Authentication control component class.
Binds access control with user authentication and session management.
string
'all'
string
'redirect'
\Cake\Controller\Component\FlashComponent
\Cake\Controller\Component\RequestHandlerComponent
\Cake\Auth\BaseAuthenticate[]
Objects that will be used for authentication checks.
\Cake\Auth\BaseAuthenticate|null
The instance of the Authenticate provider that was used for successfully logging in the current user after calling login()
in the same request
\Cake\Auth\BaseAuthorize|null
The instance of the Authorize provider that was used to grant access to the current user to the URL they are requesting.
\Cake\Auth\BaseAuthorize[]
Objects that will be used for authorization checks.
array
A component lookup table used to lazy load component objects.
array
Runtime config
bool
Whether the config property has already been configured with defaults
array
Default config
string
Default class name for new event objects.
\Cake\Event\EventManagerInterface
Instance of the Cake\Event\EventManager this object is using to dispatch inner events.
\Cake\Controller\ComponentRegistry
Component registry class used to lazy load components.
\Cake\Auth\Storage\StorageInterface|null
Storage object.
string[]
Controller actions for which user validation is not required.
array
Other components utilized by AuthComponent
Returns an array that can be used to describe the internal state of this object.
Similar to AuthComponent::user() except if user is not found in configured storage, connected authentication objects will have their getUser() methods called.
Normalizes config loginAction
and checks if current request URL is same as login action.
Handles unauthenticated access attempt. First the unauthenticated()
method of the last authenticator in the chain will be called. The authenticator can handle sending response or redirection as appropriate and return true
to indicate no further action is necessary. If authenticator returns null this method redirects user to login action.
Takes a list of actions in the current controller for which authentication is not required, or no parameters to allow all actions.
Main execution method, handles initial authentication check and redirection of invalid users.
If login was called during this request and the user was successfully authenticated, this function will return the instance of the authentication object that was used for logging the user in.
If there was any authorization processing for the current request, this function will return the instance of the Authorization object that granted access to the user to the current address.
Merge provided config with existing config. Unlike config()
which does a recursive merge for nested keys, this method does a simple merge.
Getter for authenticate objects. Will return a particular authenticate object.
Use the configured authentication adapters, and attempt to identify the user by credentials contained in $request.
Convenience method to write a message to Log. See Log::write() for more information on writing to logs.
__construct(\Cake\Controller\ComponentRegistry $registry, array $config)
Constructor
\Cake\Controller\ComponentRegistry
$registry A component registry this component can use to lazy load its components.
array
$config optional Array of configuration settings.
__debugInfo()
Returns an array that can be used to describe the internal state of this object.
array
__get(string $name)
Magic accessor for backward compatibility for property $sessionKey
.
string
$name Property name
mixed
__set(string $name, mixed $value)
Magic setter for backward compatibility for property $sessionKey
.
string
$name Property name.
mixed
$value Value to set.
_configDelete(string $key)
Deletes a single config key.
string
$key Key to delete.
Cake\Core\Exception\Exception
_configRead(?string $key)
Reads a config key.
string|null
$key Key to read.
mixed
_configWrite(mixed $key, mixed $value, mixed $merge)
Writes a config key.
string|array
$key Key to write to.
mixed
$value Value to write.
bool|string
$merge optional True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.
Cake\Core\Exception\Exception
_getUrlToRedirectBackTo()
Returns the URL to redirect back to or / if not possible.
This method takes the referrer into account if the request is not of type GET.
string
_getUser()
Similar to AuthComponent::user() except if user is not found in configured storage, connected authentication objects will have their getUser() methods called.
This lets stateless authentication methods function correctly.
bool
true If a user can be found, false if one cannot.
_isAllowed(\Cake\Controller\Controller $controller)
Checks whether current action is accessible without authentication.
\Cake\Controller\Controller
$controller A reference to the instantiating controller object
bool
True if action is accessible without authentication else false
_isLoginAction(\Cake\Controller\Controller $controller)
Normalizes config loginAction
and checks if current request URL is same as login action.
\Cake\Controller\Controller
$controller A reference to the controller object.
bool
True if current action is login action else false.
_loginActionRedirectUrl()
Returns the URL of the login action to redirect to.
This includes the redirect query string if applicable.
array|string
_setDefaults()
Sets defaults for configs.
_unauthenticated(\Cake\Controller\Controller $controller)
Handles unauthenticated access attempt. First the unauthenticated()
method of the last authenticator in the chain will be called. The authenticator can handle sending response or redirection as appropriate and return true
to indicate no further action is necessary. If authenticator returns null this method redirects user to login action.
\Cake\Controller\Controller
$controller A reference to the controller object.
\Cake\Http\Response|null
Null if current action is login action else response object returned by authenticate object or Controller::redirect().
Cake\Core\Exception\Exception
_unauthorized(\Cake\Controller\Controller $controller)
Handle unauthorized access attempt
\Cake\Controller\Controller
$controller A reference to the controller object
\Cake\Http\Response|null
Cake\Http\Exception\ForbiddenException
allow(mixed $actions)
Takes a list of actions in the current controller for which authentication is not required, or no parameters to allow all actions.
You can use allow with either an array or a simple string.
$this->Auth->allow('view'); $this->Auth->allow(['edit', 'add']);
or to allow all actions
$this->Auth->allow();
string|string[]|null
$actions optional Controller action name or array of actions
authCheck(\Cake\Event\EventInterface $event)
Main execution method, handles initial authentication check and redirection of invalid users.
The auth check is done when event name is same as the one configured in checkAuthIn
config.
\Cake\Event\EventInterface
$event Event instance.
\Cake\Http\Response|null
ReflectionException
authenticationProvider()
If login was called during this request and the user was successfully authenticated, this function will return the instance of the authentication object that was used for logging the user in.
\Cake\Auth\BaseAuthenticate|null
authorizationProvider()
If there was any authorization processing for the current request, this function will return the instance of the Authorization object that granted access to the user to the current address.
\Cake\Auth\BaseAuthorize|null
configShallow(mixed $key, mixed $value)
Merge provided config with existing config. Unlike config()
which does a recursive merge for nested keys, this method does a simple merge.
Setting a specific value:
$this->configShallow('key', $value);
Setting a nested value:
$this->configShallow('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->configShallow(['one' => 'value', 'another' => 'value']);
string|array
$key The key to set, or a complete array of configs.
mixed|null
$value optional The value to set.
$this
constructAuthenticate()
Loads the configured authentication objects.
array|null
The loaded authorization objects, or null on empty authenticate value.
Cake\Core\Exception\Exception
constructAuthorize()
Loads the authorization objects configured.
array|null
The loaded authorization objects, or null when authorize is empty.
Cake\Core\Exception\Exception
deny(mixed $actions)
Removes items from the list of allowed/no authentication required actions.
You can use deny with either an array or a simple string.
$this->Auth->deny('view'); $this->Auth->deny(['edit', 'add']);
or
$this->Auth->deny();
to remove all items from the allowed list
string|string[]|null
$actions optional Controller action name or array of actions
dispatchEvent(string $name, ?array $data, ?object $subject)
Wrapper for creating and dispatching events.
Returns a dispatched event.
string
$name Name of the event.
array|null
$data optional Any value you wish to be transported with this event to it can be read by listeners.
object|null
$subject optional The object that this event applies to ($this by default).
\Cake\Event\EventInterface
flash(mixed $message)
Set a flash message. Uses the Flash component with values from flash
config.
string|false
$message The message to set. False to skip.
getAuthenticate(string $alias)
Getter for authenticate objects. Will return a particular authenticate object.
string
$alias Alias for the authenticate object
\Cake\Auth\BaseAuthenticate|null
getAuthorize(string $alias)
Getter for authorize objects. Will return a particular authorize object.
string
$alias Alias for the authorize object
\Cake\Auth\BaseAuthorize|null
getConfig(?string $key, mixed $default)
Returns the config.
Reading the whole config:
$this->getConfig();
Reading a specific value:
$this->getConfig('key');
Reading a nested value:
$this->getConfig('some.nested.key');
Reading with default value:
$this->getConfig('some-key', 'default-value');
string|null
$key optional The key to get or null for the whole config.
mixed
$default optional The return value when the key does not exist.
mixed
Configuration data at the named key or null if the key does not exist.
getConfigOrFail(string $key)
Returns the config for this specific key.
The config value for this key must exist, it can never be null.
string
$key The key to get.
mixed
Configuration data at the named key
InvalidArgumentException
getController()
Get the controller this component is bound to.
\Cake\Controller\Controller
The bound controller.
getEventManager()
Returns the Cake\Event\EventManager manager instance for this object.
You can use this instance to register any new listeners or callbacks to the object events, or create your own events and trigger them at will.
\Cake\Event\EventManagerInterface
identify()
Use the configured authentication adapters, and attempt to identify the user by credentials contained in $request.
Triggers Auth.afterIdentify
event which the authenticate classes can listen to.
array|false
User record data, or false, if the user could not be identified.
implementedEvents()
Events supported by this component.
array
initialize(array $config)
Initialize properties.
array
$config The config data.
isAuthorized(mixed $user, ?\Cake\Http\ServerRequest $request)
Check if the provided user is authorized for the request.
Uses the configured Authorization adapters to check whether or not a user is authorized. Each adapter will be checked in sequence, if any of them return true, then the user will be authorized for the request.
array|\ArrayAccess|null
$user optional The user to check the authorization of. If empty the user fetched from storage will be used.
\Cake\Http\ServerRequest|null
$request optional The request to authenticate for. If empty, the current request will be used.
bool
True if $user is authorized, otherwise false
log(string $message, mixed $level, mixed $context)
Convenience method to write a message to Log. See Log::write() for more information on writing to logs.
string
$message Log message.
int|string
$level optional Error level.
string|array
$context optional Additional log data relevant to this message.
bool
Success of log write.
logout()
Log a user out.
Returns the logout action to redirect to. Triggers the Auth.logout
event which the authenticate classes can listen for and perform custom logout logic.
string
Normalized config logoutRedirect
redirectUrl(mixed $url)
Get the URL a user should be redirected to upon login.
Pass a URL in to set the destination a user should be redirected to upon logging in.
If no parameter is passed, gets the authentication redirect URL. The URL returned is as per following rules:
loginRedirect
, the loginRedirect
value is returned.loginRedirect
, / is returned.string|array|null
$url optional Optional URL to write as the login redirect URL.
string
Redirect URL
setConfig(mixed $key, mixed $value, mixed $merge)
Sets the config.
Setting a specific value:
$this->setConfig('key', $value);
Setting a nested value:
$this->setConfig('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->setConfig(['one' => 'value', 'another' => 'value']);
string|array
$key The key to set, or a complete array of configs.
mixed|null
$value optional The value to set.
bool
$merge optional Whether to recursively merge or overwrite existing config, defaults to true.
$this
Cake\Core\Exception\Exception
setEventManager(\Cake\Event\EventManagerInterface $eventManager)
Returns the Cake\Event\EventManagerInterface instance for this object.
You can use this instance to register any new listeners or callbacks to the object events, or create your own events and trigger them at will.
\Cake\Event\EventManagerInterface
$eventManager the eventManager to set
$this
setUser(mixed $user)
Set provided user info to storage as logged in user.
The storage class is configured using storage
config key or passing instance to AuthComponent::storage().
array|\ArrayAccess
$user User data.
startup(\Cake\Event\EventInterface $event)
Callback for Controller.startup event.
\Cake\Event\EventInterface
$event Event instance.
\Cake\Http\Response|null
storage(?\Cake\Auth\Storage\StorageInterface $storage)
Get/set user record storage object.
\Cake\Auth\Storage\StorageInterface|null
$storage optional Sets provided object as storage or if null returns configured storage object.
\Cake\Auth\Storage\StorageInterface|null
user(?string $key)
Get the current user from storage.
string|null
$key optional Field to retrieve. Leave null to get entire User record.
mixed|null
Either User record or null if no user is logged in, or retrieved field if key is specified.
\Cake\Controller\Component\FlashComponent
\Cake\Controller\Component\RequestHandlerComponent
Objects that will be used for authentication checks.
\Cake\Auth\BaseAuthenticate[]
The instance of the Authenticate provider that was used for successfully logging in the current user after calling login()
in the same request
\Cake\Auth\BaseAuthenticate|null
The instance of the Authorize provider that was used to grant access to the current user to the URL they are requesting.
\Cake\Auth\BaseAuthorize|null
Objects that will be used for authorization checks.
\Cake\Auth\BaseAuthorize[]
A component lookup table used to lazy load component objects.
array
Runtime config
array
Whether the config property has already been configured with defaults
bool
Default config
authenticate
- An array of authentication objects to use for authenticating users. You can configure multiple adapters and they will be checked sequentially when users are identified.
$this->Auth->setConfig('authenticate', [ 'Form' => [ 'userModel' => 'Users.Users' ] ]);
Using the class name without 'Authenticate' as the key, you can pass in an array of config for each authentication object. Additionally you can define config that should be set to all authentications objects using the 'all' key:
$this->Auth->setConfig('authenticate', [ AuthComponent::ALL => [ 'userModel' => 'Users.Users', 'scope' => ['Users.active' => 1] ], 'Form', 'Basic' ]);
authorize
- An array of authorization objects to use for authorizing users. You can configure multiple adapters and they will be checked sequentially when authorization checks are done.
$this->Auth->setConfig('authorize', [ 'Crud' => [ 'actionPath' => 'controllers/' ] ]);
Using the class name without 'Authorize' as the key, you can pass in an array of config for each authorization object. Additionally you can define config that should be set to all authorization objects using the AuthComponent::ALL key:
$this->Auth->setConfig('authorize', [ AuthComponent::ALL => [ 'actionPath' => 'controllers/' ], 'Crud', 'CustomAuth' ]);
flash
- Settings to use when Auth needs to do a flash message with FlashComponent::set(). Available keys are:
key
- The message domain to use for flashes generated by this component, defaults to 'auth'.element
- Flash element to use, defaults to 'default'.params
- The array of additional params to use, defaults to ['class' => 'error']loginAction
- A URL (defined as a string or array) to the controller action that handles logins. Defaults to /users/login
.
loginRedirect
- Normally, if a user is redirected to the loginAction
page, the location they were redirected from will be stored in the session so that they can be redirected back after a successful login. If this session value is not set, redirectUrl() method will return the URL specified in loginRedirect
.
logoutRedirect
- The default action to redirect to after the user is logged out. While AuthComponent does not handle post-logout redirection, a redirect URL will be returned from AuthComponent::logout()
. Defaults to loginAction
.
authError
- Error to display when user attempts to access an object or action to which they do not have access.
unauthorizedRedirect
- Controls handling of unauthorized access.
true
unauthorized user is redirected to the referrer URL or $loginRedirect
or '/'.ForbiddenException
exception is thrown instead of redirecting.storage
- Storage class to use for persisting user record. When using stateless authenticator you should set this to 'Memory'. Defaults to 'Session'.
checkAuthIn
- Name of event for which initial auth checks should be done. Defaults to 'Controller.startup'. You can set it to 'Controller.initialize' if you want the check to be done before controller's beforeFilter() is run.
array
Default class name for new event objects.
string
Instance of the Cake\Event\EventManager this object is using to dispatch inner events.
\Cake\Event\EventManagerInterface
Component registry class used to lazy load components.
\Cake\Controller\ComponentRegistry
Storage object.
\Cake\Auth\Storage\StorageInterface|null
Controller actions for which user validation is not required.
string[]
Other components utilized by AuthComponent
array
© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.1/class-Cake.Controller.Component.AuthComponent.html