Class BasicAuthenticate
Basic Authentication adapter for AuthComponent.
Provides Basic HTTP authentication support for AuthComponent. Basic Auth will authenticate users against the configured userModel and verify the username and passwords match.
Using Basic auth
Load AuthComponent in your controller's initialize() and add 'Basic' in 'authenticate' key
$this->loadComponent('Auth', [ 'authenticate' => ['Basic'] 'storage' => 'Memory', 'unauthorizedRedirect' => false, ]);
You should set storage to Memory to prevent CakePHP from sending a
session cookie to the client.
You should set unauthorizedRedirect to false. This causes AuthComponent to
throw a ForbiddenException exception instead of redirecting to another page.
Since HTTP Basic Authentication is stateless you don't need call setUser()
in your controller. The user credentials will be checked on each request. If
valid credentials are not provided, required authentication headers will be sent
by this authentication provider which triggers the login dialog in the browser/client.
- Cake\Auth\BaseAuthenticate implements Cake\Event\EventListenerInterface uses Cake\Core\InstanceConfigTrait , Cake\ORM\Locator\LocatorAwareTrait
-
Cake\Auth\BasicAuthenticate
Direct Subclasses
See: https://book.cakephp.org/3.0/en/controllers/components/authentication.html
Location: Auth/BasicAuthenticate.php
Inherited Properties
Method Summary
-
authenticate() public
Authenticate a user using HTTP auth. Will use the configured User model and attempt a login using HTTP auth.
-
getUser() public
Get a user based on information in the request. Used by cookie-less auth for stateless clients. -
loginHeaders() public
Generate the login headers -
unauthenticated() public
Handles an unauthenticated access attempt by sending appropriate login headers
Method Detail
authenticate() public ¶
authenticate( Cake\Http\ServerRequest $request , Cake\Http\Response $response )
Authenticate a user using HTTP auth. Will use the configured User model and attempt a login using HTTP auth.
Parameters
-
Cake\Http\ServerRequest$request - The request to authenticate with.
-
Cake\Http\Response$response - The response to add headers to.
Returns
Either false on failure, or an array of user data on success.
getUser() public ¶
getUser( Cake\Http\ServerRequest $request )
Get a user based on information in the request. Used by cookie-less auth for stateless clients.
Parameters
-
Cake\Http\ServerRequest$request - Request object.
Returns
Either false or an array of user information
Overrides
loginHeaders() public ¶
loginHeaders( Cake\Http\ServerRequest $request )
Generate the login headers
Parameters
-
Cake\Http\ServerRequest$request - Request object.
Returns
Headers for logging in.
unauthenticated() public ¶
unauthenticated( Cake\Http\ServerRequest $request , Cake\Http\Response $response )
Handles an unauthenticated access attempt by sending appropriate login headers
Parameters
-
Cake\Http\ServerRequest$request - A request object.
-
Cake\Http\Response$response - A response object.
Throws
Overrides
Methods inherited from Cake\Auth\BaseAuthenticate
__construct() public ¶
__construct( Cake\Controller\ComponentRegistry $registry , array $config [] )
Constructor
Parameters
-
Cake\Controller\ComponentRegistry$registry - The Component registry used on this request.
- array $config optional []
- Array of config to use.
_findUser() protected ¶
_findUser( string $username , string|null $password null )
Find a user record using the username and password provided.
Input passwords will be hashed even when a user doesn't exist. This helps mitigate timing attacks that are attempting to find valid usernames.
Parameters
- string $username
- The username/identifier.
- string|null $password optional null
The password, if not provided password checking is skipped and result of find is returned.
Returns
Either false on failure, or an array of user data.
_query() protected ¶
_query( string $username )
Get query object for fetching user from database.
Parameters
- string $username
- The username/identifier.
Returns
implementedEvents() public ¶
implementedEvents( )
Returns a list of all events that this authenticate class will listen to.
An authenticate class can listen to following events fired by AuthComponent:
Auth.afterIdentify- Fired after a user has been identified using one of configured authenticate class. The callback function should have signature likeafterIdentify(Event $event, array $user)when$useris the identified user record.Auth.logout- Fired when AuthComponent::logout() is called. The callback function should have signature likelogout(Event $event, array $user)where$useris the user about to be logged out.
Returns
List of events this class listens to. Defaults to
[].Implementation of
needsPasswordRehash() public ¶
needsPasswordRehash( )
Returns whether or not the password stored in the repository for the logged in user requires to be rehashed with another algorithm
Returns
passwordHasher() public ¶
passwordHasher( )
Return password hasher object
Returns
Throws
If password hasher class not found or it does not extend AbstractPasswordHasher
Methods used from Cake\Core\InstanceConfigTrait
_configDelete() protected ¶
_configDelete( string $key )
Deletes a single config key.
Parameters
- string $key
- Key to delete.
Throws
_configRead() protected ¶
_configRead( string|null $key )
Reads a config key.
Parameters
- string|null $key
- Key to read.
Returns
_configWrite() protected ¶
_configWrite( string|array $key , mixed $value , boolean|string $merge false )
Writes a config key.
Parameters
- string|array $key
- Key to write to.
- mixed $value
- Value to write.
- boolean|string $merge optional false
True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.
Throws
config() public ¶
config( string|array|null $key null , mixed|null $value null , boolean $merge true )
Gets/Sets the config.
Usage
Reading the whole config:
$this->config();
Reading a specific value:
$this->config('key');
Reading a nested value:
$this->config('some.nested.key');
Setting a specific value:
$this->config('key', $value);
Setting a nested value:
$this->config('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->config(['one' => 'value', 'another' => 'value']);
Deprecated
Parameters
- string|array|null $key optional null
- The key to get/set, or a complete array of configs.
- mixed|null $value optional null
- The value to set.
- boolean $merge optional true
- Whether to recursively merge or overwrite existing config, defaults to true.
Returns
Config value being read, or the object itself on write operations.
Throws
configShallow() public ¶
configShallow( string|array $key , mixed|null $value null )
Merge provided config with existing config. Unlike config() which does
a recursive merge for nested keys, this method does a simple merge.
Setting a specific value:
$this->configShallow('key', $value);
Setting a nested value:
$this->configShallow('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->configShallow(['one' => 'value', 'another' => 'value']);
Parameters
- string|array $key
- The key to set, or a complete array of configs.
- mixed|null $value optional null
- The value to set.
Returns
$this
getConfig() public ¶
getConfig( string|null $key null , mixed $default null )
Returns the config.
Usage
Reading the whole config:
$this->getConfig();
Reading a specific value:
$this->getConfig('key');
Reading a nested value:
$this->getConfig('some.nested.key');
Reading with default value:
$this->getConfig('some-key', 'default-value');
Parameters
- string|null $key optional null
- The key to get or null for the whole config.
- mixed $default optional null
- The return value when the key does not exist.
Returns
Config value being read.
setConfig() public ¶
setConfig( string|array $key , mixed|null $value null , boolean $merge true )
Sets the config.
Usage
Setting a specific value:
$this->setConfig('key', $value);
Setting a nested value:
$this->setConfig('some.nested.key', $value);
Updating multiple config settings at the same time:
$this->setConfig(['one' => 'value', 'another' => 'value']);
Parameters
- string|array $key
- The key to set, or a complete array of configs.
- mixed|null $value optional null
- The value to set.
- boolean $merge optional true
- Whether to recursively merge or overwrite existing config, defaults to true.
Returns
$this
Throws
Methods used from Cake\ORM\Locator\LocatorAwareTrait
setTableLocator() public ¶
setTableLocator( Cake\ORM\Locator\LocatorInterface $tableLocator )
Sets the table locator.
Parameters
-
Cake\ORM\Locator\LocatorInterface$tableLocator - LocatorInterface instance.
Returns
$this
tableLocator() public ¶
tableLocator( Cake\ORM\Locator\LocatorInterface $tableLocator null )
Sets the table locator. If no parameters are passed, it will return the currently used locator.
Deprecated
Parameters
-
Cake\ORM\Locator\LocatorInterface$tableLocator optional null - LocatorInterface instance.