You have to create a User component which responds to the getId() method. This user will be retrieved by the retrieve methods from your IUserService

interface {

    /**
     * Return the unique identifier for the user
     */
    function getId();

    /**
     * Verify if the user has one or more of the passed in permissions
     *
     * @permission One or a list of permissions to check for access
     *
     */
    boolean function hasPermission( required permission );

    /**
     * Shortcut to verify it the user is logged in or not.
     */
    boolean function isLoggedIn();

}

v5.0.1

24 Apr 2020 — 03:47:00 UTC

other

• *: fix: Allow any dsl to be the user service (7cfb533)

v5.0.0

02 Apr 2020 — 22:10:08 UTC

BREAKING

• *: feat: Added interception points and return user from authorize (778cd73)

v4.1.2

18 Feb 2020 — 17:27:02 UTC

other

• *: Adjust gitignore file for better directory matching ()

• *: chore: Use forgeboxStorage ()

• Login: Add new preLogin and postLogin interception points ()

• cbstorages: Upgrade cbstorages to 2.0.0 ()

• *: chore: Transfer cbauth to coldbox-modules namespace ()

• *: docs: Fixed Coldbox 4.3 docs link ()

• build: Use openjdk8 on Travis ()

• Storages: Allow customizing of storages ()

• build: Trigger major release for prior commit ()

• ci: Add commandbox-semantic-release ()

• formatting: Clean up spacing at end of lines ()

• server.json: Default to adobe@11 servers ()

• build: Update box.json references to elpete ()

• build: Remove incompatible scripts for commandbox-semantic-release ()

• tests: Fix MockBox expectation to match struct pattern ()

• *: Merge pull request #3 from elpete/add_csr ()

• *: Merge pull request #2 from jclausen/master ()

• build: Trigger major release for prior commit ()

• ci: Add commandbox-semantic-release ()

• formatting: Clean up spacing at end of lines ()

• server.json: Default to adobe@11 servers ()

• build: Remove incompatible scripts for commandbox-semantic-release ()

• tests: Fix MockBox expectation to match struct pattern ()

• *: Merge pull request #3 from elpete/add_csr ()

• *: Merge pull request #2 from jclausen/master ()

Authentication is tedious. Many projects need some sort of authentication system. And in many of these projects you will basically start from scratch. That's why cbauth was created.

cbauth is a library that handles creating user sessions for your app including authenticating users, logging users in and out, and retrieving the currently authenticated user. It is customizable to plug in to your existing authentication method and session storage.

These are some of the methods you can use in your project:

auth.authenticate( username, password );
auth.isLoggedIn();
auth.getUser();
auth.logout();

cbauth is quite flexible. In your IUserService implementation you can define how you want to retrieve your IAuthUser implementation: from a database, LDAP or any other authentication provider. You can define any properties you want to store, permissions or roles, and additional data for your authenticated user.

The current user will be retrieved and cached in a configured requestStorage. The userID will be stored in a configured sessionStorage. Both sessionStorage and requestStorage can be anything you want, as long as they implement the required methods. A common scenario, for example, is when you don't want to use ColdFusion or Lucee sessions for API applications, but instead use a distributed cache.

Additional information for your user can be stored after authentication in your sessio- or request storage by using the announced by cbauth.

Interceptions

cbauth announces several custom interception points. You can use these interception points to change request data or add additional values to session or request scopes. The preAuthentication and postAuthentication events fire during the standard authenticate() method call with a username and password. The preLogin and postLogin events fire during the login() method call. The preLogout and postLogout events fire during the logout() method call.

InterceptData

Modifying the values in the interceptData will change what is passed to isValidCredentials and retrieveUserByUsername. This is the prime time to ignore certain requests or remove or pad usernames.

InterceptData

This is the prime time to store additional values based on the user returned.

InterceptData

InterceptData

This is a good opportunity to store additional data if your application logged the user in manually without authenticating via a username/password like a "remember me" system.

InterceptData

InterceptData

You have to create a UserService and . This UserService needs to have three methods, according to cbauth.interfaces.IUserService

The user component returned by both retrieve... methods needs to respond to getId() as specified by the interface.

• Lucee 5+

• Adobe ColdFusion 2016+

• Coldbox 4.3 +

cbauth

The authentication service can be used by injecting it using WireBox:

property name="auth" inject="authenticationService@cbauth";

// OR

var auth = wirebox.getInstance( "authenticationService@cbauth" );

Or, the quick way, you can just use the auth() helper method (which is actually just a shortcut to a wirebox injection). The auth() helper is very useful in views. And since Wirebox handles singleton management, you don't have to worry about calling auth()too many times.

Methods

login

Logs a user in to the system. The returned user component must respond to the getId() method (as defined in the interface). Additionally, the user is cached in the request scope. If a user is already in the session, this will replace it with the given user. This method returns the passed in user object.

Logs a user out of system. This method can be called regardless of if there is currently a logged in user.

Attempts to log a user by calling the retrieveUserByUsername and isValidCredentials on the provided userServiceClass. If isValidCredentials returns false, it throws a InvalidCredentials exception.

If it succeeds, it returns the logged in user object. If it succeeds, it also sets the user id (obtained by calling getId() on the returned user component) in the configured sessionStorage and the returned user component in the configured requestStorage.

Returns boolean whether a user is logged in to the system.

Alias for isLoggedIn

Returns whether a user is logged out of the system. Opposite of check() and isLoggedIn().

Returns the currently logged in user component.

If there is no logged in user, it throws a NoUserLoggedIn exception.

If there is a user object in the configured requestStorage, it is returned.

If the user object has not been fetched this request, it uses the id set in the configured sessionStorage to fetch the user (using retrieveUserById). It then sets the user in the configured requestStorage so subsequent calls to getUser don't re-fetch the user.

Alias for getUser

Returns the currently logged in user id.

If there is no logged in user, it throws a NoUserLoggedIn exception.