Remove use of request info to identify user in AuthComponent::login().

In your controller you now have to directly call identify() to verify user credentials
passed in request against db record. login() now just takes a user array as param
and writes the data to sesssion.

Author: ADmad

src/Controller/Component/AuthComponent.php

@@ -584,26 +584,19 @@ public function mapActions(array $map = array()) {
 /**
  * Log a user in.
  *
- * If a $user is provided that data will be stored as the logged in user. If `$user` is empty or not
- * specified, the request will be used to identify a user. If the identification was successful,
- * the user record is written to the session key specified in AuthComponent::$sessionKey. Logging in
- * will also change the session id in order to help mitigate session replays.
+ * The provided user data will be stored as the logged in user. The user record
+ * is written to the session key specified in AuthComponent::$sessionKey. Logging
+ * in will also change the session id in order to help mitigate session replays.
  *
- * @param array $user Either an array of user data, or null to identify a user using the current request.
- * @return bool True on login success, false on failure
+ * @param array $user Array of user data.
+ * @return void
  * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#identifying-users-and-logging-them-in
  */
-	public function login($user = null) {
+	public function login(array $user) {
 		$this->_setDefaults();
 
-		if (empty($user)) {
-			$user = $this->identify($this->request, $this->response);
-		}
-		if ($user) {
-			$this->session->renew();
-			$this->session->write($this->sessionKey, $user);
-		}
-		return (bool)$this->user();
+		$this->session->renew();
+		$this->session->write($this->sessionKey, $user);
 	}
 
 /**
@@ -729,16 +722,16 @@ public function redirectUrl($url = null) {
  * Use the configured authentication adapters, and attempt to identify the user
  * by credentials contained in $request.
  *
- * @param \Cake\Network\Request $request The request that contains authentication data.
- * @param \Cake\Network\Response $response The response
  * @return array User record data, or false, if the user could not be identified.
  */
-	public function identify(Request $request, Response $response) {
+	public function identify() {
+		$this->_setDefaults();
+
 		if (empty($this->_authenticateObjects)) {
 			$this->constructAuthenticate();
 		}
 		foreach ($this->_authenticateObjects as $auth) {
-			$result = $auth->authenticate($request, $response);
+			$result = $auth->authenticate($this->request, $this->response);
 			if (!empty($result) && is_array($result)) {
 				$this->_authenticationProvider = $auth;
 				return $result;

tests/TestCase/Controller/Component/AuthComponentTest.php

@@ -129,11 +129,11 @@ public function testIsErrorOrTests() {
 	}
 
 /**
- * testLogin method
+ * testIdentify method
  *
  * @return void
  */
-	public function testLogin() {
+	public function testIdentify() {
 		$AuthLoginFormAuthenticate = $this->getMock(
 			'Cake\Controller\Component\Auth\FormAuthenticate',
 			array('authenticate'), array(), '', false
@@ -143,10 +143,6 @@ public function testLogin() {
 				'userModel' => 'AuthUsers'
 			)
 		);
-		$this->Auth->session = $this->getMock(
-			'Cake\Network\Session',
-			array('renew')
-		);
 
 		$this->Auth->setAuthenticateObject(0, $AuthLoginFormAuthenticate);
 
@@ -167,14 +163,8 @@ public function testLogin() {
 			->with($this->Auth->request)
 			->will($this->returnValue($user));
 
-		$this->Auth->session->expects($this->once())
-			->method('renew');
-
-		$result = $this->Auth->login();
-		$this->assertTrue($result);
-
-		$this->assertTrue((bool)$this->Auth->user());
-		$this->assertEquals($user, $this->Auth->user());
+		$result = $this->Auth->identify();
+		$this->assertEquals($user, $result);
 		$this->assertSame($AuthLoginFormAuthenticate, $this->Auth->authenticationProvider());
 	}
 
@@ -228,6 +218,8 @@ public function testAuthorizeFalse() {
 	}
 
 /**
+ * testIsAuthorizedMissingFile function
+ *
  * @expectedException \Cake\Error\Exception
  * @return void
  */
@@ -317,6 +309,8 @@ public function testLoadAuthorizeResets() {
 	}
 
 /**
+ * testLoadAuthenticateNoFile function
+ *
  * @expectedException \Cake\Error\Exception
  * @return void
  */
@@ -516,6 +510,11 @@ public function testAllowedActionsWithCamelCaseMethods() {
 		$this->assertNull($result, 'startup() should return null, as action is allowed. %s');
 	}
 
+/**
+ * testAllowedActionsSetWithAllowMethod method
+ *
+ * @return void
+ */
 	public function testAllowedActionsSetWithAllowMethod() {
 		$url = '/auth_test/action_name';
 		$this->Controller->request->addParams(Router::parse($url));
@@ -822,6 +821,7 @@ public function testRedirectToUnauthorizedRedirectSuppressedAuthError() {
 
 /**
  * Throw ForbiddenException if config `unauthorizedRedirect` is set to false
+ *
  * @expectedException \Cake\Error\ForbiddenException
  * @return void
  */
@@ -1093,36 +1093,34 @@ public function testMapActionsDelegation() {
 	}
 
 /**
- * test logging in with a request.
+ * test logging in.
  *
  * @return void
  */
-	public function testLoginWithRequestData() {
-		$RequestLoginMockAuthenticate = $this->getMock(
-			'Cake\Controller\Component\Auth\FormAuthenticate',
-			array('authenticate'), array(), '', false
+	public function testLogin() {
+		$this->Auth->session = $this->getMock(
+			'Cake\Network\Session',
+			array('renew', 'write')
 		);
-		$request = new Request('users/login');
+
 		$user = array('username' => 'mark', 'role' => 'admin');
 
-		$this->Auth->request = $request;
-		$this->Auth->authenticate = array('RequestLoginMock');
-		$this->Auth->setAuthenticateObject(0, $RequestLoginMockAuthenticate);
-		$RequestLoginMockAuthenticate->expects($this->once())
-			->method('authenticate')
-			->with($request)
-			->will($this->returnValue($user));
+		$this->Auth->session->expects($this->once())
+			->method('renew');
 
-		$this->assertTrue($this->Auth->login());
-		$this->assertEquals($user['username'], $this->Auth->user('username'));
+		$this->Auth->session->expects($this->once())
+			->method('write')
+			->with($this->Auth->sessionKey, $user);
+
+		$this->Auth->login($user);
 	}
 
 /**
- * test login() with user data
+ * testGettingUserAfterLogin
  *
  * @return void
  */
-	public function testLoginWithUserData() {
+	public function testGettingUserAfterLogin() {
 		$this->assertFalse((bool)$this->Auth->user());
 
 		$user = array(
@@ -1131,7 +1129,7 @@ public function testLoginWithUserData() {
 			'created' => new \DateTime('2007-03-17 01:16:23'),
 			'updated' => new \DateTime('2007-03-17 01:18:31')
 		);
-		$this->assertTrue($this->Auth->login($user));
+		$this->Auth->login($user);
 		$this->assertTrue((bool)$this->Auth->user());
 		$this->assertEquals($user['username'], $this->Auth->user('username'));
 	}