authentication icon indicating copy to clipboard operation
authentication copied to clipboard
verified publisher icon cakephp

4.x major: Remove deprecations, fix up MultiChecker.

Open dereuromark opened this issue 3 months ago • 11 comments

Prepare https://github.com/cakephp/authentication/issues/716

dereuromark avatar Nov 06 '25 04:11 dereuromark

For some reason 4.x is now protected already, even though just created. I have the ready branch at "4.x-squashed", maybe someone with access can just force push into 4.x?

dereuromark avatar Nov 06 '25 05:11 dereuromark

For some reason 4.x is now protected already, even though just created.

The protection rule is set for *.x, that's way. I have temporarily changed it to 3.x, so you should be able to force push to 4.x now.

ADmad avatar Nov 06 '25 13:11 ADmad

Auth code looks pretty clean and cake-user-friendly now, doesnt it?

dereuromark avatar Nov 06 '25 17:11 dereuromark

@ADmad How do we merge our regression fix into this? Do we want to keep the "cleaner" constructor of 4.x? Or do we move to the lazy defaulting?

dereuromark avatar Nov 29 '25 15:11 dereuromark

Doing it in getIdentifier() does have the benefit that the objects chain gets initialized only when needed.

ADmad avatar Nov 29 '25 16:11 ADmad

Just to be clear:

Config needs to change from:

  $identifier = [
      'Authentication.Token' => [
          'tokenField' => 'id',
          'dataField' => 'key',
          'resolver' => [
              'className' => 'Authentication.Orm',
              'finder' => 'auth',
          ],
      ],
  ];

To:

  $identifier = [
      'className' => 'Authentication.Token',
      'tokenField' => 'id',
      'dataField' => 'key',
      'resolver' => [
          'className' => 'Authentication.Orm',
          'finder' => 'auth',
      ],
  ];

We could shim this (allow for the old array one), but then it would be possible to also insert multiple array key/value pairs or alike.

dereuromark avatar Dec 12 '25 15:12 dereuromark

I think just clarifying the change in a migration guide should suffice

ADmad avatar Dec 12 '25 15:12 ADmad

Some things are auto-upgradable: https://github.com/cakephp/upgrade/pull/370

Shall we start the release process on this major?

dereuromark avatar Dec 13 '25 04:12 dereuromark

Shall we start the release process on this major?

Since we are doing a new major I think we can make this a "proper" CakePHP plugin, i.e. add cakephp/cakephp to composer's require config. I highly doubt anyone is using the auth plugin outside of Cake.

If we do so then some housekeeping that can be done is, rename GenericUrlChecker to StringUrlChecker (and update it's docblock description). Similarly change/cleanup any other code which was meant for framework agnostic usage (can't think of anything off the top of my head though).

ADmad avatar Dec 13 '25 05:12 ADmad

Technically, https://github.com/cakephp/authorization/blob/459cd4d752b3b93ff49791b33ae42a04b82cceb4/composer.json#L27 also only has one package

Couldnt we do the housekeeping for it anyways? and document it as such?

dereuromark avatar Dec 13 '25 18:12 dereuromark

Yes we can do the same for Authorization too.

ADmad avatar Dec 13 '25 19:12 ADmad