SocialBehavior: Set provider in extractAccountData before marshalling

.github/workflows/ci.yml

@@ -45,7 +45,7 @@ jobs:
       run: echo "::set-output name=date::$(date +'%Y-%m')"
 
     - name: Cache composer dependencies
-      uses: actions/cache@v1
+      uses: actions/cache@v4
       with:
         path: ${{ steps.composer-cache.outputs.dir }}
         key: ${{ runner.os }}-composer-${{ steps.key-date.outputs.date }}-${{ hashFiles('composer.json') }}-${{ matrix.prefer-lowest }}
@@ -100,7 +100,7 @@ jobs:
       run: echo "::set-output name=date::$(date +'%Y-%m')"
 
     - name: Cache composer dependencies
-      uses: actions/cache@v1
+      uses: actions/cache@v4
       with:
         path: ${{ steps.composer-cache.outputs.dir }}
         key: ${{ runner.os }}-composer-${{ steps.key-date.outputs.date }}-${{ hashFiles('composer.json') }}-${{ matrix.prefer-lowest }}

src/Authenticator/SocialPendingEmailAuthenticator.php

@@ -67,7 +67,7 @@ protected function _buildLoginUrlErrorResult($request)
             sprintf(
                 'Login URL `%s` did not match `%s`.',
                 (string)$request->getUri(),
-                implode('` or `', (array)$this->getConfig('loginUrl'))
+                implode('` or `', (array)$this->getConfig('loginUrl')),
             ),
         ];
 

src/Command/UsersPasswordEmailCommand.php

@@ -54,13 +54,13 @@ public function execute(Arguments $args, ConsoleIo $io)
         if ($resetUser) {
             $msg = __d(
                 'cake_d_c/users',
-                'Please ask the user to check the email to continue with password reset process'
+                'Please ask the user to check the email to continue with password reset process',
             );
             $io->out($msg);
         } else {
             $msg = __d(
                 'cake_d_c/users',
-                'The password token could not be generated. Please try again'
+                'The password token could not be generated. Please try again',
             );
             $io->abort($msg);
         }

src/Controller/Component/LoginComponent.php

@@ -165,7 +165,7 @@ protected function afterIdentifyUser($user)
             $userId = $user['id'] ?? null;
             Log::info(
                 "Unsafe redirect `$queryRedirect` ignored, user id `{$userId}` " .
-                "redirected to `$redirectUrl` after successful login"
+                "redirected to `$redirectUrl` after successful login",
             );
             $queryRedirect = $redirectUrl;
         }
@@ -243,7 +243,7 @@ protected function updateLastLogin($user)
         $user->set($field, $now);
         $this->getController()->getUsersTable()->updateAll(
             [$field => $now->format('Y-m-d H:i:s')],
-            ['id' => $user->id]
+            ['id' => $user->id],
         );
     }
 

src/Controller/Traits/LinkSocialTrait.php

@@ -83,7 +83,7 @@ public function callbackLinkSocial($alias = null)
             $log = sprintf(
                 'Error linking social account: %s %s',
                 $e->getMessage(),
-                $e
+                $e,
             );
             $this->log($log);
 

src/Controller/Traits/OneTimePasswordVerifyTrait.php

@@ -34,14 +34,14 @@ public function verify()
             Configure::read('Auth.AuthenticationComponent.loginAction'),
             [
                 '?' => $this->getRequest()->getQueryParams(),
-            ]
+            ],
         );
         if (!$this->isVerifyAllowed()) {
             return $this->redirect($loginAction);
         }
 
         $temporarySession = $this->getRequest()->getSession()->read(
-            AuthenticationService::TWO_FACTOR_VERIFY_SESSION_KEY
+            AuthenticationService::TWO_FACTOR_VERIFY_SESSION_KEY,
         );
         $secretVerified = $temporarySession['secret_verified'] ?? null;
         // showing QR-code until shared secret is verified
@@ -53,7 +53,7 @@ public function verify()
 
             $secretDataUri = $this->OneTimePasswordAuthenticator->getQRCodeImageAsDataUri(
                 $temporarySession['email'],
-                $secret
+                $secret,
             );
             $this->set(['secretDataUri' => $secretDataUri]);
         }
@@ -83,7 +83,7 @@ protected function isVerifyAllowed()
         }
 
         $temporarySession = $this->getRequest()->getSession()->read(
-            AuthenticationService::TWO_FACTOR_VERIFY_SESSION_KEY
+            AuthenticationService::TWO_FACTOR_VERIFY_SESSION_KEY,
         );
 
         if (empty($temporarySession) || !isset($temporarySession['id'])) {

src/Controller/Traits/PasswordManagementTrait.php

@@ -61,7 +61,7 @@ public function changePassword($id = null)
                 $redirect = Configure::read('Users.Profile.route');
             } else {
                 $this->Flash->error(
-                    __d('cake_d_c/users', 'Changing another user\'s password is not allowed')
+                    __d('cake_d_c/users', 'Changing another user\'s password is not allowed'),
                 );
                 $this->redirect(Configure::read('Users.Profile.route'));
 
@@ -70,7 +70,7 @@ public function changePassword($id = null)
         } else {
             // password reset
             $user->id = $this->getRequest()->getSession()->read(
-                Configure::read('Users.Key.Session.resetPasswordUserId')
+                Configure::read('Users.Key.Session.resetPasswordUserId'),
             );
             $validatePassword = false;
             $redirect = $this->Authentication->getConfig('loginAction');
@@ -99,7 +99,7 @@ public function changePassword($id = null)
                             'password' => true,
                             'password_confirm' => true,
                         ],
-                    ]
+                    ],
                 );
 
                 if ($user->getErrors()) {
@@ -168,7 +168,7 @@ public function requestResetPassword()
             if ($resetUser) {
                 $msg = __d(
                     'cake_d_c/users',
-                    'If the account is valid, the system will send an instructional email to the address on record.'
+                    'If the account is valid, the system will send an instructional email to the address on record.',
                 );
                 $this->Flash->success($msg);
             } else {
@@ -180,7 +180,7 @@ public function requestResetPassword()
         } catch (UserNotFoundException | UserNotActiveException $exception) {
             $msg = __d(
                 'cake_d_c/users',
-                'If the account is valid, the system will send an instructional email to the address on record.'
+                'If the account is valid, the system will send an instructional email to the address on record.',
             );
             $this->Flash->success($msg);
         } catch (Exception $exception) {

src/Controller/Traits/RegisterTrait.php

@@ -135,7 +135,7 @@ protected function _validateRegisterPost()
 
         return $this->validateReCaptcha(
             $this->getRequest()->getData('g-recaptcha-response'),
-            $this->getRequest()->clientIp()
+            $this->getRequest()->clientIp(),
         );
     }
 

src/Controller/Traits/UserValidationTrait.php

@@ -45,7 +45,7 @@ public function validate($type = null, $token = null)
                         if ($result) {
                             $event = $this->dispatchEvent(
                                 Plugin::EVENT_AFTER_EMAIL_TOKEN_VALIDATION,
-                                ['user' => $result]
+                                ['user' => $result],
                             );
                             $eventResult = $event->getResult();
                             if (!empty($eventResult) && is_array($eventResult)) {
@@ -65,7 +65,7 @@ public function validate($type = null, $token = null)
                         $this->Flash->success(__d('cake_d_c/users', 'Reset password token was validated successfully'));
                         $this->getRequest()->getSession()->write(
                             Configure::read('Users.Key.Session.resetPasswordUserId'),
-                            $result->id
+                            $result->id,
                         );
 
                         return $this->redirect(['action' => 'changePassword']);
@@ -119,7 +119,7 @@ public function resendTokenValidation()
                 }
                 $this->Flash->success(__d(
                     'cake_d_c/users',
-                    'Token has been reset successfully. Please check your email.'
+                    'Token has been reset successfully. Please check your email.',
                 ));
             } else {
                 $this->Flash->error(__d('cake_d_c/users', 'Token could not be reset'));

src/Controller/Traits/Webauthn2faTrait.php

@@ -52,7 +52,7 @@ public function webauthn2faRegisterOptions(?RegisterAdapter $adapter = null)
         }
 
         throw new BadRequestException(
-            __d('cake_d_c/users', 'User already has configured webauthn2fa')
+            __d('cake_d_c/users', 'User already has configured webauthn2fa'),
         );
     }
 
@@ -73,7 +73,7 @@ public function webauthn2faRegister(?RegisterAdapter $adapter = null): \Cake\Htt
                 return $this->getResponse()->withStringBody(json_encode(['success' => true]));
             }
             throw new BadRequestException(
-                __d('cake_d_c/users', 'User already has configured webauthn2fa')
+                __d('cake_d_c/users', 'User already has configured webauthn2fa'),
             );
         } catch (\Throwable $e) {
             $user = $this->request->getSession()->read('Webauthn2fa.User');
@@ -93,7 +93,7 @@ public function webauthn2faAuthenticateOptions(?AuthenticateAdapter $adapter = n
         $adapter = $adapter ?? $this->getWebauthn2faAuthenticateAdapter();
 
         return $this->getResponse()->withStringBody(
-            json_encode($adapter->getOptions())
+            json_encode($adapter->getOptions()),
         );
     }
 
@@ -115,7 +115,7 @@ public function webauthn2faAuthenticate(?AuthenticateAdapter $adapter = null): \
             $this->getRequest()->getSession()->delete('Webauthn2fa');
             $this->getRequest()->getSession()->write(
                 TwoFactorAuthenticator::USER_SESSION_KEY,
-                $adapter->getUser()
+                $adapter->getUser(),
             );
 
             return $this->getResponse()->withStringBody(json_encode([

src/Controller/UsersController.php

@@ -64,7 +64,7 @@ public function initialize(): void
                     'webauthn2faRegisterOptions',
                     'webauthn2faAuthenticate',
                     'webauthn2faAuthenticateOptions',
-                ]
+                ],
             );
         }
     }

src/Identifier/PasswordLockout/LockoutHandler.php

@@ -155,8 +155,8 @@ protected function getTimeWindow(): DateTime
         throw new \UnexpectedValueException(
             __d(
                 'cake_d_c/users',
-                'Config "timeWindowInSeconds" must be integer greater than 60'
-            )
+                'Config "timeWindowInSeconds" must be integer greater than 60',
+            ),
         );
     }
 
@@ -172,8 +172,8 @@ protected function getNumberOfAttemptsFail(): int
         throw new \UnexpectedValueException(
             __d(
                 'cake_d_c/users',
-                'Config "numberOfAttemptsFail" must be integer greater or equal 0'
-            )
+                'Config "numberOfAttemptsFail" must be integer greater or equal 0',
+            ),
         );
     }
 
@@ -190,8 +190,8 @@ protected function getLockoutTime(): int
         throw new \UnexpectedValueException(
             __d(
                 'cake_d_c/users',
-                'Config "lockoutTimeInSeconds" must be integer greater than 60'
-            )
+                'Config "lockoutTimeInSeconds" must be integer greater than 60',
+            ),
         );
     }
 

src/Identifier/PasswordLockoutIdentifier.php

@@ -88,8 +88,8 @@ protected function buildLockoutHandler(array|string $config): LockoutHandlerInte
             throw new \InvalidArgumentException(
                 __d(
                     'cake_d_c/users',
-                    'Option `className` for lockout handler is not present.'
-                )
+                    'Option `className` for lockout handler is not present.',
+                ),
             );
         }
         $className = $config['className'];

src/Loader/AuthenticationServiceLoader.php

@@ -85,7 +85,7 @@ protected function loadAuthenticators($service)
      */
     protected function loadTwoFactorAuthenticator($service, $processors)
     {
-        if (collection($processors)->some(fn ($processor) => $processor->enabled())) {
+        if (collection($processors)->some(fn($processor) => $processor->enabled())) {
             $service->loadAuthenticator('CakeDC/Auth.TwoFactor', [
                 'skipTwoFactorVerify' => true,
             ]);
@@ -106,7 +106,7 @@ protected function _getItemLoadData($item, $key)
         $options = $item;
         if (!isset($options['className'])) {
             throw new \InvalidArgumentException(
-                __d('cake_d_c/users', 'Property  {0}.className should be defined', $key)
+                __d('cake_d_c/users', 'Property  {0}.className should be defined', $key),
             );
         }
         $className = $options['className'];

src/Loader/AuthorizationServiceLoader.php

@@ -40,7 +40,7 @@ public function __invoke(ServerRequestInterface $request)
             new CollectionPolicy([
                 SuperuserPolicy::class,
                 new RbacPolicy(Configure::read('Auth.RbacPolicy')),
-            ])
+            ]),
         );
 
         $orm = new OrmResolver();

src/Loader/LoginComponentLoader.php

@@ -53,11 +53,11 @@ public static function forSocial($controller)
             'messages' => [
                 'FAILURE_USER_NOT_ACTIVE' => __d(
                     'cake_d_c/users',
-                    'Your user has not been validated yet. Please check your inbox for instructions'
+                    'Your user has not been validated yet. Please check your inbox for instructions',
                 ),
                 'FAILURE_ACCOUNT_NOT_ACTIVE' => __d(
                     'cake_d_c/users',
-                    'Your social account has not been validated yet. Please check your inbox for instructions'
+                    'Your social account has not been validated yet. Please check your inbox for instructions',
                 ),
             ],
             'targetAuthenticator' => \CakeDC\Users\Authenticator\SocialAuthenticator::class,

src/Loader/MiddlewareQueueLoader.php

@@ -49,7 +49,7 @@ class MiddlewareQueueLoader
     public function __invoke(
         MiddlewareQueue $middlewareQueue,
         AuthenticationServiceProviderInterface $authenticationServiceProvider,
-        AuthorizationServiceProviderInterface $authorizationServiceProvider
+        AuthorizationServiceProviderInterface $authorizationServiceProvider,
     ) {
         $this->loadSocialMiddleware($middlewareQueue);
         $this->loadAuthenticationMiddleware($middlewareQueue, $authenticationServiceProvider);
@@ -82,7 +82,7 @@ protected function loadSocialMiddleware(MiddlewareQueue $middlewareQueue)
      */
     protected function loadAuthenticationMiddleware(
         MiddlewareQueue $middlewareQueue,
-        AuthenticationServiceProviderInterface $authenticationServiceProvider
+        AuthenticationServiceProviderInterface $authenticationServiceProvider,
     ) {
         $authentication = new AuthenticationMiddleware($authenticationServiceProvider);
         $middlewareQueue->add($authentication);
@@ -97,7 +97,7 @@ protected function loadAuthenticationMiddleware(
     protected function load2faMiddleware(MiddlewareQueue $middlewareQueue)
     {
         $processors = TwoFactorProcessorLoader::processors();
-        if (collection($processors)->some(fn ($processor) => $processor->enabled())) {
+        if (collection($processors)->some(fn($processor) => $processor->enabled())) {
             $middlewareQueue->add(TwoFactorMiddleware::class);
         }
     }
@@ -111,16 +111,16 @@ protected function load2faMiddleware(MiddlewareQueue $middlewareQueue)
      */
     protected function loadAuthorizationMiddleware(
         MiddlewareQueue $middlewareQueue,
-        AuthorizationServiceProviderInterface $authorizationServiceProvider
+        AuthorizationServiceProviderInterface $authorizationServiceProvider,
     ) {
         if (Configure::read('Auth.Authorization.enable') === false) {
             return $middlewareQueue;
         }
         $middlewareQueue->add(
             new AuthorizationMiddleware(
                 $authorizationServiceProvider,
-                Configure::read('Auth.AuthorizationMiddleware')
-            )
+                Configure::read('Auth.AuthorizationMiddleware'),
+            ),
         );
         if (Configure::read('Auth.AuthorizationMiddleware.requireAuthorizationCheck') !== false) {
             $middlewareQueue->add(new RequestAuthorizationMiddleware());

src/Middleware/SocialAuthMiddleware.php

@@ -48,7 +48,7 @@ protected function onAuthenticationException(ServerRequest $request, $exception)
 
             $request->getSession()->write(
                 Configure::read('Users.Key.Session.social'),
-                $exception->getAttributes()['rawData']
+                $exception->getAttributes()['rawData'],
             );
 
             return $this->responseWithActionLocation($response, 'socialEmail');

src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php

@@ -55,7 +55,7 @@ class DefaultRedirectHandler extends CakeRedirectHandler
     public function handle(
         Exception $exception,
         ServerRequestInterface $request,
-        array $options = []
+        array $options = [],
     ): ResponseInterface {
         $options += $this->defaultOptions;
         $response = parent::handle($exception, $request, $options);

src/Model/Behavior/PasswordBehavior.php

@@ -147,7 +147,7 @@ public function changePassword(EntityInterface $user)
             if ($user->current_password === $user->password_confirm) {
                 throw new WrongPasswordException(__d(
                     'cake_d_c/users',
-                    'You cannot use the current password as the new one'
+                    'You cannot use the current password as the new one',
                 ));
             }
         }