Class BaseAuthenticate

Base Authentication class with common methods and properties.

BaseAuthenticate implements CakeEventListener

Direct Subclasses

Indirect Subclasses

Abstract
Package: Cake\Controller\Component\Auth
Copyright: Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
License: MIT License
Location: Cake/Controller/Component/Auth/BaseAuthenticate.php

Properties summary

Method Summary

  • __construct() public
    Constructor
  • _findUser() protected
    Find a user record using the standard options.
  • _password() protected

    Hash the plain text password so that it matches the hashed/encrypted password in the datasource.

  • authenticate() abstract public
    Authenticate a user based on the request information.
  • getUser() public

    Get a user based on information in the request. Primarily used by stateless authentication systems like basic and digest auth.

  • Implemented events
  • logout() public

    Allows you to hook into AuthComponent::logout(), and implement specialized logout behavior.

  • Return password hasher object
  • Handle unauthenticated access attempt.

Method Detail

__construct()source public

__construct( ComponentCollection $collection , array $settings )

Constructor

Parameters

ComponentCollection $collection
The Component collection used on this request.
array $settings
Array of settings to use.

_findUser()source protected

_findUser( string|array $username , string $password null )

Find a user record using the standard options.

The $username parameter can be a (string)username or an array containing conditions for Model::find('first'). If the $password param is not provided the password field will be present in returned array.

Input passwords will be hashed even when a user doesn't exist. This helps mitigate timing attacks that are attempting to find valid usernames.

Parameters

string|array $username
The username/identifier, or an array of find conditions.
string $password optional null
The password, only used if $username param is string.

Returns

boolean|array
Either false on failure, or an array of user data.

_password()source protected

_password( string $password )

Hash the plain text password so that it matches the hashed/encrypted password in the datasource.

Deprecated

3.0.0 Since 2.4. Use a PasswordHasher class instead.

Parameters

string $password
The plain text password.

Returns

string
The hashed form of the password.

authenticate()source abstract public

authenticate( CakeRequest $request , CakeResponse $response )

Authenticate a user based on the request information.

Parameters

CakeRequest $request
Request to get authentication information from.
CakeResponse $response
A response object that can have headers added.

Returns

mixed
Either false on failure, or an array of user data on success.

getUser()source public

getUser( CakeRequest $request )

Get a user based on information in the request. Primarily used by stateless authentication systems like basic and digest auth.

Parameters

CakeRequest $request
Request object.

Returns

mixed
Either false or an array of user information

implementedEvents()source public

implementedEvents( )

Implemented events

Returns

array
of events => callbacks.

Implementation of

CakeEventListener::implementedEvents()

logout()source public

logout( array $user )

Allows you to hook into AuthComponent::logout(), and implement specialized logout behavior.

All attached authentication objects will have this method called when a user logs out.

Parameters

array $user
The user about to be logged out.

passwordHasher()source public

passwordHasher( )

Return password hasher object

Returns

AbstractPasswordHasher
Password hasher instance

Throws

CakeException

If password hasher class not found or it does not extend AbstractPasswordHasher


unauthenticated()source public

unauthenticated( CakeRequest $request , CakeResponse $response )

Handle unauthenticated access attempt.

Parameters

CakeRequest $request
A request object.
CakeResponse $response
A response object.

Returns

mixed

Either true to indicate the unauthenticated request has been dealt with and no more action is required by AuthComponent or void (default).


Properties detail

$_Collectionsource

protected ComponentCollection

A Component collection, used to get more components.

$_passwordHashersource

protected AbstractPasswordHasher

Password hasher instance.

$settingssource

public array

Settings for this object.

  • fields The fields to use to identify a user by.
  • userModel The model name of the User, defaults to User.
  • userFields Array of fields to retrieve from User model, null to retrieve all. Defaults to null.
  • scope Additional conditions to use when looking up and authenticating users, i.e. array('User.is_active' => 1).
  • recursive The value of the recursive key passed to find(). Defaults to 0.
  • contain Extra models to contain and store in session.
  • passwordHasher Password hasher class. Can be a string specifying class name or an array containing className key, any other keys will be passed as settings to the class. Defaults to 'Simple'.
array(
    'fields' => array(
        'username' => 'username',
        'password' => 'password'
    ),
    'userModel' => 'User',
    'userFields' => null,
    'scope' => array(),
    'recursive' => 0,
    'contain' => null,
    'passwordHasher' => 'Simple'
)

© 2005–2017 The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/2.10/class-BaseAuthenticate.html