\Hazaar\Auth
Adapter
Abstract
Abstract authentication adapter

This class is the base class for all of the supplied authentication adapters. This class takes care of the password hash generation and session management, including the autologin function.

Available options are:

  1. encryption.hash – default: sha256 The hash algorithm to use to encrypt passwords. This can be a a single algorith, such as sha256, sha1 or any other algorithm supported by the PHP hash() function. You can use the hash_algos() function to get a list of available algorithms. Any unsupported algorithms are silently ignored.

This option can also be an array of algorithms. In which case each one will be applied in the order specified. During each iteration the hash will be appended with the original password (this helps prevent hash collisions) along with any salt value (see below) before being hashed with the next algorithm.

The default is sha256 for security. Please note that this breaks backwards compatibility with the 1.0 version of this module.

  1. Configuration Directives

  1. encryption.count – default: 1 For extra obfuscation, it’s possible to “hash the hash” this many times. This is the old method we used to add extra security to the hash, except we now also append the original password to the hash before hashing it. (too much hash?). In the case where the encryption.hash is a list of algorithms, each one of these will be applied as above for each count. So for example, if you have a list of 3 algorithms and the count is 3, your password will be hashed 9 times.

  1. encryption.salt – default: null For more security a salt value can be set which will be appended to each password when being hashed. If the password is being hashed multiple times then the salt is appended to the hash + password.

  1. autologin.period – default: 1 This is the period in which the autologin cookie will remain active (ie: will expire after this many days). The default is one day.

  1. autologin.hash – default: md5 This is the hash algorithm used to encrypt the token placed in the cookie in the user’s browser session. This data is hashed to ensure that it can not be manipulated by the user.

  1. token.hash – default: md5 The token hash is the value stored in the session cache and is used to confirm that a user account is authenticated. As an added security measure we apply a hash to this value so that plain test passwords will never be stored in the session cache, even if there is no password encryption chain.

  1. timeout – default: 3600 For a standard login, this is the session expirey timeout. Basically this is the maximum time in which a session will ever be active. If autologin is being used, then it is quite common to set this to a low value to allow the user to be re-authenticated with the autologin token periodically.

This is now more often used as a cache timeout value because on logon, certain data is obtained for a user and stored in cache. Sometimes obtaining this data can be processor intensive so we don’t want to do it on every page load. Instead we do it, cache it, and then only do it again once this time passes.

  1. Example Config (application.json)

``` { “development”: { “cache”: { “encryption”: { “hash”: [ “md5”, “sha1”, “sha256” ], “salt”: “mysupersecretsalt” }, “autologin”: { “period”: 365, “hash”: “sha1” }, “timeout”: 28800 } } } ```

Summary
Methods Properties Constants
get
has
set
No constants
Properties
$credential
$credential
$extra
$extra
$identity
$identity
$options
$options
$session
$session
Methods
__construct()
__construct($cache_config = Array ( ) , $cache_backend = 'session')

Parameters

$cache_config

No description

$cache_backend

No description

__get()
__get($key)

Parameters

$key

No description

__isset()
__isset($key)

Parameters

$key

No description

__set()
__set($key, $value)

Parameters

$key

No description

$value

No description

authenticate()
authenticate($identity = null, $credential = null, $autologin = false)

Parameters

$identity

No description

$credential

No description

$autologin

No description

authenticated()
authenticated()
canAutoLogin()
canAutoLogin()
check()
check($credential) : boolean
Check that the supplied password is correct for the current identity.

This is useful for checking an account password before allowing something important to be updated. This does the same steps as authenticate() but doesn’t actually do the authentication.

Parameters

$credentialmixed

No description

Returns

boolean
deauth()
deauth()
get()
get($key)

Parameters

$key

No description

getAutologinCookieName()
getAutologinCookieName()
getCredential()
getCredential($credential = null) : \null|string
Get the encrypted hash of a credential/password

This method uses the “encryption” options from the application configuration to generate a password hash based on the supplied password. If no password is supplied then the currently set credential is used.

NOTE: Keep in mind that if no credential is set, or it’s null, or an empty string, this will still return a valid hash of that empty value using the defined encryption hash chain.

Parameters

$credentialmixed

No description

Returns

\null|string
getIdentity()
getIdentity()
getToken()
getToken()
getTokenType()
getTokenType()
getUserData()
getUserData()
has()
has($key)

Parameters

$key

No description

offsetExists()
offsetExists($key)
Array Access Methods

These methods allows accessing user data as array attributes of the auth object. These methods do not allow this data to be modified in any way.

Parameters

$key

No description

offsetGet()
offsetGet($key)

Parameters

$key

No description

offsetSet()
offsetSet($key, $value)

Parameters

$key

No description

$value

No description

offsetUnset()
offsetUnset($key)

Parameters

$key

No description

set()
set($key, $value)

Parameters

$key

No description

$value

No description

setCredential()
setCredential($credential)

Parameters

$credential

No description

setDataFields()
setDataFields($fields)

Parameters

$fieldsarray

No description

setIdentity()
setIdentity($identity)

Parameters

$identity

No description

unauthorised()
unauthorised()
Helper method that sets the basic auth header and throws an unauthorised exception

Tags

Throws

\Exception