4.x major: Remove deprecations, fix up MultiChecker. #748
Conversation
|
For some reason 4.x is now protected already, even though just created. |
The protection rule is set for |
Co-authored-by: ADmad <[email protected]>
Co-authored-by: ADmad <[email protected]>
Co-authored-by: ADmad <[email protected]>
|
Auth code looks pretty clean and cake-user-friendly now, doesnt it? |
dereuromark
changed the title
|
@ADmad How do we merge our regression fix into this? |
|
Doing it in |
- Use lazy identifier initialization in getIdentifier() (3.x approach) - Add AuthenticationPlugin as main plugin class, Plugin as deprecated alias - Add redirect validation feature from 3.x - Update all authenticators to use getIdentifier() instead of direct property access
Co-authored-by: ADmad <[email protected]>
markstory
left a comment
markstory
left a comment
There was a problem hiding this comment.
Looking good. I think the impacts of these breaking changes should be a reasonable amount of work in a small section for most applications. I don't think we need to worry about rector here. I like how the authenticator + identifier relationship has ended up working.
|
Just to be clear: Config needs to change from: $identifier = [
'Authentication.Token' => [
'tokenField' => 'id',
'dataField' => 'key',
'resolver' => [
'className' => 'Authentication.Orm',
'finder' => 'auth',
],
],
];To: $identifier = [
'className' => 'Authentication.Token',
'tokenField' => 'id',
'dataField' => 'key',
'resolver' => [
'className' => 'Authentication.Orm',
'finder' => 'auth',
],
];We could shim this (allow for the old array one), but then it would be possible to also insert multiple array key/value pairs or alike. |
|
I think just clarifying the change in a migration guide should suffice |
Adds rules to automate the 3.x to 4.x migration for the authentication plugin: - Rename CakeRouterUrlChecker to DefaultUrlChecker - Rename DefaultUrlChecker (framework-agnostic) to GenericUrlChecker - Rename Plugin to AuthenticationPlugin - Remove loadIdentifier() method calls See: cakephp/authentication#748
- composer.json docs URL - English and French index.rst
|
This PR is only for review, we dont merge this one, correct? As we directly release on 4.x branch |
|
Correct, 4.x will stay as it is and the new release will be done on that branch |
PrimaryKeySessionAuthenticator now works out of the box without
requiring explicit identifier configuration. When no identifier is
provided, it lazily creates a TokenIdentifier configured to look up
users by their `id` field.
Before:
```php
$service->loadAuthenticator('Authentication.PrimaryKeySession', [
'identifier' => [
'className' => 'Authentication.Token',
'tokenField' => 'id',
'dataField' => 'key',
],
]);
```
After:
```php
$service->loadAuthenticator('Authentication.PrimaryKeySession');
```
Custom configuration is still supported by passing an explicit
identifier or by using the `idField` and `identifierKey` config
options which propagate to the default TokenIdentifier.
…ult-identifier Add default TokenIdentifier for PrimaryKeySessionAuthenticator
Co-authored-by: Copilot <[email protected]>
Co-authored-by: ADmad <[email protected]>
Add test coverage for getIdentity() with no identity present
Allow using dot separated field names for Identity::get()
Add IdentityHelper::getIdentity()
The identify option was deprecated in 3.x in favor of PrimaryKeySessionAuthenticator. Remove it for the 4.x major.
Remove fields config and constructor from SessionAuthenticator since they were only used by the removed identify logic. Remove redundant constructor override from PrimaryKeySessionAuthenticator. Simplify tests.
Default to null so authenticators that don't need an identifier (like SessionAuthenticator) can be constructed without arguments.
|
@ADmad merged 3.x and did the cleanup. |
Prepare #716