-
Notifications
You must be signed in to change notification settings - Fork 44
Comparing changes
Open a pull request
base repository: dereuromark/cakephp-tinyauth
base: 5.2.0
head repository: dereuromark/cakephp-tinyauth
compare: 5.3.0
- 10 commits
- 26 files changed
- 2 contributors
Commits on May 9, 2026
-
Point composer.json homepage at the VitePress docs site
Packagist already shows the GitHub repo under Source; the homepage field is more useful pointing at the dedicated docs site.
Configuration menu - View commit details
-
Copy full SHA for 8aa1555 - Browse repository at this point
Copy the full SHA 8aa1555View commit details
Commits on May 11, 2026
-
Apply cache prefix, drop vendored Folder, tighten route-slot matchers (…
…#169) * Apply cache prefix, drop vendored Folder, tighten route-slot matchers Cache::key() never applied the configured cachePrefix, so two TinyAuth installs sharing a Cake cache pool collided on the bare `acl` / `allow` keys. Multi-tenant or test environments where Cache pools survive across plugin boots could read another install's permissions data. The prefix is now applied, yielding `tiny_auth_acl` / `tiny_auth_allow` by default. Apps that set a custom or empty prefix work as written. Existing caches under the old bare keys go cold once and repopulate on next request. Removed src/Filesystem/Folder.php — a vendored 946-line copy of the legacy CakePHP Folder class that the rest of the framework deleted long ago. Internally it was used only to scan controller directories from Syncer and Adder; replaced with a local _listDirectory(...) using scandir() that returns the same [folders, files] shape, so the $folderContent[0] / $folderContent[1] callsites work unchanged. Two test files used Folder::copy() to seed /tmp; replaced with a RecursiveDirectoryIterator-based copyDirectory() helper in each test. AclTrait::_isPublic and AllowTrait::_getAllowRule mixed isset() with !empty() to compare plugin/prefix slots between request and rule. The mismatch swallowed PHP-falsy values ('0', empty string) where it shouldn't and treated them inconsistently between the two sides. Extracted a _matchesRouteSlot / _matchesAllowSlot helper that treats null and empty-string as the "no plugin / no prefix" sentinel and requires exact match otherwise. Also replaced two strpos(..., $needle) === 0 calls with str_starts_with for clarity (PHP 8 has it natively). 3 new tests cover the cache-prefix application: default prefix, custom prefix, empty prefix yields bare key. All 118 tests, phpstan, and phpcs pass. * Skip dotfiles in _listDirectory and broaden coverage for #169 review Addresses two PR-review concerns: 1. _listDirectory() in Syncer/Adder must skip hidden entries (.git, .svn, .DS_Store, ...) the way the previously-vendored Folder::read did. Adding 'is the first char a dot' to the existing '.'/'..' filter restores the prior behavior — without this, the scan would recurse into editor/VCS metadata directories and potentially pick up controller-shaped files inside them. 2. Codecov flagged Adder.php at 0% patch coverage and AclTrait at 61%. Adder's controller-discovery loop was previously only reachable via the AddCommand integration test, and the trait's new _matchesRouteSlot helper had no direct coverage. Added: - SyncCommandTest::testSyncSkipsHiddenDirectories and AddCommandTest::testAddSkipsHiddenDirectories — drop a .git / .svn directory with a controller-shaped file in tmp, run the command, assert the controller name doesn't surface in output. This exercises Adder._listDirectory and Syncer._listDirectory with hidden-entry rejection in the same path. - AclTraitRouteSlotMatcherTest — anonymous classes hosting AclTrait and AllowTrait expose the protected matchers via a thin wrapper, plus a 11-row dataProvider covers all (null, '', value) crossings including the 'distinct types must not collapse' case the previous !empty() implementation got wrong. phpunit (145/145), phpstan, and phpcs all pass.
Configuration menu - View commit details
-
Copy full SHA for 9884852 - Browse repository at this point
Copy the full SHA 9884852View commit details
Commits on May 21, 2026
-
Configuration menu - View commit details
-
Copy full SHA for 33ec323 - Browse repository at this point
Copy the full SHA 33ec323View commit details -
Enable clean docs URLs and update deploy actions to Node 24
- Set cleanUrls so doc pages drop the .html suffix (works on GitHub Pages) - Bump deploy-docs actions to the Node 24 majors ahead of the Node 20 runner removal (checkout v6, setup-node v6, configure-pages v6, upload-pages-artifact v5, deploy-pages v5)
Configuration menu - View commit details
-
Copy full SHA for 63332d0 - Browse repository at this point
Copy the full SHA 63332d0View commit details
Commits on May 22, 2026
-
Configuration menu - View commit details
-
Copy full SHA for fc60e8b - Browse repository at this point
Copy the full SHA fc60e8bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 973500a - Browse repository at this point
Copy the full SHA 973500aView commit details
Commits on May 23, 2026
-
Add DBML database schema snapshot
Hand-maintained DBML snapshot of the plugin's migration schema under resources/schema/schema.dbml — paste into dbdiagram.io to view/diagram. Mirrors the snapshot already shipped by cakephp-workflow.
Configuration menu - View commit details
-
Copy full SHA for c4a101c - Browse repository at this point
Copy the full SHA c4a101cView commit details -
Link the DBML converter in the schema snapshot
Point readers to https://toolbox.dereuromark.de/dbml so they can convert this DBML snapshot into the migration or raw SQL they need for their own app.
Configuration menu - View commit details
-
Copy full SHA for 609b2af - Browse repository at this point
Copy the full SHA 609b2afView commit details
Commits on May 25, 2026
-
Apply conservative Rector cleanup (#170)
* Apply conservative Rector cleanup * Run PHPCS cleanup * Remove unused startup event * Validate role column config strictly * Restore !empty ternaries in tinyauth
Configuration menu - View commit details
-
Copy full SHA for 1f4b5fb - Browse repository at this point
Copy the full SHA 1f4b5fbView commit details -
Allow authentication v4 (#171)
* Allow authentication v4 * Fix authentication v4 static analysis * Support authentication v3 and v4 tests * Use direct identifier instances in tests * Rename test property to singular identifier The PrimaryKeySessionAuthenticator test now holds a single IdentifierInterface instance, so rename the misleading plural property to a singular name.
Configuration menu - View commit details
-
Copy full SHA for 3311863 - Browse repository at this point
Copy the full SHA 3311863View commit details
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 5.2.0...5.3.0