QUERY_STRING_REDIRECT
QUERY_STRING_REDIRECT = 'redirect'
The query string key used for remembering the referrered page when getting redirected to login.
Authentication control component class.
Binds access control with user authentication and session management.
$request : \Cake\Http\ServerRequest
Request object
$response : \Cake\Http\Response
Response object
$session : \Cake\Http\Session
Instance of the Session object
$_eventManager : \Cake\Event\EventManagerInterface|\Cake\Event\EventManager
Instance of the Cake\Event\EventManager this object is using to dispatch inner events.
$_registry : \Cake\Controller\ComponentRegistry
Component registry class used to lazy load components.
$_defaultConfig : array
Default config
authenticate - An array of authentication objects to use for authenticating users.
You can configure multiple adapters and they will be checked sequentially
when users are identified.
$this->Auth->setConfig('authenticate', [
'Form' => [
'userModel' => 'Users.Users'
]
]);Using the class name without 'Authenticate' as the key, you can pass in an array of config for each authentication object. Additionally you can define config that should be set to all authentications objects using the 'all' key:
$this->Auth->setConfig('authenticate', [
AuthComponent::ALL => [
'userModel' => 'Users.Users',
'scope' => ['Users.active' => 1]
],
'Form',
'Basic'
]);authorize - An array of authorization objects to use for authorizing users.
You can configure multiple adapters and they will be checked sequentially
when authorization checks are done.
$this->Auth->setConfig('authorize', [
'Crud' => [
'actionPath' => 'controllers/'
]
]);Using the class name without 'Authorize' as the key, you can pass in an array of config for each authorization object. Additionally you can define config that should be set to all authorization objects using the AuthComponent::ALL key:
$this->Auth->setConfig('authorize', [
AuthComponent::ALL => [
'actionPath' => 'controllers/'
],
'Crud',
'CustomAuth'
]);ajaxLogin
flash - Settings to use when Auth needs to do a flash message with
FlashComponent::set(). Available keys are:
key - The message domain to use for flashes generated by this component,
defaults to 'auth'.element - Flash element to use, defaults to 'default'.params - The array of additional params to use, defaults to ['class' => 'error']loginAction - A URL (defined as a string or array) to the controller action
that handles logins. Defaults to /users/login.
loginRedirect - Normally, if a user is redirected to the loginAction page,
the location they were redirected from will be stored in the session so that
they can be redirected back after a successful login. If this session value
is not set, redirectUrl() method will return the URL specified in loginRedirect.
logoutRedirect - The default action to redirect to after the user is logged out.
While AuthComponent does not handle post-logout redirection, a redirect URL
will be returned from AuthComponent::logout(). Defaults to loginAction.
authError - Error to display when user attempts to access an object or
action to which they do not have access.
unauthorizedRedirect - Controls handling of unauthorized access.
true unauthorized user is redirected to the referrer URL
or $loginRedirect or '/'.ForbiddenException exception is thrown instead of redirecting.storage - Storage class to use for persisting user record. When using
stateless authenticator you should set this to 'Memory'. Defaults to 'Session'.
checkAuthIn - Name of event for which initial auth checks should be done.
Defaults to 'Controller.startup'. You can set it to 'Controller.initialize'
if you want the check to be done before controller's beforeFilter() is run.$_authenticateObjects : array<mixed,\Cake\Auth\BaseAuthenticate>
Objects that will be used for authentication checks.
$_authorizeObjects : array<mixed,\Cake\Auth\BaseAuthorize>
Objects that will be used for authorization checks.
$_storage : \Cake\Auth\Storage\StorageInterface|null
Storage object.
$_authenticationProvider : \Cake\Auth\BaseAuthenticate|null
The instance of the Authenticate provider that was used for successfully logging in the current user after calling `login()` in the same request
$_authorizationProvider : \Cake\Auth\BaseAuthorize|null
The instance of the Authorize provider that was used to grant access to the current user to the URL they are requesting.
eventManager(\Cake\Event\EventManager|null $eventManager = null) : \Cake\Event\EventManager
Returns the Cake\Event\EventManager manager instance for this object.
You can use this instance to register any new listeners or callbacks to the object events, or create your own events and trigger them at will.
| \Cake\Event\EventManager|null | $eventManager | the eventManager to set |
getEventManager() : \Cake\Event\EventManager
Returns the Cake\Event\EventManager manager instance for this object.
You can use this instance to register any new listeners or callbacks to the object events, or create your own events and trigger them at will.
setEventManager(\Cake\Event\EventManager $eventManager) : $this
Returns the Cake\Event\EventManager manager instance for this object.
You can use this instance to register any new listeners or callbacks to the object events, or create your own events and trigger them at will.
| \Cake\Event\EventManager | $eventManager | the eventManager to set |
dispatchEvent(string $name, array|null $data = null, object|null $subject = null) : \Cake\Event\Event
Wrapper for creating and dispatching events.
Returns a dispatched event.
| string | $name | Name of the event. |
| array|null | $data | Any value you wish to be transported with this event to it can be read by listeners. |
| object|null | $subject | The object that this event applies to ($this by default). |
__construct(\Cake\Controller\ComponentRegistry $registry, array $config = array())
Constructor
| \Cake\Controller\ComponentRegistry | $registry | A ComponentRegistry this component can use to lazy load its components |
| array | $config | Array of configuration settings. |
getController() : \Cake\Controller\Controller
Get the controller this component is bound to.
The bound controller.
implementedEvents() : array
Events supported by this component.
Uses Conventions to map controller events to standard component callback method names. By defining one of the callback methods a component is assumed to be interested in the related event.
Override this method if you need to add non-conventional event listeners. Or if you want components to listen to non-standard events.
setConfig(string|array $key, mixed|null $value = null, boolean $merge = true) : $this
Sets the config.
Setting a specific value:
$this->setConfig('key', $value);Setting a nested value:
$this->setConfig('some.nested.key', $value);Updating multiple config settings at the same time:
$this->setConfig(['one' => 'value', 'another' => 'value']);| string|array | $key | The key to set, or a complete array of configs. |
| mixed|null | $value | The value to set. |
| boolean | $merge | Whether to recursively merge or overwrite existing config, defaults to true. |
When trying to set a key that is invalid.
getConfig(string|null $key = null, mixed $default = null) : mixed
Returns the config.
Reading the whole config:
$this->getConfig();Reading a specific value:
$this->getConfig('key');Reading a nested value:
$this->getConfig('some.nested.key');Reading with default value:
$this->getConfig('some-key', 'default-value');| string|null | $key | The key to get or null for the whole config. |
| mixed | $default | The return value when the key does not exist. |
Config value being read.
config(string|array|null $key = null, mixed|null $value = null, boolean $merge = true) : mixed
Gets/Sets the config.
Reading the whole config:
$this->config();Reading a specific value:
$this->config('key');Reading a nested value:
$this->config('some.nested.key');Setting a specific value:
$this->config('key', $value);Setting a nested value:
$this->config('some.nested.key', $value);Updating multiple config settings at the same time:
$this->config(['one' => 'value', 'another' => 'value']);| string|array|null | $key | The key to get/set, or a complete array of configs. |
| mixed|null | $value | The value to set. |
| boolean | $merge | Whether to recursively merge or overwrite existing config, defaults to true. |
When trying to set a key that is invalid.
Config value being read, or the object itself on write operations.
configShallow(string|array $key, mixed|null $value = null) : $this
Merge provided config with existing config. Unlike `config()` which does a recursive merge for nested keys, this method does a simple merge.
Setting a specific value:
$this->configShallow('key', $value);Setting a nested value:
$this->configShallow('some.nested.key', $value);Updating multiple config settings at the same time:
$this->configShallow(['one' => 'value', 'another' => 'value']);| string|array | $key | The key to set, or a complete array of configs. |
| mixed|null | $value | The value to set. |
log(mixed $msg, integer|string $level = \Psr\Log\LogLevel::ERROR, string|array $context = array()) : boolean
Convenience method to write a message to Log. See Log::write() for more information on writing to logs.
| mixed | $msg | Log message. |
| integer|string | $level | Error level. |
| string|array | $context | Additional log data relevant to this message. |
Success of log write.
startup(\Cake\Event\Event $event) : \Cake\Http\Response|null
Callback for Controller.startup event.
| \Cake\Event\Event | $event | Event instance. |
authCheck(\Cake\Event\Event $event) : \Cake\Http\Response|null
Main execution method, handles initial authentication check and redirection of invalid users.
The auth check is done when event name is same as the one configured in
checkAuthIn config.
| \Cake\Event\Event | $event | Event instance. |
isAuthorized(array|\ArrayAccess|null $user = null, \Cake\Http\ServerRequest|null $request = null) : boolean
Check if the provided user is authorized for the request.
Uses the configured Authorization adapters to check whether or not a user is authorized. Each adapter will be checked in sequence, if any of them return true, then the user will be authorized for the request.
| array|\ArrayAccess|null | $user | The user to check the authorization of. If empty the user fetched from storage will be used. |
| \Cake\Http\ServerRequest|null | $request | The request to authenticate for. If empty, the current request will be used. |
True if $user is authorized, otherwise false
getAuthorize(string $alias) : \Cake\Auth\BaseAuthorize|null
Getter for authorize objects. Will return a particular authorize object.
| string | $alias | Alias for the authorize object |
allow(string|array|null $actions = null) : void
Takes a list of actions in the current controller for which authentication is not required, or no parameters to allow all actions.
You can use allow with either an array or a simple string.
$this->Auth->allow('view');
$this->Auth->allow(['edit', 'add']);or to allow all actions
$this->Auth->allow();| string|array|null | $actions | Controller action name or array of actions |
deny(string|array|null $actions = null) : void
Removes items from the list of allowed/no authentication required actions.
You can use deny with either an array or a simple string.
$this->Auth->deny('view');
$this->Auth->deny(['edit', 'add']);or
$this->Auth->deny();to remove all items from the allowed list
| string|array|null | $actions | Controller action name or array of actions |
redirectUrl(string|array|null $url = null) : string
Get the URL a user should be redirected to upon login.
Pass a URL in to set the destination a user should be redirected to upon logging in.
If no parameter is passed, gets the authentication redirect URL. The URL returned is as per following rules:
loginRedirect, the loginRedirect value is returned.loginRedirect, / is returned.| string|array|null | $url | Optional URL to write as the login redirect URL. |
Redirect URL
identify() : array|boolean
Use the configured authentication adapters, and attempt to identify the user by credentials contained in $request.
Triggers Auth.afterIdentify event which the authenticate classes can listen
to.
User record data, or false, if the user could not be identified.
storage(\Cake\Auth\Storage\StorageInterface|null $storage = null) : \Cake\Auth\Storage\StorageInterface|null
Get/set user record storage object.
| \Cake\Auth\Storage\StorageInterface|null | $storage | Sets provided object as storage or if null returns configured storage object. |
getAuthenticate(string $alias) : \Cake\Auth\BaseAuthenticate|null
Getter for authenticate objects. Will return a particular authenticate object.
| string | $alias | Alias for the authenticate object |
authenticationProvider() : \Cake\Auth\BaseAuthenticate|null
If login was called during this request and the user was successfully authenticated, this function will return the instance of the authentication object that was used for logging the user in.
authorizationProvider() : \Cake\Auth\BaseAuthorize|null
If there was any authorization processing for the current request, this function will return the instance of the Authorization object that granted access to the user to the current address.
_configWrite(string|array $key, mixed $value, boolean|string $merge = false) : void
Writes a config key.
| string|array | $key | Key to write to. |
| mixed | $value | Value to write. |
| boolean|string | $merge | True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false. |
if attempting to clobber existing config
_isAllowed(\Cake\Controller\Controller $controller) : boolean
Checks whether current action is accessible without authentication.
| \Cake\Controller\Controller | $controller | A reference to the instantiating controller object |
True if action is accessible without authentication else false
_unauthenticated(\Cake\Controller\Controller $controller) : \Cake\Http\Response|null
Handles unauthenticated access attempt. First the `unauthenticated()` method of the last authenticator in the chain will be called. The authenticator can handle sending response or redirection as appropriate and return `true` to indicate no further action is necessary. If authenticator returns null this method redirects user to login action. If it's an AJAX request and config `ajaxLogin` is specified that element is rendered else a 403 HTTP status code is returned.
| \Cake\Controller\Controller | $controller | A reference to the controller object. |
Null if current action is login action else response object returned by authenticate object or Controller::redirect().
_isLoginAction(\Cake\Controller\Controller $controller) : boolean
Normalizes config `loginAction` and checks if current request URL is same as login action.
| \Cake\Controller\Controller | $controller | A reference to the controller object. |
True if current action is login action else false.
_unauthorized(\Cake\Controller\Controller $controller) : \Cake\Http\Response
Handle unauthorized access attempt
| \Cake\Controller\Controller | $controller | A reference to the controller object |
_getUser() : boolean
Similar to AuthComponent::user() except if user is not found in configured storage, connected authentication objects will have their getUser() methods called.
This lets stateless authentication methods function correctly.
true If a user can be found, false if one cannot.