Welcome to The Cookbook

action (string $action = ':controller/:action')

If you are using ACO's as part of your ACL structure, you can get the path to the ACO node bound to a particular controller/action pair:

    $acoNode = $this->Auth->action('user/delete');

1. $acoNode = $this->Auth->action('user/delete');

If you don't pass in any values, it uses the current controller / action pair

If you have some actions in your controller that you don't have to authenticate against (such as a user registration action), you can add methods that the AuthComponent should ignore. The following example shows how to allow an action named 'register'.

Do not specifically allow 'login' because that will break Auth.

    $this->Auth->allow('register');

1. $this->Auth->allow('register');

If you wish to allow multiple actions to skip authentication, you supply them as parameters to the allow() method:

    $this->Auth->allow('foo', 'bar', 'baz');

1. $this->Auth->allow('foo', 'bar', 'baz');

Shortcut: you may also allow all the actions in a controller by using '*'.

    $this->Auth->allow('*');

1. $this->Auth->allow('*');

If you are using requestAction in your layout or elements you should allow those actions in order to be able to open login page properly.

There may be times where you will want to remove actions from the list of allowed actions (set using $this->Auth->allow()). Here's an example:

    function beforeFilter() {
        $this->Auth->authorize = 'controller';
        $this->Auth->allow('delete');
    }

    function isAuthorized() {
        if ($this->Auth->user('role') != 'admin') {
            $this->Auth->deny('delete');
        }

        ...
    }

1. function beforeFilter() {
2. $this->Auth->authorize = 'controller';
3. $this->Auth->allow('delete');
4. }
5. function isAuthorized() {
6. if ($this->Auth->user('role') != 'admin') {
7. $this->Auth->deny('delete');
8. }
9. ...
10. }

hashPasswords ($data)

This method checks if the $data contains the username and password fields as specified by the variable $fields of the component and whether they are indexed by model name as specified by $userModel. If the $data array has the required fields and format is hashes the password field in the array and returns the data array else returns it as it is. It might sound confusing but that's how it works.

    $data['User']['username'] = 'foo';
    $data['User']['password'] = 'bar';
    $hashedPasswords = $this->Auth->hashPasswords($data);

1. $data['User']['username'] = 'foo';
2. $data['User']['password'] = 'bar';
3. $hashedPasswords = $this->Auth->hashPasswords($data);

The $hashedPasswords['User']['password'] field would now be hashed using the password function of the component.

If your controller uses the Auth component and posted data contains the fields as explained above, it will automatically hash the password field using this function.

login($data = null)

If you are doing some sort of Ajax-based login, you can use this method to manually log someone into the system. If you don't pass any value for $data, it will automatically use POST data passed into the controller.

Provides a quick way to de-authenticate someone, and redirect them to where they need to go. This method is also useful if you want to provide a 'Log me out' link inside a members' area of your application.

Example:

$this->redirect($this->Auth->logout());

1. $this->redirect($this->Auth->logout());

password (string $password)

Pass in a string, and you can get what the hashed password would look like. This is an essential functionality if you are creating a user registration screen where you have users enter their password a second time to confirm it.

if ($this->data['User']['password'] ==
    $this->Auth->password($this->data['User']['password2'])) {

    // Passwords match, continue processing
    ...
} else {
    $this->flash('Typed passwords did not match');
    $this->redirect('users/register');
}

1. if ($this->data['User']['password'] ==
2. $this->Auth->password($this->data['User']['password2'])) {
3. // Passwords match, continue processing
4. ...
5. } else {
6. $this->flash('Typed passwords did not match');
7. $this->redirect('users/register');
8. }

The auth component will automatically hash the password field if the username field is also present in the submitted data

Cake appends your password string to a salt value and then hashes it. The hashing function used depends on the one set by the core utility class Security (sha1 by default). You can use the Security::setHash function to change the hashing method. The salt value is used from your application's configuration defined in your core.php

user(string $key = null)

This method provides information about the currently authenticated user. The information is taken from the session. For example:

if ($this->Auth->user('role') == 'admin') {
    $this->flash('You have admin access');
}

1. if ($this->Auth->user('role') == 'admin') {
2. $this->flash('You have admin access');
3. }

It can also be used to return the whole user session data like so:

$data['User'] = $this->Auth->user();

1. $data['User'] = $this->Auth->user();

If this method returns null, the user is not logged in.