Http\Message\ServerRequestInterface
$request The request
-
Psr\Http\Message\ResponseInterface
$response The response
-
ArrayAccess
$impersonator User who impersonates
-
ArrayAccess
$impersonated User impersonated
Returns
array
isImpersonating() ¶ public
isImpersonating(Psr\Http\Message\ServerRequestInterface $request): bool
Returns true if impersonation is being done
Parameters
-
Psr\Http\Message\ServerRequestInterface
$request The request
Returns
bool
loadAuthenticator() ¶ public
loadAuthenticator(string $name, array $config = []): Authentication\Authenticator\AuthenticatorInterface
Loads an authenticator.
Parameters
-
string
$name Name or class name.
-
array
$config optional Authenticator configuration.
Returns
Authentication\Authenticator\AuthenticatorInterface
loadIdentifier() ¶ public
loadIdentifier(string $name, array $config = []): Authentication\Identifier\IdentifierInterface
Loads an identifier.
Parameters
-
string
$name Name or class name.
-
array
$config optional Identifier configuration.
Returns
Authentication\Identifier\IdentifierInterface
persistIdentity() ¶ public
persistIdentity(Psr\Http\Message\ServerRequestInterface $request, Psr\Http\Message\ResponseInterface $response, ArrayAccess|array $identity): array
Sets identity data and persists it in the authenticators that support it.
Parameters
-
Psr\Http\Message\ServerRequestInterface
$request The request.
-
Psr\Http\Message\ResponseInterface
$response The response.
-
ArrayAccess|array
$identity Identity data.
Returns
array
setConfig() ¶ public
setConfig(array<string, mixed>|string $key, mixed|null $value = null, bool $merge = true): $this
Sets the config.
Usage
Setting a specific value:
$this->setConfig('key', $value);
Setting a nested value:
$this->setConfig('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->setConfig(['one' => 'value', 'another' => 'value']);
Parameters
-
array<string, mixed>|string
$key The key to set, or a complete array of configs.
-
mixed|null
$value optional The value to set.
-
bool
$merge optional Whether to recursively merge or overwrite existing config, defaults to true.
Returns
$this
Throws
Cake\Core\Exception\CakeException
When trying to set a key that is invalid.
stopImpersonating() ¶ public
stopImpersonating(Psr\Http\Message\ServerRequestInterface $request, Psr\Http\Message\ResponseInterface $response): array
Stops impersonation
Parameters
-
Psr\Http\Message\ServerRequestInterface
$request The request
-
Psr\Http\Message\ResponseInterface
$response The response
Returns
array
Property Detail
$_authenticators ¶ protected
Authenticator collection
Type
Authentication\Authenticator\AuthenticatorCollection|null
$_configInitialized ¶ protected
Whether the config property has already been configured with defaults
Type
bool
$_defaultConfig ¶ protected
Default configuration
authenticators
- An array of authentication objects to use for authenticating users. You can configure multiple adapters and they will be checked sequentially when users are identified.identifiers
- An array of identifiers. The identifiers are constructed by the service and then passed to the authenticators that will pass the credentials to them and get the user data.identityClass
- The class name of identity or a callable identity builder.identityAttribute
- The request attribute used to store the identity. Default toidentity
.unauthenticatedRedirect
- The URL to redirect unauthenticated errors to. See AuthenticationComponent::allowUnauthenticated()queryParam
- The name of the query string parameter containing the previously blocked URL in case of unauthenticated redirect, or null to disable appending the denied URL.
Example:
$service = new AuthenticationService([
'authenticators' => [
'Authentication.Form
],
'identifiers' => [
'Authentication.Password'
]
]);
Type
array
$_identifiers ¶ protected
Identifier collection
Type
Authentication\Identifier\IdentifierCollection|null
$_result ¶ protected
Result of the last authenticate() call.
Type
Authentication\Authenticator\ResultInterface|null
$_successfulAuthenticator ¶ protected
Authenticator that successfully authenticated the identity.
Type
Authentication\Authenticator\AuthenticatorInterface|null