W3cubDocs

Class AuthComponent

Authentication control component class.

Binds access control with user authentication and session management.

Cake\Controller\Component implements Cake\Event\EventListenerInterface uses Cake\Core\InstanceConfigTrait, Cake\Log\LogTrait

Cake\Controller\Component\AuthComponent uses Cake\Event\EventDispatcherTrait

Namespace: Cake\Controller\Component
Link: http://book.cakephp.org/3.0/en/controllers/components/authentication.html
Located at Controller/Component/AuthComponent.php

Method Detail

__getsource public

__get( string $name )

Magic accessor for backward compatibility for property $sessionKey.

Parameters

string $name: Property name

Returns

mixed
mixed

Overrides

Cake\Controller\Component::__get()

__setsource public

__set( string $name , mixed $value )

Magic setter for backward compatibility for property $sessionKey.

Parameters

string $name: Property name.
mixed $value: Value to set.

_getUsersource protected

_getUser( )

Similar to AuthComponent::user() except if user is not found in configured storage, connected authentication objects will have their getUser() methods called.

This lets stateless authentication methods function correctly.

Returns

boolean
true If a user can be found, false if one cannot.

_isAllowedsource protected

_isAllowed( Cake\Controller\Controller $controller )

Checks whether current action is accessible without authentication.

Parameters

Cake\Controller\Controller $controller: A reference to the instantiating controller object

Returns

boolean
True if action is accessible without authentication else false

_isLoginActionsource protected

_isLoginAction( Cake\Controller\Controller $controller )

Normalizes config loginAction and checks if current request URL is same as login action.

Parameters

Cake\Controller\Controller $controller: A reference to the controller object.

Returns

boolean
True if current action is login action else false.

_setDefaultssource protected

_setDefaults( )

Sets defaults for configs.

_unauthenticatedsource protected

_unauthenticated( Cake\Controller\Controller $controller )

Handles unauthenticated access attempt. First the unauthenticated() method of the last authenticator in the chain will be called. The authenticator can handle sending response or redirection as appropriate and return true to indicate no further action is necessary. If authenticator returns null this method redirects user to login action. If it's an AJAX request and config ajaxLogin is specified that element is rendered else a 403 HTTP status code is returned.

Parameters

Cake\Controller\Controller $controller: A reference to the controller object.

Returns

Cake\Network\Response|null
Null if current action is login action else response object returned by authenticate object or Controller::redirect().

_unauthorizedsource protected

_unauthorized( Cake\Controller\Controller $controller )

Handle unauthorized access attempt

Parameters

Cake\Controller\Controller $controller: A reference to the controller object

Returns

Cake\Network\Response
\Cake\Network\Response

Throws

Cake\Network\Exception\ForbiddenException
\Cake\Network\Exception\ForbiddenException

allowsource public

allow( string|array $actions null )

Takes a list of actions in the current controller for which authentication is not required, or no parameters to allow all actions.

You can use allow with either an array or a simple string.

$this->Auth->allow('view');
$this->Auth->allow(['edit', 'add']);

or to allow all actions

$this->Auth->allow();

Parameters

string|array $actions optional null: Controller action name or array of actions

Link

http://book.cakephp.org/3.0/en/controllers/components/authentication.html#making-actions-public

authChecksource public

authCheck( Cake\Event\Event $event )

Main execution method, handles initial authentication check and redirection of invalid users.

The auth check is done when event name is same as the one configured in checkAuthIn config.

Parameters

Cake\Event\Event $event: Event instance.

Returns

Cake\Network\Response|null
\Cake\Network\Response|null

authenticationProvidersource public

authenticationProvider( )

If login was called during this request and the user was successfully authenticated, this function will return the instance of the authentication object that was used for logging the user in.

Returns

Cake\Auth\BaseAuthenticate|null
\Cake\Auth\BaseAuthenticate|null

authorizationProvidersource public

authorizationProvider( )

If there was any authorization processing for the current request, this function will return the instance of the Authorization object that granted access to the user to the current address.

Returns

Cake\Auth\BaseAuthorize|null
\Cake\Auth\BaseAuthorize|null

constructAuthenticatesource public

constructAuthenticate( )

Loads the configured authentication objects.

Returns

array|null
The loaded authorization objects, or null on empty authenticate value.

Throws

Cake\Core\Exception\Exception
\Cake\Core\Exception\Exception

constructAuthorizesource public

constructAuthorize( )

Loads the authorization objects configured.

Returns

array|null
The loaded authorization objects, or null when authorize is empty.

Throws

Cake\Core\Exception\Exception
\Cake\Core\Exception\Exception

denysource public

deny( string|array $actions null )

Removes items from the list of allowed/no authentication required actions.

You can use deny with either an array or a simple string.

$this->Auth->deny('view');
$this->Auth->deny(['edit', 'add']);

$this->Auth->deny();

to remove all items from the allowed list

Parameters

string|array $actions optional null: Controller action name or array of actions

See

Cake\Controller\Component\AuthComponent::allow()

Link

http://book.cakephp.org/3.0/en/controllers/components/authentication.html#making-actions-require-authorization

flashsource public

flash( string $message )

Set a flash message. Uses the Flash component with values from flash config.

Parameters

string $message: The message to set.

getAuthenticatesource public

getAuthenticate( string $alias )

Getter for authenticate objects. Will return a particular authenticate object.

Parameters

string $alias: Alias for the authenticate object

Returns

Cake\Auth\BaseAuthenticate|null
\Cake\Auth\BaseAuthenticate|null

getAuthorizesource public

getAuthorize( string $alias )

Getter for authorize objects. Will return a particular authorize object.

Parameters

string $alias: Alias for the authorize object

Returns

Cake\Auth\BaseAuthorize|null
\Cake\Auth\BaseAuthorize|null

identifysource public

identify( )

Use the configured authentication adapters, and attempt to identify the user by credentials contained in $request.

Triggers Auth.afterIdentify event which the authenticate classes can listen to.

Returns

array|boolean
User record data, or false, if the user could not be identified.

implementedEventssource public

implementedEvents( )

Events supported by this component.

Returns

array
array

Overrides

Cake\Controller\Component::implementedEvents()

initializesource public

initialize( array $config )

Initialize properties.

Parameters

array $config: The config data.

Overrides

Cake\Controller\Component::initialize()

isAuthorizedsource public

isAuthorized( array|null $user null , Cake\Network\Request $request null )

Check if the provided user is authorized for the request.

Uses the configured Authorization adapters to check whether or not a user is authorized. Each adapter will be checked in sequence, if any of them return true, then the user will be authorized for the request.

Parameters

array|null $user optional null: The user to check the authorization of. If empty the user fetched from storage will be used.
Cake\Network\Request $request optional null: The request to authenticate for. If empty, the current request will be used.

Returns

boolean
True if $user is authorized, otherwise false

logoutsource public

logout( )

Log a user out.

Returns the logout action to redirect to. Triggers the Auth.logout event which the authenticate classes can listen for and perform custom logout logic.

Returns

string
Normalized config logoutRedirect

Link

http://book.cakephp.org/3.0/en/controllers/components/authentication.html#logging-users-out

redirectUrlsource public

redirectUrl( string|array $url null )

Get the URL a user should be redirected to upon login.

Pass a URL in to set the destination a user should be redirected to upon logging in.

If no parameter is passed, gets the authentication redirect URL. The URL returned is as per following rules:
- Returns the normalized redirect URL from storage if it is present and for the same domain the current app is running on. - If there is no URL returned from storage and there is a config loginRedirect, the loginRedirect value is returned. - If there is no session and no loginRedirect, / is returned.

Parameters

string|array $url optional null: Optional URL to write as the login redirect URL.

Returns

string
Redirect URL

setUsersource public

setUser( array $user )

Set provided user info to storage as logged in user.

The storage class is configured using storage config key or passing instance to AuthComponent::storage().

Parameters

array $user: Array of user data.

Link

http://book.cakephp.org/3.0/en/controllers/components/authentication.html#identifying-users-and-logging-them-in

startupsource public

startup( Cake\Event\Event $event )

Callback for Controller.startup event.

Parameters

Cake\Event\Event $event: Event instance.

Returns

Cake\Network\Response|null
\Cake\Network\Response|null

storagesource public

storage( Cake\Auth\Storage\StorageInterface $storage null )

Get/set user record storage object.

Parameters

Cake\Auth\Storage\StorageInterface $storage optional null: Sets provided object as storage or if null returns configured storage object.

Returns

Cake\Auth\Storage\StorageInterface|null
\Cake\Auth\Storage\StorageInterface|null

usersource public

user( string $key null )

Get the current user from storage.

Parameters

string $key optional null: Field to retrieve. Leave null to get entire User record.

Returns

array|null
Either User record or null if no user is logged in.

Link

http://book.cakephp.org/3.0/en/controllers/components/authentication.html#accessing-the-logged-in-user

Methods inherited from Cake\Controller\Component

__constructsource public

__construct( Cake\Controller\ComponentRegistry $registry , array $config [] )

Constructor

Parameters

Cake\Controller\ComponentRegistry $registry: A ComponentRegistry this component can use to lazy load its components
array $config optional []: Array of configuration settings.

__debugInfosource public

__debugInfo( )

Returns an array that can be used to describe the internal state of this object.

Returns

array
array

Methods used from Cake\Event\EventDispatcherTrait

dispatchEventsource public

dispatchEvent( string $name , array|null $data null , object|null $subject null )

Wrapper for creating and dispatching events.

Returns a dispatched event.

Parameters

string $name: Name of the event.
array|null $data optional null: Any value you wish to be transported with this event to it can be read by listeners.
object|null $subject optional null: The object that this event applies to ($this by default).

Returns

Cake\Event\Event
\Cake\Event\Event

eventManagersource public

eventManager( Cake\Event\EventManager $eventManager null )

Returns the Cake\Event\EventManager manager instance for this object.

You can use this instance to register any new listeners or callbacks to the object events, or create your own events and trigger them at will.

Parameters

Cake\Event\EventManager $eventManager optional null: the eventManager to set

Returns

Cake\Event\EventManager
\Cake\Event\EventManager

Methods used from Cake\Core\InstanceConfigTrait

_configDeletesource protected

_configDelete( string $key )

Delete a single config key

Parameters

string $key: Key to delete.

Throws

Cake\Core\Exception\Exception
if attempting to clobber existing config

_configReadsource protected

_configRead( string|null $key )

Read a config variable

Parameters

string|null $key: Key to read.

Returns

mixed
mixed

_configWritesource protected

_configWrite( string|array $key , mixed $value , boolean|string $merge false )

Write a config variable

Parameters

string|array $key: Key to write to.
mixed $value: Value to write.
boolean|string $merge optional false: True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.

Throws

Cake\Core\Exception\Exception
if attempting to clobber existing config

configsource public

config( string|array|null $key null , mixed|null $value null , boolean $merge true )

Usage

Reading the whole config:

$this->config();

Reading a specific value:

$this->config('key');

Reading a nested value:

$this->config('some.nested.key');

Setting a specific value:

$this->config('key', $value);

Setting a nested value:

$this->config('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->config(['one' => 'value', 'another' => 'value']);

Parameters

string|array|null $key optional null: The key to get/set, or a complete array of configs.
mixed|null $value optional null: The value to set.
boolean $merge optional true: Whether to recursively merge or overwrite existing config, defaults to true.

Returns

mixed
Config value being read, or the object itself on write operations.

Throws

Cake\Core\Exception\Exception
When trying to set a key that is invalid.

configShallowsource public

configShallow( string|array $key , mixed|null $value null )

Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.

Setting a specific value:

$this->config('key', $value);

Setting a nested value:

$this->config('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->config(['one' => 'value', 'another' => 'value']);

Parameters

string|array $key: The key to set, or a complete array of configs.
mixed|null $value optional null: The value to set.

Returns

mixed
$this The object itself.

Methods used from Cake\Log\LogTrait

logsource public

log( mixed $msg , integer|string $level LogLevel::ERROR , string|array $context [] )

Convenience method to write a message to Log. See Log::write() for more information on writing to logs.

Parameters

mixed $msg: Log message.
integer|string $level optional LogLevel::ERROR: Error level.
string|array $context optional []: Additional log data relevant to this message.

Returns

boolean
Success of log write.

Constants summary

string

ALL

Constant for 'all'

'all'

Properties summary

$_authenticateObjectssource

protected array

Objects that will be used for authentication checks.

[]

$_authenticationProvidersource

protected Cake\Auth\BaseAuthenticate

The instance of the Authenticate provider that was used for successfully logging in the current user after calling login() in the same request

$_authorizationProvidersource

protected Cake\Auth\BaseAuthorize

The instance of the Authorize provider that was used to grant access to the current user to the URL they are requesting.

$_authorizeObjectssource

protected array

Objects that will be used for authorization checks.

[]

$_defaultConfigsource

protected array

Default config

authenticate - An array of authentication objects to use for authenticating users. You can configure multiple adapters and they will be checked sequentially when users are identified.
```
$this->Auth->config('authenticate', [
   'Form' => [
      'userModel' => 'Users.Users'
   ]
]);
```
Using the class name without 'Authenticate' as the key, you can pass in an array of config for each authentication object. Additionally you can define config that should be set to all authentications objects using the 'all' key:
```
$this->Auth->config('authenticate', [
    AuthComponent::ALL => [
       'userModel' => 'Users.Users',
       'scope' => ['Users.active' => 1]
   ],
  'Form',
  'Basic'
]);
```
authorize - An array of authorization objects to use for authorizing users. You can configure multiple adapters and they will be checked sequentially when authorization checks are done.
```
$this->Auth->config('authorize', [
   'Crud' => [
       'actionPath' => 'controllers/'
   ]
]);
```
Using the class name without 'Authorize' as the key, you can pass in an array of config for each authorization object. Additionally you can define config that should be set to all authorization objects using the AuthComponent::ALL key:
```
$this->Auth->config('authorize', [
   AuthComponent::ALL => [
       'actionPath' => 'controllers/'
   ],
   'Crud',
   'CustomAuth'
]);
```
ajaxLogin - The name of an optional view element to render when an Ajax request is made with an invalid or expired session.
flash - Settings to use when Auth needs to do a flash message with FlashComponent::set(). Available keys are:
- key - The message domain to use for flashes generated by this component, defaults to 'auth'. - element - Flash element to use, defaults to 'default'. - params - The array of additional params to use, defaults to ['class' => 'error']
loginAction - A URL (defined as a string or array) to the controller action that handles logins. Defaults to /users/login.
loginRedirect - Normally, if a user is redirected to the loginAction page, the location they were redirected from will be stored in the session so that they can be redirected back after a successful login. If this session value is not set, redirectUrl() method will return the URL specified in loginRedirect.
logoutRedirect - The default action to redirect to after the user is logged out. While AuthComponent does not handle post-logout redirection, a redirect URL will be returned from AuthComponent::logout(). Defaults to loginAction.
authError - Error to display when user attempts to access an object or action to which they do not have access.
unauthorizedRedirect - Controls handling of unauthorized access.
- For default value true unauthorized user is redirected to the referrer URL or $loginRedirect or '/'. - If set to a string or array the value is used as a URL to redirect to. - If set to false a ForbiddenException exception is thrown instead of redirecting.
storage - Storage class to use for persisting user record. When using stateless authenticator you should set this to 'Memory'. Defaults to 'Session'.
checkAuthIn - Name of event for which initial auth checks should be done. Defaults to 'Controller.startup'. You can set it to 'Controller.initialize' if you want the check to be done before controller's beforeFilter() is run.

[
    'authenticate' => null,
    'authorize' => null,
    'ajaxLogin' => null,
    'flash' => null,
    'loginAction' => null,
    'loginRedirect' => null,
    'logoutRedirect' => null,
    'authError' => null,
    'unauthorizedRedirect' => true,
    'storage' => 'Session',
    'checkAuthIn' => 'Controller.startup'
]

$_storagesource

protected Cake\Auth\Storage\StorageInterface

Storage object.

$allowedActionssource

public array

Controller actions for which user validation is not required.

See

Cake\Controller\Component\AuthComponent::allow()

[]

$componentssource

public array

Other components utilized by AuthComponent

['RequestHandler', 'Flash']

$requestsource

public Cake\Network\Request

Request object

$responsesource

public Cake\Network\Response

Response object

$sessionsource

public Cake\Network\Session

Instance of the Session object

Deprecated

3.1.0 Will be removed in 4.0

Properties inherited from Cake\Controller\Component

$_componentMapsource

protected array

A component lookup table used to lazy load component objects.

[]

$_registrysource

protected Cake\Controller\ComponentRegistry

Component registry class used to lazy load components.

Properties used from Cake\Core\InstanceConfigTrait

$_configsource

protected array

Runtime config

[]

$_configInitializedsource

protected boolean

Whether the config property has already been configured with defaults

false

Properties used from Cake\Event\EventDispatcherTrait

$_eventClasssource

protected string

Default class name for new event objects.

'\Cake\Event\Event'

$_eventManagersource

protected Cake\Event\EventManager

Instance of the Cake\Event\EventManager this object is using to dispatch inner events.

null

© 2005–2016 The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
http://api.cakephp.org/3.1/class-Cake.Controller.Component.AuthComponent.html