Welcome to The Cookbook

Don't want to use a User model to authenticate against? No problem, just change it by setting this value to the name of the model you want to use.

<?php
    $this->Auth->userModel = 'Member';
?>

1. <?php
2. $this->Auth->userModel = 'Member';
3. ?>

Overrides the default username and password fields used for authentication.

<?php
    $this->Auth->fields = array('username' => 'email', 'password' => 'passwd');
?>

1. <?php
2. $this->Auth->fields = array('username' => 'email', 'password' => 'passwd');
3. ?>

Use this to provide additional requirements for authentication to succeed.

<?php
    $this->Auth->userScope = array('User.active' => 'Y');
?>

1. <?php
2. $this->Auth->userScope = array('User.active' => 'Y');
3. ?>

You can change the default login from /users/login to be any action of your choice.

<?php
    $this->Auth->loginAction = array('admin' => false, 'controller' => 'members', 'action' => 'login');
?>

1. <?php
2. $this->Auth->loginAction = array('admin' => false, 'controller' => 'members', 'action' => 'login');
3. ?>

The AuthComponent remembers what controller/action pair you were trying to get to before you were asked to authenticate yourself by storing this value in the Session, under the Auth.redirect key. However, if this session value is not set (if you're coming to the login page from an external link, for example), then the user will be redirected to the URL specified in loginRedirect.

Example:

<?php
    $this->Auth->loginRedirect = array('controller' => 'members', 'action' => 'home');
?>

1. <?php
2. $this->Auth->loginRedirect = array('controller' => 'members', 'action' => 'home');
3. ?>

You can also specify where you want the user to go after they are logged out, with the default being the login action.

<?php
    $this->Auth->logoutRedirect = array(Configure::read('Routing.admin') => false, 'controller' => 'members', 'action' => 'logout');
?>

1. <?php
2. $this->Auth->logoutRedirect = array(Configure::read('Routing.admin') => false, 'controller' => 'members', 'action' => 'logout');
3. ?>

Change the default error message displayed when someone does not successfully log in.

<?php
    $this->Auth->loginError = "No, you fool!  That's not the right password!";
?>

1. <?php
2. $this->Auth->loginError = "No, you fool! That's not the right password!";
3. ?>

Change the default error message displayed when someone attempts to access an object or action to which they do not have access.

<?php
    $this->Auth->authError = "Sorry, you are lacking access.";
?>

1. <?php
2. $this->Auth->authError = "Sorry, you are lacking access.";
3. ?>

Normally, the AuthComponent will automatically redirect you as soon as it authenticates. Sometimes you want to do some more checking before you redirect users:

<?php
	function beforeFilter() {
		...
		$this->Auth->autoRedirect = false;
	}

	...

	function login() {
	//-- code inside this function will execute only when autoRedirect was set to false (i.e. in a beforeFilter).
		if ($this->Auth->user()) {
			if (!empty($this->data)) {
				$cookie = array();
				$cookie['username'] = $this->data['User']['username'];
				$cookie['password'] = $this->data['User']['password'];
				$this->Cookie->write('Auth.User', $cookie, true, '+2 weeks');
				unset($this->data['User']['remember_me']);
			}
			$this->redirect($this->Auth->redirect());
		}
		if (empty($this->data)) {
			$cookie = $this->Cookie->read('Auth.User');
			if (!is_null($cookie)) {
				if ($this->Auth->login($cookie)) {
					//  Clear auth message, just in case we use it.
					$this->Session->del('Message.auth');
					$this->redirect($this->Auth->redirect());
				}
			}
		}
    }
?>

1. <?php
2. function beforeFilter() {
3. ...
4. $this->Auth->autoRedirect = false;
5. }
6. ...
7. function login() {
8. //-- code inside this function will execute only when autoRedirect was set to false (i.e. in a beforeFilter).
9. if ($this->Auth->user()) {
10. if (!empty($this->data)) {
11. $cookie = array();
12. $cookie['username'] = $this->data['User']['username'];
13. $cookie['password'] = $this->data['User']['password'];
14. $this->Cookie->write('Auth.User', $cookie, true, '+2 weeks');
15. unset($this->data['User']['remember_me']);
16. }
17. $this->redirect($this->Auth->redirect());
18. }
19. if (empty($this->data)) {
20. $cookie = $this->Cookie->read('Auth.User');
21. if (!is_null($cookie)) {
22. if ($this->Auth->login($cookie)) {
23. // Clear auth message, just in case we use it.
24. $this->Session->del('Message.auth');
25. $this->redirect($this->Auth->redirect());
26. }
27. }
28. }
29. }
30. ?>

The code in the login function will not execute unless you set $autoRedirect to false in a beforeFilter. The code present in the login function will only execute after authentication was attempted. This is the best place to determine whether or not a successful login occurred by the AuthComponent (should you desire to log the last successful login timestamp, etc.).

Normally, the AuthComponent will attempt to verify that the login credentials you've entered are accurate by comparing them to what's been stored in your user model. However, there are times where you might want to do some additional work in determining proper credentials. By setting this variable to one of several different values, you can do different things. Here are some of the more common ones you might want to use.

<?php
    $this->Auth->authorize = 'controller';
?>

1. <?php
2. $this->Auth->authorize = 'controller';
3. ?>

When authorize is set to 'controller', you'll need to add a method called isAuthorized() to your controller. This method allows you to do some more authentication checks and then return either true or false.

<?php
    function isAuthorized() {
        if ($this->action == 'delete') {
            if ($this->Auth->user('role') == 'admin') {
                return true;
            } else {
                return false;
            }
        }

        return true;
    }
?>

1. <?php
2. function isAuthorized() {
3. if ($this->action == 'delete') {
4. if ($this->Auth->user('role') == 'admin') {
5. return true;
6. } else {
7. return false;
8. }
9. }
10. return true;
11. }
12. ?>

Remember that this method will be checked after you have already passed the basic authentication check against the user model.

<?php
    $this->Auth->authorize = 'model';
?>

1. <?php
2. $this->Auth->authorize = 'model';
3. ?>

Don't want to add anything to your controller and might be using ACO's? You can get the AuthComponent to call a method in your user model called isAuthorized() to do the same sort of thing:

<?php
    class User extends AppModel {
        ...

        function isAuthorized($user, $controller, $action) {

            switch ($action) {
                case 'default':
                    return false;
                    break;
                case 'delete':
                    if ($user['User']['role'] == 'admin') {
                        return true;
                    }
                    break;
            }
        }
    }
?>

1. <?php
2. class User extends AppModel {
3. ...
4. function isAuthorized($user, $controller, $action) {
5. switch ($action) {
6. case 'default':
7. return false;
8. break;
9. case 'delete':
10. if ($user['User']['role'] == 'admin') {
11. return true;
12. }
13. break;
14. }
15. }
16. }
17. ?>

Lastly, you can use authorize with actions such as below

<?php
    $this->Auth->authorize = 'actions';
?>

1. <?php
2. $this->Auth->authorize = 'actions';
3. ?>

By using actions, Auth will make use of ACL and check with AclComponent::check(). An isAuthorized function is not needed.

<?php
    $this->Auth->authorize = 'crud';
?>

1. <?php
2. $this->Auth->authorize = 'crud';
3. ?>

By using crud, Auth will make use of ACL and check with AclComponent::check(). Actions should be mapped to CRUD (see mapActions).

Name of the session array key where the record of the current authed user is stored.

Defaults to "Auth", so if unspecified, the record is stored in "Auth.{$userModel name}".

<?php
    $this->Auth->sessionKey = 'Authorized';
?>

1. <?php
2. $this->Auth->sessionKey = 'Authorized';
3. ?>

If you are doing Ajax or Javascript based requests that require authenticated sessions, set this variable to the name of a view element you would like to be rendered and returned when you have an invalid or expired session.

As with any part of CakePHP, be sure to take a look at AuthComponent class for a more in-depth look at the AuthComponent.

This variable holds a reference to the object responsible for hashing passwords if it is necessary to change/override the default password hashing mechanism. See Changing the Encryption Type for more info.

If using action-based access control, this defines how the paths to action ACO nodes is computed. If, for example, all controller nodes are nested under an ACO node named 'Controllers', $actionPath should be set to 'Controllers/'.