Merge pull request #3735 from ADmad/3.0-auth

Remove use of request info to identify user in AuthComponent::login().

src/Controller/Component/AuthComponent.php

@@ -582,28 +582,18 @@ class AuthComponent extends Component {
 	}
 
 /**
- * Log a user in.
+ * Set provided user info to session as logged in user.
  *
- * If a $user is provided that data will be stored as the logged in user. If `$user` is empty or not
- * specified, the request will be used to identify a user. If the identification was successful,
- * the user record is written to the session key specified in AuthComponent::$sessionKey. Logging in
- * will also change the session id in order to help mitigate session replays.
+ * The user recordis written to the session key specified in AuthComponent::$sessionKey.
+ * Thehe session id will also be changed in order to help mitigate session replays.
  *
- * @param array $user Either an array of user data, or null to identify a user using the current request.
- * @return bool True on login success, false on failure
+ * @param array $user Array of user data.
+ * @return void
  * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#identifying-users-and-logging-them-in
  */
-	public function login($user = null) {
-		$this->_setDefaults();
-
-		if (empty($user)) {
-			$user = $this->identify($this->request, $this->response);
-		}
-		if ($user) {
-			$this->session->renew();
-			$this->session->write($this->sessionKey, $user);
-		}
-		return (bool)$this->user();
+	public function setUser(array $user) {
+		$this->session->renew();
+		$this->session->write($this->sessionKey, $user);
 	}
 
 /**
@@ -729,16 +719,16 @@ class AuthComponent extends Component {
  * Use the configured authentication adapters, and attempt to identify the user
  * by credentials contained in $request.
  *
- * @param \Cake\Network\Request $request The request that contains authentication data.
- * @param \Cake\Network\Response $response The response
  * @return array User record data, or false, if the user could not be identified.
  */
-	public function identify(Request $request, Response $response) {
+	public function identify() {
+		$this->_setDefaults();
+
 		if (empty($this->_authenticateObjects)) {
 			$this->constructAuthenticate();
 		}
 		foreach ($this->_authenticateObjects as $auth) {
-			$result = $auth->authenticate($request, $response);
+			$result = $auth->authenticate($this->request, $this->response);
 			if (!empty($result) && is_array($result)) {
 				$this->_authenticationProvider = $auth;
 				return $result;

tests/TestCase/Controller/Component/AuthComponentTest.php

@@ -129,11 +129,11 @@ class AuthComponentTest extends TestCase {
 	}
 
 /**
- * testLogin method
+ * testIdentify method
  *
  * @return void
  */
-	public function testLogin() {
+	public function testIdentify() {
 		$AuthLoginFormAuthenticate = $this->getMock(
 			'Cake\Controller\Component\Auth\FormAuthenticate',
 			array('authenticate'), array(), '', false
@@ -143,10 +143,6 @@ class AuthComponentTest extends TestCase {
 				'userModel' => 'AuthUsers'
 			)
 		);
-		$this->Auth->session = $this->getMock(
-			'Cake\Network\Session',
-			array('renew')
-		);
 
 		$this->Auth->setAuthenticateObject(0, $AuthLoginFormAuthenticate);
 
@@ -167,14 +163,8 @@ class AuthComponentTest extends TestCase {
 			->with($this->Auth->request)
 			->will($this->returnValue($user));
 
-		$this->Auth->session->expects($this->once())
-			->method('renew');
-
-		$result = $this->Auth->login();
-		$this->assertTrue($result);
-
-		$this->assertTrue((bool)$this->Auth->user());
-		$this->assertEquals($user, $this->Auth->user());
+		$result = $this->Auth->identify();
+		$this->assertEquals($user, $result);
 		$this->assertSame($AuthLoginFormAuthenticate, $this->Auth->authenticationProvider());
 	}
 
@@ -228,6 +218,8 @@ class AuthComponentTest extends TestCase {
 	}
 
 /**
+ * testIsAuthorizedMissingFile function
+ *
  * @expectedException \Cake\Error\Exception
  * @return void
  */
@@ -317,6 +309,8 @@ class AuthComponentTest extends TestCase {
 	}
 
 /**
+ * testLoadAuthenticateNoFile function
+ *
  * @expectedException \Cake\Error\Exception
  * @return void
  */
@@ -516,6 +510,11 @@ class AuthComponentTest extends TestCase {
 		$this->assertNull($result, 'startup() should return null, as action is allowed. %s');
 	}
 
+/**
+ * testAllowedActionsSetWithAllowMethod method
+ *
+ * @return void
+ */
 	public function testAllowedActionsSetWithAllowMethod() {
 		$url = '/auth_test/action_name';
 		$this->Controller->request->addParams(Router::parse($url));
@@ -723,7 +722,7 @@ class AuthComponentTest extends TestCase {
 		$Request->env('HTTP_REFERER', false);
 		$this->Auth->request->addParams(Router::parse($url));
 		$this->Auth->config('authorize', ['Controller']);
-		$this->Auth->login(array('username' => 'mariano', 'password' => 'cake'));
+		$this->Auth->setUser(array('username' => 'mariano', 'password' => 'cake'));
 		$this->Auth->config('loginRedirect', [
 			'controller' => 'something', 'action' => 'else'
 		]);
@@ -761,7 +760,7 @@ class AuthComponentTest extends TestCase {
 		]);
 		$this->Auth->request->addParams(Router::parse($url));
 		$this->Auth->config('authorize', ['Controller']);
-		$this->Auth->login(array('username' => 'admad', 'password' => 'cake'));
+		$this->Auth->setUser(array('username' => 'admad', 'password' => 'cake'));
 
 		$expected = ['controller' => 'no_can_do', 'action' => 'jack'];
 		$this->Auth->config('unauthorizedRedirect', $expected);
@@ -798,7 +797,7 @@ class AuthComponentTest extends TestCase {
 		$this->Auth->request = $Request = new Request($url);
 		$this->Auth->request->addParams(Router::parse($url));
 		$this->Auth->config('authorize', ['Controller']);
-		$this->Auth->login(array('username' => 'admad', 'password' => 'cake'));
+		$this->Auth->setUser(array('username' => 'admad', 'password' => 'cake'));
 		$expected = ['controller' => 'no_can_do', 'action' => 'jack'];
 		$this->Auth->config('unauthorizedRedirect', $expected);
 		$this->Auth->config('authError', false);
@@ -823,6 +822,7 @@ class AuthComponentTest extends TestCase {
 
 /**
  * Throw ForbiddenException if config `unauthorizedRedirect` is set to false
+ *
  * @expectedException \Cake\Error\ForbiddenException
  * @return void
  */
@@ -834,7 +834,7 @@ class AuthComponentTest extends TestCase {
 			'authorize' => ['Controller'],
 			'unauthorizedRedirect' => false
 		]);
-		$this->Auth->login(array('username' => 'baker', 'password' => 'cake'));
+		$this->Auth->setUser(array('username' => 'baker', 'password' => 'cake'));
 
 		$response = new Response();
 		$Controller = $this->getMock(
@@ -1094,36 +1094,34 @@ class AuthComponentTest extends TestCase {
 	}
 
 /**
- * test logging in with a request.
+ * test setting user info to session.
  *
  * @return void
  */
-	public function testLoginWithRequestData() {
-		$RequestLoginMockAuthenticate = $this->getMock(
-			'Cake\Controller\Component\Auth\FormAuthenticate',
-			array('authenticate'), array(), '', false
+	public function testSetUser() {
+		$this->Auth->session = $this->getMock(
+			'Cake\Network\Session',
+			array('renew', 'write')
 		);
-		$request = new Request('users/login');
+
 		$user = array('username' => 'mark', 'role' => 'admin');
 
-		$this->Auth->request = $request;
-		$this->Auth->authenticate = array('RequestLoginMock');
-		$this->Auth->setAuthenticateObject(0, $RequestLoginMockAuthenticate);
-		$RequestLoginMockAuthenticate->expects($this->once())
-			->method('authenticate')
-			->with($request)
-			->will($this->returnValue($user));
+		$this->Auth->session->expects($this->once())
+			->method('renew');
 
-		$this->assertTrue($this->Auth->login());
-		$this->assertEquals($user['username'], $this->Auth->user('username'));
+		$this->Auth->session->expects($this->once())
+			->method('write')
+			->with($this->Auth->sessionKey, $user);
+
+		$this->Auth->setUser($user);
 	}
 
 /**
- * test login() with user data
+ * testGettingUserAfterSetUser
  *
  * @return void
  */
-	public function testLoginWithUserData() {
+	public function testGettingUserAfterSetUser() {
 		$this->assertFalse((bool)$this->Auth->user());
 
 		$user = array(
@@ -1132,7 +1130,7 @@ class AuthComponentTest extends TestCase {
 			'created' => new \DateTime('2007-03-17 01:16:23'),
 			'updated' => new \DateTime('2007-03-17 01:18:31')
 		);
-		$this->assertTrue($this->Auth->login($user));
+		$this->Auth->setUser($user);
 		$this->assertTrue((bool)$this->Auth->user());
 		$this->assertEquals($user['username'], $this->Auth->user('username'));
 	}