Where does that function come from?

component extends=“coldbox.system.EventHandler” {
this.prehandler_only = “”;
this.prehandler_except = “”;
this.posthandler_only = “”;
this.posthandler_except = “”;
this.aroundHandler_only = “”;
this.aroundHandler_except = “”;
// REST Allowed HTTP Methods Ex: this.allowedMethods = {delete=‘POST,DELETE’,index=‘GET’}
this.allowedMethods = {};
// IMPLICIT FUNCTIONS: Uncomment to use
public function preHandler(event,rc,prc,action){
// get user object and set in prc
prc.oUser = auth().getuser();

Looking at this Coldbox handler, how do I work out where the auth() function comes from? I tried definition and type definition in VS code but nothing is returned. Am I missing a plugin?
I searched the API docs - The search box only searches on the name of the module so no luck there, and I didn’t have time to search every module.

There are no package or module links in this handler so I’m not sure how to work this out from the code.

Those come from viewHelpers or applicationHelpers. Modules can also contribute those. You can check what ones you have registered in the ColdBox config file and your file system as well as the modules you have installed.

In this example, that helper comes from cbauth. Installation and Usage - cbAuth

Thanks - Yes I found it in the end. Adds such a cognitive overhead when you are trying to get up to speed with a system.

I guess it’s not possible to enforce explicit injection but using it makes much more sense. Code can be read without remembering where everything lives!

I added

property name=“CBAuth” inject=“authenticationService@cbauth”;

and changed the function to prc.oUser = CBAuth.getuser();

and this worked.

Now anybody reading the code will immediately know where the function is. Auth() is a real confusion if you don’t know Coldbox inside and out.

What do you think?

You’re welcome to structure your code any way that works for you. :+1:t2:

I like the auth() helper because cbauth is in almost every ColdBox project I work on, and I also get to use it in views. (disclaimer: I wrote cbauth)


It must be my learnings with Golang - All issues like this are removed, making the code readable, so that you can concentrate on the coding issues and not the structure of the code.
For you, having worked on this framework for a long time, it is easy but I just wonder how many people are put off or absolutely worn out from so many options available in Coldbox.

/app-root/modules/cbsecurity/modules/cbauth/helpers/Mixins.cfm - Ah auth()…

Here is a Golang Example. At the top of every code page there is a package list… eg.

import (

Example function in code

func wellKnownFile() string {
const f = “application_default_credentials.json”
if runtime.GOOS == “windows” {
return filepath.Join(os.Getenv(“APPDATA”), “gcloud”, f)
return filepath.Join(guessUnixHomeDir(), “.config”, “gcloud”, f)

From this you can easily see what packages any function is in.

filepath.Join is in package path/filepath
runtime.GOOS is in package runtime

It is not possible to have any magic here, and all required locations are clear on the page of code you are looking at so that learning time for new devs is much faster. It took me several hours to work out how auth() worked.

Thanks again for your help!

How would I put in the link to auth() in the property area at the top of the component? It’s in a file called Mixins.cfm



I’m not sure what you mean the link? You can put a comment with a link:

// auth() -> cbauth.helpers.Mixins#auth

Ah - OK so there is no functional way to describe what is happening and to demonstrate what is happening -

Comments always go out of date, so I’m trying to explain in code what and how auth() is being used. Clarity of code beats magic every time so if everything’s the same it’s best not to use auth() as it just confuses devs.

Just to double check - Is there any functional difference between

property name=“CBAuth” inject=“authenticationService@cbauth”;

Or using


The docs answer this question:

Or, the quick way, you can just use the auth() helper method (which is actually just a shortcut to a wirebox injection).

As an aside, we understand your opinion and stance on this helper. You don’t need to repeat your complaints on each reply. It is discouraging to be told the same complaint again and again while we’re trying to help you. Once is enough; we’ve heard you.

Hi Eric

I was trying to be constructive - If I offended then I’m sorry. Coldbox is incredibly hard to gain understanding of and I was trying to give a newbie view of trying to learn it. There is nothing wrong with auth() but if you don’t know how the system works then it is just a mystery with no ability to explain to the next person where it comes from. Just trying to remember all the Coldbox options is mind boggling enough.

Yes, I understand that lots of the videos are meant to be run as paid tutorials, but only corporates do this. If the ethos was to simplify everything rather than provide lots of ways to do the same thing we could focus more on code rather than trying to keep all the available options in our heads.

As I’ve used Coldfusion I’ve come to like it more and more, but honestly, coding does not have to be this hard. Once you’ve seen good clear code, you understand magic is not required and maintainability is easy.

I’ve bought into the idea that using a Coldbox Framework makes the whole process more appealing to other coders - I’ve worked for several months on this and still feel baffled. I’m not stupid so others must have this problem too.