PHP Class lithium\security\Auth

Auth is responsible for managing session state for each configuration, and exposes a set of methods which adapters can implement: set(), check() and clear(). You can read more about each method below. Beyond these methods, Auth makes very few assumptions about how your application authenticates users. Each adapter accepts a set of credentials, and returns an array of user information on success, and false on failure. On successful authentication attempts, the data returned from the credential check is written to the session, which is automatically accessed on subsequent checks (though manual re-checking can be forced on a per-instance basis). To be secure by default (and if you don't override it), a password field is never stored in the session adapter. This prevents a possible password hash to be leaked in a cookie (for example). You can also be very specific on what you want to store in the session: Auth::config(array( 'default' => array( 'session' => array( 'persist' => array('username', 'email') ) ) )); You can also pass an optional persist param to the check method to override this default. For additional information on configuring and working with Auth, see the Form adapter.
See also: lithium\security\auth\adapter\Form
Inheritance: extends lithium\core\Adaptable
Datei anzeigen Open project: unionofrad/lithium Class Usage Examples

Protected Properties

Property Type Description
$_adapters Libraries::locate() compatible path to adapters for this class.
$_classes Dynamic class dependencies.
$_configurations Stores configurations for various authentication adapters.

Public Methods

Method Description
check ( string $name, mixed $credentials = null, array $options = [] ) : array Performs an authentication check against the specified configuration, and writes the resulting user information to the session such that credentials are not required for subsequent authentication checks, and user information is returned directly from the session.
clear ( string $name, array $options = [] ) : void Removes session information for the given configuration, and allows the configuration's adapter to perform any associated cleanup tasks.
set ( string $name, array $data, array $options = [] ) : array Manually authenticate a user with the given set of data. Rather than checking a user's credentials, this method allows you to manually specify a user for whom you'd like to initialize an authenticated session.

Protected Methods

Method Description
_initConfig ( string $name, array $config ) : array Called when an adapter configuration is first accessed, this method sets the default configuration for session handling. While each configuration can use its own session class and options, this method initializes them to the default dependencies written into the class.

Method Details

_initConfig() protected static method

For the session key name, the default value is set to the name of the configuration.
protected static _initConfig ( string $name, array $config ) : array
$name string The name of the adapter configuration being accessed.
$config array The user-specified configuration.
return array Returns an array that merges the user-specified configuration with the generated default values.

check() public static method

Performs an authentication check against the specified configuration, and writes the resulting user information to the session such that credentials are not required for subsequent authentication checks, and user information is returned directly from the session.
public static check ( string $name, mixed $credentials = null, array $options = [] ) : array
$name string The name of the `Auth` configuration/adapter to check against.
$credentials mixed A container for the authentication credentials used in this check. This will vary by adapter, but generally will be an object or array containing a user name and password. In the case of the `Form` adapter, it contains a `Request` object containing `POST` data with user login information.
$options array Additional options used when performing the authentication check. The options available will vary by adapter, please consult the documentation for the `check()` method of the adapter you intend to use. The global options for this method are: - `'checkSession'` _boolean_: By default, the session store configured for the adapter will always be queried first, to see if an authentication check has already been performed during the current user session. If yes, then the session data will be returned. By setting `'checkSession'` to `false`, session checks are bypassed and the credentials provided are always checked against the adapter directly. - `'writeSession'` _boolean_: Upon a successful credentials check, the returned user information is, by default, written to the session. Set this to `false` to disable session writing for this authentication check. - `'persist'` _array_: A list of fields that should be stored in the session. If no list is provided will store all fields in the session except the `'password'` field.
return array After a successful credential check against the adapter (or a successful lookup against the current session), returns an array of user information from the storage backend used by the configured adapter.

clear() public static method

Removes session information for the given configuration, and allows the configuration's adapter to perform any associated cleanup tasks.
public static clear ( string $name, array $options = [] ) : void
$name string The name of the `Auth` configuration to clear the login information for. Calls the `clear()` method of the given configuration's adapter, and removes the information in the session key used by this configuration.
$options array Additional options used when clearing the authenticated session. See each adapter's `clear()` method for all available options. Global options: - `'clearSession'` _boolean_: If `true` (the default), session data for the specified configuration is removed, otherwise it is retained.
return void

set() public static method

By default, before writing the data to the session, the set() method of the named configuration's adapter receives the data to be written, and has an opportunity to modify or reject it.
public static set ( string $name, array $data, array $options = [] ) : array
$name string The name of the adapter configuration to.
$data array The user data to be written to the session.
$options array Any additional session-writing options. These may override any options set by the default session configuration for `$name`.
return array Returns the array of data written to the session, or `false` if the adapter rejects the data.

Property Details

$_adapters protected_oe static_oe property

Libraries::locate() compatible path to adapters for this class.
See also: lithium\core\Libraries::locate()
protected static $_adapters

$_classes protected_oe static_oe property

Dynamic class dependencies.
protected static $_classes

$_configurations protected_oe static_oe property

Stores configurations for various authentication adapters.
protected static $_configurations