Welcome to Findnerd. Today we are going to discuss Auth component in CakePHP 3. Authentication is necessary in all web applications. You can identify the user by his provided user-name and password and authorized his activities in the application so CakePHP provides us a component that is AuthComponent. There are different build-in ways to authorized the user. Please have a look.
1) FormAuthentication : In login form you need to use the POST method for authentication. Generally login form includes two fields such as user-name and password. It is by-default authentication in AuthComponent. This technique is easier to handle for the web browser.
2) BasicAuthentication : It provides basic HTTP authentication. It transmits user-name and password as plain text and it is not secure. You need to implement SSL with this technique.
3) DigestAuthentication : It provides digest HTTP authentication. It uses the digest hash of password and user-name. It can be implemented without SSL.
Now we will discuss the configuration for Authentication. There are different options which need to be set. Here we call options to handlers. With multiple options we can allow the user-login from different ways. If one option has identified or authorized the user then other options will not be applicable. We can set the handlers or authentication options in beforeFilter() or initialize() method. Please have a look.
$this->Auth->config('authenticate',['Form']);
It is a simple way to set the configuration for the authentication. In above code we have activated the FormAuthentication using config() method. You can also set the multiple handler. Please have a look.
$this->Auth->config('authenticate', [
'Basic' => ['userModel' => 'Users'],
'Form' => ['userModel' => 'Editors']
]);
// pass same settings to all
$this->Auth->config('authenticate', [
AuthComponent::ALL => ['userModel' => 'Employees'],
'Basic',
'Form'
]);
In first example we have set the userModel as well as authentication technique and in second example we have set two different authentication technique for userModel that are Form and Basic.
fields configuration key is the other handler in core authentication objects. Using this we can set the different fields which will be consider for user authentication. Please have a look.
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'fields' => ['username' => 'email', 'password' => 'passwd']
]
]
]);
}
In above code we are loading component inside initialize() method and setting the fields such as username as email and password field as passwd.
You can also set the different configuration keys. Please have a look.
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'loginAction' => [
'controller' => 'Users',
'action' => 'login',
'plugin' => 'Users'
],
'authError' => 'Not Authorized?',
'authenticate' => [
'Form' => [
'fields' => ['username' => 'email']
]
],
'storage' => 'Session'
]);
}
In above code we have set the controller, plugin, action and AuthError message, session as storage as well as fields for authentication.
finder configuration key is other key to fetch the user record. This option is added from CakePHP 3.1, In older version you need to use contain and scope for query modification. Please have a look.
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'finder' => 'process'
]
],
]);
}
public function findProcess(\Cake\ORM\Query $query, array $options)
{
$query
->select(['id', 'username', 'password'])
->where(['Users.status' => 1]);
return $query;
}
You can see in above example we passed finder as process in auth configuration and we created a function that is findProcess in which we returned the users from database whose status is 1. In our next blog we will discuss some other methods available in AuthComponent so keep reading our blogs.
Thank you for being with us!
0 Comment(s)