update Controller NS to be settings -> config()

Ref #2298

src/Controller/Component.php

@@ -17,6 +17,7 @@ namespace Cake\Controller;
 use Cake\Core\Object;
 use Cake\Event\Event;
 use Cake\Event\EventListener;
+use Cake\Utility\Hash;
 
 /**
  * Base class for an individual Component. Components provide reusable bits of
@@ -71,18 +72,27 @@ class Component extends Object implements EventListener {
 	protected $_registry;
 
 /**
- * Settings for this Component
+ * Other Components this component uses.
  *
  * @var array
  */
-	public $settings = array();
+	public $components = array();
 
 /**
- * Other Components this component uses.
+ * Runtime config for this Component
  *
  * @var array
  */
-	public $components = array();
+	protected $_config = [];
+
+/**
+ * Default config
+ *
+ * These are merged with user-provided config when the component is used.
+ *
+ * @var array
+ */
+	protected $_defaultConfig = [];
 
 /**
  * A component lookup table used to lazy load component objects.
@@ -95,12 +105,15 @@ class Component extends Object implements EventListener {
  * Constructor
  *
  * @param ComponentRegistry $registry A ComponentRegistry this component can use to lazy load its components
- * @param array $settings Array of configuration settings.
+ * @param array $config Array of configuration settings.
  */
-	public function __construct(ComponentRegistry $registry, $settings = []) {
+	public function __construct(ComponentRegistry $registry, $config = []) {
 		$this->_registry = $registry;
-		$this->settings = array_merge($this->settings, $settings);
-		$this->_set($settings);
+
+		$this->_config = array_merge($this->_defaultConfig, $config);
+
+		$this->_set($this->_config); //@TODO get rid of public properties and remove this
+
 		if (!empty($this->components)) {
 			$this->_componentMap = $registry->normalizeArray($this->components);
 		}
@@ -114,8 +127,8 @@ class Component extends Object implements EventListener {
  */
 	public function __get($name) {
 		if (isset($this->_componentMap[$name]) && !isset($this->{$name})) {
-			$settings = array_merge((array)$this->_componentMap[$name]['settings'], array('enabled' => false));
-			$this->{$name} = $this->_registry->load($this->_componentMap[$name]['class'], $settings);
+			$config = array_merge((array)$this->_componentMap[$name]['settings'], array('enabled' => false));
+			$this->{$name} = $this->_registry->load($this->_componentMap[$name]['class'], $config);
 		}
 		if (isset($this->{$name})) {
 			return $this->{$name};
@@ -123,10 +136,58 @@ class Component extends Object implements EventListener {
 	}
 
 /**
+ * Component config getter and setter
+ *
+ * Usage:
+ * {{{
+ * $instance->config(); will return full config
+ * $instance->config('foo'); will return configured foo
+ * $instance->config('notset'); will return null
+ * $instance->config('foo', $x); will set ['foo' $x] to the existing config
+ * $instance->config('foo.bar', $x); will set/add ['foo' => ['bar' => $x]] to the existing config
+ * }}}
+ *
+ * @param string|null $key to return
+ * @param mixed $val value to set
+ * @return mixed array or config value
+ */
+	public function config($key = null, $val = null) {
+		if ($key === null) {
+			return $this->_config;
+		}
+
+		if ($val !== null) {
+			return $this->_configSet([$key => $val]);
+		} elseif (is_array($key)) {
+			return $this->_configSet($key);
+		}
+
+		return array_key_exists($key, $this->_config) ? $this->_config[$key] : null;
+	}
+
+/**
+ * Update config with passed argument
+ *
+ * Overriden in subclasses if the component config shouldn't be modified at runtime
+ *
+ * @param array $config
+ * @return void
+ */
+	protected function _configSet($config) {
+		foreach ($config as $key => $val) {
+			if (strpos($key, '.')) {
+				$this->_config = Hash::insert($this->_config, $key, $val);
+			} else {
+				$this->_config[$key] = $val;
+			}
+		}
+	}
+
+/**
  * Get the Controller callbacks this Component is interested in.
  *
  * Uses Conventions to map controller events to standard component
- * callback method names. By defining one of the callback methods a 
+ * callback method names. By defining one of the callback methods a
  * component is assumed to be interested in the related event.
  *
  * Override this method if you need to add non-conventional event listeners.

src/Controller/Component/Acl/PhpAcl.php

@@ -86,8 +86,9 @@ class PhpAcl extends Object implements AclInterface {
  * @return void
  */
 	public function initialize(Component $Component) {
-		if (!empty($Component->settings['adapter'])) {
-			$this->options = array_merge($this->options, $Component->settings['adapter']);
+		$adapter = $Component->config('adapter');
+		if ($adapter) {
+			$this->options = array_merge($this->options, $adapter);
 		}
 
 		$engine = new PhpConfig(dirname($this->options['config']) . DS);

src/Controller/Component/AclComponent.php

@@ -61,11 +61,11 @@ class AclComponent extends Component {
  * Constructor. Will return an instance of the correct ACL class as defined in `Configure::read('Acl.classname')`
  *
  * @param ComponentRegistry $collection
- * @param array $settings
+ * @param array $config
  * @throws \Cake\Error\Exception when Acl.classname could not be loaded.
  */
-	public function __construct(ComponentRegistry $collection, $settings = array()) {
-		parent::__construct($collection, $settings);
+	public function __construct(ComponentRegistry $collection, $config = array()) {
+		parent::__construct($collection, $config);
 		$classname = $name = Configure::read('Acl.classname');
 		if (!class_exists($classname)) {
 			$classname = App::classname($name, 'Controller/Component/Acl');

src/Controller/Component/Auth/AbstractPasswordHasher.php

@@ -23,33 +23,49 @@ namespace Cake\Controller\Component\Auth;
 abstract class AbstractPasswordHasher {
 
 /**
- * Configurations for this object. Settings passed from authenticator class to
- * the constructor are merged with this property.
+ * Runtime config for this object
  *
  * @var array
  */
 	protected $_config = array();
 
 /**
+ * Default config
+ *
+ * These are merged with user-provided config when the object is used.
+ *
+ * @var array
+ */
+	protected $_defaultConfig = [];
+
+/**
  * Constructor
  *
  * @param array $config Array of config.
  */
 	public function __construct($config = array()) {
-		$this->config($config);
+		$this->_config = array_merge($this->_defaultConfig, $config);
 	}
 
 /**
- * Get/Set the config
+ * config getter and setter
  *
- * @param array $config Sets config, if null returns existing config
- * @return array Returns configs
+ * Usage:
+ * {{{
+ * $instance->config(); will return full config
+ * $instance->config('foo'); will return configured foo
+ * $instance->config('notset'); will return null
+ * }}}
+ *
+ * @param string|null $key to return
+ * @return mixed array or config value
  */
-	public function config($config = null) {
-		if (is_array($config)) {
-			$this->_config = array_merge($this->_config, $config);
+	public function config($key = null) {
+		if ($key === null) {
+			return $this->_config;
 		}
-		return $this->_config;
+
+		return array_key_exists($key, $this->_config) ? $this->_config[$key] : null;
 	}
 
 /**

src/Controller/Component/Auth/ActionsAuthorize.php

@@ -36,7 +36,7 @@ class ActionsAuthorize extends BaseAuthorize {
  */
 	public function authorize($user, Request $request) {
 		$Acl = $this->_registry->load('Acl');
-		$user = array($this->settings['userModel'] => $user);
+		$user = [$this->config('userModel') => $user];
 		return $Acl->check($user, $this->action($request));
 	}
 

src/Controller/Component/Auth/BaseAuthenticate.php

@@ -30,7 +30,14 @@ use Cake\Utility\Security;
 abstract class BaseAuthenticate {
 
 /**
- * Settings for this object.
+ * Runtime config for this object
+ *
+ * @var array
+ */
+	protected $_config = [];
+
+/**
+ * Default config for this object.
  *
  * - `fields` The fields to use to identify a user by.
  * - `userModel` The alias for users table, defaults to Users.
@@ -39,11 +46,11 @@ abstract class BaseAuthenticate {
  * - `contain` Extra models to contain and store in session.
  * - `passwordHasher` Password hasher class. Can be a string specifying class name
  *    or an array containing `className` key, any other keys will be passed as
- *    settings to the class. Defaults to 'Blowfish'.
+ *    config to the class. Defaults to 'Blowfish'.
  *
  * @var array
  */
-	public $settings = [
+	protected $_defaultConfig = [
 		'fields' => [
 			'username' => 'username',
 			'password' => 'password'
@@ -72,11 +79,11 @@ abstract class BaseAuthenticate {
  * Constructor
  *
  * @param ComponentRegistry $registry The Component registry used on this request.
- * @param array $settings Array of settings to use.
+ * @param array $config Array of config to use.
  */
-	public function __construct(ComponentRegistry $registry, $settings) {
+	public function __construct(ComponentRegistry $registry, $config) {
 		$this->_registry = $registry;
-		$this->settings = Hash::merge($this->settings, $settings);
+		$this->_config = Hash::merge($this->_defaultConfig, $config);
 	}
 
 /**
@@ -91,20 +98,24 @@ abstract class BaseAuthenticate {
  * @return boolean|array Either false on failure, or an array of user data.
  */
 	protected function _findUser($username, $password = null) {
-		$userModel = $this->settings['userModel'];
+		$userModel = $this->config('userModel');
 		list(, $model) = pluginSplit($userModel);
-		$fields = $this->settings['fields'];
+		$fields = $this->config('fields');
 
 		$conditions = [$model . '.' . $fields['username'] => $username];
 
-		if (!empty($this->settings['scope'])) {
-			$conditions = array_merge($conditions, $this->settings['scope']);
+		$scope = $this->config('scope');
+		if ($scope) {
+			$conditions = array_merge($conditions, $scope);
 		}
 
 		$table = TableRegistry::get($userModel)->find('all');
-		if ($this->settings['contain']) {
-			$table = $table->contain($this->settings['contain']);
+
+		$contain = $this->config('contain');
+		if ($contain) {
+			$table = $table->contain($contain);
 		}
+
 		$result = $table
 			->where($conditions)
 			->hydrate(false)
@@ -125,6 +136,50 @@ abstract class BaseAuthenticate {
 	}
 
 /**
+ * config getter and setter
+ *
+ * Usage:
+ * {{{
+ * $instance->config(); will return full config
+ * $instance->config('foo'); will return configured foo
+ * $instance->config('notset'); will return null
+ * }}}
+ *
+ * @param string|null $key to return
+ * @param mixed $val value to set
+ * @return mixed array or config value
+ */
+	public function config($key = null, $val = null) {
+		if ($key === null) {
+			return $this->_config;
+		}
+
+		if ($val !== null) {
+			return $this->_configSet([$key => $val]);
+		} elseif (is_array($key)) {
+			return $this->_configSet($key);
+		}
+
+		return Hash::get($this->_config, $key);
+	}
+
+/**
+ * Update config with passed argument
+ *
+ * @param array $config
+ * @return void
+ */
+	protected function _configSet($config) {
+		foreach ($config as $key => $val) {
+			if (strpos($key, '.')) {
+				$this->_config = Hash::insert($this->_config, $key, $val);
+			} else {
+				$this->_config[$key] = $val;
+			}
+		}
+	}
+
+/**
  * Return password hasher object
  *
  * @return AbstractPasswordHasher Password hasher instance
@@ -136,12 +191,14 @@ abstract class BaseAuthenticate {
 			return $this->_passwordHasher;
 		}
 
+		$passwordHasher = $this->config('passwordHasher');
+
 		$config = array();
-		if (is_string($this->settings['passwordHasher'])) {
-			$class = $this->settings['passwordHasher'];
+		if (is_string($passwordHasher)) {
+			$class = $passwordHasher;
 		} else {
-			$class = $this->settings['passwordHasher']['className'];
-			$config = $this->settings['passwordHasher'];
+			$class = $passwordHasher['className'];
+			$config = $passwordHasher;
 			unset($config['className']);
 		}
 

src/Controller/Component/Auth/BaseAuthorize.php

@@ -46,7 +46,14 @@ abstract class BaseAuthorize {
 	protected $_registry;
 
 /**
- * Settings for authorize objects.
+ * Runtime config for this object
+ *
+ * @var array
+ */
+	protected $_config = [];
+
+/**
+ * Default config for authorize objects.
  *
  * - `actionPath` - The path to ACO nodes that contains the nodes for controllers. Used as a prefix
  *    when calling $this->action();
@@ -55,30 +62,30 @@ abstract class BaseAuthorize {
  *
  * @var array
  */
-	public $settings = array(
+	protected $_defaultConfig = [
 		'actionPath' => null,
-		'actionMap' => array(
+		'actionMap' => [
 			'index' => 'read',
 			'add' => 'create',
 			'edit' => 'update',
 			'view' => 'read',
 			'delete' => 'delete',
 			'remove' => 'delete'
-		),
+		],
 		'userModel' => 'Users'
-	);
+	];
 
 /**
  * Constructor
  *
  * @param ComponentRegistry $registry The controller for this request.
- * @param array $settings An array of settings. This class does not use any settings.
+ * @param array $config An array of config. This class does not use any config.
  */
-	public function __construct(ComponentRegistry $registry, $settings = array()) {
+	public function __construct(ComponentRegistry $registry, $config = array()) {
 		$this->_registry = $registry;
 		$controller = $registry->getController();
 		$this->controller($controller);
-		$this->settings = Hash::merge($this->settings, $settings);
+		$this->_config = Hash::merge($this->_defaultConfig, $config);
 	}
 
 /**
@@ -91,6 +98,50 @@ abstract class BaseAuthorize {
 	abstract public function authorize($user, Request $request);
 
 /**
+ * config getter and setter
+ *
+ * Usage:
+ * {{{
+ * $instance->config(); will return full config
+ * $instance->config('foo'); will return configured foo
+ * $instance->config('notset'); will return null
+ * }}}
+ *
+ * @param string|null $key to return
+ * @param mixed $val value to set
+ * @return mixed array or config value
+ */
+	public function config($key = null, $val = null) {
+		if ($key === null) {
+			return $this->_config;
+		}
+
+		if ($val !== null) {
+			return $this->_configSet([$key => $val]);
+		} elseif (is_array($key)) {
+			return $this->_configSet($key);
+		}
+
+		return Hash::get($this->_config, $key);
+	}
+
+/**
+ * Update config with passed argument
+ *
+ * @param array $config
+ * @return void
+ */
+	protected function _configSet($config) {
+		foreach ($config as $key => $val) {
+			if (strpos($key, '.')) {
+				$this->_config = Hash::insert($this->_config, $key, $val);
+			} else {
+				$this->_config[$key] = $val;
+			}
+		}
+	}
+
+/**
  * Accessor to the controller object.
  *
  * @param Controller $controller null to get, a controller to set.
@@ -121,7 +172,7 @@ abstract class BaseAuthorize {
 		$path = str_replace(
 			array(':controller', ':action', ':plugin/'),
 			array(Inflector::camelize($request['controller']), $request['action'], $plugin),
-			$this->settings['actionPath'] . $path
+			$this->config('actionPath') . $path
 		);
 		$path = str_replace('//', '/', $path);
 		return trim($path, '/');
@@ -153,16 +204,17 @@ abstract class BaseAuthorize {
  */
 	public function mapActions($map = array()) {
 		if (empty($map)) {
-			return $this->settings['actionMap'];
+			return $this->config('actionMap');
 		}
+
 		$crud = array('create', 'read', 'update', 'delete');
 		foreach ($map as $action => $type) {
 			if (in_array($action, $crud) && is_array($type)) {
 				foreach ($type as $typedAction) {
-					$this->settings['actionMap'][$typedAction] = $action;
+					$this->_config['actionMap'][$typedAction] = $action;
 				}
 			} else {
-				$this->settings['actionMap'][$action] = $type;
+				$this->_config['actionMap'][$action] = $type;
 			}
 		}
 	}

src/Controller/Component/Auth/BasicAuthenticate.php

@@ -31,7 +31,7 @@ use Cake\Network\Response;
  *
  * ### Using Basic auth
  *
- * In your controller's components array, add auth + the required settings.
+ * In your controller's components array, add auth + the required config
  * {{{
  *	public $components = array(
  *		'Auth' => array(
@@ -94,7 +94,7 @@ class BasicAuthenticate extends BaseAuthenticate {
  * @return string Headers for logging in.
  */
 	public function loginHeaders(Request $request) {
-		$realm = !empty($this->settings['realm']) ? $this->settings['realm'] : $request->env('SERVER_NAME');
+		$realm = $this->config('realm') ?: $request->env('SERVER_NAME');
 		return sprintf('WWW-Authenticate: Basic realm="%s"', $realm);
 	}
 

src/Controller/Component/Auth/CrudAuthorize.php

@@ -39,10 +39,10 @@ class CrudAuthorize extends BaseAuthorize {
  * Sets up additional actionMap values that match the configured `Routing.prefixes`.
  *
  * @param ComponentRegistry $registry The component registry from the controller.
- * @param array $settings An array of settings. This class does not use any settings.
+ * @param array $configs An array of configs. This class does not use any configs.
  */
-	public function __construct(ComponentRegistry $registry, $settings = array()) {
-		parent::__construct($registry, $settings);
+	public function __construct(ComponentRegistry $registry, $configs = array()) {
+		parent::__construct($registry, $configs);
 		$this->_setPrefixMappings();
 	}
 
@@ -82,7 +82,7 @@ class CrudAuthorize extends BaseAuthorize {
  * @return boolean
  */
 	public function authorize($user, Request $request) {
-		if (!isset($this->settings['actionMap'][$request->params['action']])) {
+		if (!isset($this->_config['actionMap'][$request->params['action']])) {
 			trigger_error(sprintf(
 				'CrudAuthorize::authorize() - Attempted access of un-mapped action "%1$s" in controller "%2$s"',
 				$request->action,
@@ -92,12 +92,12 @@ class CrudAuthorize extends BaseAuthorize {
 			);
 			return false;
 		}
-		$user = array($this->settings['userModel'] => $user);
+		$user = array($this->_config['userModel'] => $user);
 		$Acl = $this->_registry->load('Acl');
 		return $Acl->check(
 			$user,
 			$this->action($request, ':controller'),
-			$this->settings['actionMap'][$request->params['action']]
+			$this->_config['actionMap'][$request->params['action']]
 		);
 	}
 

src/Controller/Component/Auth/DigestAuthenticate.php

@@ -34,7 +34,7 @@ use Cake\Network\Response;
  *
  * ### Using Digest auth
  *
- * In your controller's components array, add auth + the required settings.
+ * In your controller's components array, add auth + the required config
  * {{{
  *	public $components = array(
  *		'Auth' => array(
@@ -60,7 +60,7 @@ use Cake\Network\Response;
 class DigestAuthenticate extends BasicAuthenticate {
 
 /**
- * Settings for this object.
+ * Default config for this object.
  *
  * - `fields` The fields to use to identify a user by.
  * - `userModel` The model name of the User, defaults to Users.
@@ -72,17 +72,17 @@ class DigestAuthenticate extends BasicAuthenticate {
  * - `nonce` A nonce used for authentication. Defaults to `uniqid()`.
  * - `qop` Defaults to auth, no other values are supported at this time.
  * - `opaque` A string that must be returned unchanged by clients.
- *    Defaults to `md5($settings['realm'])`
+ *    Defaults to `md5($config['realm'])`
  *
  * @var array
  */
-	public $settings = array(
-		'fields' => array(
+	protected $_defaultConfig = [
+		'fields' => [
 			'username' => 'username',
 			'password' => 'password'
-		),
+		],
 		'userModel' => 'Users',
-		'scope' => array(),
+		'scope' => [],
 		'recursive' => 0,
 		'contain' => null,
 		'realm' => null,
@@ -90,7 +90,7 @@ class DigestAuthenticate extends BasicAuthenticate {
 		'nonce' => null,
 		'opaque' => null,
 		'passwordHasher' => 'Blowfish',
-	);
+	];
 
 /**
  * Get a user based on information in the request. Used by cookie-less auth for stateless clients.
@@ -104,13 +104,16 @@ class DigestAuthenticate extends BasicAuthenticate {
 			return false;
 		}
 
-		list(, $model) = pluginSplit($this->settings['userModel']);
+		list(, $model) = pluginSplit($this->config('userModel'));
 		$user = $this->_findUser($digest['username']);
 		if (empty($user)) {
 			return false;
 		}
-		$password = $user[$this->settings['fields']['password']];
-		unset($user[$this->settings['fields']['password']]);
+
+		$field = $this->_config['fields']['password'];
+		$password = $user[$field];
+		unset($user[$field]);
+
 		$hash = $this->generateResponseHash($digest, $password, $request->env('REQUEST_METHOD'));
 		if ($digest['response'] === $hash) {
 			return $user;
@@ -199,11 +202,12 @@ class DigestAuthenticate extends BasicAuthenticate {
  */
 	public function loginHeaders(Request $request) {
 		$options = array(
-			'realm' => $this->settings['realm'] ?: $request->env('SERVER_NAME'),
-			'qop' => $this->settings['qop'],
-			'nonce' => $this->settings['nonce'] ?: uniqid(''),
+			'realm' => $this->config('realm') ?: $request->env('SERVER_NAME'),
+			'qop' => $this->config('qop'),
+			'nonce' => $this->config('nonce') ?: uniqid(''),
+			'opaque' => $this->config('opaque') ?: md5($options['realm'])
 		);
-		$options['opaque'] = $this->settings['opaque'] ?: md5($options['realm']);
+
 		$opts = array();
 		foreach ($options as $k => $v) {
 			$opts[] = sprintf('%s="%s"', $k, $v);

src/Controller/Component/Auth/FormAuthenticate.php

@@ -22,7 +22,7 @@ use Cake\Network\Response;
 
 /**
  * An authentication adapter for AuthComponent. Provides the ability to authenticate using POST
- * data. Can be used by configuring AuthComponent to use it via the AuthComponent::$authenticate setting.
+ * data. Can be used by configuring AuthComponent to use it via the AuthComponent::$authenticate config.
  *
  * {{{
  *	$this->Auth->authenticate = array(
@@ -32,8 +32,8 @@ use Cake\Network\Response;
  *	)
  * }}}
  *
- * When configuring FormAuthenticate you can pass in settings to which fields, model and additional conditions
- * are used. See FormAuthenticate::$settings for more information.
+ * When configuring FormAuthenticate you can pass in config to which fields, model and additional conditions
+ * are used. See FormAuthenticate::$_config for more information.
  *
  * @see AuthComponent::$authenticate
  */
@@ -61,8 +61,8 @@ class FormAuthenticate extends BaseAuthenticate {
 	}
 
 /**
- * Authenticates the identity contained in a request. Will use the `settings.userModel`, and `settings.fields`
- * to find POST data that is used to find a matching record in the `settings.userModel`. Will return false if
+ * Authenticates the identity contained in a request. Will use the `config.userModel`, and `config.fields`
+ * to find POST data that is used to find a matching record in the `config.userModel`. Will return false if
  * there is no post data, either username or password is missing, or if the scope conditions have not been met.
  *
  * @param \Cake\Network\Request $request The request that contains login information.
@@ -70,10 +70,9 @@ class FormAuthenticate extends BaseAuthenticate {
  * @return mixed False on login failure.  An array of User data on success.
  */
 	public function authenticate(Request $request, Response $response) {
-		$userModel = $this->settings['userModel'];
-		list(, $model) = pluginSplit($userModel);
+		list(, $model) = pluginSplit($this->config('userModel'));
 
-		$fields = $this->settings['fields'];
+		$fields = $this->config('fields');
 		if (!$this->_checkFields($request, $model, $fields)) {
 			return false;
 		}

src/Controller/Component/AuthComponent.php

@@ -68,8 +68,8 @@ class AuthComponent extends Component {
  *	);
  * }}}
  *
- * Using the class name without 'Authenticate' as the key, you can pass in an array of settings for each
- * authentication object. Additionally you can define settings that should be set to all authentications objects
+ * Using the class name without 'Authenticate' as the key, you can pass in an array of config for each
+ * authentication object. Additionally you can define config that should be set to all authentications objects
  * using the 'all' key:
  *
  * {{{
@@ -109,8 +109,8 @@ class AuthComponent extends Component {
  *	);
  * }}}
  *
- * Using the class name without 'Authorize' as the key, you can pass in an array of settings for each
- * authorization object. Additionally you can define settings that should be set to all authorization objects
+ * Using the class name without 'Authorize' as the key, you can pass in an array of config for each
+ * authorization object. Additionally you can define config that should be set to all authorization objects
  * using the 'all' key:
  *
  * {{{
@@ -483,13 +483,13 @@ class AuthComponent extends Component {
 			return;
 		}
 		$this->_authorizeObjects = array();
-		$config = Hash::normalize((array)$this->authorize);
+		$authorize = Hash::normalize((array)$this->authorize);
 		$global = array();
-		if (isset($config[AuthComponent::ALL])) {
-			$global = $config[AuthComponent::ALL];
-			unset($config[AuthComponent::ALL]);
+		if (isset($authorize[AuthComponent::ALL])) {
+			$global = $authorize[AuthComponent::ALL];
+			unset($authorize[AuthComponent::ALL]);
 		}
-		foreach ($config as $class => $settings) {
+		foreach ($authorize as $class => $config) {
 			$className = App::classname($class, 'Controller/Component/Auth', 'Authorize');
 			if (!class_exists($className)) {
 				throw new Error\Exception(sprintf('Authorization adapter "%s" was not found.', $class));
@@ -497,8 +497,8 @@ class AuthComponent extends Component {
 			if (!method_exists($className, 'authorize')) {
 				throw new Error\Exception('Authorization objects must implement an authorize() method.');
 			}
-			$settings = array_merge($global, (array)$settings);
-			$this->_authorizeObjects[] = new $className($this->_registry, $settings);
+			$config = array_merge($global, (array)$config);
+			$this->_authorizeObjects[] = new $className($this->_registry, $config);
 		}
 		return $this->_authorizeObjects;
 	}
@@ -759,13 +759,13 @@ class AuthComponent extends Component {
 			return;
 		}
 		$this->_authenticateObjects = array();
-		$config = Hash::normalize((array)$this->authenticate);
+		$authenticate = Hash::normalize((array)$this->authenticate);
 		$global = array();
-		if (isset($config[AuthComponent::ALL])) {
-			$global = $config[AuthComponent::ALL];
-			unset($config[AuthComponent::ALL]);
+		if (isset($authenticate[AuthComponent::ALL])) {
+			$global = $authenticate[AuthComponent::ALL];
+			unset($authenticate[AuthComponent::ALL]);
 		}
-		foreach ($config as $class => $settings) {
+		foreach ($authenticate as $class => $config) {
 			$className = App::classname($class, 'Controller/Component/Auth', 'Authenticate');
 			if (!class_exists($className)) {
 				throw new Error\Exception(sprintf('Authentication adapter "%s" was not found.', $class));
@@ -773,8 +773,8 @@ class AuthComponent extends Component {
 			if (!method_exists($className, 'authenticate')) {
 				throw new Error\Exception('Authentication objects must implement an authenticate() method.');
 			}
-			$settings = array_merge($global, (array)$settings);
-			$this->_authenticateObjects[] = new $className($this->_registry, $settings);
+			$config = array_merge($global, (array)$config);
+			$this->_authenticateObjects[] = new $className($this->_registry, $config);
 		}
 		return $this->_authenticateObjects;
 	}

src/Controller/Component/CookieComponent.php

@@ -175,11 +175,11 @@ class CookieComponent extends Component {
  * Constructor
  *
  * @param ComponentRegistry $collection A ComponentRegistry for this component
- * @param array $settings Array of settings.
+ * @param array $config Array of config.
  */
-	public function __construct(ComponentRegistry $collection, $settings = array()) {
+	public function __construct(ComponentRegistry $collection, $config = array()) {
 		$this->key = Configure::read('Security.salt');
-		parent::__construct($collection, $settings);
+		parent::__construct($collection, $config);
 		if (isset($this->time)) {
 			$this->_expire($this->time);
 		}

src/Controller/Component/CsrfComponent.php

@@ -40,7 +40,7 @@ use Cake\Utility\String;
 class CsrfComponent extends Component {
 
 /**
- * Settings for the CSRF handling.
+ * Default config for the CSRF handling.
  *
  *  - cookieName = The name of the cookie to send.
  *  - expiry = How long the CSRF token should last. Defaults to browser session.
@@ -50,7 +50,7 @@ class CsrfComponent extends Component {
  *
  * @var array
  */
-	public $settings = [
+	protected $_defaultConfig = [
 		'cookieName' => 'csrfToken',
 		'expiry' => 0,
 		'secure' => false,
@@ -76,7 +76,7 @@ class CsrfComponent extends Component {
 		$controller = $event->subject();
 		$request = $controller->request;
 		$response = $controller->response;
-		$cookieName = $this->settings['cookieName'];
+		$cookieName = $this->config('cookieName');
 
 		$cookieData = $request->cookie($cookieName);
 		if ($cookieData) {
@@ -105,15 +105,14 @@ class CsrfComponent extends Component {
  * @param \Cake\Network\Response $response The response object.
  */
 	protected function _setCookie(Request $request, Response $response) {
-		$settings = $this->settings;
 		$value = Security::hash(String::uuid(), 'sha1', true);
 		$request->params['_csrfToken'] = $value;
 		$response->cookie([
-			'name' => $settings['cookieName'],
+			'name' => $this->config('cookieName'),
 			'value' => $value,
-			'expiry' => $settings['expiry'],
+			'expiry' => $this->config('expiry'),
 			'path' => $request->base,
-			'secure' => $settings['secure'],
+			'secure' => $this->config('secure'),
 		]);
 	}
 
@@ -125,10 +124,8 @@ class CsrfComponent extends Component {
  * @return void
  */
 	protected function _validateToken(Request $request) {
-		$settings = $this->settings;
-
-		$cookie = $request->cookie($settings['cookieName']);
-		$post = $request->data($settings['field']);
+		$cookie = $request->cookie($this->config('cookieName'));
+		$post = $request->data($this->config('field'));
 		$header = $request->header('X-CSRF-Token');
 
 		if ($post !== $cookie && $header !== $cookie) {

src/Controller/Component/RequestHandlerComponent.php

@@ -83,6 +83,17 @@ class RequestHandlerComponent extends Component {
 	protected $_renderType = null;
 
 /**
+ * Default config
+ *
+ * These are merged with user-provided config when the component is used.
+ *
+ * @var array
+ */
+	protected $_defaultConfig = [
+		'checkHttpCache' => true
+	];
+
+/**
  * A mapping between extensions and deserializers for request bodies of that type.
  * By default only JSON and XML are mapped, use RequestHandlerComponent::addInputType()
  *
@@ -107,10 +118,10 @@ class RequestHandlerComponent extends Component {
  * Constructor. Parses the accepted content types accepted by the client using HTTP_ACCEPT
  *
  * @param ComponentRegistry $collection ComponentRegistry object.
- * @param array $settings Array of settings.
+ * @param array $config Array of config.
  */
-	public function __construct(ComponentRegistry $collection, $settings = array()) {
-		parent::__construct($collection, $settings + array('checkHttpCache' => true));
+	public function __construct(ComponentRegistry $collection, $config = array()) {
+		parent::__construct($collection, $config);
 		$this->addInputType('xml', array(array($this, 'convertXml')));
 
 		$Controller = $collection->getController();
@@ -135,8 +146,10 @@ class RequestHandlerComponent extends Component {
 		if (empty($this->ext) || $this->ext === 'html') {
 			$this->_setExtension();
 		}
-		if (!empty($this->settings['viewClassMap'])) {
-			$this->viewClassMap($this->settings['viewClassMap']);
+
+		$classMap = $this->config('viewClassMap');
+		if ($classMap) {
+			$this->viewClassMap($classMap);
 		}
 	}
 
@@ -280,7 +293,7 @@ class RequestHandlerComponent extends Component {
  * @return boolean false if the render process should be aborted
  */
 	public function beforeRender(Event $event) {
-		if ($this->settings['checkHttpCache'] && $this->response->checkNotModified($this->request)) {
+		if ($this->config('checkHttpCache') && $this->response->checkNotModified($this->request)) {
 			return false;
 		}
 	}

src/Controller/ComponentRegistry.php

@@ -100,12 +100,12 @@ class ComponentRegistry extends ObjectRegistry {
  *
  * @param string $class The classname to create.
  * @param string $alias The alias of the component.
- * @param array $settings An array of settings to use for the component.
+ * @param array $config An array of config to use for the component.
  * @return Component The constructed component class.
  */
-	protected function _create($class, $alias, $settings) {
-		$instance = new $class($this, $settings);
-		$enable = isset($settings['enabled']) ? $settings['enabled'] : true;
+	protected function _create($class, $alias, $config) {
+		$instance = new $class($this, $config);
+		$enable = isset($config['enabled']) ? $config['enabled'] : true;
 		if ($enable) {
 			$this->_eventManager->attach($instance);
 		}

tests/TestCase/Controller/Component/Acl/PhpAclTest.php

@@ -333,7 +333,7 @@ class PhpAclTest extends TestCase {
  */
 	public function testPolicy() {
 		// allow by default
-		$this->Acl->settings['adapter']['policy'] = PhpAcl::ALLOW;
+		$this->Acl->config('adapter.policy', PhpAcl::ALLOW);
 		$this->Acl->adapter($this->PhpAcl);
 
 		$this->assertTrue($this->Acl->check('Role/sales', 'foo'));

tests/TestCase/Controller/Component/Auth/ActionsAuthorizeTest.php

@@ -38,7 +38,7 @@ class ActionsAuthorizeTest extends TestCase {
 		$this->Collection = $this->getMock('Cake\Controller\ComponentRegistry');
 
 		$this->auth = new ActionsAuthorize($this->Collection);
-		$this->auth->settings['actionPath'] = '/controllers';
+		$this->auth->config('actionPath', '/controllers');
 	}
 
 /**
@@ -126,7 +126,7 @@ class ActionsAuthorizeTest extends TestCase {
 
 		$this->_mockAcl();
 
-		$this->auth->settings['userModel'] = 'TestPlugin.AuthUser';
+		$this->auth->config('userModel', 'TestPlugin.AuthUser');
 		$user = array(
 			'id' => 1,
 			'username' => 'mariano'
@@ -164,7 +164,7 @@ class ActionsAuthorizeTest extends TestCase {
  * @return void
  */
 	public function testActionNoDoubleSlash() {
-		$this->auth->settings['actionPath'] = '/controllers/';
+		$this->auth->config('actionPath', '/controllers/');
 		$request = new Request('/posts/index', false);
 		$request->addParams(array(
 			'plugin' => null,

tests/TestCase/Controller/Component/Auth/BasicAuthenticateTest.php

@@ -67,8 +67,8 @@ class BasicAuthenticateTest extends TestCase {
 			'userModel' => 'AuthUser',
 			'fields' => array('username' => 'user', 'password' => 'password')
 		));
-		$this->assertEquals('AuthUser', $object->settings['userModel']);
-		$this->assertEquals(array('username' => 'user', 'password' => 'password'), $object->settings['fields']);
+		$this->assertEquals('AuthUser', $object->config('userModel'));
+		$this->assertEquals(array('username' => 'user', 'password' => 'password'), $object->config('fields'));
 	}
 
 /**
@@ -186,7 +186,7 @@ class BasicAuthenticateTest extends TestCase {
  * @return void
  */
 	public function testAuthenticateFailReChallenge() {
-		$this->auth->settings['scope'] = array('username' => 'nate');
+		$this->auth->config('scope.username', 'nate');
 		$request = new Request([
 			'url' => 'posts/index',
 			'environment' => [
@@ -223,7 +223,7 @@ class BasicAuthenticateTest extends TestCase {
 			array('username' => 'mariano')
 		);
 
-		$this->auth->settings['passwordHasher'] = 'Blowfish';
+		$this->auth->config('passwordHasher', 'Blowfish');
 
 		$result = $this->auth->authenticate($request, $this->response);
 		$expected = array(

tests/TestCase/Controller/Component/Auth/CrudAuthorizeTest.php

@@ -182,7 +182,7 @@ class CrudAuthorizeTest extends TestCase {
 		Router::reload();
 
 		$auth = new CrudAuthorize($this->Components);
-		$this->assertTrue(isset($auth->settings['actionMap']['admin_index']));
+		$this->assertTrue((bool)$auth->config('actionMap.admin_index'), 'admin_index should now be a mapped action');
 	}
 
 }

tests/TestCase/Controller/Component/Auth/DigestAuthenticateTest.php

@@ -69,10 +69,10 @@ class DigestAuthenticateTest extends TestCase {
 			'fields' => array('username' => 'user', 'password' => 'pass'),
 			'nonce' => 123456
 		));
-		$this->assertEquals('AuthUser', $object->settings['userModel']);
-		$this->assertEquals(array('username' => 'user', 'password' => 'pass'), $object->settings['fields']);
-		$this->assertEquals(123456, $object->settings['nonce']);
-		$this->assertEquals(env('SERVER_NAME'), $object->settings['realm']);
+		$this->assertEquals('AuthUser', $object->config('userModel'));
+		$this->assertEquals(array('username' => 'user', 'password' => 'pass'), $object->config('fields'));
+		$this->assertEquals(123456, $object->config('nonce'));
+		$this->assertEquals(env('SERVER_NAME'), $object->config('realm'));
 	}
 
 /**
@@ -182,7 +182,7 @@ DIGEST;
  * @return void
  */
 	public function testAuthenticateFailReChallenge() {
-		$this->auth->settings['scope'] = array('username' => 'nate');
+		$this->auth->config('scope.username', 'nate');
 		$request = new Request([
 			'url' => 'posts/index',
 			'environment' => ['REQUEST_METHOD' => 'GET']

tests/TestCase/Controller/Component/Auth/FormAuthenticateTest.php

@@ -67,8 +67,8 @@ class FormAuthenticateTest extends TestCase {
 			'userModel' => 'AuthUsers',
 			'fields' => array('username' => 'user', 'password' => 'password')
 		));
-		$this->assertEquals('AuthUsers', $object->settings['userModel']);
-		$this->assertEquals(array('username' => 'user', 'password' => 'password'), $object->settings['fields']);
+		$this->assertEquals('AuthUsers', $object->config('userModel'));
+		$this->assertEquals(array('username' => 'user', 'password' => 'password'), $object->config('fields'));
 	}
 
 /**
@@ -216,7 +216,7 @@ class FormAuthenticateTest extends TestCase {
  * @return void
  */
 	public function testAuthenticateScopeFail() {
-		$this->auth->settings['scope'] = array('Users.id' => 2);
+		$this->auth->config('scope', ['Users.id' => 2]);
 		$request = new Request('posts/index');
 		$request->data = array('Users' => array(
 			'username' => 'mariano',
@@ -241,7 +241,7 @@ class FormAuthenticateTest extends TestCase {
 		$user['password'] = Security::hash(Configure::read('Security.salt') . 'cake', 'blowfish', false);
 		$PluginModel->save(new Entity($user));
 
-		$this->auth->settings['userModel'] = 'TestPlugin.AuthUsers';
+		$this->auth->config('userModel', 'TestPlugin.AuthUsers');
 
 		$request = new Request('posts/index');
 		$request->data = array('AuthUsers' => array(
@@ -266,10 +266,10 @@ class FormAuthenticateTest extends TestCase {
  * @return void
  */
 	public function testPasswordHasherSettings() {
-		$this->auth->settings['passwordHasher'] = array(
+		$this->auth->config('passwordHasher', [
 			'className' => 'Simple',
 			'hashType' => 'md5'
-		);
+		]);
 
 		$passwordHasher = $this->auth->passwordHasher();
 		$result = $passwordHasher->config();
@@ -301,10 +301,10 @@ class FormAuthenticateTest extends TestCase {
 			'fields' => array('username' => 'username', 'password' => 'password'),
 			'userModel' => 'Users'
 		));
-		$this->auth->settings['passwordHasher'] = array(
+		$this->auth->config('passwordHasher', [
 			'className' => 'Simple',
 			'hashType' => 'sha1'
-		);
+		]);
 		$this->assertFalse($this->auth->authenticate($request, $this->response));
 	}
 

tests/TestCase/Controller/Component/AuthComponentTest.php

@@ -340,7 +340,7 @@ class AuthComponentTest extends TestCase {
 		);
 		$objects = $this->Controller->Auth->constructAuthorize();
 		$result = $objects[0];
-		$this->assertEquals('controllers/', $result->settings['actionPath']);
+		$this->assertEquals('controllers/', $result->config('actionPath'));
 	}
 
 /**
@@ -371,7 +371,7 @@ class AuthComponentTest extends TestCase {
 		);
 		$objects = $this->Controller->Auth->constructAuthenticate();
 		$result = $objects[0];
-		$this->assertEquals('AuthUsers', $result->settings['userModel']);
+		$this->assertEquals('AuthUsers', $result->config('userModel'));
 	}
 
 /**

tests/TestCase/Controller/Component/RequestHandlerComponentTest.php

@@ -87,20 +87,20 @@ class RequestHandlerComponentTest extends TestCase {
 	}
 
 /**
- * Test that the constructor sets the settings.
+ * Test that the constructor sets the config.
  *
  * @return void
  */
-	public function testConstructorSettings() {
-		$settings = array(
+	public function testConstructorConfig() {
+		$config = array(
 			'ajaxLayout' => 'test_ajax',
 			'viewClassMap' => array('json' => 'MyPlugin.MyJson')
 		);
 		$controller = $this->getMock('Cake\Controller\Controller');
 		$collection = new ComponentRegistry($controller);
-		$requestHandler = new RequestHandlerComponent($collection, $settings);
+		$requestHandler = new RequestHandlerComponent($collection, $config);
 		$this->assertEquals('test_ajax', $requestHandler->ajaxLayout);
-		$this->assertEquals(array('json' => 'MyPlugin.MyJson'), $requestHandler->settings['viewClassMap']);
+		$this->assertEquals(array('json' => 'MyPlugin.MyJson'), $requestHandler->config('viewClassMap'));
 	}
 
 /**
@@ -290,7 +290,7 @@ class RequestHandlerComponentTest extends TestCase {
  */
 	public function testViewClassMap() {
 		$event = new Event('Controller.initialize', $this->Controller);
-		$this->RequestHandler->settings = array('viewClassMap' => array('json' => 'CustomJson'));
+		$this->RequestHandler->config(array('viewClassMap' => array('json' => 'CustomJson')));
 		$this->RequestHandler->initialize($event);
 		$result = $this->RequestHandler->viewClassMap();
 		$expected = array(

tests/TestCase/Controller/ComponentRegistryTest.php

@@ -76,7 +76,7 @@ class ComponentRegistryTest extends TestCase {
 		$result = $this->Components->load('Cookie', array('className' => __NAMESPACE__ . '\CookieAliasComponent', 'somesetting' => true));
 		$this->assertInstanceOf(__NAMESPACE__ . '\CookieAliasComponent', $result);
 		$this->assertInstanceOf(__NAMESPACE__ . '\CookieAliasComponent', $this->Components->Cookie);
-		$this->assertTrue($this->Components->Cookie->settings['somesetting']);
+		$this->assertTrue($this->Components->Cookie->config('somesetting'));
 
 		$result = $this->Components->loaded();
 		$this->assertEquals(array('Cookie'), $result, 'loaded() results are wrong.');