adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-29 16:06:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Starting to extract authentication objects out of AuthComponent. Started off with extracting FormAuthenticate as its what currently exists in AuthComponent. Test case added.

Browse source
This commit is contained in:
mark_story 2011-01-02 00:57:23 -05:00
parent 63308fdbd8
commit 68da3fab8f
2 changed files with 203 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
cake/libs/controller/components/auth/form_authenticate.php Normal file
View file

@ -0,0 +1,70 @@
<?php
class FormAuthenticate {
/**
* Settings for this object.
*
* - `fields` The fields to use to identify a user by.
* - `userModel` The model name of the User, defaults to User.
* - `scope` Additional conditions to use when looking up and authenticating users,
* i.e. `array('User.is_active' => 1).`
*
* @var array
*/
public $settings = array(
'fields' => array(
'username' => 'username',
'password' => 'password'
),
'userModel' => 'User',
'scope' => array()
);
/**
* Constructor
*
* @param array $settings Array of settings to use.
*/
public function __construct($settings) {
$this->settings = Set::merge($this->settings, $settings);
}
/**
* Authenticates the identity contained in a request. Will use the `settings.userModel`, and `settings.fields`
* to find POST data that is used to find a matching record in the `settings.userModel`. Will return false if
* there is no post data, either username or password is missing, of if the scope conditions have not been met.
*
* @param CakeRequest $request The request that contains login information.
* @return mixed. False on login failure. An array of User data on success.
*/
public function authenticate(CakeRequest $request) {
$userModel = $this->settings['userModel'];
$fields = $this->settings['fields'];
if (empty($request->data[$userModel])) {
return false;
}
if (
empty($request->data[$userModel][$fields['username']]) ||
empty($request->data[$userModel][$fields['password']])
) {
return false;
}
$conditions = array(
$userModel . '.' . $fields['username'] => $request->data[$userModel][$fields['username']],
$userModel . '.' . $fields['password'] => $request->data[$userModel][$fields['password']],
);
if (!empty($this->settings['scope'])) {
$conditions = array_merge($conditions, $this->settings['scope']);
}
$result = ClassRegistry::init($userModel)->find('first', array(
'conditions' => $conditions,
'recursive' => 0
));
if (empty($result) || empty($result[$userModel])) {
return false;
}
unset($result[$userModel][$fields['password']]);
return $result[$userModel];
}
}

133
cake/tests/cases/libs/controller/components/auth/form_authenticate.test.php Normal file
View file

@ -0,0 +1,133 @@
<?php
App::import('Component', 'auth/form_authenticate');
App::import('Model', 'AppModel');
App::import('Core', 'CakeRequest');
App::import('Core', 'Security');
require_once CAKE_TESTS . 'cases' . DS . 'libs' . DS . 'model' . DS . 'models.php';
/**
* Test case for FormAuthentication
*
* @package cake.test.cases.controller.components.auth
*/
class FormAuthenticateTest extends CakeTestCase {
public $fixtures = array('core.user');
/**
* setup
*
* @return void
*/
function setUp() {
parent::setUp();
$this->auth = new FormAuthenticate(array(
'fields' => array('username' => 'user', 'password' => 'password'),
'userModel' => 'User'
));
$this->password = Security::hash('password', null, true);
ClassRegistry::init('User')->updateAll(array('password' => '"' . $this->password . '"'));
}
/**
* test applying settings in the constructor
*
* @return void
*/
function testConstructor() {
$object = new FormAuthenticate(array(
'userModel' => 'AuthUser',
'fields' => array('username' => 'user', 'password' => 'password')
));
$this->assertEquals('AuthUser', $object->settings['userModel']);
$this->assertEquals(array('username' => 'user', 'password' => 'password'), $object->settings['fields']);
}
/**
* test the authenticate method
*
* @return void
*/
function testAuthenticateNoData() {
$request = new CakeRequest('posts/index', false);
$request->data = array();
$this->assertFalse($this->auth->authenticate($request));
}
/**
* test the authenticate method
*
* @return void
*/
function testAuthenticateNoUsername() {
$request = new CakeRequest('posts/index', false);
$request->data = array('User' => array('password' => 'foobar'));
$this->assertFalse($this->auth->authenticate($request));
}
/**
* test the authenticate method
*
* @return void
*/
function testAuthenticateNoPassword() {
$request = new CakeRequest('posts/index', false);
$request->data = array('User' => array('user' => 'mariano'));
$this->assertFalse($this->auth->authenticate($request));
}
/**
* test the authenticate method
*
* @return void
*/
function testAuthenticateInjection() {
$request = new CakeRequest('posts/index', false);
$request->data = array(
'User' => array(
'user' => '> 1',
'password' => "' OR 1 = 1"
));
$this->assertFalse($this->auth->authenticate($request));
}
/**
* test authenticate sucesss
*
* @return void
*/
function testAuthenticateSuccess() {
$request = new CakeRequest('posts/index', false);
$request->data = array('User' => array(
'user' => 'mariano',
'password' => $this->password
));
$result = $this->auth->authenticate($request);
$expected = array(
'id' => 1,
'user' => 'mariano',
'created' => '2007-03-17 01:16:23',
'updated' => '2007-03-17 01:18:31'
);
$this->assertEquals($expected, $result);
}
/**
* test scope failure.
*
* @return void
*/
function testAuthenticateScopeFail() {
$this->auth->settings['scope'] = array('user' => 'nate');
$request = new CakeRequest('posts/index', false);
$request->data = array('User' => array(
'user' => 'mariano',
'password' => $this->password
));
$this->assertFalse($this->auth->authenticate($request));
}
}