When a request is submitted, the adapter will take the form data from the Request object,
apply any filters as appropriate (see the 'filters' configuration setting below), and
query a model class using using the filtered data.
By default, the adapter uses a model called User, and lookup fields called 'username' and
'password'. These can be customized by setting the 'model' and 'fields' configuration keys,
respectively. The 'model' key accepts either a model name (i.e. Customer), or a
fully-namespaced path to a model class (i.e. \app\models\Customer). The 'fields' setting
accepts an array of field names to use when looking up a user. An example configuration,
including a custom model class and lookup fields might look like the following:
{{{
Auth::config(array(
'customer' => array(
'model' => 'Customer',
'fields' => array('email', 'password')
)
));
}}}
If the field names present in the form match the fields used in the database lookup, the above
will suffice. If, however, the form fields must be matched to non-standard database column names,
you can specify an array which matches up the form field names to their corresponding database
column names. Suppose, for example, user authentication information in a MongoDB database is
nested within a sub-object called login. The adapter could be configured as follows:
{{{
Auth::config(array(
'customer' => array(
'model' => 'Customer',
'fields' => array('username' => 'login.username', 'password' => 'login.password'),
'scope' => array('active' => true)
)
));
}}}
Note that any additional fields may be specified which should be included in the query. For
example, if a user must select a group when logging in, you may override the 'fields' key with
that value as well (i.e. 'fields' => array('username', 'password', 'group'); note that if a
field is specified which is not present in the request, the value in the query will be null).
However, this will only submit data that is specified in the incoming request. If you would like
to further limit the query using fixed data, use the 'scope' key, as shown in the example
above.
As mentioned, prior to any queries being executed, the request data is modified by any filters
configured. Filters are callbacks which accept the value of a field as input, and return a
modified version of the value as output. Filters can be any PHP callable, i.e. a closure or
array('ClassName', 'method'). The only filter that is configured by default is for
the password field, which is filtered by lithium\util\String::hash().
Note that if you are specifying the 'fields' configuration using key/value pairs, the key
used to specify the filter must match the key side of the 'fields' assignment.