Gitee
\
Acme
Aura
Intl
Exception
Behavior
Boris
Cake
Auth
Storage
Cache
Engine
Chronos
Benchmarks
Chronos
MutableDateTime
Traits
Collection
Iterator
Command
Console
Exception
Controller
Component
Exception
Core
Configure
Engine
Exception
Retry
Database
Driver
Exception
Expression
Log
Retry
Schema
Statement
Type
Datasource
Exception
Error
Middleware
Event
Decorator
Filesystem
Form
Http
Client
Adapter
Auth
Cookie
Exception
Middleware
Session
I18n
Formatter
Middleware
Parser
Log
Engine
Mailer
Exception
Transport
Network
Exception
ORM
Association
Loader
Behavior
Translate
Exception
Locator
Rule
PHPStan
Routing
Exception
Filter
Middleware
Route
Shell
Helper
Task
Test
Fixture
TestSuite
Constraint
Console
Email
Response
Session
View
Fixture
Stub
Utility
Crypto
Exception
Validation
View
Exception
Form
Helper
Widget
Composer
Autoload
Installers
f4engine
engine
Home
Controller
Monolog
Formatter
Handler
Processor
Org
Net
Util
Psr
Http
Message
Log
Test
SimpleCache
Think
Cache
Driver
Controller
Crypt
Driver
Db
Driver
Image
Driver
Log
Driver
Model
Session
Driver
Storage
Driver
Template
Driver
TagLib
Upload
Driver
Bcs
Qiniu
Zend
Diactoros
Exception
Request
Response

\Cake\AuthBasicAuthenticate

Basic Authentication adapter for AuthComponent.

Provides Basic HTTP authentication support for AuthComponent. Basic Auth will authenticate users against the configured userModel and verify the username and passwords match.

Using Basic auth

Load AuthComponent in your controller's initialize() and add 'Basic' in 'authenticate' key

 $this->loadComponent('Auth', [
     'authenticate' => ['Basic']
     'storage' => 'Memory',
     'unauthorizedRedirect' => false,
 ]);

You should set storage to Memory to prevent CakePHP from sending a session cookie to the client.

You should set unauthorizedRedirect to false. This causes AuthComponent to throw a ForbiddenException exception instead of redirecting to another page.

Since HTTP Basic Authentication is stateless you don't need call setUser() in your controller. The user credentials will be checked on each request. If valid credentials are not provided, required authentication headers will be sent by this authentication provider which triggers the login dialog in the browser/client.

Summary

Methods
Properties
Constants
__construct()
passwordHasher()
needsPasswordRehash()
authenticate()
getUser()
unauthenticated()
implementedEvents()
setConfig()
getConfig()
config()
configShallow()
tableLocator()
setTableLocator()
getTableLocator()
loginHeaders()
No public properties found
No constants found
_findUser()
_query()
_configRead()
_configWrite()
_configDelete()
$_defaultConfig
$_registry
$_passwordHasher
$_needsPasswordRehash
$_config
$_configInitialized
$_tableLocator
N/A
No private methods found
No private properties found
N/A

Properties

$_defaultConfig

$_defaultConfig : array

Default config for this object.

  • fields The fields to use to identify a user by.
  • userModel The alias for users table, defaults to Users.
  • finder The finder method to use to fetch user record. Defaults to 'all'. You can set finder name as string or an array where key is finder name and value is an array passed to Table::find() options. E.g. ['finderName' => ['some_finder_option' => 'some_value']]
  • passwordHasher Password hasher class. Can be a string specifying class name or an array containing className key, any other keys will be passed as config to the class. Defaults to 'Default'.
  • Options scope and contain have been deprecated since 3.1. Use custom finder instead to modify the query to fetch user record.

Type

array

$_needsPasswordRehash

$_needsPasswordRehash : boolean

Whether or not the user authenticated by this class requires their password to be rehashed with another algorithm.

Type

boolean

$_config

$_config : array

Runtime config

Type

array

$_configInitialized

$_configInitialized : boolean

Whether the config property has already been configured with defaults

Type

boolean

Methods

__construct()

__construct(\Cake\Controller\ComponentRegistry  $registry, array  $config = array())

Constructor

Parameters

\Cake\Controller\ComponentRegistry $registry

The Component registry used on this request.
array $config

Array of config to use.

passwordHasher()

passwordHasher() : \Cake\Auth\AbstractPasswordHasher

Return password hasher object

Throws

\RuntimeException

If password hasher class not found or it does not extend AbstractPasswordHasher

Returns

\Cake\Auth\AbstractPasswordHasher

Password hasher instance

needsPasswordRehash()

needsPasswordRehash() : boolean

Returns whether or not the password stored in the repository for the logged in user requires to be rehashed with another algorithm

Returns

boolean

authenticate()

authenticate(\Cake\Http\ServerRequest  $request, \Cake\Http\Response  $response) : mixed

Authenticate a user using HTTP auth. Will use the configured User model and attempt a login using HTTP auth.

Parameters

\Cake\Http\ServerRequest $request

The request to authenticate with.
\Cake\Http\Response $response

The response to add headers to.

Returns

mixed —

Either false on failure, or an array of user data on success.

getUser()

getUser(\Cake\Http\ServerRequest  $request) : mixed

Get a user based on information in the request. Used by cookie-less auth for stateless clients.

Parameters

\Cake\Http\ServerRequest $request

Request object.

Returns

mixed —

Either false or an array of user information

unauthenticated()

unauthenticated(\Cake\Http\ServerRequest  $request, \Cake\Http\Response  $response) : void

Handles an unauthenticated access attempt by sending appropriate login headers

  • Null - No action taken, AuthComponent should return appropriate response.
  • Cake\Http\Response - A response object, which will cause AuthComponent to simply return that response.

Parameters

\Cake\Http\ServerRequest $request

A request object.
\Cake\Http\Response $response

A response object.

Throws

\Cake\Http\Exception\UnauthorizedException

implementedEvents()

implementedEvents() : array

Returns a list of all events that this authenticate class will listen to.

An authenticate class can listen to following events fired by AuthComponent:

  • Auth.afterIdentify - Fired after a user has been identified using one of configured authenticate class. The callback function should have signature like afterIdentify(Event $event, array $user) when $user is the identified user record.

  • Auth.logout - Fired when AuthComponent::logout() is called. The callback function should have signature like logout(Event $event, array $user) where $user is the user about to be logged out.

Returns

array —

List of events this class listens to. Defaults to [].

setConfig()

setConfig(string|array  $key, mixed|null  $value = null, boolean  $merge = true) : $this

Sets the config.

Usage

Setting a specific value:

$this->setConfig('key', $value);

Setting a nested value:

$this->setConfig('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->setConfig(['one' => 'value', 'another' => 'value']);

Parameters

string|array $key

The key to set, or a complete array of configs.
mixed|null $value

The value to set.
boolean $merge

Whether to recursively merge or overwrite existing config, defaults to true.

Throws

\Cake\Core\Exception\Exception

When trying to set a key that is invalid.

Returns

$this

getConfig()

getConfig(string|null  $key = null, mixed  $default = null) : mixed

Returns the config.

Usage

Reading the whole config:

$this->getConfig();

Reading a specific value:

$this->getConfig('key');

Reading a nested value:

$this->getConfig('some.nested.key');

Reading with default value:

$this->getConfig('some-key', 'default-value');

Parameters

string|null $key

The key to get or null for the whole config.
mixed $default

The return value when the key does not exist.

Returns

mixed —

Config value being read.

config()

config(string|array|null  $key = null, mixed|null  $value = null, boolean  $merge = true) : mixed

Gets/Sets the config.

Usage

Reading the whole config:

$this->config();

Reading a specific value:

$this->config('key');

Reading a nested value:

$this->config('some.nested.key');

Setting a specific value:

$this->config('key', $value);

Setting a nested value:

$this->config('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->config(['one' => 'value', 'another' => 'value']);

Parameters

string|array|null $key

The key to get/set, or a complete array of configs.
mixed|null $value

The value to set.
boolean $merge

Whether to recursively merge or overwrite existing config, defaults to true.

Throws

\Cake\Core\Exception\Exception

When trying to set a key that is invalid.

Returns

mixed —

Config value being read, or the object itself on write operations.

configShallow()

configShallow(string|array  $key, mixed|null  $value = null) : $this

Merge provided config with existing config. Unlike `config()` which does a recursive merge for nested keys, this method does a simple merge.

Setting a specific value:

$this->configShallow('key', $value);

Setting a nested value:

$this->configShallow('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->configShallow(['one' => 'value', 'another' => 'value']);

Parameters

string|array $key

The key to set, or a complete array of configs.
mixed|null $value

The value to set.

Returns

$this

tableLocator()

tableLocator(\Cake\ORM\Locator\LocatorInterface|null  $tableLocator = null) : \Cake\ORM\Locator\LocatorInterface

Sets the table locator.

If no parameters are passed, it will return the currently used locator.

Parameters

\Cake\ORM\Locator\LocatorInterface|null $tableLocator

LocatorInterface instance.

Returns

\Cake\ORM\Locator\LocatorInterface

setTableLocator()

setTableLocator(\Cake\ORM\Locator\LocatorInterface  $tableLocator) : $this

Sets the table locator.

Parameters

\Cake\ORM\Locator\LocatorInterface $tableLocator

LocatorInterface instance.

Returns

$this

loginHeaders()

loginHeaders(\Cake\Http\ServerRequest  $request) : array

Generate the login headers

Parameters

\Cake\Http\ServerRequest $request

Request object.

Returns

array —

Headers for logging in.

_findUser()

_findUser(string  $username, string|null  $password = null) : boolean|array

Find a user record using the username and password provided.

Input passwords will be hashed even when a user doesn't exist. This helps mitigate timing attacks that are attempting to find valid usernames.

Parameters

string $username

The username/identifier.
string|null $password

The password, if not provided password checking is skipped and result of find is returned.

Returns

boolean|array —

Either false on failure, or an array of user data.

_query()

_query(string  $username) : \Cake\ORM\Query

Get query object for fetching user from database.

Parameters

string $username

The username/identifier.

Returns

\Cake\ORM\Query

_configRead()

_configRead(string|null  $key) : mixed

Reads a config key.

Parameters

string|null $key

Key to read.

Returns

mixed

_configWrite()

_configWrite(string|array  $key, mixed  $value, boolean|string  $merge = false) : void

Writes a config key.

Parameters

string|array $key

Key to write to.
mixed $value

Value to write.
boolean|string $merge

True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.

Throws

\Cake\Core\Exception\Exception

if attempting to clobber existing config

_configDelete()

_configDelete(string  $key) : void

Deletes a single config key.

Parameters

string $key

Key to delete.

Throws

\Cake\Core\Exception\Exception

if attempting to clobber existing config