Switch from using properties to config() for AuthComponent.

src/Controller/Component/AuthComponent.php

@@ -50,45 +50,113 @@ class AuthComponent extends Component {
 	const ALL = 'all';
 
 /**
- * Other components utilized by AuthComponent
+ * Default config
+ *
+ * - `authenticate` - An array of authentication objects to use for authenticating users.
+ *   You can configure multiple adapters and they will be checked sequentially
+ *   when users are identified.
+ *
+ *   {{{
+ *   $this->Auth->config('authenticate', [
+ *    	'Form' => [
+ *  		'userModel' => 'Users.Users'
+ *  	]
+ *   ]);
+ *   }}}
+ *
+ *   Using the class name without 'Authenticate' as the key, you can pass in an
+ *   array of config for each authentication object. Additionally you can define
+ *   config that should be set to all authentications objects using the 'all' key:
+ *
+ *   {{{
+ *	 $this->Auth->config('authenticate', [
+ *  	AuthComponent::ALL => [
+ *  		'userModel' => 'Users.Users',
+ *  		'scope' => ['Users.active' => 1]
+ *  	],
+ *  	'Form',
+ *  	'Basic'
+ *   ]);
+ *   }}}
+ *
+ * - `authorize` - An array of authorization objects to use for authorizing users.
+ *   You can configure multiple adapters and they will be checked sequentially
+ *   when authorization checks are done.
+ *
+ *   {{{
+ *   $this->Auth->config('authorize', [
+ *  	'Crud' => [
+ *  		'actionPath' => 'controllers/'
+ *  	]
+ *   ]);
+ *   }}}
+ *
+ *   Using the class name without 'Authorize' as the key, you can pass in an array
+ *   of config for each authorization object. Additionally you can define config
+ *   that should be set to all authorization objects using the AuthComponent::ALL key:
+ *
+ *   {{{
+ *   $this->Auth->config('authorize', [
+ *  	AuthComponent::ALL => [
+ *  		'actionPath' => 'controllers/'
+ *  	],
+ *  	'Crud',
+ *  	'CustomAuth'
+ *   ]);
+ *   }}}
+ *
+ * - `ajaxLogin` - The name of an optional view element to render when an Ajax
+ *   request is made with an invalid or expired session.
+ *
+ * - `flash` - Settings to use when Auth needs to do a flash message with
+ *   SessionComponent::setFlash(). Available keys are:
+ *
+ *   - `element` - The element to use, defaults to 'default'.
+ *   - `key` - The key to use, defaults to 'auth'
+ *   - `params` - The array of additional params to use, defaults to []
+ *
+ * - `loginAction` - A URL (defined as a string or array) to the controller action
+ *   that handles logins. Defaults to `/users/login`.
+ *
+ * - `loginRedirect` - Normally, if a user is redirected to the `loginAction` page,
+ *   the location they were redirected from will be stored in the session so that
+ *   they can be redirected back after a successful login. If this session value
+ *   is not set, redirectUrl() method will return the URL specified in `loginRedirect`.
+ *
+ * - `logoutRedirect` - The default action to redirect to after the user is logged out.
+ *   While AuthComponent does not handle post-logout redirection, a redirect URL
+ *   will be returned from `AuthComponent::logout()`. Defaults to `loginAction`.
+ *
+ * - `authError` - Error to display when user attempts to access an object or
+ *   action to which they do not have access.
+ *
+ * - `unauthorizedRedirect` - Controls handling of unauthorized access.
+ *
+ *   - For default value `true` unauthorized user is redirected to the referrer URL
+ *     or `$loginRedirect` or '/'.
+ *   - If set to a string or array the value is used as a URL to redirect to.
+ *   - If set to false a `ForbiddenException` exception is thrown instead of redirecting.
  *
  * @var array
  */
-	public $components = array('Session', 'RequestHandler');
+	protected $_defaultConfig = [
+		'authenticate' => null,
+		'authorize' => false,
+		'ajaxLogin' => null,
+		'flash' => null,
+		'loginAction' => null,
+		'loginRedirect' => null,
+		'logoutRedirect' => null,
+		'authError' => null,
+		'unauthorizedRedirect' => true
+	];
 
 /**
- * An array of authentication objects to use for authenticating users. You can configure
- * multiple adapters and they will be checked sequentially when users are identified.
- *
- * {{{
- *	$this->Auth->authenticate = array(
- *		'Form' => array(
- *			'userModel' => 'Users.Users'
- *		)
- *	);
- * }}}
- *
- * Using the class name without 'Authenticate' as the key, you can pass in an array of config for each
- * authentication object. Additionally you can define config that should be set to all authentications objects
- * using the 'all' key:
- *
- * {{{
- *	$this->Auth->authenticate = array(
- *		'all' => array(
- *			'userModel' => 'Users.Users',
- *			'scope' => ['Users.active' => 1]
- *		),
- *		'Form',
- *		'Basic'
- *	);
- * }}}
- *
- * You can also use AuthComponent::ALL instead of the string 'all'.
+ * Other components utilized by AuthComponent
  *
  * @var array
- * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html
  */
-	public $authenticate = array('Form');
+	public $components = array('Session', 'RequestHandler');
 
 /**
  * Objects that will be used for authentication checks.
@@ -98,39 +166,6 @@ class AuthComponent extends Component {
 	protected $_authenticateObjects = array();
 
 /**
- * An array of authorization objects to use for authorizing users. You can configure
- * multiple adapters and they will be checked sequentially when authorization checks are done.
- *
- * {{{
- *	$this->Auth->authorize = array(
- *		'Crud' => array(
- *			'actionPath' => 'controllers/'
- *		)
- *	);
- * }}}
- *
- * Using the class name without 'Authorize' as the key, you can pass in an array of config for each
- * authorization object. Additionally you can define config that should be set to all authorization objects
- * using the 'all' key:
- *
- * {{{
- *	$this->Auth->authorize = array(
- *		'all' => array(
- *			'actionPath' => 'controllers/'
- *		),
- *		'Crud',
- *		'CustomAuth'
- *	);
- * }}}
- *
- * You can also use AuthComponent::ALL instead of the string 'all'
- *
- * @var mixed
- * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#authorization
- */
-	public $authorize = false;
-
-/**
  * Objects that will be used for authorization checks.
  *
  * @var array
@@ -138,30 +173,6 @@ class AuthComponent extends Component {
 	protected $_authorizeObjects = array();
 
 /**
- * The name of an optional view element to render when an Ajax request is made
- * with an invalid or expired session
- *
- * @var string
- */
-	public $ajaxLogin = null;
-
-/**
- * Settings to use when Auth needs to do a flash message with SessionComponent::setFlash().
- * Available keys are:
- *
- * - `element` - The element to use, defaults to 'default'.
- * - `key` - The key to use, defaults to 'auth'
- * - `params` - The array of additional params to use, defaults to array()
- *
- * @var array
- */
-	public $flash = array(
-		'element' => 'default',
-		'key' => 'auth',
-		'params' => array()
-	);
-
-/**
  * The session key name where the record of the current user is stored. Default
  * key is "Auth.User". If you are using only stateless authenticators set this
  * to false to ensure session is not started.
@@ -179,60 +190,6 @@ class AuthComponent extends Component {
 	protected static $_user = array();
 
 /**
- * A URL (defined as a string or array) to the controller action that handles
- * logins. Defaults to `/users/login`.
- *
- * @var mixed
- */
-	public $loginAction = array(
-		'controller' => 'users',
-		'action' => 'login',
-		'plugin' => null
-	);
-
-/**
- * Normally, if a user is redirected to the $loginAction page, the location they
- * were redirected from will be stored in the session so that they can be
- * redirected back after a successful login. If this session value is not
- * set, redirectUrl() method will return the URL specified in $loginRedirect.
- *
- * @var mixed
- * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#AuthComponent::$loginRedirect
- */
-	public $loginRedirect = null;
-
-/**
- * The default action to redirect to after the user is logged out. While AuthComponent does
- * not handle post-logout redirection, a redirect URL will be returned from AuthComponent::logout().
- * Defaults to AuthComponent::$loginAction.
- *
- * @var mixed
- * @see AuthComponent::$loginAction
- * @see AuthComponent::logout()
- */
-	public $logoutRedirect = null;
-
-/**
- * Error to display when user attempts to access an object or action to which they do not have
- * access.
- *
- * @var string|boolean Error message or boolean false to suppress flash message
- * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#AuthComponent::$authError
- */
-	public $authError = null;
-
-/**
- * Controls handling of unauthorized access.
- * - For default value `true` unauthorized user is redirected to the referrer URL
- *   or AuthComponent::$loginRedirect or '/'.
- * - If set to a string or array the value is used as a URL to redirect to.
- * - If set to false a ForbiddenException exception is thrown instead of redirecting.
- *
- * @var mixed
- */
-	public $unauthorizedRedirect = true;
-
-/**
  * Controller actions for which user validation is not required.
  *
  * @var array
@@ -294,9 +251,7 @@ class AuthComponent extends Component {
 			return true;
 		}
 
-		if (!$this->_setDefaults()) {
-			return false;
-		}
+		$this->_setDefaults();
 
 		if ($this->_isAllowed($controller)) {
 			return true;
@@ -307,7 +262,7 @@ class AuthComponent extends Component {
 		}
 
 		if ($this->_isLoginAction($controller) ||
-			empty($this->authorize) ||
+			empty($this->config('authorize')) ||
 			$this->isAuthorized($this->user())
 		) {
 			return true;
@@ -335,8 +290,8 @@ class AuthComponent extends Component {
  * of the last authenticator in the chain will be called. The authenticator can
  * handle sending response or redirection as appropriate and return `true` to
  * indicate no furthur action is necessary. If authenticator returns null this
- * method redirects user to login action. If it's an ajax request and
- * $ajaxLogin is specified that element is rendered else a 403 http status code
+ * method redirects user to login action. If it's an ajax request and config
+ * `ajaxLogin` is specified that element is rendered else a 403 http status code
  * is returned.
  *
  * @param Controller $controller A reference to the controller object.
@@ -362,15 +317,17 @@ class AuthComponent extends Component {
 		}
 
 		if (!$controller->request->is('ajax')) {
-			$this->flash($this->authError);
+			$this->flash($this->config('authError'));
 			$this->Session->write('Auth.redirect', $controller->request->here(false));
-			$controller->redirect($this->loginAction);
+			$controller->redirect($this->config('loginAction'));
 			return false;
 		}
-		if (!empty($this->ajaxLogin)) {
+
+		$ajaxLogin = $this->config('ajaxLogin');
+		if (!empty($ajaxLogin)) {
 			$controller->response->statusCode(403);
 			$controller->viewPath = 'Element';
-			echo $controller->render($this->ajaxLogin, $this->RequestHandler->ajaxLayout);
+			echo $controller->render($ajaxLogin, $this->RequestHandler->ajaxLayout);
 			$this->_stop();
 			return false;
 		}
@@ -379,7 +336,7 @@ class AuthComponent extends Component {
 	}
 
 /**
- * Normalizes $loginAction and checks if current request URL is same as login action.
+ * Normalizes config `loginAction` and checks if current request URL is same as login action.
  *
  * @param Controller $controller A reference to the controller object.
  * @return boolean True if current action is login action else false.
@@ -390,7 +347,7 @@ class AuthComponent extends Component {
 			$url = $controller->request->url;
 		}
 		$url = Router::normalize($url);
-		$loginAction = Router::normalize($this->loginAction);
+		$loginAction = Router::normalize($this->config('loginAction'));
 
 		return $loginAction === $url;
 	}
@@ -401,43 +358,57 @@ class AuthComponent extends Component {
  * @param Controller $controller A reference to the controller object
  * @return boolean Returns false
  * @throws \Cake\Error\ForbiddenException
- * @see AuthComponent::$unauthorizedRedirect
  */
 	protected function _unauthorized(Controller $controller) {
-		if ($this->unauthorizedRedirect === false) {
-			throw new Error\ForbiddenException($this->authError);
+		$unauthorizedRedirect = $this->config('unauthorizedRedirect');
+		if ($unauthorizedRedirect === false) {
+			throw new Error\ForbiddenException($this->config('authError'));
 		}
 
-		$this->flash($this->authError);
-		if ($this->unauthorizedRedirect === true) {
+		$this->flash($this->config('authError'));
+		if ($unauthorizedRedirect === true) {
 			$default = '/';
-			if (!empty($this->loginRedirect)) {
-				$default = $this->loginRedirect;
+			$loginRedirect = $this->config('loginRedirect');
+			if (!empty($loginRedirect)) {
+				$default = $loginRedirect;
 			}
 			$url = $controller->referer($default, true);
 		} else {
-			$url = $this->unauthorizedRedirect;
+			$url = $unauthorizedRedirect;
 		}
 		$controller->redirect($url, null, true);
 		return false;
 	}
 
 /**
- * Attempts to introspect the correct values for object properties.
+ * Sets defaults for configs.
  *
- * @return boolean True
+ * @return void
  */
 	protected function _setDefaults() {
-		$defaults = array(
-			'logoutRedirect' => $this->loginAction,
+		$defaults = [
+			'authenticate' => ['Form'],
+			'flash' => [
+				'element' => 'default',
+				'key' => 'auth',
+				'params' => []
+			],
+			'loginAction' => [
+				'controller' => 'users',
+				'action' => 'login',
+				'plugin' => null
+			],
+			'logoutRedirect' => $this->config('loginAction'),
 			'authError' => __d('cake', 'You are not authorized to access that location.')
-		);
-		foreach ($defaults as $key => $value) {
-			if (!isset($this->{$key}) || $this->{$key} === true) {
-				$this->{$key} = $value;
+		];
+
+		$config = $this->config();
+		foreach ($config as $key => $value) {
+			if ($value !== null) {
+				unset($defaults[$key]);
 			}
 		}
-		return true;
+		$this->config($defaults);
 	}
 
 /**
@@ -479,11 +450,12 @@ class AuthComponent extends Component {
  * @throws \Cake\Error\Exception
  */
 	public function constructAuthorize() {
-		if (empty($this->authorize)) {
+		$authorize = $this->config('authorize');
+		if (empty($authorize)) {
 			return;
 		}
 		$this->_authorizeObjects = array();
-		$authorize = Hash::normalize((array)$this->authorize);
+		$authorize = Hash::normalize((array)$authorize);
 		$global = array();
 		if (isset($authorize[AuthComponent::ALL])) {
 			$global = $authorize[AuthComponent::ALL];
@@ -616,8 +588,7 @@ class AuthComponent extends Component {
  * in an authentication object. Logging out will also renew the session id.
  * This helps mitigate issues with session replays.
  *
- * @return string AuthComponent::$logoutRedirect
- * @see AuthComponent::$logoutRedirect
+ * @return string Normalized config `logoutRedirect`
  * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#logging-users-out
  */
 	public function logout() {
@@ -632,7 +603,7 @@ class AuthComponent extends Component {
 		$this->Session->delete(static::$sessionKey);
 		$this->Session->delete('Auth.redirect');
 		$this->Session->renew();
-		return Router::normalize($this->logoutRedirect);
+		return Router::normalize($this->config('logoutRedirect'));
 	}
 
 /**
@@ -698,9 +669,9 @@ class AuthComponent extends Component {
  *
  *  - Returns the normalized URL from session Auth.redirect value if it is
  *    present and for the same domain the current app is running on.
- *  - If there is no session value and there is a $loginRedirect, the $loginRedirect
- *    value is returned.
- *  - If there is no session and no $loginRedirect, / is returned.
+ *  - If there is no session value and there is a config `loginRedirect`, the
+ *    `loginRedirect` value is returned.
+ *  - If there is no session and no `loginRedirect`, / is returned.
  *
  * @param string|array $url Optional URL to write as the login redirect URL.
  * @return string Redirect URL
@@ -713,11 +684,11 @@ class AuthComponent extends Component {
 			$redir = $this->Session->read('Auth.redirect');
 			$this->Session->delete('Auth.redirect');
 
-			if (Router::normalize($redir) == Router::normalize($this->loginAction)) {
-				$redir = $this->loginRedirect;
+			if (Router::normalize($redir) == Router::normalize($this->config('loginAction'))) {
+				$redir = $this->config('loginRedirect');
 			}
-		} elseif ($this->loginRedirect) {
-			$redir = $this->loginRedirect;
+		} elseif ($this->config('loginRedirect')) {
+			$redir = $this->config('loginRedirect');
 		} else {
 			$redir = '/';
 		}
@@ -755,11 +726,12 @@ class AuthComponent extends Component {
  * @throws \Cake\Error\Exception
  */
 	public function constructAuthenticate() {
-		if (empty($this->authenticate)) {
+		$authenticate = $this->config('authenticate');
+		if (empty($authenticate)) {
 			return;
 		}
 		$this->_authenticateObjects = array();
-		$authenticate = Hash::normalize((array)$this->authenticate);
+		$authenticate = Hash::normalize((array)$authenticate);
 		$global = array();
 		if (isset($authenticate[AuthComponent::ALL])) {
 			$global = $authenticate[AuthComponent::ALL];
@@ -780,7 +752,7 @@ class AuthComponent extends Component {
 	}
 
 /**
- * Set a flash message. Uses the Session component, and values from AuthComponent::$flash.
+ * Set a flash message. Uses the Session component, and values from `flash` config.
  *
  * @param string $message The message to set.
  * @return void
@@ -789,7 +761,13 @@ class AuthComponent extends Component {
 		if ($message === false) {
 			return;
 		}
-		$this->Session->setFlash($message, $this->flash['element'], $this->flash['params'], $this->flash['key']);
+		$flashConfig = $this->config('flash');
+		$this->Session->setFlash(
+			$message,
+			$flashConfig['element'],
+			$flashConfig['params'],
+			$flashConfig['key']
+		);
 	}
 
 }

tests/TestCase/Controller/Component/AuthComponentTest.php

@@ -190,7 +190,7 @@ class AuthComponentTest extends TestCase {
 		$this->Controller->request->here = '/auth_test/admin_add';
 		$this->assertNull($this->Auth->Session->read('Auth.redirect'));
 
-		$this->Auth->authenticate = array('Form');
+		$this->Auth->config('authenticate', ['Form']);
 		$event = new Event('Controller.startup', $this->Controller);
 		$this->Auth->startup($event);
 		$this->assertEquals('/auth_test/admin_add', $this->Auth->Session->read('Auth.redirect'));
@@ -210,8 +210,8 @@ class AuthComponentTest extends TestCase {
 		$Users = TableRegistry::get('Users');
 		$user = $Users->find('all')->hydrate(false)->first();
 		$this->Auth->Session->write('Auth.User', $user);
-		$this->Controller->Auth->userModel = 'Users';
-		$this->Controller->Auth->authorize = false;
+		$this->Controller->Auth->config('userModel', 'Users');
+		$this->Controller->Auth->config('authorize', false);
 		$this->Controller->request->addParams(Router::parse('auth_test/add'));
 		$this->Controller->Auth->initialize($event);
 		$result = $this->Controller->Auth->startup($event);
@@ -232,7 +232,7 @@ class AuthComponentTest extends TestCase {
  * @return void
  */
 	public function testIsAuthorizedMissingFile() {
-		$this->Controller->Auth->authorize = 'Missing';
+		$this->Controller->Auth->config('authorize', 'Missing');
 		$this->Controller->Auth->isAuthorized(array('User' => array('id' => 1)));
 	}
 
@@ -286,7 +286,7 @@ class AuthComponentTest extends TestCase {
 			'Cake\Controller\Component\Auth\BaseAuthorize',
 			array('authorize'), array(), '', false
 		);
-		$this->Auth->authorize = array('AuthMockFour');
+		$this->Auth->config('authorize', ['AuthMockFour']);
 		$this->Auth->setAuthorizeObject(0, $AuthMockFourAuthorize);
 
 		$user = array('user' => 'mark');
@@ -307,9 +307,7 @@ class AuthComponentTest extends TestCase {
  * @return void
  */
 	public function testLoadAuthorizeResets() {
-		$this->Controller->Auth->authorize = array(
-			'Controller'
-		);
+		$this->Controller->Auth->config('authorize', ['Controller']);
 		$result = $this->Controller->Auth->constructAuthorize();
 		$this->assertEquals(1, count($result));
 
@@ -322,7 +320,7 @@ class AuthComponentTest extends TestCase {
  * @return void
  */
 	public function testLoadAuthenticateNoFile() {
-		$this->Controller->Auth->authenticate = 'Missing';
+		$this->Controller->Auth->config('authenticate', 'Missing');
 		$this->Controller->Auth->identify($this->Controller->request, $this->Controller->response);
 	}
 
@@ -332,10 +330,10 @@ class AuthComponentTest extends TestCase {
  * @return void
  */
 	public function testAllConfigWithAuthorize() {
-		$this->Controller->Auth->authorize = array(
+		$this->Controller->Auth->config('authorize', [
 			AuthComponent::ALL => array('actionPath' => 'controllers/'),
 			'Actions'
-		);
+		]);
 		$objects = $this->Controller->Auth->constructAuthorize();
 		$result = $objects[0];
 		$this->assertEquals('controllers/', $result->config('actionPath'));
@@ -347,9 +345,7 @@ class AuthComponentTest extends TestCase {
  * @return void
  */
 	public function testLoadAuthenticateResets() {
-		$this->Controller->Auth->authenticate = array(
-			'Form'
-		);
+		$this->Controller->Auth->config('authenticate', ['Form']);
 		$result = $this->Controller->Auth->constructAuthenticate();
 		$this->assertEquals(1, count($result));
 
@@ -363,10 +359,10 @@ class AuthComponentTest extends TestCase {
  * @return void
  */
 	public function testAllConfigWithAuthenticate() {
-		$this->Controller->Auth->authenticate = array(
+		$this->Controller->Auth->config('authenticate', [
 			AuthComponent::ALL => array('userModel' => 'AuthUsers'),
 			'Form'
-		);
+		]);
 		$objects = $this->Controller->Auth->constructAuthenticate();
 		$result = $objects[0];
 		$this->assertEquals('AuthUsers', $result->config('userModel'));
@@ -527,12 +523,12 @@ class AuthComponentTest extends TestCase {
 		$event = new Event('Controller.initialize', $this->Controller);
 		$this->Auth->initialize($event);
 
-		$this->Auth->loginRedirect = array(
+		$this->Auth->config('loginRedirect', [
 			'controller' => 'pages', 'action' => 'display', 'welcome'
-		);
+		]);
 		$event = new Event('Controller.startup', $this->Controller);
 		$this->Auth->startup($event);
-		$expected = Router::normalize($this->Auth->loginRedirect);
+		$expected = Router::normalize($this->Auth->config('loginRedirect'));
 		$this->assertEquals($expected, $this->Auth->redirectUrl());
 
 		$this->Auth->Session->delete('Auth');
@@ -549,11 +545,11 @@ class AuthComponentTest extends TestCase {
 
 		$event = new Event('Controller.initialize', $this->Controller);
 		$this->Auth->initialize($event);
-		$this->Auth->authorize = 'controller';
+		$this->Auth->config('authorize', 'controller');
 
-		$this->Auth->loginAction = array(
+		$this->Auth->config('loginAction', [
 			'controller' => 'AuthTest', 'action' => 'login'
-		);
+		]);
 		$event = new Event('Controller.startup', $this->Controller);
 		$this->Auth->startup($event);
 		$expected = Router::normalize('/AuthTest/login');
@@ -568,8 +564,8 @@ class AuthComponentTest extends TestCase {
 		$this->Controller->request->env('HTTP_REFERER', Router::url('/admin', true));
 		$event = new Event('Controller.initialize', $this->Controller);
 		$this->Auth->initialize($event);
-		$this->Auth->loginAction = 'auth_test/login';
-		$this->Auth->loginRedirect = false;
+		$this->Auth->config('loginAction', 'auth_test/login');
+		$this->Auth->config('loginRedirect', false);
 		$event = new Event('Controller.startup', $this->Controller);
 		$this->Auth->startup($event);
 		$expected = Router::normalize('/admin');
@@ -582,7 +578,7 @@ class AuthComponentTest extends TestCase {
 		$this->Auth->request->url = $this->Auth->request->here = Router::normalize($url);
 		$event = new Event('Controller.initialize', $this->Controller);
 		$this->Auth->initialize($event);
-		$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
+		$this->Auth->config('loginAction', ['controller' => 'AuthTest', 'action' => 'login']);
 		$event = new Event('Controller.startup', $this->Controller);
 		$this->Auth->startup($event);
 		$expected = Router::normalize('posts/view/1');
@@ -600,7 +596,7 @@ class AuthComponentTest extends TestCase {
 
 		$event = new Event('Controller.initialize', $this->Controller);
 		$this->Auth->initialize($event);
-		$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
+		$this->Auth->config('loginAction', ['controller' => 'AuthTest', 'action' => 'login']);
 		$event = new Event('Controller.startup', $this->Controller);
 		$this->Auth->startup($event);
 		$expected = Router::normalize('posts/index/29?print=true&refer=menu');
@@ -625,7 +621,7 @@ class AuthComponentTest extends TestCase {
 
 		$event = new Event('Controller.initialize', $this->Controller);
 		$this->Auth->initialize($event);
-		$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
+		$this->Auth->config('loginAction', ['controller' => 'users', 'action' => 'login']);
 		$event = new Event('Controller.startup', $this->Controller);
 		$this->Auth->startup($event);
 		$expected = Router::normalize('/posts/add');
@@ -645,7 +641,7 @@ class AuthComponentTest extends TestCase {
 		$this->Auth->request->url = $this->Auth->request->here = Router::normalize($url);
 		$event = new Event('Controller.initialize', $this->Controller);
 		$this->Auth->initialize($event);
-		$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
+		$this->Auth->config('loginAction', ['controller' => 'AuthTest', 'action' => 'login']);
 		$event = new Event('Controller.startup', $this->Controller);
 		$this->Auth->startup($event);
 		$expected = Router::normalize('/posts/edit/1');
@@ -660,7 +656,7 @@ class AuthComponentTest extends TestCase {
 		$this->Auth->request->url = Router::normalize($url);
 		$event = new Event('Controller.initialize', $this->Controller);
 		$this->Auth->initialize($event);
-		$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
+		$this->Auth->config('loginAction', ['controller' => 'AuthTest', 'action' => 'login']);
 		$event = new Event('Controller.startup', $this->Controller);
 		$this->Auth->startup($event);
 		$expected = Router::normalize('/');
@@ -681,13 +677,13 @@ class AuthComponentTest extends TestCase {
 		$this->Auth->request->url = 'auth_test/login';
 
 		$this->Auth->Session->write('Auth.User.id', '1');
-		$this->Auth->authenticate = array('Form');
+		$this->Auth->config('authenticate', ['Form']);
 		$this->getMock(
 			'Cake\Controller\Component\Auth\BaseAuthorize',
 			array('authorize'), array(), 'NoLoginRedirectMockAuthorize', false
 		);
-		$this->Auth->authorize = array('NoLoginRedirectMockAuthorize');
-		$this->Auth->loginAction = array('controller' => 'auth_test', 'action' => 'login');
+		$this->Auth->config('authorize', ['NoLoginRedirectMockAuthorize']);
+		$this->Auth->config('loginAction', ['controller' => 'auth_test', 'action' => 'login']);
 
 		$event = new Event('Controller.startup', $this->Controller);
 		$return = $this->Auth->startup($event);
@@ -705,11 +701,11 @@ class AuthComponentTest extends TestCase {
 		$this->Auth->request = $Request = new Request($url);
 		$Request->env('HTTP_REFERER', false);
 		$this->Auth->request->addParams(Router::parse($url));
-		$this->Auth->authorize = array('Controller');
+		$this->Auth->config('authorize', ['Controller']);
 		$this->Auth->login(array('username' => 'mariano', 'password' => 'cake'));
-		$this->Auth->loginRedirect = array(
-			'controller' => 'something', 'action' => 'else',
-		);
+		$this->Auth->config('loginRedirect', [
+			'controller' => 'something', 'action' => 'else'
+		]);
 
 		$response = new Response();
 		$Controller = $this->getMock(
@@ -719,7 +715,7 @@ class AuthComponentTest extends TestCase {
 		);
 		$event = new Event('Controller.startup', $Controller);
 
-		$expected = Router::url($this->Auth->loginRedirect, true);
+		$expected = Router::url($this->Auth->config('loginRedirect'), true);
 		$Controller->expects($this->once())
 			->method('redirect')
 			->with($this->equalTo($expected));
@@ -735,11 +731,11 @@ class AuthComponentTest extends TestCase {
 		$url = '/party/on';
 		$this->Auth->request = $request = new Request($url);
 		$this->Auth->request->addParams(Router::parse($url));
-		$this->Auth->authorize = array('Controller');
+		$this->Auth->config('authorize', ['Controller']);
 		$this->Auth->login(array('username' => 'admad', 'password' => 'cake'));
 
 		$expected = ['controller' => 'no_can_do', 'action' => 'jack'];
-		$this->Auth->unauthorizedRedirect = $expected;
+		$this->Auth->config('unauthorizedRedirect', $expected);
 
 		$response = new Response();
 		$Controller = $this->getMock(
@@ -773,11 +769,11 @@ class AuthComponentTest extends TestCase {
 		$url = '/party/on';
 		$this->Auth->request = $Request = new Request($url);
 		$this->Auth->request->addParams(Router::parse($url));
-		$this->Auth->authorize = array('Controller');
+		$this->Auth->config('authorize', ['Controller']);
 		$this->Auth->login(array('username' => 'admad', 'password' => 'cake'));
 		$expected = ['controller' => 'no_can_do', 'action' => 'jack'];
-		$this->Auth->unauthorizedRedirect = $expected;
-		$this->Auth->authError = false;
+		$this->Auth->config('unauthorizedRedirect', $expected);
+		$this->Auth->config('authError', false);
 
 		$Response = new Response();
 		$Controller = $this->getMock(
@@ -803,7 +799,7 @@ class AuthComponentTest extends TestCase {
 	}
 
 /**
- * Throw ForbiddenException if AuthComponent::$unauthorizedRedirect set to false
+ * Throw ForbiddenException if config `unauthorizedRedirect` is set to false
  * @expectedException \Cake\Error\ForbiddenException
  * @return void
  */
@@ -811,8 +807,10 @@ class AuthComponentTest extends TestCase {
 		$url = '/party/on';
 		$this->Auth->request = $request = new Request($url);
 		$this->Auth->request->addParams(Router::parse($url));
-		$this->Auth->authorize = array('Controller');
-		$this->Auth->unauthorizedRedirect = false;
+		$this->Auth->config([
+			'authorize' => ['Controller'],
+			'unauthorizedRedirect' => false
+		]);
 		$this->Auth->login(array('username' => 'baker', 'password' => 'cake'));
 
 		$response = new Response();
@@ -839,8 +837,10 @@ class AuthComponentTest extends TestCase {
 		$url = '/AuthTest/login';
 		$this->Auth->request = $controller->request = new Request($url);
 		$this->Auth->request->addParams(Router::parse($url));
-		$this->Auth->loginAction = array('controller' => 'AuthTest', 'action' => 'login');
-		$this->Auth->authorize = array('Controller');
+		$this->Auth->config([
+			'loginAction', ['controller' => 'AuthTest', 'action' => 'login'],
+			'authorize', ['Controller']
+		]);
 
 		$controller->expects($this->never())
 			->method('redirect');
@@ -883,9 +883,9 @@ class AuthComponentTest extends TestCase {
 		Router::setRequestInfo($this->Auth->request);
 		$this->Auth->initialize($event);
 
-		$this->Auth->loginAction = array(
+		$this->Auth->config('loginAction', [
 			'prefix' => 'admin', 'controller' => 'auth_test', 'action' => 'login'
-		);
+		]);
 
 		$this->Auth->startup($event);
 		$this->assertEquals('/admin/auth_test/login', $this->Controller->testUrl);
@@ -941,11 +941,11 @@ class AuthComponentTest extends TestCase {
 		Router::setRequestInfo($request);
 
 		$this->Auth->initialize($event);
-		$this->Auth->loginAction = [
+		$this->Auth->config('loginAction', [
 			'prefix' => 'admin',
 			'controller' => 'auth_test',
 			'action' => 'login'
-		];
+		]);
 		$this->Auth->startup($event);
 
 		$this->assertNull($this->Controller->testUrl);
@@ -964,9 +964,9 @@ class AuthComponentTest extends TestCase {
 		$this->Auth->request->env('PHP_AUTH_USER', 'mariano');
 		$this->Auth->request->env('PHP_AUTH_PW', 'cake');
 
-		$this->Auth->authenticate = array(
+		$this->Auth->config('authenticate', [
 			'Basic' => array('userModel' => 'AuthUsers')
-		);
+		]);
 		$this->Auth->startup($event);
 
 		$result = $this->Auth->user();
@@ -998,8 +998,14 @@ class AuthComponentTest extends TestCase {
 			'loginAction' => array('controller' => 'people', 'action' => 'login'),
 			'logoutRedirect' => array('controller' => 'people', 'action' => 'login'),
 		);
-		$this->assertEquals($expected['loginAction'], $this->Controller->Auth->loginAction);
-		$this->assertEquals($expected['logoutRedirect'], $this->Controller->Auth->logoutRedirect);
+		$this->assertEquals(
+			$expected['loginAction'],
+			$this->Controller->Auth->config('loginAction')
+		);
+		$this->assertEquals(
+			$expected['logoutRedirect'],
+			$this->Controller->Auth->config('logoutRedirect')
+		);
 	}
 
 /**
@@ -1010,7 +1016,7 @@ class AuthComponentTest extends TestCase {
 	public function testLogout() {
 		$this->Auth->Session->write('Auth.User.id', '1');
 		$this->Auth->Session->write('Auth.redirect', '/users/login');
-		$this->Auth->logoutRedirect = '/';
+		$this->Auth->config('logoutRedirect', '/');
 		$result = $this->Auth->logout();
 
 		$this->assertEquals('/', $result);
@@ -1029,7 +1035,7 @@ class AuthComponentTest extends TestCase {
 			array('authenticate', 'logout'), array(), '', false
 		);
 
-		$this->Auth->authenticate = array('LogoutTriggerMock');
+		$this->Auth->config('authenticate', ['LogoutTriggerMock']);
 		$this->Auth->setAuthenticateObject(0, $LogoutTriggerMockAuthenticate);
 		$LogoutTriggerMockAuthenticate->expects($this->once())
 			->method('logout');
@@ -1115,11 +1121,11 @@ class AuthComponentTest extends TestCase {
 			->method('setFlash')
 			->with('Auth failure', 'custom', array(1), 'auth-key');
 
-		$this->Auth->flash = array(
+		$this->Auth->config('flash', [
 			'element' => 'custom',
 			'params' => array(1),
 			'key' => 'auth-key'
-		);
+		]);
 		$this->Auth->flash('Auth failure');
 	}
 
@@ -1141,7 +1147,7 @@ class AuthComponentTest extends TestCase {
  * @return void
  */
 	public function testRedirectSessionRead() {
-		$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
+		$this->Auth->config('loginAction', ['controller' => 'users', 'action' => 'login']);
 		$this->Auth->Session->write('Auth.redirect', '/users/home');
 
 		$result = $this->Auth->redirectUrl();
@@ -1173,8 +1179,10 @@ class AuthComponentTest extends TestCase {
  * @return void
  */
 	public function testRedirectSessionReadEqualToLoginAction() {
-		$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
-		$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'home');
+		$this->Auth->config([
+			'loginAction' => ['controller' => 'users', 'action' => 'login'],
+			'loginRedirect' => ['controller' => 'users', 'action' => 'home']
+		]);
 		$this->Auth->Session->write('Auth.redirect', array('controller' => 'users', 'action' => 'login'));
 
 		$result = $this->Auth->redirectUrl();
@@ -1206,8 +1214,8 @@ class AuthComponentTest extends TestCase {
 
 		Router::setRequestInfo($this->Auth->request);
 
-		$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
-		$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'home');
+		$this->Auth->config('loginAction', ['controller' => 'users', 'action' => 'login']);
+		$this->Auth->config('loginRedirect', ['controller' => 'users', 'action' => 'home']);
 
 		$result = $this->Auth->redirectUrl();
 		$this->assertEquals('/users/home', $result);
@@ -1271,7 +1279,7 @@ class AuthComponentTest extends TestCase {
 		$_SESSION = null;
 
 		AuthComponent::$sessionKey = false;
-		$this->Auth->authenticate = array('Basic');
+		$this->Auth->config('authenticate', ['Basic']);
 		$this->Controller->request['action'] = 'admin_add';
 
 		$result = $this->Auth->startup($event);
@@ -1290,9 +1298,9 @@ class AuthComponentTest extends TestCase {
 		$event = new Event('Controller.startup', $this->Controller);
 
 		AuthComponent::$sessionKey = false;
-		$this->Auth->authenticate = array(
+		$this->Auth->config('authenticate', [
 			'Basic' => array('userModel' => 'AuthUsers')
-		);
+		]);
 		$this->Controller->request['action'] = 'admin_add';
 
 		$this->Controller->request->env('PHP_AUTH_USER', 'mariano');

tests/test_app/TestApp/Controller/AjaxAuthController.php

@@ -54,8 +54,8 @@ class AjaxAuthController extends Controller {
  * @return void
  */
 	public function beforeFilter(Event $event) {
-		$this->TestAuth->ajaxLogin = 'test_element';
-		$this->TestAuth->userModel = 'AuthUser';
+		$this->TestAuth->config('ajaxLogin', 'test_element');
+		$this->TestAuth->config('userModel', 'AuthUser');
 		$this->TestAuth->RequestHandler->ajaxLayout = 'ajax2';
 	}