Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Tags: dereuromark/cakephp-tinyauth

Tags

5.3.1

Toggle 5.3.1's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Keep wildcard-public controllers public for unknown actions (#174)

A `*` allow rule is expanded to the controller's concrete method list via
get_class_methods() so it can be handed to the Authentication plugin, which
has no wildcard support. An action that does not exist as a method was
therefore dropped from the unauthenticated set, so unauthenticated users
hit the identity check and got redirected to login instead of receiving the
MissingActionException (404) the missing action should produce.

Keep the current request action in the unauthenticated set under a wildcard
allow so unknown actions fall through to MissingActionException, matching the
old AuthComponent behavior. Explicit denies still take precedence.

5.3.0

Toggle 5.3.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Allow authentication v4 (#171)

* Allow authentication v4

* Fix authentication v4 static analysis

* Support authentication v3 and v4 tests

* Use direct identifier instances in tests

* Rename test property to singular identifier

The PrimaryKeySessionAuthenticator test now holds a single IdentifierInterface
instance, so rename the misleading plural property to a singular name.

5.2.0

Toggle 5.2.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Add PHP adapter for ACL and Allow config (#168)

* Add PHP and YAML adapters for ACL and Allow config

Introduces AbstractAclAdapter and AbstractAllowAdapter holding the
section-processing logic shared across all adapters. INI adapters now
extend the base classes; new PhpAclAdapter, PhpAllowAdapter,
YamlAclAdapter and YamlAllowAdapter only implement the file parsing
step.

YAML adapters require symfony/yaml, declared as a suggest dependency
and used for tests via require-dev.

* Note PHP and YAML built-ins in custom-adapters guide

Master's new VitePress docs introduced a custom-adapters page that
described tinyauth as having only INI-based stores. Update the intro
to point at the now-three built-in formats so readers don't reach for
a custom adapter when they just want a different file format.

* Showcase lenient YAML quoting in test fixtures

Strip defensive quotes from comma-separated role/action lists where
YAML's block-scalar rules tolerate them, and drop the unnecessary
quotes around comma-bearing keys like 'edit,view' and 'view, edit'.
Add header comments explaining when quoting IS required (only when a
value/key starts with a YAML reserved character: *, !, &, >, |, etc.)
so future readers don't reach for quotes by reflex.

Tests still pass — the parsed structure is unchanged, only the
on-disk shape is more idiomatic.

* Widen symfony/yaml constraint to allow v8

Composer can pick the highest version compatible with the host PHP:
v6.4 (PHP 8.1+), v7.x (PHP 8.2+) or v8.x (PHP 8.4+). Tinyauth's PHP
floor is 8.2, so v8 is reachable for users on PHP 8.4+ without
breaking the prefer-lowest path on 8.2/8.3.

* Drop YAML adapter, ship PHP-only alongside INI

YAML treats `*` and `!` as reserved metasyntax (alias reference and
tag), but those are exactly the characters TinyAuth's ACL grammar uses
most: `*` for "all actions/roles" and `!action` / `!role` for negation.
Every realistic YAML auth_acl.yml/auth_allow.yml ends up sprinkled with
quoted keys, which is the opposite of "human-friendly" — and a fixture
that needs a legend explaining what to quote is the wrong format for
this domain.

PHP arrays don't have this problem: `*` and `!index` are just strings,
no escaping ceremony, IDE-friendly, no extra dependency. INI stays the
zero-dependency default.

The AbstractAclAdapter / AbstractAllowAdapter base classes from this PR
are kept — INI and PHP both inherit from them, and a third-party YAML
(or any other format) adapter is now ~30 lines for whoever wants it.

5.1.4

Toggle 5.1.4's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Fix isPublic plugin/prefix scope leak and hasRole type juggling (#165)

AclTrait::_isPublic() (src/Auth/AclTrait.php:317) used asymmetric guards
that short-circuited to false when the request had no plugin or prefix,
so a plugin-scoped or prefix-scoped allow rule would match a request
without one. Mirror the symmetric check from AllowTrait::_getAllowRule()
so a rule is skipped whenever either side has a scope and they do not
match.

AuthUserTrait::hasRole() (src/Auth/AuthUserTrait.php:122) used a loose
in_array() that matched 0 against any non-numeric string and treated
auto-int array keys as alias matches. Coerce both sides to string and
compare strictly while still treating numeric-string and int as the
same role id; only string array keys count as alias matches. Reject
non-scalar inputs early.

Adds regression tests for both code paths.

5.1.3

Toggle 5.1.3's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Add roleIdColumn config for UUID-based role systems (#163)

* Add roleIdColumn config for UUID-based role systems

When using UUIDs as role identifiers instead of integer IDs, the
hardcoded 'id' column in _getRolesFromDb() prevented proper role
lookups from the database.

This adds a new 'roleIdColumn' config option (defaults to 'id') that
allows specifying the column used as the role identifier when reading
roles from the database table.

Example for UUID-based systems:
```php
'TinyAuth' => [
    'roleColumn' => 'Role.uuid',
    'roleIdColumn' => 'uuid',
    'aliasColumn' => 'slug',
]
```

* Fix PHPStan: update type annotations for UUID support

* Fix remaining PHPStan type annotations

5.1.2

Toggle 5.1.2's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Fix null array offset deprecation in PHP 8.5 (#162)

* Fix null array offset deprecation in PHP 8.5

Add early return when iniKey is null to avoid using null as array index.

* Fix PHPStan error with nullable return type

Update _constructIniKey to properly return null when controller is not set

5.1.1

Toggle 5.1.1's commit message
Fix AuthPanel serialization issue with PDO objects

The identity object and authentication providers contained references
to PDO connections which cannot be serialized. This caused DebugKit
to fail when viewing the Auth panel.

Changes:
- Store identity->getOriginalData() instead of the raw Identity object
- Store provider class names as strings instead of provider objects
- Update template to work with the new data structure

5.1.0

Toggle 5.1.0's commit message
Group for CLI.

5.0.0

Toggle 5.0.0's commit message
Fix tests