PHP Class lithium\security\auth\adapter\Form
When a request is submitted, the adapter will take the form data from the
Request object,
apply any filters as appropriate (see the
'filters' configuration setting below), and
query a model class using using the filtered data.
By default, the adapter uses a model called
User, and lookup fields called
'username' and
'password'. These can be customized by setting the
'model' and
'fields' configuration keys,
respectively. The
'model' key accepts either a model name (i.e.
Customer), or a
fully-namespaced path to a model class (i.e.
\app\models\Customer). The
'fields' setting
accepts an array of field names to use when looking up a user. An example configuration,
including a custom model class and lookup fields might look like the following:
{{{
Auth::config(array(
'customer' => array(
'model' => 'Customer',
'fields' => array('email', 'password')
)
));
}}}
If the field names present in the form match the fields used in the database lookup, the above
will suffice. If, however, the form fields must be matched to non-standard database column names,
you can specify an array which matches up the form field names to their corresponding database
column names. Suppose, for example, user authentication information in a MongoDB database is
nested within a sub-object called
login. The adapter could be configured as follows:
{{{
Auth::config(array(
'customer' => array(
'model' => 'Customer',
'fields' => array('username' => 'login.username', 'password' => 'login.password'),
'scope' => array('active' => true)
)
));
}}}
Note that any additional fields may be specified which should be included in the query. For
example, if a user must select a group when logging in, you may override the
'fields' key with
that value as well (i.e.
'fields' => array('username', 'password', 'group'); note that if a
field is specified which is not present in the request, the value in the query will be
null).
However, this will only submit data that is specified in the incoming request. If you would like
to further limit the query using fixed data, use the
'scope' key, as shown in the example
above.
As mentioned, prior to any queries being executed, the request data is modified by any filters
configured. Filters are callbacks which accept the value of a field as input, and return a
modified version of the value as output. Filters can be any PHP callable, i.e. a closure or
array('ClassName', 'method'). The only filter that is configured by default is for
the password field, which is filtered by
lithium\util\String::hash().
Note that if you are specifying the
'fields' configuration using key/value pairs, the key
used to specify the filter must match the key side of the
'fields' assignment.
Show file
Open project: unionofrad/lithium
Class Usage Examples
Protected Properties
| Property |
Type |
Description |
|
| $_autoConfig |
array |
List of configuration properties to automatically assign to the properties of the adapter
when the class is constructed. |
|
| $_fields |
array |
This can either be a simple array of field names, or a set of key/value pairs, which map
the field names in the request to database field names.
For example, if you had a form field name username, which mapped to a database field named
username, you could use the following in the 'fields' configuration:
embed:lithium\tests\cases\security\auth\adapter\FormTest::testMixedFieldMapping(3-3)
This is especially relevant for document databases, where you may want to map a form field to
a nested document field:
'fields' => array('username' => 'login.username', 'password'),
|
|
| $_filters |
array |
Optionally, you can specify a callback with no key, which will receive (and can modify) the
entire credentials array before the query is executed, as in the following example:
Auth::config(array(
'members' => array(
'adapter' => 'Form',
'model' => 'Member',
'fields' => array('email', 'password'),
'filters' => array(function($data) {
If the user is outside the company, then their account must have the
'private' field set to true in order to log in:
if (!preg_match('/@mycompany\.com$/', $data['email'])) {
$data['private'] = true;
}
return $data;
})
)
));
|
|
| $_model |
string |
'Users'), or a fully-namespaced class reference (i.e. 'app\models\Users'). When
authenticating users, the magic first() method is invoked against the model to return the
first record found when combining the conditions in the $_scope property with the
authentication data yielded from the Request object in Form::check(). (Note that the
model method called is configurable using the $_query property). |
|
| $_query |
string |
If you require custom model logic in your authentication query, use this setting to specify
which model method to call, and this method will receive the authentication query. In return,
the Form adapter expects a Record object which implements the data() method. See the
constructor for more information on setting this property. Defaults to 'first', which
calls, for example, Users::first(). |
|
| $_scope |
array |
array('active' => true) to disallow authenticating against inactive user accounts. |
|
| $_validators |
array |
An array of callbacks, keyed by form field name, which make an assertion about a piece of
submitted form data. Each validator should accept the value of the form field submitted
(which will be modified by any applied filters), and return a boolean value indicating the
success of the validation. If a validator is specified with no key, it will receive all form
data and all database data. See the _validate() method for more information. |
|
Public Methods
| Method |
Description |
|
|
__construct ( array $config = [] ) : void |
Constructor. Sets the initial configuration for the Form adapter, as detailed below. |
|
|
check ( object $credentials, array $options = [] ) : array |
Called by the Auth class to run an authentication check against a model class using the
credentials in a data container (a Request object), and returns an array of user
information on success, or false on failure. |
|
|
clear ( array $options = [] ) : void |
Called by Auth when a user session is terminated. Not implemented in the Form adapter. |
|
|
set ( array $data, array $options = [] ) : array |
A pass-through method called by Auth. Returns the value of $data, which is written to
a user's session. When implementing a custom adapter, this method may be used to modify or
reject data before it is written to the session. |
|
Protected Methods
| Method |
Description |
|
|
_data ( array $data ) : array |
Checks if the data container values are inside indexed arrays from binding. |
|
|
_filters ( array $data ) : array |
Iterates over the filters configured in $_filters which are applied to submitted form data
_before_ it is used in the query. |
|
|
_init ( ) : void |
Initializes values configured in the constructor. |
|
|
_validate ( object $user, array $data ) : array |
After an authentication query against the configured model class has occurred, this method
iterates over the configured validators and checks each one by passing the submitted form
value as the first parameter, and the corresponding database value as the second. The
validator then returns a boolean to indicate success. If the validator fails, it will cause
the entire authentication operation to fail. Note that any filters applied to a form field
will affect the data passed to the validator. |
|
Method Details
__construct()
public method
Constructor. Sets the initial configuration for the Form adapter, as detailed below.
|
public __construct ( array $config = [] ) : void |
|
$config |
array |
Available configuration options:
`'model'` _string_: The name of the model class to use. See the `$_model`
property for details.
`'fields'` _array_: The model fields to query against when taking input from
the request data. See the `$_fields` property for details.
`'scope'` _array_: Any additional conditions used to constrain the
authentication query. For example, if active accounts in an application have
an `active` field which must be set to `true`, you can specify
`'scope' => array('active' => true)`. See the `$_scope` property for more
details.
`'filters'` _array_: Named callbacks to apply to request data before the user
lookup query is generated. See the `$_filters` property for more details.
`'validators'` _array_: Named callbacks to apply to fields in request data and
corresponding fields in database data in order to do programmatic
authentication checks after the query has occurred. See the `$_validators`
property for more details.
`'query'` _string_: Determines the model method to invoke for authentication
checks. See the `$_query` property for more details. |
| return |
void |
|
Get the values from the binding coresponding to the model if such exists.
|
protected _data ( array $data ) : array |
|
$data |
array |
The array of raw form data. |
| return |
array |
Original or sub array of the form data. |
_filters()
protected method
Iterates over the filters configured in $_filters which are applied to submitted form data
_before_ it is used in the query.
Initializes values configured in the constructor.
_validate()
protected method
After an authentication query against the configured model class has occurred, this method
iterates over the configured validators and checks each one by passing the submitted form
value as the first parameter, and the corresponding database value as the second. The
validator then returns a boolean to indicate success. If the validator fails, it will cause
the entire authentication operation to fail. Note that any filters applied to a form field
will affect the data passed to the validator.
|
protected _validate ( object $user, array $data ) : array |
|
$user |
object |
The user object returned from the database. This object must support a
`data()` method, which returns the object's array representation, and
also returns individual field values by name. |
|
$data |
array |
The form data submitted in the request and passed to `Form::check()`. |
| return |
array |
Returns an array of authenticated user data on success, otherwise `false` if
any of the configured validators fails. See `'validators'` in the `$config`
parameter of `__construct()`. |
Called by the Auth class to run an authentication check against a model class using the
credentials in a data container (a Request object), and returns an array of user
information on success, or false on failure.
|
public check ( object $credentials, array $options = [] ) : array |
|
$credentials |
object |
A data container which wraps the authentication credentials used
to query the model (usually a `Request` object). See the documentation for this
class for further details. |
|
$options |
array |
Additional configuration options. Not currently implemented in this
adapter. |
| return |
array |
Returns an array containing user information on success, or `false` on failure. |
Called by Auth when a user session is terminated. Not implemented in the Form adapter.
|
public clear ( array $options = [] ) : void |
|
$options |
array |
Adapter-specific options. Not implemented in the `Form` adapter. |
| return |
void |
|
A pass-through method called by Auth. Returns the value of $data, which is written to
a user's session. When implementing a custom adapter, this method may be used to modify or
reject data before it is written to the session.
|
public set ( array $data, array $options = [] ) : array |
|
$data |
array |
User data to be written to the session. |
|
$options |
array |
Adapter-specific options. Not implemented in the `Form` adapter. |
| return |
array |
Returns the value of `$data`. |
Property Details
$_autoConfig protected property
List of configuration properties to automatically assign to the properties of the adapter
when the class is constructed.
|
protected array $_autoConfig |
| return |
array |
|
$_fields protected property
This can either be a simple array of field names, or a set of key/value pairs, which map
the field names in the request to database field names.
For example, if you had a form field name username, which mapped to a database field named
username, you could use the following in the 'fields' configuration:
embed:lithium\tests\cases\security\auth\adapter\FormTest::testMixedFieldMapping(3-3)
This is especially relevant for document databases, where you may want to map a form field to
a nested document field:
'fields' => array('username' => 'login.username', 'password'),
|
protected array $_fields |
| return |
array |
|
$_filters protected property
Optionally, you can specify a callback with no key, which will receive (and can modify) the
entire credentials array before the query is executed, as in the following example:
Auth::config(array(
'members' => array(
'adapter' => 'Form',
'model' => 'Member',
'fields' => array('email', 'password'),
'filters' => array(function($data) {
If the user is outside the company, then their account must have the
'private' field set to true in order to log in:
if (!preg_match('/@mycompany\.com$/', $data['email'])) {
$data['private'] = true;
}
return $data;
})
)
));
|
protected array $_filters |
| return |
array |
|
$_model protected property
'Users'), or a fully-namespaced class reference (i.e. 'app\models\Users'). When
authenticating users, the magic first() method is invoked against the model to return the
first record found when combining the conditions in the $_scope property with the
authentication data yielded from the Request object in Form::check(). (Note that the
model method called is configurable using the $_query property).
|
protected string $_model |
| return |
string |
|
$_query protected property
If you require custom model logic in your authentication query, use this setting to specify
which model method to call, and this method will receive the authentication query. In return,
the Form adapter expects a Record object which implements the data() method. See the
constructor for more information on setting this property. Defaults to 'first', which
calls, for example, Users::first().
|
protected string $_query |
| return |
string |
|
$_scope protected property
array('active' => true) to disallow authenticating against inactive user accounts.
|
protected array $_scope |
| return |
array |
|
$_validators protected property
An array of callbacks, keyed by form field name, which make an assertion about a piece of
submitted form data. Each validator should accept the value of the form field submitted
(which will be modified by any applied filters), and return a boolean value indicating the
success of the validation. If a validator is specified with no key, it will receive all form
data and all database data. See the _validate() method for more information.
|
protected array $_validators |
| return |
array |
|
