2017 © Pedro Peláez

cakephp-plugin tokenize

Security Tokens



Security Tokens

  • Monday, May 14, 2018
  • by jadb
  • Repository
  • 1 Watchers
  • 8 Stars
  • 2,507 Installations
  • PHP
  • 3 Dependents
  • 1 Suggesters
  • 10 Forks
  • 0 Open issues
  • 5 Versions
  • 11 % Grown



Build Status Coverage Status Total Downloads License, (*1)

Security tokens for CakePHP 3., (*2)


Ever wanted to force users to activate their account upon registration?, (*3)

Or maybe just a confirmation link when updating their credentials?, (*4)

Ok, ok - maybe before cancelling a subscription or better, before sending funds out., (*5)

Well, now you can. Attach listeners to your models for sending out emails (or any other notification method of your choice), and you're good to go!, (*6)


Using Composer:, (*7)

composer require muffin/tokenize

You then need to load the plugin. You can use the shell command:, (*8)

bin/cake plugin load Muffin/Tokenize --routes

or by manually adding statement shown below to bootstrap.php:, (*9)

Plugin::load('Muffin/Tokenize', ['routes' => true]);

This will ensure that the route for /verify/:token style URL is configured., (*10)

You can also customize the token's length, lifetime and table through Configure as shown below:, (*11)

Configure::write('Muffin/Tokenize', [
    'lifetime' => '3 days', // Default value
    'length' => 32, // Default value
    'table' => 'tokenize_tokens', // Default value

You will also need to create the required table. A migration file was added to help you with that:, (*12)

bin/cake migrations migrate --plugin Muffin/Tokenize

How it works

When creating or updating a record, and if the data contains any tokenized field(s), a token will automatically be created along with the value of the field(s) in question., (*13)

When this happens the Model.afterTokenize event is fired and passed the operation's related entity and the associated token that was created for it., (*14)

The initial (save or update) operation resumes but without the tokenized fields., (*15)

The tokenized fields will only be updated upon submission of their associated token., (*16)


To tokenize the password column on updates, add this to your UsersTable:, (*17)

$this->addBehavior('Muffin/Tokenize.Tokenize', [
    'fields' => ['password'],

If instead you wanted to have it create a token both on account creation and credentials update:, (*18)

$this->addBehavior('Muffin/Tokenize.Tokenize', [
    'fields' => ['password'],
    'implementedEvents' => [
        'Model.beforeSave' => 'beforeSave',
        'Model.afterSave' => 'afterSave',

Finally, if you just wish to create a token on the fly for other custom scenarios (i.e. password-less login), you can manually create a token:, (*19)


The above operation, will return a Muffin\Tokenize\Model\Entity\Token instance., (*20)

To verify a token from a controller's action:, (*21)

$result = $this->Users->Tokens->verify($token);

Patches & Features

  • Fork
  • Mod, fix
  • Test - this is important, so it's not unintentionally broken
  • Commit - do not mess with license, todo, version, etc. (if you do change any, bump them into commits of their own that I can ignore when I pull)
  • Pull request - bonus point for topic branches

To ensure your PRs are considered for upstream, you MUST follow the CakePHP coding standards., (*22)

Bugs & Feedback

http://github.com/usemuffin/tokenize/issues, (*23)


Copyright (c) 2015, Use Muffin and licensed under The MIT License., (*24)

The Versions

14/05 2018