Merge pull request #7164 from cakephp/auth-finder

Allow setting custom finder for authenticators.

src/Auth/BaseAuthenticate.php

@@ -35,12 +35,12 @@ abstract class BaseAuthenticate implements EventListenerInterface
      *
      * - `fields` The fields to use to identify a user by.
      * - `userModel` The alias for users table, defaults to Users.
-     * - `scope` Additional conditions to use when looking up and authenticating users,
-     *    i.e. `['Users.is_active' => 1].`
-     * - `contain` Extra models to contain and store in session.
+     * - `finder` The finder method to use to fetch user record. Defaults to 'all'.
      * - `passwordHasher` Password hasher class. Can be a string specifying class name
      *    or an array containing `className` key, any other keys will be passed as
      *    config to the class. Defaults to 'Default'.
+     * - Options `scope` and `contain` have been deprecated since 3.1. Use custom
+     *   finder instead to modify the query to fetch user record.
      *
      * @var array
      */
@@ -51,6 +51,7 @@ abstract class BaseAuthenticate implements EventListenerInterface
         ],
         'userModel' => 'Users',
         'scope' => [],
+        'finder' => 'all',
         'contain' => null,
         'passwordHasher' => 'Default'
     ];
@@ -131,19 +132,20 @@ abstract class BaseAuthenticate implements EventListenerInterface
     protected function _query($username)
     {
         $config = $this->_config;
-        $table = TableRegistry::get($this->_config['userModel']);
+        $table = TableRegistry::get($config['userModel']);
 
-        $conditions = [$table->aliasField($config['fields']['username']) => $username];
-        if ($config['scope']) {
-            $conditions = array_merge($conditions, $config['scope']);
-        }
-
-        $query = $table->find('all')
-            ->where($conditions);
+        $options = [
+            'conditions' => [$table->aliasField($config['fields']['username']) => $username]
+        ];
 
-        if ($config['contain']) {
-            $query = $query->contain($config['contain']);
+        if (!empty($config['scope'])) {
+            $options['conditions'] = array_merge($options['conditions'], $config['scope']);
         }
+        if (!empty($config['contain'])) {
+            $options['contain'] = $config['contain'];
+        }
+
+        $query = $table->find($config['finder'], $options);
 
         return $query;
     }

tests/TestCase/Auth/FormAuthenticateTest.php

@@ -57,6 +57,12 @@ class FormAuthenticateTest extends TestCase
         TableRegistry::clear();
         $Users = TableRegistry::get('Users');
         $Users->updateAll(['password' => $password], []);
+
+        $AuthUsers = TableRegistry::get('AuthUsers', [
+            'className' => 'TestApp\Model\Table\AuthUsersTable'
+        ]);
+        $AuthUsers->updateAll(['password' => $password], []);
+
         $this->response = $this->getMock('Cake\Network\Response');
     }
 
@@ -244,30 +250,12 @@ class FormAuthenticateTest extends TestCase
     }
 
     /**
-     * test scope failure.
-     *
-     * @return void
-     */
-    public function testAuthenticateScopeFail()
-    {
-        $this->auth->config('scope', ['Users.id' => 2]);
-        $request = new Request('posts/index');
-        $request->data = [
-            'username' => 'mariano',
-            'password' => 'password'
-        ];
-
-        $this->assertFalse($this->auth->authenticate($request, $this->response));
-    }
-
-    /**
      * test a model in a plugin.
      *
      * @return void
      */
     public function testPluginModel()
     {
-        Cache::delete('object_map', '_cake_core_');
         Plugin::load('TestPlugin');
 
         $PluginModel = TableRegistry::get('TestPlugin.AuthUsers');
@@ -296,6 +284,32 @@ class FormAuthenticateTest extends TestCase
     }
 
     /**
+     * Test using custom finder
+     *
+     * @return void
+     */
+    public function testFinder()
+    {
+        $request = new Request('posts/index');
+        $request->data = [
+            'username' => 'mariano',
+            'password' => 'password'
+        ];
+
+        $this->auth->config([
+            'userModel' => 'AuthUsers',
+            'finder' => 'auth'
+        ]);
+
+        $result = $this->auth->authenticate($request, $this->response);
+        $expected = [
+            'id' => 1,
+            'username' => 'mariano',
+        ];
+        $this->assertEquals($expected, $result, 'Result should not contain "created" and "modified" fields');
+    }
+
+    /**
      * test password hasher settings
      *
      * @return void

tests/test_app/TestApp/Model/Table/AuthUsersTable.php

@@ -12,6 +12,7 @@
  */
 namespace TestApp\Model\Table;
 
+use Cake\ORM\Query;
 use Cake\ORM\Table;
 
 /**
@@ -21,4 +22,17 @@ use Cake\ORM\Table;
 class AuthUsersTable extends Table
 {
 
+    /**
+     * Custom finder
+     *
+     * @param \Cake\ORM\Query $query The query to find with
+     * @param array $options The options to find with
+     * @return \Cake\ORM\Query The query builder
+     */
+    public function findAuth(Query $query, array $options)
+    {
+        $query->select(['id', 'username', 'password']);
+
+        return $query;
+    }
 }