The 9.0 version uses the new plugins cakephp/authentication(read more) and cakephp/authorization(read more) instead of CakePHP Authentication component. This version is compatible with CakePHP 4.x and the plugin code was updated to remove all deprecations.
We have added/removed/changed some configurations to work with new authentication/authorization plugins, if you created a custom config file, please compare your file with the default config/users.php from this plugin.
-
Users.middlewareQueueLoader was added;
-
Users.auth was removed since AuthComponent is not used;
-
Users.Social.authenticator was removed in favor of Auth.Authenticators.Social and Auth.Identifiers.Social;
-
Users.GoogleAuthenticator was renamed to OneTimePasswordAuthenticator;
-
GoogleAuthenticator was renamed to OneTimePasswordAuthenticator;
-
Auth.authenticate was removed in favor of Auth.Authentication, Auth.AuthenticationComponent, Auth.Authenticators, Auth.Identifiers
-
Auth.authorize was removed in favor of Auth.Authorization, Auth.AuthorizationMiddleware, Auth.AuthorizationComponent
-
Added Auth.SocialLoginFailure to handle social login
-
Added Auth.FormLoginFailure to handle form login
-
CakeDC/Auth was upgraded and now has a better way to handle social login. Oauth providers config like OAuth.providers.facebook requires two new config keys, 'service' and 'mapper'.
-
Users.controller config now is also used in mapping users routes (/login, register). You need to give permissions to your new controller actions.
-
Users controller rely on CakeDC/Users.Setup Component, when using a custom users controller make sure to load it.
/**
* Initialize
*
* @return void
*/
public function initialize()
{
parent::initialize();
$this->loadComponent('CakeDC/Users.Setup');
if ($this->components()->has('Security')) {
$this->Security->setConfig(
'unlockedActions',
['login', 'u2fRegister', 'u2fRegisterFinish', 'u2fAuthenticate', 'u2fAuthenticateFinish']
);
}
}In this version you need to load the plugin in your Application class.
/**
* {@inheritDoc}
*/
public function bootstrap()
{
// Call parent to load bootstrap from files.
parent::bootstrap();
//your code
$this->addPlugin(\CakeDC\Users\Plugin::class);
}
All events constants were moved from AuthComponent to Plugin class and their values was also updated.
Users.Component.UsersAuth.afterLoginrenamed toUsers.Authentication.afterLoginUsers.Component.UsersAuth.beforeLogoutrenamed toUsers.Authentication.beforeLogoutUsers.Component.UsersAuth.afterLogoutrenamed toUsers.Authentication.afterLogoutUsers.Component.UsersAuth.beforeRegisterrenamed toUsers.Global.beforeRegisterUsers.Component.UsersAuth.afterRegisterrenamed toUsers.Global.afterRegisterUsers.Component.UsersAuth.afterResetPasswordrenamed toUsers.Global.afterResetPasswordUsers.Component.UsersAuth.beforeSocialLoginUserCreaterenamed toUsers.Global.beforeSocialLoginUserCreateUsers.Component.UsersAuth.onExpiredTokenrenamed toUsers.Global.onExpiredTokenUsers.Component.UsersAuth.afterResendTokenValidationrenamed toUsers.Global.afterResendTokenValidation
Users.Component.UsersAuth.isAuthorizeduse cakephp\authorization components or \CakeDC\Auth\Traits\IsAuthorizedTrait instead.Users.Component.UsersAuth.beforeLoginimplement a middleware before authetication middleware.Users.Component.UsersAuth.failedSocialLoginUsers.Component.UsersAuth.afterCookieLogin
In previous version you usually used AuthComponent to get the authenticated user, now you should use the provided 'identity' attribute, you can do this in your controller.
$user = $this->getRequest()->getAttribute('identity');
if ($user) {
//Do stuff
}
Authentication process read and store user data at session key 'Auth' not 'Auth.User' and the value should be an User object.
In your integration test class replace this:
$this->session(['Auth.User' => $userData]);
with
$this->session(['Auth' => new \CakeDC\Users\Model\Entity\User($userData)]);