統計
| ブランチ: | リビジョン:

pictcode / lib / Cake / Controller / Component / AuthComponent.php @ 9d2f0219

履歴 | 表示 | アノテート | ダウンロード (25.276 KB)

1 635eef61 spyder1211
<?php
2
/**
3
 * Authentication component
4
 *
5
 * Manages user logins and permissions.
6
 *
7
 * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
8
 * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
9
 *
10
 * Licensed under The MIT License
11
 * For full copyright and license information, please see the LICENSE.txt
12
 * Redistributions of files must retain the above copyright notice.
13
 *
14
 * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
15
 * @link          http://cakephp.org CakePHP(tm) Project
16
 * @package       Cake.Controller.Component
17
 * @since         CakePHP(tm) v 0.10.0.1076
18
 * @license       http://www.opensource.org/licenses/mit-license.php MIT License
19
 */
20
21
App::uses('Component', 'Controller');
22
App::uses('Router', 'Routing');
23
App::uses('Security', 'Utility');
24
App::uses('Debugger', 'Utility');
25
App::uses('Hash', 'Utility');
26
App::uses('CakeSession', 'Model/Datasource');
27
App::uses('BaseAuthorize', 'Controller/Component/Auth');
28
App::uses('BaseAuthenticate', 'Controller/Component/Auth');
29
App::uses('CakeEvent', 'Event');
30
31
/**
32
 * Authentication control component class
33
 *
34
 * Binds access control with user authentication and session management.
35
 *
36
 * @package       Cake.Controller.Component
37
 * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html
38
 */
39
class AuthComponent extends Component {
40
41
/**
42
 * Constant for 'all'
43
 *
44
 * @var string
45
 */
46
        const ALL = 'all';
47
48
/**
49
 * Other components utilized by AuthComponent
50
 *
51
 * @var array
52
 */
53
        public $components = array('Session', 'Flash', 'RequestHandler');
54
55
/**
56
 * An array of authentication objects to use for authenticating users. You can configure
57
 * multiple adapters and they will be checked sequentially when users are identified.
58
 *
59
 * ```
60
 *        $this->Auth->authenticate = array(
61
 *                'Form' => array(
62
 *                        'userModel' => 'Users.User'
63
 *                )
64
 *        );
65
 * ```
66
 *
67
 * Using the class name without 'Authenticate' as the key, you can pass in an array of settings for each
68
 * authentication object. Additionally you can define settings that should be set to all authentications objects
69
 * using the 'all' key:
70
 *
71
 * ```
72
 *        $this->Auth->authenticate = array(
73
 *                'all' => array(
74
 *                        'userModel' => 'Users.User',
75
 *                        'scope' => array('User.active' => 1)
76
 *                ),
77
 *                'Form',
78
 *                'Basic'
79
 *        );
80
 * ```
81
 *
82
 * You can also use AuthComponent::ALL instead of the string 'all'.
83
 *
84
 * @var array
85
 * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html
86
 */
87
        public $authenticate = array('Form');
88
89
/**
90
 * Objects that will be used for authentication checks.
91
 *
92
 * @var array
93
 */
94
        protected $_authenticateObjects = array();
95
96
/**
97
 * An array of authorization objects to use for authorizing users. You can configure
98
 * multiple adapters and they will be checked sequentially when authorization checks are done.
99
 *
100
 * ```
101
 *        $this->Auth->authorize = array(
102
 *                'Crud' => array(
103
 *                        'actionPath' => 'controllers/'
104
 *                )
105
 *        );
106
 * ```
107
 *
108
 * Using the class name without 'Authorize' as the key, you can pass in an array of settings for each
109
 * authorization object. Additionally you can define settings that should be set to all authorization objects
110
 * using the 'all' key:
111
 *
112
 * ```
113
 *        $this->Auth->authorize = array(
114
 *                'all' => array(
115
 *                        'actionPath' => 'controllers/'
116
 *                ),
117
 *                'Crud',
118
 *                'CustomAuth'
119
 *        );
120
 * ```
121
 *
122
 * You can also use AuthComponent::ALL instead of the string 'all'
123
 *
124
 * @var mixed
125
 * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#authorization
126
 */
127
        public $authorize = false;
128
129
/**
130
 * Objects that will be used for authorization checks.
131
 *
132
 * @var array
133
 */
134
        protected $_authorizeObjects = array();
135
136
/**
137
 * The name of an optional view element to render when an Ajax request is made
138
 * with an invalid or expired session
139
 *
140
 * @var string
141
 */
142
        public $ajaxLogin = null;
143
144
/**
145
 * Settings to use when Auth needs to do a flash message with SessionComponent::setFlash().
146
 * Available keys are:
147
 *
148
 * - `element` - The element to use, defaults to 'default'.
149
 * - `key` - The key to use, defaults to 'auth'
150
 * - `params` - The array of additional params to use, defaults to array()
151
 *
152
 * @var array
153
 */
154
        public $flash = array(
155
                'element' => 'default',
156
                'key' => 'auth',
157
                'params' => array()
158
        );
159
160
/**
161
 * The session key name where the record of the current user is stored. Default
162
 * key is "Auth.User". If you are using only stateless authenticators set this
163
 * to false to ensure session is not started.
164
 *
165
 * @var string
166
 */
167
        public static $sessionKey = 'Auth.User';
168
169
/**
170
 * The current user, used for stateless authentication when
171
 * sessions are not available.
172
 *
173
 * @var array
174
 */
175
        protected static $_user = array();
176
177
/**
178
 * A URL (defined as a string or array) to the controller action that handles
179
 * logins. Defaults to `/users/login`.
180
 *
181
 * @var mixed
182
 */
183
        public $loginAction = array(
184
                'controller' => 'users',
185
                'action' => 'login',
186
                'plugin' => null
187
        );
188
189
/**
190
 * Normally, if a user is redirected to the $loginAction page, the location they
191
 * were redirected from will be stored in the session so that they can be
192
 * redirected back after a successful login. If this session value is not
193
 * set, redirectUrl() method will return the URL specified in $loginRedirect.
194
 *
195
 * @var mixed
196
 * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#AuthComponent::$loginRedirect
197
 */
198
        public $loginRedirect = null;
199
200
/**
201
 * The default action to redirect to after the user is logged out. While AuthComponent does
202
 * not handle post-logout redirection, a redirect URL will be returned from AuthComponent::logout().
203
 * Defaults to AuthComponent::$loginAction.
204
 *
205
 * @var mixed
206
 * @see AuthComponent::$loginAction
207
 * @see AuthComponent::logout()
208
 */
209
        public $logoutRedirect = null;
210
211
/**
212
 * Error to display when user attempts to access an object or action to which they do not have
213
 * access.
214
 *
215
 * @var string|bool
216
 * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#AuthComponent::$authError
217
 */
218
        public $authError = null;
219
220
/**
221
 * Controls handling of unauthorized access.
222
 * - For default value `true` unauthorized user is redirected to the referrer URL
223
 *   or AuthComponent::$loginRedirect or '/'.
224
 * - If set to a string or array the value is used as a URL to redirect to.
225
 * - If set to false a ForbiddenException exception is thrown instead of redirecting.
226
 *
227
 * @var mixed
228
 */
229
        public $unauthorizedRedirect = true;
230
231
/**
232
 * Controller actions for which user validation is not required.
233
 *
234
 * @var array
235
 * @see AuthComponent::allow()
236
 */
237
        public $allowedActions = array();
238
239
/**
240
 * Request object
241
 *
242
 * @var CakeRequest
243
 */
244
        public $request;
245
246
/**
247
 * Response object
248
 *
249
 * @var CakeResponse
250
 */
251
        public $response;
252
253
/**
254
 * Method list for bound controller.
255
 *
256
 * @var array
257
 */
258
        protected $_methods = array();
259
260
/**
261
 * Initializes AuthComponent for use in the controller.
262
 *
263
 * @param Controller $controller A reference to the instantiating controller object
264
 * @return void
265
 */
266
        public function initialize(Controller $controller) {
267
                $this->request = $controller->request;
268
                $this->response = $controller->response;
269
                $this->_methods = $controller->methods;
270
271
                if (Configure::read('debug') > 0) {
272
                        Debugger::checkSecurityKeys();
273
                }
274
        }
275
276
/**
277
 * Main execution method. Handles redirecting of invalid users, and processing
278
 * of login form data.
279
 *
280
 * @param Controller $controller A reference to the instantiating controller object
281
 * @return bool
282
 */
283
        public function startup(Controller $controller) {
284
                $methods = array_flip(array_map('strtolower', $controller->methods));
285
                $action = strtolower($controller->request->params['action']);
286
287
                $isMissingAction = (
288
                        $controller->scaffold === false &&
289
                        !isset($methods[$action])
290
                );
291
292
                if ($isMissingAction) {
293
                        return true;
294
                }
295
296
                if (!$this->_setDefaults()) {
297
                        return false;
298
                }
299
300
                if ($this->_isAllowed($controller)) {
301
                        return true;
302
                }
303
304
                if (!$this->_getUser()) {
305
                        return $this->_unauthenticated($controller);
306
                }
307
308
                if ($this->_isLoginAction($controller) ||
309
                        empty($this->authorize) ||
310
                        $this->isAuthorized($this->user())
311
                ) {
312
                        return true;
313
                }
314
315
                return $this->_unauthorized($controller);
316
        }
317
318
/**
319
 * Checks whether current action is accessible without authentication.
320
 *
321
 * @param Controller $controller A reference to the instantiating controller object
322
 * @return bool True if action is accessible without authentication else false
323
 */
324
        protected function _isAllowed(Controller $controller) {
325
                $action = strtolower($controller->request->params['action']);
326
                if (in_array($action, array_map('strtolower', $this->allowedActions))) {
327
                        return true;
328
                }
329
                return false;
330
        }
331
332
/**
333
 * Handles unauthenticated access attempt. First the `unathenticated()` method
334
 * of the last authenticator in the chain will be called. The authenticator can
335
 * handle sending response or redirection as appropriate and return `true` to
336
 * indicate no furthur action is necessary. If authenticator returns null this
337
 * method redirects user to login action. If it's an ajax request and
338
 * $ajaxLogin is specified that element is rendered else a 403 http status code
339
 * is returned.
340
 *
341
 * @param Controller $controller A reference to the controller object.
342
 * @return bool True if current action is login action else false.
343
 */
344
        protected function _unauthenticated(Controller $controller) {
345
                if (empty($this->_authenticateObjects)) {
346
                        $this->constructAuthenticate();
347
                }
348
                $auth = $this->_authenticateObjects[count($this->_authenticateObjects) - 1];
349
                if ($auth->unauthenticated($this->request, $this->response)) {
350
                        return false;
351
                }
352
353
                if ($this->_isLoginAction($controller)) {
354
                        if (empty($controller->request->data)) {
355
                                if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER')) {
356
                                        $this->Session->write('Auth.redirect', $controller->referer(null, true));
357
                                }
358
                        }
359
                        return true;
360
                }
361
362
                if (!$controller->request->is('ajax')) {
363
                        $this->flash($this->authError);
364
                        $this->Session->write('Auth.redirect', $controller->request->here(false));
365
                        $controller->redirect($this->loginAction);
366
                        return false;
367
                }
368
                if (!empty($this->ajaxLogin)) {
369
                        $controller->response->statusCode(403);
370
                        $controller->viewPath = 'Elements';
371
                        $response = $controller->render($this->ajaxLogin, $this->RequestHandler->ajaxLayout);
372
                        $response->send();
373
                        $this->_stop();
374
                        return false;
375
                }
376
                $controller->response->statusCode(403);
377
                $controller->response->send();
378
                $this->_stop();
379
                return false;
380
        }
381
382
/**
383
 * Normalizes $loginAction and checks if current request URL is same as login action.
384
 *
385
 * @param Controller $controller A reference to the controller object.
386
 * @return bool True if current action is login action else false.
387
 */
388
        protected function _isLoginAction(Controller $controller) {
389
                $url = '';
390
                if (isset($controller->request->url)) {
391
                        $url = $controller->request->url;
392
                }
393
                $url = Router::normalize($url);
394
                $loginAction = Router::normalize($this->loginAction);
395
396
                return $loginAction === $url;
397
        }
398
399
/**
400
 * Handle unauthorized access attempt
401
 *
402
 * @param Controller $controller A reference to the controller object
403
 * @return bool Returns false
404
 * @throws ForbiddenException
405
 * @see AuthComponent::$unauthorizedRedirect
406
 */
407
        protected function _unauthorized(Controller $controller) {
408
                if ($this->unauthorizedRedirect === false) {
409
                        throw new ForbiddenException($this->authError);
410
                }
411
412
                $this->flash($this->authError);
413
                if ($this->unauthorizedRedirect === true) {
414
                        $default = '/';
415
                        if (!empty($this->loginRedirect)) {
416
                                $default = $this->loginRedirect;
417
                        }
418
                        $url = $controller->referer($default, true);
419
                } else {
420
                        $url = $this->unauthorizedRedirect;
421
                }
422
                $controller->redirect($url);
423
                return false;
424
        }
425
426
/**
427
 * Attempts to introspect the correct values for object properties.
428
 *
429
 * @return bool True
430
 */
431
        protected function _setDefaults() {
432
                $defaults = array(
433
                        'logoutRedirect' => $this->loginAction,
434
                        'authError' => __d('cake', 'You are not authorized to access that location.')
435
                );
436
                foreach ($defaults as $key => $value) {
437
                        if (!isset($this->{$key}) || $this->{$key} === true) {
438
                                $this->{$key} = $value;
439
                        }
440
                }
441
                return true;
442
        }
443
444
/**
445
 * Check if the provided user is authorized for the request.
446
 *
447
 * Uses the configured Authorization adapters to check whether or not a user is authorized.
448
 * Each adapter will be checked in sequence, if any of them return true, then the user will
449
 * be authorized for the request.
450
 *
451
 * @param array $user The user to check the authorization of. If empty the user in the session will be used.
452
 * @param CakeRequest $request The request to authenticate for. If empty, the current request will be used.
453
 * @return bool True if $user is authorized, otherwise false
454
 */
455
        public function isAuthorized($user = null, CakeRequest $request = null) {
456
                if (empty($user) && !$this->user()) {
457
                        return false;
458
                }
459
                if (empty($user)) {
460
                        $user = $this->user();
461
                }
462
                if (empty($request)) {
463
                        $request = $this->request;
464
                }
465
                if (empty($this->_authorizeObjects)) {
466
                        $this->constructAuthorize();
467
                }
468
                foreach ($this->_authorizeObjects as $authorizer) {
469
                        if ($authorizer->authorize($user, $request) === true) {
470
                                return true;
471
                        }
472
                }
473
                return false;
474
        }
475
476
/**
477
 * Loads the authorization objects configured.
478
 *
479
 * @return mixed Either null when authorize is empty, or the loaded authorization objects.
480
 * @throws CakeException
481
 */
482
        public function constructAuthorize() {
483
                if (empty($this->authorize)) {
484
                        return null;
485
                }
486
                $this->_authorizeObjects = array();
487
                $config = Hash::normalize((array)$this->authorize);
488
                $global = array();
489
                if (isset($config[AuthComponent::ALL])) {
490
                        $global = $config[AuthComponent::ALL];
491
                        unset($config[AuthComponent::ALL]);
492
                }
493
                foreach ($config as $class => $settings) {
494
                        list($plugin, $class) = pluginSplit($class, true);
495
                        $className = $class . 'Authorize';
496
                        App::uses($className, $plugin . 'Controller/Component/Auth');
497
                        if (!class_exists($className)) {
498
                                throw new CakeException(__d('cake_dev', 'Authorization adapter "%s" was not found.', $class));
499
                        }
500
                        if (!method_exists($className, 'authorize')) {
501
                                throw new CakeException(__d('cake_dev', 'Authorization objects must implement an %s method.', 'authorize()'));
502
                        }
503
                        $settings = array_merge($global, (array)$settings);
504
                        $this->_authorizeObjects[] = new $className($this->_Collection, $settings);
505
                }
506
                return $this->_authorizeObjects;
507
        }
508
509
/**
510
 * Takes a list of actions in the current controller for which authentication is not required, or
511
 * no parameters to allow all actions.
512
 *
513
 * You can use allow with either an array, or var args.
514
 *
515
 * `$this->Auth->allow(array('edit', 'add'));` or
516
 * `$this->Auth->allow('edit', 'add');` or
517
 * `$this->Auth->allow();` to allow all actions
518
 *
519
 * @param string|array $action Controller action name or array of actions
520
 * @return void
521
 * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#making-actions-public
522
 */
523
        public function allow($action = null) {
524
                $args = func_get_args();
525
                if (empty($args) || $action === null) {
526
                        $this->allowedActions = $this->_methods;
527
                        return;
528
                }
529
                if (isset($args[0]) && is_array($args[0])) {
530
                        $args = $args[0];
531
                }
532
                $this->allowedActions = array_merge($this->allowedActions, $args);
533
        }
534
535
/**
536
 * Removes items from the list of allowed/no authentication required actions.
537
 *
538
 * You can use deny with either an array, or var args.
539
 *
540
 * `$this->Auth->deny(array('edit', 'add'));` or
541
 * `$this->Auth->deny('edit', 'add');` or
542
 * `$this->Auth->deny();` to remove all items from the allowed list
543
 *
544
 * @param string|array $action Controller action name or array of actions
545
 * @return void
546
 * @see AuthComponent::allow()
547
 * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#making-actions-require-authorization
548
 */
549
        public function deny($action = null) {
550
                $args = func_get_args();
551
                if (empty($args) || $action === null) {
552
                        $this->allowedActions = array();
553
                        return;
554
                }
555
                if (isset($args[0]) && is_array($args[0])) {
556
                        $args = $args[0];
557
                }
558
                foreach ($args as $arg) {
559
                        $i = array_search($arg, $this->allowedActions);
560
                        if (is_int($i)) {
561
                                unset($this->allowedActions[$i]);
562
                        }
563
                }
564
                $this->allowedActions = array_values($this->allowedActions);
565
        }
566
567
/**
568
 * Maps action names to CRUD operations.
569
 *
570
 * Used for controller-based authentication. Make sure
571
 * to configure the authorize property before calling this method. As it delegates $map to all the
572
 * attached authorize objects.
573
 *
574
 * @param array $map Actions to map
575
 * @return void
576
 * @see BaseAuthorize::mapActions()
577
 * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#mapping-actions-when-using-crudauthorize
578
 * @deprecated 3.0.0 Map actions using `actionMap` config key on authorize objects instead
579
 */
580
        public function mapActions($map = array()) {
581
                if (empty($this->_authorizeObjects)) {
582
                        $this->constructAuthorize();
583
                }
584
                $mappedActions = array();
585
                foreach ($this->_authorizeObjects as $auth) {
586
                        $mappedActions = Hash::merge($mappedActions, $auth->mapActions($map));
587
                }
588
                if (empty($map)) {
589
                        return $mappedActions;
590
                }
591
        }
592
593
/**
594
 * Log a user in.
595
 *
596
 * If a $user is provided that data will be stored as the logged in user. If `$user` is empty or not
597
 * specified, the request will be used to identify a user. If the identification was successful,
598
 * the user record is written to the session key specified in AuthComponent::$sessionKey. Logging in
599
 * will also change the session id in order to help mitigate session replays.
600
 *
601
 * @param array $user Either an array of user data, or null to identify a user using the current request.
602
 * @return bool True on login success, false on failure
603
 * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#identifying-users-and-logging-them-in
604
 */
605
        public function login($user = null) {
606
                $this->_setDefaults();
607
608
                if (empty($user)) {
609
                        $user = $this->identify($this->request, $this->response);
610
                }
611
                if ($user) {
612
                        $this->Session->renew();
613
                        $this->Session->write(static::$sessionKey, $user);
614
                        $event = new CakeEvent('Auth.afterIdentify', $this, array('user' => $user));
615
                        $this->_Collection->getController()->getEventManager()->dispatch($event);
616
                }
617
                return (bool)$this->user();
618
        }
619
620
/**
621
 * Log a user out.
622
 *
623
 * Returns the logout action to redirect to. Triggers the logout() method of
624
 * all the authenticate objects, so they can perform custom logout logic.
625
 * AuthComponent will remove the session data, so there is no need to do that
626
 * in an authentication object. Logging out will also renew the session id.
627
 * This helps mitigate issues with session replays.
628
 *
629
 * @return string AuthComponent::$logoutRedirect
630
 * @see AuthComponent::$logoutRedirect
631
 * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#logging-users-out
632
 */
633
        public function logout() {
634
                $this->_setDefaults();
635
                if (empty($this->_authenticateObjects)) {
636
                        $this->constructAuthenticate();
637
                }
638
                $user = $this->user();
639
                foreach ($this->_authenticateObjects as $auth) {
640
                        $auth->logout($user);
641
                }
642
                $this->Session->delete(static::$sessionKey);
643
                $this->Session->delete('Auth.redirect');
644
                $this->Session->renew();
645
                return Router::normalize($this->logoutRedirect);
646
        }
647
648
/**
649
 * Get the current user.
650
 *
651
 * Will prefer the static user cache over sessions. The static user
652
 * cache is primarily used for stateless authentication. For stateful authentication,
653
 * cookies + sessions will be used.
654
 *
655
 * @param string $key field to retrieve. Leave null to get entire User record
656
 * @return array|null User record. or null if no user is logged in.
657
 * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#accessing-the-logged-in-user
658
 */
659
        public static function user($key = null) {
660
                if (!empty(static::$_user)) {
661
                        $user = static::$_user;
662
                } elseif (static::$sessionKey && CakeSession::check(static::$sessionKey)) {
663
                        $user = CakeSession::read(static::$sessionKey);
664
                } else {
665
                        return null;
666
                }
667
                if ($key === null) {
668
                        return $user;
669
                }
670
                return Hash::get($user, $key);
671
        }
672
673
/**
674
 * Similar to AuthComponent::user() except if the session user cannot be found, connected authentication
675
 * objects will have their getUser() methods called. This lets stateless authentication methods function correctly.
676
 *
677
 * @return bool true if a user can be found, false if one cannot.
678
 */
679
        protected function _getUser() {
680
                $user = $this->user();
681
                if ($user) {
682
                        $this->Session->delete('Auth.redirect');
683
                        return true;
684
                }
685
686
                if (empty($this->_authenticateObjects)) {
687
                        $this->constructAuthenticate();
688
                }
689
                foreach ($this->_authenticateObjects as $auth) {
690
                        $result = $auth->getUser($this->request);
691
                        if (!empty($result) && is_array($result)) {
692
                                static::$_user = $result;
693
                                return true;
694
                        }
695
                }
696
697
                return false;
698
        }
699
700
/**
701
 * Backwards compatible alias for AuthComponent::redirectUrl().
702
 *
703
 * @param string|array $url Optional URL to write as the login redirect URL.
704
 * @return string Redirect URL
705
 * @deprecated 3.0.0 Since 2.3.0, use AuthComponent::redirectUrl() instead
706
 */
707
        public function redirect($url = null) {
708
                return $this->redirectUrl($url);
709
        }
710
711
/**
712
 * Get the URL a user should be redirected to upon login.
713
 *
714
 * Pass a URL in to set the destination a user should be redirected to upon
715
 * logging in.
716
 *
717
 * If no parameter is passed, gets the authentication redirect URL. The URL
718
 * returned is as per following rules:
719
 *
720
 *  - Returns the normalized URL from session Auth.redirect value if it is
721
 *    present and for the same domain the current app is running on.
722
 *  - If there is no session value and there is a $loginRedirect, the $loginRedirect
723
 *    value is returned.
724
 *  - If there is no session and no $loginRedirect, / is returned.
725
 *
726
 * @param string|array $url Optional URL to write as the login redirect URL.
727
 * @return string Redirect URL
728
 */
729
        public function redirectUrl($url = null) {
730
                if ($url !== null) {
731
                        $redir = $url;
732
                        $this->Session->write('Auth.redirect', $redir);
733
                } elseif ($this->Session->check('Auth.redirect')) {
734
                        $redir = $this->Session->read('Auth.redirect');
735
                        $this->Session->delete('Auth.redirect');
736
737
                        if (Router::normalize($redir) === Router::normalize($this->loginAction)) {
738
                                $redir = $this->loginRedirect;
739
                        }
740
                } elseif ($this->loginRedirect) {
741
                        $redir = $this->loginRedirect;
742
                } else {
743
                        $redir = '/';
744
                }
745
                if (is_array($redir)) {
746
                        return Router::url($redir + array('base' => false));
747
                }
748
                return $redir;
749
        }
750
751
/**
752
 * Use the configured authentication adapters, and attempt to identify the user
753
 * by credentials contained in $request.
754
 *
755
 * @param CakeRequest $request The request that contains authentication data.
756
 * @param CakeResponse $response The response
757
 * @return array User record data, or false, if the user could not be identified.
758
 */
759
        public function identify(CakeRequest $request, CakeResponse $response) {
760
                if (empty($this->_authenticateObjects)) {
761
                        $this->constructAuthenticate();
762
                }
763
                foreach ($this->_authenticateObjects as $auth) {
764
                        $result = $auth->authenticate($request, $response);
765
                        if (!empty($result) && is_array($result)) {
766
                                return $result;
767
                        }
768
                }
769
                return false;
770
        }
771
772
/**
773
 * Loads the configured authentication objects.
774
 *
775
 * @return mixed Either null on empty authenticate value, or an array of loaded objects.
776
 * @throws CakeException
777
 */
778
        public function constructAuthenticate() {
779
                if (empty($this->authenticate)) {
780
                        return null;
781
                }
782
                $this->_authenticateObjects = array();
783
                $config = Hash::normalize((array)$this->authenticate);
784
                $global = array();
785
                if (isset($config[AuthComponent::ALL])) {
786
                        $global = $config[AuthComponent::ALL];
787
                        unset($config[AuthComponent::ALL]);
788
                }
789
                foreach ($config as $class => $settings) {
790
                        if (!empty($settings['className'])) {
791
                                $class = $settings['className'];
792
                                unset($settings['className']);
793
                        }
794
                        list($plugin, $class) = pluginSplit($class, true);
795
                        $className = $class . 'Authenticate';
796
                        App::uses($className, $plugin . 'Controller/Component/Auth');
797
                        if (!class_exists($className)) {
798
                                throw new CakeException(__d('cake_dev', 'Authentication adapter "%s" was not found.', $class));
799
                        }
800
                        if (!method_exists($className, 'authenticate')) {
801
                                throw new CakeException(__d('cake_dev', 'Authentication objects must implement an %s method.', 'authenticate()'));
802
                        }
803
                        $settings = array_merge($global, (array)$settings);
804
                        $auth = new $className($this->_Collection, $settings);
805
                        $this->_Collection->getController()->getEventManager()->attach($auth);
806
                        $this->_authenticateObjects[] = $auth;
807
                }
808
                return $this->_authenticateObjects;
809
        }
810
811
/**
812
 * Hash a password with the application's salt value (as defined with Configure::write('Security.salt');
813
 *
814
 * This method is intended as a convenience wrapper for Security::hash(). If you want to use
815
 * a hashing/encryption system not supported by that method, do not use this method.
816
 *
817
 * @param string $password Password to hash
818
 * @return string Hashed password
819
 * @deprecated 3.0.0 Since 2.4. Use Security::hash() directly or a password hasher object.
820
 */
821
        public static function password($password) {
822
                return Security::hash($password, null, true);
823
        }
824
825
/**
826
 * Check whether or not the current user has data in the session, and is considered logged in.
827
 *
828
 * @return bool true if the user is logged in, false otherwise
829
 * @deprecated 3.0.0 Since 2.5. Use AuthComponent::user() directly.
830
 */
831
        public function loggedIn() {
832
                return (bool)$this->user();
833
        }
834
835
/**
836
 * Set a flash message. Uses the Session component, and values from AuthComponent::$flash.
837
 *
838
 * @param string $message The message to set.
839
 * @return void
840
 */
841
        public function flash($message) {
842
                if ($message === false) {
843
                        return;
844
                }
845
                $this->Flash->set($message, $this->flash);
846
        }
847
848
}