4.x major: Remove deprecations, fix up MultiChecker.
Prepare https://github.com/cakephp/authentication/issues/716
For some reason 4.x is now protected already, even though just created. I have the ready branch at "4.x-squashed", maybe someone with access can just force push into 4.x?
For some reason 4.x is now protected already, even though just created.
The protection rule is set for *.x, that's way. I have temporarily changed it to 3.x, so you should be able to force push to 4.x now.
Auth code looks pretty clean and cake-user-friendly now, doesnt it?
@ADmad How do we merge our regression fix into this? Do we want to keep the "cleaner" constructor of 4.x? Or do we move to the lazy defaulting?
Doing it in getIdentifier() does have the benefit that the objects chain gets initialized only when needed.
Just to be clear:
Config needs to change from:
$identifier = [
'Authentication.Token' => [
'tokenField' => 'id',
'dataField' => 'key',
'resolver' => [
'className' => 'Authentication.Orm',
'finder' => 'auth',
],
],
];
To:
$identifier = [
'className' => 'Authentication.Token',
'tokenField' => 'id',
'dataField' => 'key',
'resolver' => [
'className' => 'Authentication.Orm',
'finder' => 'auth',
],
];
We could shim this (allow for the old array one), but then it would be possible to also insert multiple array key/value pairs or alike.
I think just clarifying the change in a migration guide should suffice
Some things are auto-upgradable: https://github.com/cakephp/upgrade/pull/370
Shall we start the release process on this major?
Shall we start the release process on this major?
Since we are doing a new major I think we can make this a "proper" CakePHP plugin, i.e. add cakephp/cakephp to composer's require config. I highly doubt anyone is using the auth plugin outside of Cake.
If we do so then some housekeeping that can be done is, rename GenericUrlChecker to StringUrlChecker (and update it's docblock description). Similarly change/cleanup any other code which was meant for framework agnostic usage (can't think of anything off the top of my head though).
Technically, https://github.com/cakephp/authorization/blob/459cd4d752b3b93ff49791b33ae42a04b82cceb4/composer.json#L27 also only has one package
Couldnt we do the housekeeping for it anyways? and document it as such?
Yes we can do the same for Authorization too.