As the name implies, this class is used to perform user authentication. The class constructor accepts the domain service class and a base directory as arguments. The base directory is then used to create a Session instance that the SimpleAuth class consumes. You can also see a getSession() method, which grants access to the internally stored Session instance. Likewise, the getToken() method is used to retrieve the token generated by Session.
The workhorse of this class is authByEmail(). It uses the domain service class to perform a lookup based on the customer's email address, used as part of the web login process (described later in this chapter). The method uses bcrypt.checkpw() to check the provided plaintext, UTF-8 encoded password, against the stored hashed password.
The authenticate() method brings everything together. It accepts an email address and plaintext password. The first thing to do is run authByEmail(). If successful, this method...