Skip to content

Phalcon auth

NOTE

All classes are prefixed with Phalcon

Auth\AbstractAuthDispatcherListener

Abstract Source on GitHub

Shared enforcement algorithm for the Cli and Mvc auth dispatcher listeners. The dispatcher-specific subclass provides only the action name from its typed dispatcher, the action-kind label used in the access-denied exception, and (Mvc only) a forward handler for Access::redirectTo().

Uses Phalcon\Auth\Exceptions\AccessDenied · Phalcon\Contracts\Auth\Manager

Method Summary

public __construct( Manager $manager ) protected bool enforce(string $actionName,mixed $forwardHandler = null) Runs the access check for the given action name. Returns true when protected string getActionType() Returns the kind label used by AccessDenied (e.g. 'task',

Properties

protected Manager $manager

Methods

Public · 1

__construct()

public function __construct( Manager $manager );
Protected · 2

enforce()

protected function enforce(
    string $actionName,
    mixed $forwardHandler = null
): bool;

Runs the access check for the given action name. Returns true when the dispatch should proceed, false when a forward was issued, and throws when access is denied without a redirect target.

getActionType()

abstract protected function getActionType(): string;

Returns the kind label used by AccessDenied (e.g. 'task', 'action').

Auth\Access\AbstractAccess

Abstract Source on GitHub

Uses Phalcon\Contracts\Auth\Access\Access · Phalcon\Contracts\Auth\Manager

Method Summary

public __construct( Manager $manager ) public array getExceptActions() public array getOnlyActions() public bool isAllowed( string $actionName ) public array|null redirectTo() public void setExceptActions( array $exceptActions = [] ) public void setOnlyActions( array $onlyActions = [] )

Properties

protected array $exceptActions = []
protected Manager $manager
protected array $onlyActions = []

Methods

Public · 7

__construct()

public function __construct( Manager $manager );

getExceptActions()

public function getExceptActions(): array;

getOnlyActions()

public function getOnlyActions(): array;

isAllowed()

public function isAllowed( string $actionName ): bool;

redirectTo()

public function redirectTo(): array|null;

setExceptActions()

public function setExceptActions( array $exceptActions = [] ): void;

setOnlyActions()

public function setOnlyActions( array $onlyActions = [] ): void;

Auth\Access\AccessLocator

Class Source on GitHub

Service locator for Phalcon\Auth access gates. Utilizes the container to obtain the service. For the Phalcon\Container\Container one can use autowiring. For the Phalcon\Di\Di, one needs to register the gates in it to be used here.

@extends AbstractLocator

Uses Phalcon\Contracts\Auth\Access\Access · Phalcon\Support\AbstractLocator

Method Summary

protected string getExceptionClass() protected string getInterfaceClass() protected array getServices()

Methods

Protected · 3

getExceptionClass()

protected function getExceptionClass(): string;

getInterfaceClass()

protected function getInterfaceClass(): string;

getServices()

protected function getServices(): array;

Auth\Access\Auth

Class Source on GitHub

This file is part of the Phalcon Framework.

(c) Phalcon Team team@phalcon.io

For the full copyright and license information, please view the LICENSE.txt file that was distributed with this source code.

Implementation of this file has been influenced by sinbadxiii/cphalcon-auth @link https://github.com/sinbadxiii/cphalcon-auth

Method Summary

public bool allowedIf()

Methods

Public · 1

allowedIf()

public function allowedIf(): bool;

Auth\Access\Guest

Class Source on GitHub

This file is part of the Phalcon Framework.

(c) Phalcon Team team@phalcon.io

For the full copyright and license information, please view the LICENSE.txt file that was distributed with this source code.

Implementation of this file has been influenced by sinbadxiii/cphalcon-auth @link https://github.com/sinbadxiii/cphalcon-auth

Method Summary

public bool allowedIf()

Methods

Public · 1

allowedIf()

public function allowedIf(): bool;

Auth\Adapter\AbstractAdapter

Abstract Source on GitHub

@template TConfig of AdapterConfig

Uses Phalcon\Contracts\Auth\Adapter\Adapter · Phalcon\Contracts\Auth\Adapter\AdapterConfig · Phalcon\Contracts\Auth\AuthUser · Phalcon\Contracts\Encryption\Security\Security

Method Summary

public __construct(Security $hasher,AdapterConfig $config) public AdapterConfig getConfig() Returns the adapter configuration object. public string|null getModel() Returns the model class name, if configured. public bool validateCredentials(AuthUser $user,array $credentials) Validates the supplied plaintext password against the user's stored hash.

Properties

protected AdapterConfig $config
protected Security $hasher

Methods

Public · 4

__construct()

public function __construct(
    Security $hasher,
    AdapterConfig $config
);

getConfig()

public function getConfig(): AdapterConfig;

Returns the adapter configuration object.

getModel()

public function getModel(): string|null;

Returns the model class name, if configured.

validateCredentials()

public function validateCredentials(
    AuthUser $user,
    array $credentials
): bool;

Validates the supplied plaintext password against the user's stored hash. Concrete adapters share this implementation; if your data source needs a different verification strategy, override it.

Auth\Adapter\AbstractArrayAdapter

Abstract Source on GitHub

Common base for adapters whose user records come from an in-memory list (Memory and Stream). Subclasses provide the row source via loadUsers(); everything else - credentials matching, hydration, the empty-credentials guard, and a default linear retrieveById - is shared here.

@template TConfig of AdapterConfig @extends AbstractAdapter

Uses Phalcon\Auth\AuthUser · Phalcon\Contracts\Auth\Adapter\AdapterConfig · Phalcon\Contracts\Auth\AuthUser

Method Summary

public AuthUserContract|null retrieveByCredentials( array $credentials ) Walks the user list and returns the first row whose non-'password' public AuthUserContract|null retrieveById( mixed $id ) Default linear-scan implementation. Memory overrides this for an O(1) protected bool hasIdentifyingField( array $credentials ) Tests whether a credentials payload carries at least one identifying protected AuthUserContract hydrate( array $row ) Hydrates a raw user row into either the configured model class or a protected array loadUsers() Returns the source list of user rows. Concrete subclasses decide protected bool matchesRow(array $row,array $credentials) Strict per-key match of a row against credentials, skipping 'password'.

Methods

Public · 2

retrieveByCredentials()

public function retrieveByCredentials( array $credentials ): AuthUserContract|null;

Walks the user list and returns the first row whose non-'password' keys all match strictly. Returns null when no row matches or when $credentials carries no identifying field at all (only 'password', or empty) - protects callers from the silent "first row wins" footgun.

retrieveById()

public function retrieveById( mixed $id ): AuthUserContract|null;

Default linear-scan implementation. Memory overrides this for an O(1) id-keyed lookup; Stream uses this as-is.

Protected · 4

hasIdentifyingField()

protected function hasIdentifyingField( array $credentials ): bool;

Tests whether a credentials payload carries at least one identifying field (i.e. anything other than 'password'). An empty payload - or a payload that only contains 'password' - is treated as "no lookup".

hydrate()

protected function hydrate( array $row ): AuthUserContract;

Hydrates a raw user row into either the configured model class or a Phalcon\Auth\AuthUser value object.

loadUsers()

abstract protected function loadUsers(): array;

Returns the source list of user rows. Concrete subclasses decide where they come from (config array, JSON file, etc.).

matchesRow()

protected function matchesRow(
    array $row,
    array $credentials
): bool;

Strict per-key match of a row against credentials, skipping 'password'.

Auth\Adapter\AdapterLocator

Class Source on GitHub

Service locator for Phalcon\Auth adapters. Utilizes the container to obtain the service. For the Phalcon\Container\Container one can use autowiring. For the Phalcon\Di\Di, one needs to register the gates in it to be used here.

@extends AbstractLocator

Uses Phalcon\Contracts\Auth\Adapter\Adapter · Phalcon\Support\AbstractLocator

Method Summary

protected string getExceptionClass() protected string getInterfaceClass() protected array getServices()

Methods

Protected · 3

getExceptionClass()

protected function getExceptionClass(): string;

getInterfaceClass()

protected function getInterfaceClass(): string;

getServices()

protected function getServices(): array;

Auth\Adapter\Config\AbstractAdapterConfig

Abstract Source on GitHub

This file is part of the Phalcon Framework.

(c) Phalcon Team team@phalcon.io

For the full copyright and license information, please view the LICENSE.txt file that was distributed with this source code.

Implementation of this file has been influenced by sinbadxiii/cphalcon-auth @link https://github.com/sinbadxiii/cphalcon-auth

Uses Phalcon\Contracts\Auth\Adapter\AdapterConfig

Method Summary

public __construct( string $model = null ) public string|null getModel()

Properties

protected string|null $model = null

Methods

Public · 2

__construct()

public function __construct( string $model = null );

getModel()

public function getModel(): string|null;

Auth\Adapter\Config\MemoryAdapterConfig

Class Source on GitHub

Method Summary

public __construct(array $users = [],string $model = null) public array getUsers()

Properties

protected array $users = []

Methods

Public · 2

__construct()

public function __construct(
    array $users = [],
    string $model = null
);

getUsers()

public function getUsers(): array;

Auth\Adapter\Config\ModelAdapterConfig

Class Source on GitHub

This file is part of the Phalcon Framework.

(c) Phalcon Team team@phalcon.io

For the full copyright and license information, please view the LICENSE.txt file that was distributed with this source code.

Implementation of this file has been influenced by sinbadxiii/cphalcon-auth @link https://github.com/sinbadxiii/cphalcon-auth

Uses Phalcon\Auth\Exception · Phalcon\Auth\Exceptions\ConfigRequiresNonEmptyValue

Method Summary

public __construct(string $model,string $idColumn = "id") public string getIdColumn() public string getModel()

Properties

protected string $idColumn = "id"

Methods

Public · 3

__construct()

public function __construct(
    string $model,
    string $idColumn = "id"
);

getIdColumn()

public function getIdColumn(): string;

getModel()

public function getModel(): string;

Auth\Adapter\Config\StreamAdapterConfig

Class Source on GitHub

This file is part of the Phalcon Framework.

(c) Phalcon Team team@phalcon.io

For the full copyright and license information, please view the LICENSE.txt file that was distributed with this source code.

Implementation of this file has been influenced by sinbadxiii/cphalcon-auth @link https://github.com/sinbadxiii/cphalcon-auth

Uses Phalcon\Auth\Exception · Phalcon\Auth\Exceptions\ConfigRequiresNonEmptyValue

Method Summary

public __construct(string $file,string $model = null) public string getFile()

Properties

protected string $file

Methods

Public · 2

__construct()

public function __construct(
    string $file,
    string $model = null
);

getFile()

public function getFile(): string;

Auth\Adapter\Memory

Class Source on GitHub

In-memory adapter - useful for tests and small read-only user lists.

@extends AbstractArrayAdapter

Uses Phalcon\Auth\Adapter\Config\MemoryAdapterConfig · Phalcon\Auth\Internal\Options · Phalcon\Contracts\Auth\AuthUser · Phalcon\Contracts\Encryption\Security\Security

Method Summary

public __construct(Security $hasher,MemoryAdapterConfig $config) public static fromOptions(Security $hasher,array $options) public AuthUser|null retrieveById( mixed $id ) Overridden for O(1) lookup via the id index built in the constructor. protected array loadUsers()

Methods

Public · 3

__construct()

public function __construct(
    Security $hasher,
    MemoryAdapterConfig $config
);

fromOptions()

public static function fromOptions(
    Security $hasher,
    array $options
): static;

retrieveById()

public function retrieveById( mixed $id ): AuthUser|null;

Overridden for O(1) lookup via the id index built in the constructor.

Protected · 1

loadUsers()

protected function loadUsers(): array;

Auth\Adapter\Model

Class Source on GitHub

Phalcon Model-backed adapter.

@extends AbstractAdapter

Uses Phalcon\Auth\Adapter\Config\ModelAdapterConfig · Phalcon\Auth\Exception · Phalcon\Auth\Exceptions\DoesNotImplement · Phalcon\Auth\Internal\Options · Phalcon\Contracts\Auth\Adapter\RememberAdapter · Phalcon\Contracts\Auth\AuthRemember · Phalcon\Contracts\Auth\AuthUser · Phalcon\Contracts\Auth\RememberToken · Phalcon\Contracts\Encryption\Security\Security · Phalcon\Mvc\ModelInterface

Method Summary

public __construct(Security $hasher,ModelAdapterConfig $config) public RememberToken createRememberToken( AuthUser $user ) Create and persist a new remember token for the user. public static fromOptions(Security $hasher,array $options) public AuthUser|null retrieveByCredentials( array $credentials ) Find a user matching the given credentials (excluding 'password' key). public AuthUser|null retrieveById( mixed $id ) public AuthUser|null retrieveByToken(mixed $id,string $token,string $userAgent = null) Retrieve a user by the remember-me cookie payload.

Methods

Public · 6

__construct()

public function __construct(
    Security $hasher,
    ModelAdapterConfig $config
);

createRememberToken()

public function createRememberToken( AuthUser $user ): RememberToken;

Create and persist a new remember token for the user.

fromOptions()

public static function fromOptions(
    Security $hasher,
    array $options
): static;

retrieveByCredentials()

public function retrieveByCredentials( array $credentials ): AuthUser|null;

Find a user matching the given credentials (excluding 'password' key).

retrieveById()

public function retrieveById( mixed $id ): AuthUser|null;

retrieveByToken()

public function retrieveByToken(
    mixed $id,
    string $token,
    string $userAgent = null
): AuthUser|null;

Retrieve a user by the remember-me cookie payload.

Auth\Adapter\Stream

Class Source on GitHub

JSON file-backed adapter.

The file must contain a JSON array of user records: [{"id":1,"email":"a@b","password":""}, ...]

@extends AbstractArrayAdapter

Uses InvalidArgumentException · Phalcon\Auth\Adapter\Config\StreamAdapterConfig · Phalcon\Auth\Exception · Phalcon\Auth\Exceptions\FileCannotRead · Phalcon\Auth\Exceptions\FileDoesNotContainJson · Phalcon\Auth\Exceptions\FileDoesNotExist · Phalcon\Auth\Exceptions\FileNotValidJson · Phalcon\Auth\Internal\Options · Phalcon\Contracts\Encryption\Security\Security · Phalcon\Support\Helper\Json\Decode

Method Summary

public __construct(Security $hasher,StreamAdapterConfig $config) public static fromOptions(Security $hasher,array $options) protected array loadUsers() Loads and decodes the JSON users file. Re-read on every call - if you protected bool phpFileExists( string $filename ) protected phpFileGetContents( string $filename )

Methods

Public · 2

__construct()

public function __construct(
    Security $hasher,
    StreamAdapterConfig $config
);

fromOptions()

public static function fromOptions(
    Security $hasher,
    array $options
): static;
Protected · 3

loadUsers()

protected function loadUsers(): array;

Loads and decodes the JSON users file. Re-read on every call - if you need caching, wrap it.

phpFileExists()

protected function phpFileExists( string $filename ): bool;

phpFileGetContents()

protected function phpFileGetContents( string $filename );

Auth\AuthUser

Class Source on GitHub

Lightweight value object returned by array-backed adapters (Memory, Stream) when no application model class is configured.

Uses Phalcon\Auth\Exceptions\DataMustContainIdKey · Phalcon\Contracts\Auth\AuthUser

Method Summary

public __construct( array $data ) public int|string getAuthIdentifier() public string getAuthPassword() public array toArray() Returns the underlying data array.

Properties

protected array $data

Methods

Public · 4

__construct()

public function __construct( array $data );

getAuthIdentifier()

public function getAuthIdentifier(): int|string;

getAuthPassword()

public function getAuthPassword(): string;

toArray()

public function toArray(): array;

Returns the underlying data array.

Auth\Cli\AuthDispatcherListener

Class Source on GitHub

This file is part of the Phalcon Framework.

(c) Phalcon Team team@phalcon.io

For the full copyright and license information, please view the LICENSE.txt file that was distributed with this source code.

Implementation of this file has been influenced by sinbadxiii/cphalcon-auth @link https://github.com/sinbadxiii/cphalcon-auth

Uses Phalcon\Auth\AbstractAuthDispatcherListener · Phalcon\Auth\Exception · Phalcon\Cli\Dispatcher · Phalcon\Events\Event

Method Summary

public bool beforeExecuteRoute(Event $event,Dispatcher $dispatcher) protected string getActionType()

Methods

Public · 1

beforeExecuteRoute()

public function beforeExecuteRoute(
    Event $event,
    Dispatcher $dispatcher
): bool;
Protected · 1

getActionType()

protected function getActionType(): string;

Auth\Exception

Class Source on GitHub

Exceptions thrown in Phalcon\Auth will use this class

Auth\Exceptions\AccessDenied

Class Source on GitHub

Access denied exception

Uses Phalcon\Auth\Exception

Method Summary

public __construct(string $type,string $name)

Methods

Public · 1

__construct()

public function __construct(
    string $type,
    string $name
);

Auth\Exceptions\ConfigRequiresNonEmptyValue

Class Source on GitHub

Config requires non-empty value

Uses Phalcon\Auth\Exception

Method Summary

public __construct(string $configName,string $configKey,string $suffix = "")

Methods

Public · 1

__construct()

public function __construct(
    string $configName,
    string $configKey,
    string $suffix = ""
);

Auth\Exceptions\DataMustContainIdKey

Class Source on GitHub

AuthUser data must contain "id"

Uses Phalcon\Auth\Exception

Method Summary

public __construct()

Methods

Public · 1

__construct()

public function __construct();

Auth\Exceptions\DoesNotImplement

Class Source on GitHub

Does not implement interface

Uses Phalcon\Auth\Exception

Method Summary

public __construct(string $type,string $name)

Methods

Public · 1

__construct()

public function __construct(
    string $type,
    string $name
);

Auth\Exceptions\FileCannotRead

Class Source on GitHub

Cannot read file

Uses Phalcon\Auth\Exception

Method Summary

public __construct( string $path )

Methods

Public · 1

__construct()

public function __construct( string $path );

Auth\Exceptions\FileDoesNotContainJson

Class Source on GitHub

File does not contain a JSON array

Uses Phalcon\Auth\Exception

Method Summary

public __construct( string $path )

Methods

Public · 1

__construct()

public function __construct( string $path );

Auth\Exceptions\FileDoesNotExist

Class Source on GitHub

File does not exist

Uses Phalcon\Auth\Exception

Method Summary

public __construct( string $path )

Methods

Public · 1

__construct()

public function __construct( string $path );

Auth\Exceptions\FileNotValidJson

Class Source on GitHub

Not a valid JSON

Uses Phalcon\Auth\Exception · Throwable

Method Summary

public __construct(string $path,Throwable $ex)

Methods

Public · 1

__construct()

public function __construct(
    string $path,
    Throwable $ex
);

Auth\Guard\AbstractGuard

Abstract Source on GitHub

@template TConfig of GuardConfig

Uses Phalcon\Contracts\Auth\Adapter\Adapter · Phalcon\Contracts\Auth\AuthUser · Phalcon\Contracts\Auth\Guard\Guard · Phalcon\Contracts\Auth\Guard\GuardConfig · Phalcon\Events\AbstractEventsAware

Method Summary

public __construct(Adapter $adapter,GuardConfig $config) public bool check() public Adapter getAdapter() public GuardConfig getConfig() Returns the guard configuration object. public AuthUser|null getLastUserAttempted() public bool guest() public bool hasUser() public int|string|null id() public static setAdapter( Adapter $adapter ) public static setUser( AuthUser $user ) protected bool hasValidCredentials(mixed $user,array $credentials) user should be ?AuthUser

Properties

protected Adapter $adapter
protected GuardConfig $config
protected AuthUser | null $lastUserAttempted = null
protected AuthUser | null $user = null

Methods

Public · 10

__construct()

public function __construct(
    Adapter $adapter,
    GuardConfig $config
);

check()

public function check(): bool;

getAdapter()

public function getAdapter(): Adapter;

getConfig()

public function getConfig(): GuardConfig;

Returns the guard configuration object.

getLastUserAttempted()

public function getLastUserAttempted(): AuthUser|null;

guest()

public function guest(): bool;

hasUser()

public function hasUser(): bool;

id()

public function id(): int|string|null;

setAdapter()

public function setAdapter( Adapter $adapter ): static;

setUser()

public function setUser( AuthUser $user ): static;
Protected · 1

hasValidCredentials()

protected function hasValidCredentials(
    mixed $user,
    array $credentials
): bool;

user should be ?AuthUser

Auth\Guard\Config\AbstractGuardConfig

Abstract Source on GitHub

This file is part of the Phalcon Framework.

(c) Phalcon Team team@phalcon.io

For the full copyright and license information, please view the LICENSE.txt file that was distributed with this source code.

Implementation of this file has been influenced by sinbadxiii/cphalcon-auth @link https://github.com/sinbadxiii/cphalcon-auth

Uses Phalcon\Contracts\Auth\Guard\GuardConfig

Auth\Guard\Config\SessionGuardConfig

Class Source on GitHub

Configuration for the Session guard. Holds the names under which the session key and remember-me cookie are stored. Defaults to 'auth' and 'remember'; multi-guard apps can pass a $suffix ('web', 'admin', ...) to derive 'auth_web' / 'remember_web' style names, or override either full name explicitly.

Uses Phalcon\Auth\Exception · Phalcon\Auth\Exceptions\ConfigRequiresNonEmptyValue

Method Summary

public __construct(string $suffix = null,string $name = null,string $rememberName = null) public string getName() public string getRememberName()

Methods

Public · 3

__construct()

public function __construct(
    string $suffix = null,
    string $name = null,
    string $rememberName = null
);

getName()

public function getName(): string;

getRememberName()

public function getRememberName(): string;

Auth\Guard\Config\TokenGuardConfig

Class Source on GitHub

This file is part of the Phalcon Framework.

(c) Phalcon Team team@phalcon.io

For the full copyright and license information, please view the LICENSE.txt file that was distributed with this source code.

Implementation of this file has been influenced by sinbadxiii/cphalcon-auth @link https://github.com/sinbadxiii/cphalcon-auth

Uses Phalcon\Auth\Exception · Phalcon\Auth\Exceptions\ConfigRequiresNonEmptyValue

Method Summary

public __construct(string $inputKey,string $storageKey) public string getInputKey() public string getStorageKey()

Properties

protected string $inputKey
protected string $storageKey

Methods

Public · 3

__construct()

public function __construct(
    string $inputKey,
    string $storageKey
);

getInputKey()

public function getInputKey(): string;

getStorageKey()

public function getStorageKey(): string;

Auth\Guard\GuardLocator

Class Source on GitHub

Service locator for Phalcon\Auth guards. Utilizes the container to obtain the service. For Phalcon\Container\Container one can use autowiring; for Phalcon\Di\Di, register the guards in it before resolution.

@extends AbstractLocator

Uses Phalcon\Contracts\Auth\Guard\Guard · Phalcon\Support\AbstractLocator

Method Summary

protected string getExceptionClass() protected string getInterfaceClass() protected array getServices()

Methods

Protected · 3

getExceptionClass()

protected function getExceptionClass(): string;

getInterfaceClass()

protected function getInterfaceClass(): string;

getServices()

protected function getServices(): array;

Auth\Guard\Session

Class Source on GitHub

@extends AbstractGuard

Uses Phalcon\Auth\Exception · Phalcon\Auth\Exceptions\DoesNotImplement · Phalcon\Auth\Guard\Config\SessionGuardConfig · Phalcon\Auth\Internal\Options · Phalcon\Contracts\Auth\Adapter\Adapter · Phalcon\Contracts\Auth\Adapter\RememberAdapter · Phalcon\Contracts\Auth\AuthRemember · Phalcon\Contracts\Auth\AuthUser · Phalcon\Contracts\Auth\Guard\BasicAuth · Phalcon\Contracts\Auth\Guard\GuardStateful · Phalcon\Contracts\Auth\RememberToken · Phalcon\Contracts\Container\Service\Collection · Phalcon\Di\DiInterface · Phalcon\Http\RequestInterface · Phalcon\Http\Response\CookiesInterface · Phalcon\Session\ManagerInterface · Phalcon\Support\Helper\Json\Encode

Method Summary

public __construct(Adapter $adapter,RequestInterface $request,CookiesInterface $cookies,SessionManagerInterface $session,SessionGuardConfig $config = null) public bool attempt(array $credentials = [],bool $remember = false) public bool basic(string $field = "email",array $extraConditions = []) public static fromOptions(Adapter $adapter,mixed $container,array $options) public string getName() public string getRememberName() public void login(AuthUser $user,bool $remember = false) public false|AuthUser loginById(mixed $id,bool $remember = false) public void logout() public bool once( array $credentials = [] ) public false|AuthUser onceBasic(string $field = "email",array $extraConditions = []) public AuthUser|null user() public bool validate( array $credentials = [] ) public bool viaRemember() protected bool attemptBasic(string $field,array $extraConditions = []) protected array|null basicCredentials( string $field ) protected RememberToken createRememberToken( AuthUser $user ) protected UserRemember|null recaller() protected void rememberUser( AuthUser $user ) protected AuthUser|null userFromRecaller( UserRemember $recaller )

Properties

protected CookiesInterface $cookies
protected RequestInterface $request
protected SessionManagerInterface $session
protected bool $viaRemember = false

Methods

Public · 14

__construct()

public function __construct(
    Adapter $adapter,
    RequestInterface $request,
    CookiesInterface $cookies,
    SessionManagerInterface $session,
    SessionGuardConfig $config = null
);

attempt()

public function attempt(
    array $credentials = [],
    bool $remember = false
): bool;

basic()

public function basic(
    string $field = "email",
    array $extraConditions = []
): bool;

fromOptions()

public static function fromOptions(
    Adapter $adapter,
    mixed $container,
    array $options
): static;

getName()

public function getName(): string;

getRememberName()

public function getRememberName(): string;

login()

public function login(
    AuthUser $user,
    bool $remember = false
): void;

loginById()

public function loginById(
    mixed $id,
    bool $remember = false
): false|AuthUser;

logout()

public function logout(): void;

once()

public function once( array $credentials = [] ): bool;

onceBasic()

public function onceBasic(
    string $field = "email",
    array $extraConditions = []
): false|AuthUser;

user()

public function user(): AuthUser|null;

validate()

public function validate( array $credentials = [] ): bool;

viaRemember()

public function viaRemember(): bool;
Protected · 6

attemptBasic()

protected function attemptBasic(
    string $field,
    array $extraConditions = []
): bool;

basicCredentials()

protected function basicCredentials( string $field ): array|null;

createRememberToken()

protected function createRememberToken( AuthUser $user ): RememberToken;

recaller()

protected function recaller(): UserRemember|null;

rememberUser()

protected function rememberUser( AuthUser $user ): void;

userFromRecaller()

protected function userFromRecaller( UserRemember $recaller ): AuthUser|null;

Auth\Guard\Token

Class Source on GitHub

@extends AbstractGuard

Uses Phalcon\Auth\Guard\Config\TokenGuardConfig · Phalcon\Auth\Internal\Options · Phalcon\Contracts\Auth\Adapter\Adapter · Phalcon\Contracts\Auth\AuthUser · Phalcon\Contracts\Container\Service\Collection · Phalcon\Di\DiInterface · Phalcon\Http\RequestInterface

Method Summary

public __construct(Adapter $adapter,RequestInterface $request,TokenGuardConfig $config) public static fromOptions(Adapter $adapter,mixed $container,array $options) public string|null getTokenForRequest() public static setRequest( RequestInterface $request ) public AuthUser|null user() public bool validate( array $credentials = [] )

Properties

protected RequestInterface $request

Methods

Public · 6

__construct()

public function __construct(
    Adapter $adapter,
    RequestInterface $request,
    TokenGuardConfig $config
);

fromOptions()

public static function fromOptions(
    Adapter $adapter,
    mixed $container,
    array $options
): static;

getTokenForRequest()

public function getTokenForRequest(): string|null;

setRequest()

public function setRequest( RequestInterface $request ): static;

user()

public function user(): AuthUser|null;

validate()

public function validate( array $credentials = [] ): bool;

Auth\Guard\UserRemember

Final Source on GitHub

Value object representing the contents of a remember-me cookie.

  • Phalcon\Auth\Guard\UserRemember

Uses InvalidArgumentException · Phalcon\Support\Helper\Json\Decode

Method Summary

public __construct( mixed $payload ) Accepts either the raw JSON cookie value (string) or the already public int|string|null getId() public string getToken() public string getUserAgent()

Properties

protected int|string|null $id
protected string $token
protected string $userAgent

Methods

Public · 4

__construct()

public function __construct( mixed $payload );

Accepts either the raw JSON cookie value (string) or the already decoded associative array. Malformed input degrades to an empty payload so callers can read getters without null-guarding.

getId()

public function getId(): int|string|null;

getToken()

public function getToken(): string;

getUserAgent()

public function getUserAgent(): string;

Auth\Internal\Options

Final Source on GitHub

Internal option-parsing helpers shared by adapter / guard fromOptions() implementations. Not part of the public API.

  • Phalcon\Auth\Internal\Options

Uses Phalcon\Auth\Exception · Phalcon\Contracts\Container\Service\Collection · Phalcon\Di\DiInterface

Method Summary

public array arrayOption(array $options,string $key,array $defaultValue) public string requireString(array $options,string $key,string $context) public object resolveService(mixed $container,string $serviceId,string $context) @template T of object public string|null stringOrNull(array $options,string $key)

Methods

Public · 4

arrayOption()

public static function arrayOption(
    array $options,
    string $key,
    array $defaultValue
): array;

requireString()

public static function requireString(
    array $options,
    string $key,
    string $context
): string;

resolveService()

public static function resolveService(
    mixed $container,
    string $serviceId,
    string $context
): object;

@template T of object

stringOrNull()

public static function stringOrNull(
    array $options,
    string $key
): string|null;

Auth\Manager

Class Source on GitHub

Composes guards (authentication) and access gates (authorization) behind a single facade. Guard-specific behavior is reached through Manager::guard(); callers narrow with instanceof against the relevant capability interface (GuardStateful, BasicAuth, etc.).

Uses Phalcon\Auth\Access\AccessLocator · Phalcon\Contracts\Auth\Access\Access · Phalcon\Contracts\Auth\Adapter\Adapter · Phalcon\Contracts\Auth\AuthUser · Phalcon\Contracts\Auth\Guard\Guard · Phalcon\Contracts\Auth\Guard\GuardStateful · Phalcon\Contracts\Auth\Manager

Method Summary

public __construct( AccessLocator $accessFactory ) public self access( string $accessName ) public self addAccessList( array $accessList ) public self addGuard(string $nameGuard,Guard $guard,bool $isDefault = false) public bool attempt(array $credentials = [],bool $remember = false) public bool check() public self except( string $actions ) public Access|null getAccess() public array getAccessList() public Guard|null getDefaultGuard() public array getGuards() public Guard guard( string $name = null ) public int|string|null id() public void logout() public self only( string $actions ) public self setAccess( Access $access ) public self setDefaultGuard( Guard $guard ) public AuthUser|null user() public bool validate( array $credentials = [] )

Properties

protected AccessLocator $accessFactory
protected Access | null $activeAccess = null
protected Guard | null $defaultGuard = null
protected array<string, Guard> $guards = []

Methods

Public · 19

__construct()

public function __construct( AccessLocator $accessFactory );

access()

public function access( string $accessName ): self;

addAccessList()

public function addAccessList( array $accessList ): self;

addGuard()

public function addGuard(
    string $nameGuard,
    Guard $guard,
    bool $isDefault = false
): self;

attempt()

public function attempt(
    array $credentials = [],
    bool $remember = false
): bool;

check()

public function check(): bool;

except()

public function except( string $actions ): self;

getAccess()

public function getAccess(): Access|null;

getAccessList()

public function getAccessList(): array;

getDefaultGuard()

public function getDefaultGuard(): Guard|null;

getGuards()

public function getGuards(): array;

guard()

public function guard( string $name = null ): Guard;

id()

public function id(): int|string|null;

logout()

public function logout(): void;

only()

public function only( string $actions ): self;

setAccess()

public function setAccess( Access $access ): self;

setDefaultGuard()

public function setDefaultGuard( Guard $guard ): self;

user()

public function user(): AuthUser|null;

validate()

public function validate( array $credentials = [] ): bool;

Auth\ManagerFactory

Class Source on GitHub

Single entry-point factory that builds a fully wired Phalcon\Auth\Manager from a config tree. Framework-shared services (RequestInterface, CookiesInterface, SessionManagerInterface) are resolved from the injected container so the manager wires against the real application singletons, not separately constructed copies.

[ 'guards' => [ 'web' => [ 'type' => 'session', 'default' => true, 'adapter' => [ 'name' => 'model', 'options' => [ 'model' => User::class ], ], 'options' => [], ], 'api' => [ 'type' => 'token', 'adapter' => [ 'name' => 'model', 'options' => [ 'model' => User::class ] ], 'options' => [ 'inputKey' => 'api_token', 'storageKey' => 'api_token' ], ], ], 'access' => [ 'auth' => \Phalcon\Auth\Access\Auth::class, 'guest' => \Phalcon\Auth\Access\Guest::class, ], ]

  • Phalcon\Auth\ManagerFactory

Uses Phalcon\Auth\Access\AccessLocator · Phalcon\Auth\Adapter\AdapterLocator · Phalcon\Auth\Guard\GuardLocator · Phalcon\Config\ConfigInterface · Phalcon\Contracts\Auth\Access\Access · Phalcon\Contracts\Auth\Adapter\Adapter · Phalcon\Contracts\Auth\Guard\Guard · Phalcon\Contracts\Container\Service\Collection · Phalcon\Di\DiInterface · Phalcon\Encryption\Security

Method Summary

public __construct(Security $hasher,mixed $container,AdapterLocator $adapterLocator = null,GuardLocator $guardLocator = null,AccessLocator $accessLocator = null) public Manager load( mixed $config ) protected Adapter buildAdapter(AdapterLocator $locator,array $cfg) protected Guard buildGuard(GuardLocator $locator,string $type,Adapter $adapter,array $options)

Properties

protected AccessLocator $accessLocator
protected AdapterLocator $adapterLocator
protected Collection $container
protected GuardLocator $guardLocator
protected Security $hasher

Methods

Public · 2

__construct()

public function __construct(
    Security $hasher,
    mixed $container,
    AdapterLocator $adapterLocator = null,
    GuardLocator $guardLocator = null,
    AccessLocator $accessLocator = null
);

load()

public function load( mixed $config ): Manager;
Protected · 2

buildAdapter()

protected function buildAdapter(
    AdapterLocator $locator,
    array $cfg
): Adapter;

buildGuard()

protected function buildGuard(
    GuardLocator $locator,
    string $type,
    Adapter $adapter,
    array $options
): Guard;

Auth\Mvc\AuthDispatcherListener

Class Source on GitHub

Listener that enforces the active Phalcon\Auth access gate on each MVC dispatch. Attach to the events manager:

$eventsManager->attach('dispatch', new AuthDispatcherListener($manager));

No-op when no active access has been set on the manager.

Uses Phalcon\Auth\AbstractAuthDispatcherListener · Phalcon\Auth\Exception · Phalcon\Events\Event · Phalcon\Mvc\Dispatcher

Method Summary

public bool beforeExecuteRoute(Event $event,Dispatcher $dispatcher) protected string getActionType()

Methods

Public · 1

beforeExecuteRoute()

public function beforeExecuteRoute(
    Event $event,
    Dispatcher $dispatcher
): bool;
Protected · 1

getActionType()

protected function getActionType(): string;