From 8f0756dfba89abede690338d93cea8c309d03911 Mon Sep 17 00:00:00 2001 From: Alberto Rodriguez Date: Wed, 29 Oct 2025 18:02:41 -0400 Subject: [PATCH 1/2] refactor authentication configuration and update deprecation warnings --- config/users.php | 51 +++++++++++---------- src/Controller/Component/LoginComponent.php | 30 ++++++------ src/Loader/AuthenticationServiceLoader.php | 12 +++++ 3 files changed, 52 insertions(+), 41 deletions(-) diff --git a/config/users.php b/config/users.php index 8376d678..bcb9ca87 100644 --- a/config/users.php +++ b/config/users.php @@ -210,6 +210,18 @@ 'Form' => [ 'className' => 'CakeDC/Auth.Form', 'urlChecker' => 'Authentication.CakeRouter', + 'identifier' => [ + 'Authentication.Password' => [ + 'fields' => [ + 'username' => ['username', 'email'], + 'password' => 'password', + ], + 'resolver' => [ + 'className' => 'Authentication.Orm', + 'finder' => 'active', + ], + ], + ], ], 'Token' => [ 'className' => 'Authentication.Token', @@ -217,6 +229,15 @@ 'header' => null, 'queryParam' => 'api_key', 'tokenPrefix' => null, + 'identifier' => [ + 'Authentication.Token' => [ + 'tokenField' => 'api_token', + 'resolver' => [ + 'className' => 'Authentication.Orm', + 'finder' => 'active', + ], + ], + ], ], 'Cookie' => [ 'className' => 'CakeDC/Auth.Cookie', @@ -231,6 +252,11 @@ 'Social' => [ 'className' => 'CakeDC/Users.Social', 'skipTwoFactorVerify' => true, + 'identifier' => [ + 'CakeDC/Users.Social' => [ + 'authFinder' => 'active', + ], + ], ], 'SocialPendingEmail' => [ 'className' => 'CakeDC/Users.SocialPendingEmail', @@ -244,31 +270,6 @@ ], ] ], - 'Identifiers' => [ - 'Password' => [ - 'className' => 'Authentication.Password', - 'fields' => [ - 'username' => ['username', 'email'], - 'password' => 'password', - ], - 'resolver' => [ - 'className' => 'Authentication.Orm', - 'finder' => 'active', - ], - ], - 'Social' => [ - 'className' => 'CakeDC/Users.Social', - 'authFinder' => 'active', - ], - 'Token' => [ - 'className' => 'Authentication.Token', - 'tokenField' => 'api_token', - 'resolver' => [ - 'className' => 'Authentication.Orm', - 'finder' => 'active', - ], - ], - ], 'Authorization' => [ 'enable' => true, 'serviceLoader' => \CakeDC\Users\Loader\AuthorizationServiceLoader::class, diff --git a/src/Controller/Component/LoginComponent.php b/src/Controller/Component/LoginComponent.php index dcc67c80..fb503dc5 100644 --- a/src/Controller/Component/LoginComponent.php +++ b/src/Controller/Component/LoginComponent.php @@ -165,7 +165,7 @@ protected function afterIdentifyUser($user) $userId = $user['id'] ?? null; Log::info( "Unsafe redirect `$queryRedirect` ignored, user id `{$userId}` " . - "redirected to `$redirectUrl` after successful login", + "redirected to `$redirectUrl` after successful login", ); $queryRedirect = $redirectUrl; } @@ -188,22 +188,20 @@ protected function afterIdentifyUser($user) */ protected function handlePasswordRehash($service, $user, \Cake\Http\ServerRequest $request) { - $indentifiersNames = (array)Configure::read('Auth.PasswordRehash.identifiers'); - foreach ($indentifiersNames as $indentifierName) { - /** - * @var \Authentication\Identifier\AbstractIdentifier|null $checker - */ - $checker = $service->identifiers()->get($indentifierName); - if (!$checker || method_exists($checker, 'needsPasswordRehash') && !$checker->needsPasswordRehash()) { - continue; - } - $passwordField = $checker->getConfig('fields.password', 'password'); - $password = $request->getData($passwordField); - $user->set($passwordField, $password); - $user->setDirty('modified'); - $this->getController()->getUsersTable()->save($user); - break; + /** + * @var \Authentication\Identifier\AbstractIdentifier|null $checker + */ + $checker = $service->getIdentificationProvider(); + + if (!$checker || method_exists($checker, 'needsPasswordRehash') && !$checker->needsPasswordRehash()) { + return; } + + $passwordField = $checker->getConfig('fields.password', 'password'); + $password = $request->getData($passwordField); + $user->set($passwordField, $password); + $user->setDirty('modified'); + $this->getController()->getUsersTable()->save($user); } /** diff --git a/src/Loader/AuthenticationServiceLoader.php b/src/Loader/AuthenticationServiceLoader.php index 6b3e9e0b..6b50739a 100644 --- a/src/Loader/AuthenticationServiceLoader.php +++ b/src/Loader/AuthenticationServiceLoader.php @@ -52,6 +52,18 @@ public function __invoke(ServerRequestInterface $request) protected function loadIdentifiers($service) { $identifiers = Configure::read('Auth.Identifiers'); + + if (empty($identifiers)) { + return; + } + + deprecationWarning( + '15.2.0', + 'Configuring identifiers globally via `Auth.Identifiers` is deprecated. ' . + 'Please move each identifier\'s configuration into the `identifier` key within its specific authenticator under `Auth.Authenticators`. ' . + 'For example, the `Auth.Identifiers.Password` configuration should now be placed inside `Auth.Authenticators.Form.identifier`.' + ); + foreach ($identifiers as $key => $item) { [$identifier, $options] = $this->_getItemLoadData($item, $key); From 0503e4f3adde40789bbd6fff1d4220659977380c Mon Sep 17 00:00:00 2001 From: Alberto Rodriguez Date: Wed, 29 Oct 2025 18:05:16 -0400 Subject: [PATCH 2/2] phpcs fix --- src/Loader/AuthenticationServiceLoader.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Loader/AuthenticationServiceLoader.php b/src/Loader/AuthenticationServiceLoader.php index 6b50739a..63807d1e 100644 --- a/src/Loader/AuthenticationServiceLoader.php +++ b/src/Loader/AuthenticationServiceLoader.php @@ -61,7 +61,7 @@ protected function loadIdentifiers($service) '15.2.0', 'Configuring identifiers globally via `Auth.Identifiers` is deprecated. ' . 'Please move each identifier\'s configuration into the `identifier` key within its specific authenticator under `Auth.Authenticators`. ' . - 'For example, the `Auth.Identifiers.Password` configuration should now be placed inside `Auth.Authenticators.Form.identifier`.' + 'For example, the `Auth.Identifiers.Password` configuration should now be placed inside `Auth.Authenticators.Form.identifier`.', ); foreach ($identifiers as $key => $item) {