When a request is submitted, the adapter will take the form data from the Request object,
apply any filters as appropriate (see the 'filters' configuration setting below), and
query a model class using using the filtered data.
By default, the adapter uses a model called User, and lookup fields called 'username' and
'password'. These can be customized by setting the 'model' and 'fields' configuration keys,
respectively. The 'model' key accepts either a model name (i.e. Customer), or a
fully-namespaced path to a model class (i.e. \app\models\Customer). The 'fields' setting
accepts an array of field names to use when looking up a user. An example configuration,
including a custom model class and lookup fields might look like the following:
{{{
Auth::config(array(
'customer' => array(
'model' => 'Customer',
'fields' => array('email', 'password')
)
));
}}}
If the field names present in the form match the fields used in the database lookup, the above
will suffice. If, however, the form fields must be matched to non-standard database column names,
you can specify an array which matches up the form field names to their corresponding database
column names. Suppose, for example, user authentication information in a MongoDB database is
nested within a sub-object called login. The adapter could be configured as follows:
{{{
Auth::config(array(
'customer' => array(
'model' => 'Customer',
'fields' => array('username' => 'login.username', 'password' => 'login.password'),
'scope' => array('active' => true)
)
));
}}}
Note that any additional fields may be specified which should be included in the query. For
example, if a user must select a group when logging in, you may override the 'fields' key with
that value as well (i.e. 'fields' => array('username', 'password', 'group'); note that if a
field is specified which is not present in the request, the value in the query will be null).
However, this will only submit data that is specified in the incoming request. If you would like
to further limit the query using fixed data, use the 'scope' key, as shown in the example
above.
As mentioned, prior to any queries being executed, the request data is modified by any filters
configured. Filters are callbacks which accept the value of a field as input, and return a
modified version of the value as output. Filters can be any PHP callable, i.e. a closure or
array('ClassName', 'method'). The only filter that is configured by default is for
the password field, which is filtered by lithium\util\String::hash().
Note that if you are specifying the 'fields' configuration using key/value pairs, the key
used to specify the filter must match the key side of the 'fields' assignment.
/**
* Tests that `Form::set()` passes data through unmodified, even with invalid options.
*
* @return void
*/
public function testSetPassthru()
{
$subject = new Form(array('model' => __CLASS__));
$user = array('id' => 5, 'name' => 'bob');
$result = $subject->set($user, null);
$this->assertIdentical($user, $result);
}
/**
* Sets the initial configuration for the `Form` adapter.
*
* @see lithium\security\auth\adapter\Form::$__construct
* @param array $config Sets the configuration for the adapter, which has the following options:
* - `'model'` _string_: The name of the model class to use. See the `$_model`
* property for details.
* - `'fields'` _array_: The model fields to query against when taking input from
* the request data. See the `$_fields` property for details.
* - `'scope'` _array_: Any additional conditions used to constrain the
* authentication query. For example, if active accounts in an application have
* an `active` field which must be set to `true`, you can specify
* `'scope' => array('active' => true)`. See the `$_scope` property for more
* details.
* - `'filters'` _array_: Named callbacks to apply to request data before the user
* lookup query is generated. See the `$_filters` property for more details.
* - `'validators'` _array_: Named callbacks to apply to fields in request data and
* corresponding fields in database data in order to do programmatic
* authentication checks after the query has occurred. See the `$_validators`
* property for more details.
* - `'query'` _string_: Determines the model method to invoke for authentication
* checks. See the `$_query` property for more details.
*/
public function __construct(array $config = array())
{
$config += array('model' => null, 'entityManager' => null, 'repositoryMethod' => 'findOneBy');
if (empty($config['model']) || !class_exists($config['model'])) {
throw new ConfigException("No valid model \"{$config['model']}\" available to use for Form auth adapter");
} elseif (empty($config['entityManager']) && (!method_exists($config['model'], 'getEntityManager') || !is_callable($config['model'] . '::getEntityManager'))) {
throw new ConfigException("The model {$config['model']} must define a getEntityManager() static method, or you must set the entityManager auth config variable");
}
$reflection = new \ReflectionClass($config['model']);
if (!$reflection->implementsInterface('li3_doctrine2\\models\\IModel') && !$reflection->implementsInterface('li3_doctrine2\\models\\IUser')) {
throw new ConfigException("The model {$config['model']} must implement IUser");
}
$entityManager = $config['entityManager'] ?: call_user_func($config['model'] . '::getEntityManager');
if (!isset($entityManager) || !$entityManager instanceof EntityManager) {
throw new ConfigException('Not a valid entity manager');
}
$this->repository = $entityManager->getRepository($config['model']);
parent::__construct($config);
}
public function testValidatorWithFieldMapping()
{
$subject = new Form(array('model' => __CLASS__, 'query' => 'validatorFieldMappingTest', 'fields' => array('name' => 'user.name', 'password' => 'user.password'), 'validators' => array('password' => function ($form, $data) {
if ($form === $data) {
return true;
}
return false;
})));
$request = (object) array('data' => array('name' => 'Foo', 'password' => 'bar'));
$this->assertTrue($subject->check($request));
}
