PHP Class lithium\security\Auth
Auth is responsible for managing session state for each configuration, and exposes a set of
methods which adapters can implement:
set(),
check() and
clear(). You can read more about
each method below. Beyond these methods,
Auth makes very few assumptions about how your
application authenticates users. Each adapter accepts a set of credentials, and returns an array
of user information on success, and
false on failure. On successful authentication attempts,
the data returned from the credential check is written to the session, which is automatically
accessed on subsequent checks (though manual re-checking can be forced on a per-instance basis).
To be secure by default (and if you don't override it), a
password field is never stored in
the session adapter. This prevents a possible password hash to be leaked in a cookie (for
example). You can also be very specific on what you want to store in the session:
Auth::config(array(
'default' => array(
'session' => array(
'persist' => array('username', 'email')
)
)
));
You can also pass an optional
persist param to the
check method to override this default.
For additional information on configuring and working with
Auth, see the
Form adapter.
Mostrar archivo
Open project: unionofrad/lithium
Class Usage Examples
Protected Properties
Property |
Type |
Description |
|
$_adapters |
|
Libraries::locate() compatible path to adapters for this class. |
|
$_classes |
|
Dynamic class dependencies. |
|
$_configurations |
|
Stores configurations for various authentication adapters. |
|
Public Methods
Method |
Description |
|
check ( string $name, mixed $credentials = null, array $options = [] ) : array |
Performs an authentication check against the specified configuration, and writes the
resulting user information to the session such that credentials are not required for
subsequent authentication checks, and user information is returned directly from the session. |
|
clear ( string $name, array $options = [] ) : void |
Removes session information for the given configuration, and allows the configuration's
adapter to perform any associated cleanup tasks. |
|
set ( string $name, array $data, array $options = [] ) : array |
Manually authenticate a user with the given set of data. Rather than checking a user's
credentials, this method allows you to manually specify a user for whom you'd like to
initialize an authenticated session. |
|
Protected Methods
Method |
Description |
|
_initConfig ( string $name, array $config ) : array |
Called when an adapter configuration is first accessed, this method sets the default
configuration for session handling. While each configuration can use its own session class
and options, this method initializes them to the default dependencies written into the class. |
|
Method Details
_initConfig()
protected static method
For the session key name, the default value is set to the name of the configuration.
protected static _initConfig ( string $name, array $config ) : array |
$name |
string |
The name of the adapter configuration being accessed. |
$config |
array |
The user-specified configuration. |
return |
array |
Returns an array that merges the user-specified configuration with the
generated default values. |
check()
public static method
Performs an authentication check against the specified configuration, and writes the
resulting user information to the session such that credentials are not required for
subsequent authentication checks, and user information is returned directly from the session.
public static check ( string $name, mixed $credentials = null, array $options = [] ) : array |
$name |
string |
The name of the `Auth` configuration/adapter to check against. |
$credentials |
mixed |
A container for the authentication credentials used in this check.
This will vary by adapter, but generally will be an object or array containing
a user name and password. In the case of the `Form` adapter, it contains a
`Request` object containing `POST` data with user login information. |
$options |
array |
Additional options used when performing the authentication check. The
options available will vary by adapter, please consult the documentation for the
`check()` method of the adapter you intend to use. The global options for this
method are:
- `'checkSession'` _boolean_: By default, the session store configured for the
adapter will always be queried first, to see if an authentication check has
already been performed during the current user session. If yes, then the
session data will be returned. By setting `'checkSession'` to `false`,
session checks are bypassed and the credentials provided are always checked
against the adapter directly.
- `'writeSession'` _boolean_: Upon a successful credentials check, the returned
user information is, by default, written to the session. Set this to `false`
to disable session writing for this authentication check.
- `'persist'` _array_: A list of fields that should be stored in the session.
If no list is provided will store all fields in the session except
the `'password'` field. |
return |
array |
After a successful credential check against the adapter (or a successful
lookup against the current session), returns an array of user information from the
storage backend used by the configured adapter. |
clear()
public static method
Removes session information for the given configuration, and allows the configuration's
adapter to perform any associated cleanup tasks.
public static clear ( string $name, array $options = [] ) : void |
$name |
string |
The name of the `Auth` configuration to clear the login information for.
Calls the `clear()` method of the given configuration's adapter, and removes
the information in the session key used by this configuration. |
$options |
array |
Additional options used when clearing the authenticated session. See
each adapter's `clear()` method for all available options. Global options:
- `'clearSession'` _boolean_: If `true` (the default), session data for the
specified configuration is removed, otherwise it is retained. |
return |
void |
|
set()
public static method
By default, before writing the data to the session, the set() method of the named
configuration's adapter receives the data to be written, and has an opportunity to modify
or reject it.
public static set ( string $name, array $data, array $options = [] ) : array |
$name |
string |
The name of the adapter configuration to. |
$data |
array |
The user data to be written to the session. |
$options |
array |
Any additional session-writing options. These may override any options
set by the default session configuration for `$name`. |
return |
array |
Returns the array of data written to the session, or `false` if the adapter
rejects the data. |
Property Details
$_adapters protected_oe static_oe property
Libraries::locate() compatible path to adapters for this class.
protected static $_adapters |
$_classes protected_oe static_oe property
Dynamic class dependencies.
protected static $_classes |
$_configurations protected_oe static_oe property
Stores configurations for various authentication adapters.
protected static $_configurations |