Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Working custom atuh for php
<?php
/**
* CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
* @link https://cakephp.org CakePHP(tm) Project
* @since 0.2.9
* @license https://opensource.org/licenses/mit-license.php MIT License
*/
namespace App\Controller;
use Cake\Controller\Controller;
use Cake\Event\Event;
/**
* Application Controller
*
* Add your application-wide methods in the class below, your controllers
* will inherit them.
*
* @link https://book.cakephp.org/3.0/en/controllers.html#the-app-controller
*/
class AppController extends Controller
{
use AuthInjectorTrait;
public $helpers = [
'Form' => [
'className' => 'Bootstrap.Form'
],
'Html' => [
'className' => 'Bootstrap.Html'
],
'Modal' => [
'className' => 'Bootstrap.Modal'
],
'Navbar' => [
'className' => 'Bootstrap.Navbar'
],
'Paginator' => [
'className' => 'Bootstrap.Paginator'
],
// 'Panel' => [
// 'className' => 'Bootstrap.Panel'
// ]
];
/**
* Initialization hook method.
*
* Use this method to add common initialization code like loading components.
*
* e.g. `$this->loadComponent('Security');`
*
* @return void
*/
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
$this->loadComponent('Flash');
//$this->loadComponent('TinyAuth.Auth');
/*
* Enable the following components for recommended CakePHP security settings.
* see https://book.cakephp.org/3.0/en/controllers/components/security.html
*/
$this->loadComponent('Security');
$this->loadComponent('Csrf');
$this->loadComponent('TinyAuth.Auth', [
'authenticate' => [
'CustomForm' => [
'fields' => [
'username' => 'user_name',
'password' => 'password',
'company_id' => 'company_id',
],
'finder' => 'auth'
]
],
'loginAction' => [
'controller' => 'Users',
'action' => 'login'
],
'loginRedirect' => [
'controller' => 'users',
'action' => 'index'
],
// If unauthorized, return them to page they were just on
'unauthorizedRedirect' => $this->referer()
]);
// $this->Auth->allow(['logout','login']);
// Allow the display action so our PagesController
// continues to work. Also enable the read only actions.
// $this->Auth->allow(['display', 'view', 'index']);
}
/**
* Before render callback.
*
* @param \Cake\Event\Event $event The beforeRender event.
* @return \Cake\Http\Response|null|void
*/
public function beforeRender(Event $event)
{
// Note: These defaults are just to get started quickly with development
// and should not be used in production. You should instead set "_serialize"
// in each action as required.
if (!array_key_exists('_serialize', $this->viewVars) &&
in_array($this->response->type(), ['application/json', 'application/xml'])
) {
$this->set('_serialize', true);
}
}
}
<?php namespace App\Auth;
use Cake\Auth\BaseAuthenticate;
use Cake\Http\ServerRequest;
use Cake\Http\Response;
use Cake\ORM\TableRegistry;
class CustomFormAuthenticate extends BaseAuthenticate
{
protected function _checkFields(ServerRequest $request, array $fields)
{
foreach ([$fields['username'],$fields['company_id'], $fields['password']] as $field) {
$value = $request->getData($field);
if (empty($value) || !is_string($value)) {
return false;
}
}
return true;
}
/**
* Authenticates the identity contained in a request. Will use the `config.userModel`, and `config.fields`
* to find POST data that is used to find a matching record in the `config.userModel`. Will return false if
* there is no post data, either username or password is missing, or if the scope conditions have not been met.
*
* @param \Cake\Http\ServerRequest $request The request that contains login information.
* @param \Cake\Http\Response $response Unused response object.
* @return mixed False on login failure. An array of User data on success.
*/
public function authenticate(ServerRequest $request, Response $response)
{
$fields = $this->_config['fields'];
if (!$this->_checkFields($request, $fields)) {
return false;
}
return $this->_findUser(
$request->getData($fields['username']),
$request->getData($fields['password']),
$request->getData($fields['company_id'])
);
}
protected function _findUser($username, $password = null,$company_id=null)
{
$result = $this->_query($username,$company_id)->first();
if (empty($result)) {
$hasher = $this->passwordHasher();
$hasher->hash((string)$password);
return false;
}
$passwordField = $this->_config['fields']['password'];
if ($password !== null) {
$hasher = $this->passwordHasher();
$hashedPassword = $result->get($passwordField);
if (!$hasher->check($password, $hashedPassword)) {
return false;
}
$this->_needsPasswordRehash = $hasher->needsRehash($hashedPassword);
$result->unsetProperty($passwordField);
}
$hidden = $result->getHidden();
if ($password === null && in_array($passwordField, $hidden)) {
$key = array_search($passwordField, $hidden);
unset($hidden[$key]);
$result->setHidden($hidden);
}
return $result->toArray();
}
/**
* Get query object for fetching user from database.
*
* @param string $username The username/identifier.
* @return \Cake\ORM\Query
*/
protected function _query($username,$company_id=null)
{
$config = $this->_config;
$table = TableRegistry::get($config['userModel']);
$options = [
'conditions' => [$table->aliasField($config['fields']['username']) => $username,'company_id'=>$company_id]
];
if (!empty($config['scope'])) {
$options['conditions'] = array_merge($options['conditions'], $config['scope']);
}
if (!empty($config['contain'])) {
$options['contain'] = $config['contain'];
}
$finder = $config['finder'];
if (is_array($finder)) {
$options += current($finder);
$finder = key($finder);
}
if (!isset($options['username'])) {
$options['username'] = $username;
}
return $table->find($finder, $options);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment