The 9.0 version uses the new plugins cakephp/authentication(read more) and cakephp/authorization(read more) instead of CakePHP Authentication component. This version is compatible with CakePHP 4.x and the plugin code was updated to remove all deprecations.
We have added/removed/changed some configurations to work with new authentication/authorization plugins, if you created a custom config file, please compare your file with the default config/users.php from this plugin.
-
Users.middlewareQueueLoader was added;
-
Users.auth was removed since AuthComponent is not used;
-
Users.Social.authenticator was removed in favor of Auth.Authenticators.Social and Auth.Identifiers.Social;
-
Users.GoogleAuthenticator was renamed to OneTimePasswordAuthenticator;
-
GoogleAuthenticator was renamed to OneTimePasswordAuthenticator;
-
Auth.authenticate was removed in favor of Auth.Authentication, Auth.AuthenticationComponent, Auth.Authenticators, Auth.Identifiers
-
Auth.authorize was removed in favor of Auth.Authorization, Auth.AuthorizationMiddleware, Auth.AuthorizationComponent
-
Added Auth.SocialLoginFailure to handle social login
-
Added Auth.FormLoginFailure to handle form login
-
CakeDC/Auth was upgraded and now has a better way to handle social login. Oauth providers config like OAuth.providers.facebook requires two new config keys, 'service' and 'mapper'.
-
Users.controller config now is also used in mapping users routes (/login, register). You need to give permissions to your new controller actions.
-
Users controller rely on CakeDC/Users.Setup Component, when using a custom users controller make sure to load it.
/**
* Initialize
*
* @return void
*/
public function initialize()
{
parent::initialize();
$this->loadComponent('CakeDC/Users.Setup');
if ($this->components()->has('Security')) {
$this->Security->setConfig(
'unlockedActions',
['login', 'u2fRegister', 'u2fRegisterFinish', 'u2fAuthenticate', 'u2fAuthenticateFinish']
);
}
}
In this version you need to load the plugin in your Application class.
/**
* {@inheritDoc}
*/
public function bootstrap()
{
// Call parent to load bootstrap from files.
parent::bootstrap();
//your code
$this->addPlugin(\CakeDC\Users\Plugin::class);
}
All events constants were moved from AuthComponent to Plugin class and their values was also updated.
Users.Component.UsersAuth.afterLogin
renamed toUsers.Authentication.afterLogin
Users.Component.UsersAuth.beforeLogout
renamed toUsers.Authentication.beforeLogout
Users.Component.UsersAuth.afterLogout
renamed toUsers.Authentication.afterLogout
Users.Component.UsersAuth.beforeRegister
renamed toUsers.Global.beforeRegister
Users.Component.UsersAuth.afterRegister
renamed toUsers.Global.afterRegister
Users.Component.UsersAuth.afterResetPassword
renamed toUsers.Global.afterResetPassword
Users.Component.UsersAuth.beforeSocialLoginUserCreate
renamed toUsers.Global.beforeSocialLoginUserCreate
Users.Component.UsersAuth.onExpiredToken
renamed toUsers.Global.onExpiredToken
Users.Component.UsersAuth.afterResendTokenValidation
renamed toUsers.Global.afterResendTokenValidation
Users.Component.UsersAuth.isAuthorized
use cakephp\authorization components or \CakeDC\Auth\Traits\IsAuthorizedTrait instead.Users.Component.UsersAuth.beforeLogin
implement a middleware before authetication middleware.Users.Component.UsersAuth.failedSocialLogin
Users.Component.UsersAuth.afterCookieLogin
In previous version you usually used AuthComponent to get the authenticated user, now you should use the provided 'identity' attribute, you can do this in your controller.
$user = $this->getRequest()->getAttribute('identity');
if ($user) {
//Do stuff
}
Authentication process read and store user data at session key 'Auth' not 'Auth.User' and the value should be an User object.
In your integration test class replace this:
$this->session(['Auth.User' => $userData]);
with
$this->session(['Auth' => new \CakeDC\Users\Model\Entity\User($userData)]);