Class BaseAuthenticate
Base Authentication class with common methods and properties.
- Cake\Auth\BaseAuthenticate implements Cake\Event\EventListenerInterface uses Cake\Core\InstanceConfigTrait , Cake\ORM\Locator\LocatorAwareTrait
Direct Subclasses
Indirect Subclasses
Properties summary
-
$_defaultConfigprotectedarrayDefault config for this object. -
$_needsPasswordRehashprotectedbooleanWhether or not the user authenticated by this class requires their password to be rehashed with another algorithm.
-
$_passwordHasherprotectedPassword hasher instance. -
$_registryprotectedA Component registry, used to get more components.
Inherited Properties
Method Summary
-
__construct() public
Constructor -
_findUser() protected
Find a user record using the username and password provided. -
_query() protected
Get query object for fetching user from database. -
authenticate() abstract public
Authenticate a user based on the request information. -
getUser() public
Get a user based on information in the request. Primarily used by stateless authentication systems like basic and digest auth.
-
implementedEvents() public
Returns a list of all events that this authenticate class will listen to. -
needsPasswordRehash() public
Returns whether or not the password stored in the repository for the logged in user requires to be rehashed with another algorithm
-
passwordHasher() public
Return password hasher object -
unauthenticated() public
Handle unauthenticated access attempt. In implementation valid return values can be:
Method Detail
__construct() public ¶
__construct( Cake\Controller\ComponentRegistry $registry , array $config = [] )
Constructor
Parameters
-
Cake\Controller\ComponentRegistry$registry - The Component registry used on this request.
- array $config optional []
- Array of config to use.
_findUser() protected ¶
_findUser( string $username , string|null $password = null )
Find a user record using the username and password provided.
Input passwords will be hashed even when a user doesn't exist. This helps mitigate timing attacks that are attempting to find valid usernames.
Parameters
- string $username
- The username/identifier.
- string|null $password optional null
The password, if not provided password checking is skipped and result of find is returned.
Returns
Either false on failure, or an array of user data.
_query() protected ¶
_query( string $username )
Get query object for fetching user from database.
Parameters
- string $username
- The username/identifier.
Returns
authenticate() abstract public ¶
authenticate( Cake\Http\ServerRequest $request , Cake\Http\Response $response )
Authenticate a user based on the request information.
Parameters
-
Cake\Http\ServerRequest$request - Request to get authentication information from.
-
Cake\Http\Response$response - A response object that can have headers added.
Returns
Either false on failure, or an array of user data on success.
getUser() public ¶
getUser( Cake\Http\ServerRequest $request )
Get a user based on information in the request. Primarily used by stateless authentication systems like basic and digest auth.
Parameters
-
Cake\Http\ServerRequest$request - Request object.
Returns
Either false or an array of user information
implementedEvents() public ¶
implementedEvents( )
Returns a list of all events that this authenticate class will listen to.
An authenticate class can listen to following events fired by AuthComponent:
Auth.afterIdentify- Fired after a user has been identified using one of configured authenticate class. The callback function should have signature likeafterIdentify(Event $event, array $user)when$useris the identified user record.Auth.logout- Fired when AuthComponent::logout() is called. The callback function should have signature likelogout(Event $event, array $user)where$useris the user about to be logged out.
Returns
List of events this class listens to. Defaults to
[].Implementation of
needsPasswordRehash() public ¶
needsPasswordRehash( )
Returns whether or not the password stored in the repository for the logged in user requires to be rehashed with another algorithm
Returns
passwordHasher() public ¶
passwordHasher( )
Return password hasher object
Returns
Throws
If password hasher class not found or it does not extend AbstractPasswordHasher
unauthenticated() public ¶
unauthenticated( Cake\Http\ServerRequest $request , Cake\Http\Response $response )
Handle unauthenticated access attempt. In implementation valid return values can be:
- Null - No action taken, AuthComponent should return appropriate response.
- Cake\Http\Response - A response object, which will cause AuthComponent to simply return that response.
Parameters
-
Cake\Http\ServerRequest$request - A request object.
-
Cake\Http\Response$response - A response object.
Methods used from Cake\Core\InstanceConfigTrait
_configDelete() protected ¶
_configDelete( string $key )
Deletes a single config key.
Parameters
- string $key
- Key to delete.
Throws
_configRead() protected ¶
_configRead( string|null $key )
Reads a config key.
Parameters
- string|null $key
- Key to read.
Returns
_configWrite() protected ¶
_configWrite( string|array $key , mixed $value , boolean|string $merge = false )
Writes a config key.
Parameters
- string|array $key
- Key to write to.
- mixed $value
- Value to write.
- boolean|string $merge optional false
True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.
Throws
config() public deprecated ¶
config( string|array|null $key = null , mixed|null $value = null , boolean $merge = true )
Gets/Sets the config.
Usage
Reading the whole config:
$this->config();
Reading a specific value:
$this->config('key');
Reading a nested value:
$this->config('some.nested.key');
Setting a specific value:
$this->config('key', $value);
Setting a nested value:
$this->config('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->config(['one' => 'value', 'another' => 'value']);
Deprecated
Parameters
- string|array|null $key optional null
- The key to get/set, or a complete array of configs.
- mixed|null $value optional null
- The value to set.
- boolean $merge optional true
- Whether to recursively merge or overwrite existing config, defaults to true.
Returns
Config value being read, or the object itself on write operations.
Throws
configShallow() public ¶
configShallow( string|array $key , mixed|null $value = null )
Merge provided config with existing config. Unlike config() which does
a recursive merge for nested keys, this method does a simple merge.
Setting a specific value:
$this->configShallow('key', $value);
Setting a nested value:
$this->configShallow('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->configShallow(['one' => 'value', 'another' => 'value']);
Parameters
- string|array $key
- The key to set, or a complete array of configs.
- mixed|null $value optional null
- The value to set.
Returns
$this
getConfig() public ¶
getConfig( string|null $key = null , mixed $default = null )
Returns the config.
Usage
Reading the whole config:
$this->getConfig();
Reading a specific value:
$this->getConfig('key');
Reading a nested value:
$this->getConfig('some.nested.key');
Reading with default value:
$this->getConfig('some-key', 'default-value');
Parameters
- string|null $key optional null
- The key to get or null for the whole config.
- mixed $default optional null
- The return value when the key does not exist.
Returns
Configuration data at the named key or null if the key does not exist.
setConfig() public ¶
setConfig( string|array $key , mixed|null $value = null , boolean $merge = true )
Sets the config.
Usage
Setting a specific value:
$this->setConfig('key', $value);
Setting a nested value:
$this->setConfig('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->setConfig(['one' => 'value', 'another' => 'value']);
Parameters
- string|array $key
- The key to set, or a complete array of configs.
- mixed|null $value optional null
- The value to set.
- boolean $merge optional true
- Whether to recursively merge or overwrite existing config, defaults to true.
Returns
$this
Throws
Methods used from Cake\ORM\Locator\LocatorAwareTrait
setTableLocator() public ¶
setTableLocator( Cake\ORM\Locator\LocatorInterface $tableLocator )
Sets the table locator.
Parameters
-
Cake\ORM\Locator\LocatorInterface$tableLocator - LocatorInterface instance.
Returns
$this
tableLocator() public deprecated ¶
tableLocator( Cake\ORM\Locator\LocatorInterface $tableLocator = null )
Sets the table locator. If no parameters are passed, it will return the currently used locator.
Deprecated
Parameters
-
Cake\ORM\Locator\LocatorInterface$tableLocator optional null - LocatorInterface instance.
Returns
Properties detail
$_defaultConfig ¶
Default config for this object.
fieldsThe fields to use to identify a user by.userModelThe alias for users table, defaults to Users.finderThe finder method to use to fetch user record. Defaults to 'all'. You can set finder name as string or an array where key is finder name and value is an array passed toTable::find()options. E.g. ['finderName' => ['some_finder_option' => 'some_value']]passwordHasherPassword hasher class. Can be a string specifying class name or an array containingclassNamekey, any other keys will be passed as config to the class. Defaults to 'Default'.- Options
scopeandcontainhave been deprecated since 3.1. Use custom finder instead to modify the query to fetch user record.
[
'fields' => [
'username' => 'username',
'password' => 'password'
],
'userModel' => 'Users',
'scope' => [],
'finder' => 'all',
'contain' => null,
'passwordHasher' => 'Default'
]
$_needsPasswordRehash ¶
Whether or not the user authenticated by this class requires their password to be rehashed with another algorithm.
false
$_registry ¶
Cake\Controller\ComponentRegistry
A Component registry, used to get more components.