diff --git a/.github/workflows/docs-validation.yml b/.github/workflows/docs-validation.yml new file mode 100644 index 00000000..6fce0002 --- /dev/null +++ b/.github/workflows/docs-validation.yml @@ -0,0 +1,27 @@ +name: Documentation Validation + +on: + push: + branches: + - 4.x + paths: + - 'docs/**' + - '.github/**' + pull_request: + paths: + - 'docs/**' + - '.github/**' + +jobs: + validate: + uses: cakephp/.github/.github/workflows/docs-validation.yml@doc-workflows + with: + docs-path: 'docs' + vitepress-path: 'docs/.vitepress' + enable-config-js-check: true + enable-json-lint: true + enable-toc-check: true + enable-spell-check: true + enable-markdown-lint: true + enable-link-check: true + tools-ref: 'doc-workflows' diff --git a/docs/en/authentication-component.md b/docs/en/authentication-component.md index a98f8731..47d74ff7 100644 --- a/docs/en/authentication-component.md +++ b/docs/en/authentication-component.md @@ -4,7 +4,7 @@ You can use the `AuthenticationComponent` to access the result of authentication, get user identity and logout user. Load the component in your `AppController::initialize()` like any other component: -``` php +```php $this->loadComponent('Authentication.Authentication', [ 'logoutRedirect' => '/users/login' // Default is false ]); @@ -14,7 +14,7 @@ Once loaded, the `AuthenticationComponent` will require that all actions have an authenticated user present, but perform no other access control checks. You can disable this check for specific actions using `allowUnauthenticated()`: -``` php +```php // In your controller's beforeFilter method. $this->Authentication->allowUnauthenticated(['view']); ``` @@ -24,13 +24,13 @@ $this->Authentication->allowUnauthenticated(['view']); You can get the authenticated user identity data using the authentication component: -``` php +```php $user = $this->Authentication->getIdentity(); ``` You can also get the identity directly from the request instance: -``` php +```php $user = $request->getAttribute('identity'); ``` @@ -39,7 +39,7 @@ $user = $request->getAttribute('identity'); You can check if the authentication process was successful by accessing the result object: -``` php +```php // Using Authentication component $result = $this->Authentication->getResult(); @@ -73,7 +73,7 @@ the included authenticators don't put anything in here. To log an identity out just do: -``` php +```php $this->Authentication->logout(); ``` @@ -83,13 +83,13 @@ in either case. Alternatively, instead of the component you can also use the service to log out: -``` php +```php $return = $request->getAttribute('authentication')->clearIdentity($request, $response); ``` The result returned will contain an array like this: -``` php +```php [ 'response' => object(Cake\Http\Response) { ... }, 'request' => object(Cake\Http\ServerRequest) { ... }, @@ -108,7 +108,7 @@ By default `AuthenticationComponent` will automatically enforce an identity to be present during the `Controller.startup` event. You can have this check applied during the `Controller.initialize` event instead: -``` php +```php // In your controller's initialize() method. $this->loadComponent('Authentication.Authentication', [ 'identityCheckEvent' => 'Controller.initialize', @@ -118,6 +118,6 @@ $this->loadComponent('Authentication.Authentication', [ You can also disable identity checks entirely with the `requireIdentity` option or by calling `disableIdentityCheck` from the controller's `beforeFilter()` method itself: -``` php +```php $this->Authentication->disableIdentityCheck(); ``` diff --git a/docs/en/authenticators.md b/docs/en/authenticators.md index 0f2e9beb..0d58be93 100644 --- a/docs/en/authenticators.md +++ b/docs/en/authenticators.md @@ -30,7 +30,7 @@ With only the ID stored, the invalidation due to objects being modified will als A default `TokenIdentifier` is provided that looks up users by their `id` field, so minimal configuration is required: -``` php +```php $service->loadAuthenticator('Authentication.PrimaryKeySession'); ``` @@ -43,7 +43,7 @@ Configuration options: For custom lookup fields, the `idField` and `identifierKey` options propagate to the default identifier automatically: -``` php +```php $service->loadAuthenticator('Authentication.PrimaryKeySession', [ 'idField' => 'uuid', ]); @@ -51,7 +51,7 @@ $service->loadAuthenticator('Authentication.PrimaryKeySession', [ You can also provide a fully custom identifier configuration if needed: -``` php +```php $service->loadAuthenticator('Authentication.PrimaryKeySession', [ 'identifier' => [ 'Authentication.Token' => [ @@ -109,7 +109,7 @@ Configuration options: An example of getting a token from a header, or query string would be: -``` php +```php $service->loadAuthenticator('Authentication.Token', [ 'queryParam' => 'token', 'header' => 'Authorization', @@ -122,7 +122,7 @@ as long as the token was preceded by `Token` and a space. The token will always be passed to the configured identifier as follows: -``` php +```php [ 'token' => '{token-value}', ] @@ -158,7 +158,7 @@ the value of `Cake\Utility\Security::salt()` as encryption key. For enhanced security one can instead use the `RS256` asymmetric key algorithm. You can generate the required keys for that as follows: -``` text +```text # generate private key openssl genrsa -out config/jwt.key 1024 # generate public key @@ -175,7 +175,7 @@ for token verification. Add the following to your `Application` class: -``` php +```php public function getAuthenticationService(ServerRequestInterface $request): AuthenticationServiceInterface { $service = new AuthenticationService(); @@ -193,7 +193,7 @@ public function getAuthenticationService(ServerRequestInterface $request): Authe In your `UsersController`: -``` php +```php use Firebase\JWT\JWT; public function login(): void @@ -221,7 +221,7 @@ public function login(): void Using a JWKS fetched from an external JWKS endpoint is supported as well: -``` php +```php // Application.php public function getAuthenticationService(ServerRequestInterface $request): AuthenticationServiceInterface { @@ -257,7 +257,7 @@ prepared to handle signing key rotations. Beside from sharing the public key file to external application, you can distribute it via a JWKS endpoint by configuring your app as follows: -``` php +```php // config/routes.php $builder->setExtensions('json'); $builder->connect('/.well-known/{controller}', [ @@ -375,7 +375,7 @@ after their session expires for as long as the cookie is valid. If a user is explicitly logged out via `AuthenticationComponent::logout()` the authentication cookie is **also destroyed**. An example configuration would be: -``` php +```php // In Application::getAuthenticationService() // Reuse fields in multiple authenticators. @@ -404,7 +404,7 @@ $service->loadAuthenticator('Authentication.Cookie', [ You'll also need to add a checkbox to your login form to have cookies created: -``` php +```php // In your login view Form->control('remember_me', ['type' => 'checkbox']); ``` @@ -420,7 +420,7 @@ environment variables exposed by the webserver. This enables authentication via [Shibboleth](https://shibboleth.atlassian.net/wiki/spaces/CONCEPT/overview) and similar SAML 1.1 implementations. An example configuration is: -``` php +```php // Configure a token identifier that maps `USER_ID` to the // username column $identifier = [ @@ -442,7 +442,6 @@ $service->loadAuthenticator('Authentication.Environment', [ ]); ``` - ## Events There is only one event that is fired by authentication: @@ -505,7 +504,7 @@ page](url-checkers). After a user has been authenticated you may want to inspect or interact with the Authenticator that successfully authenticated the user: -``` php +```php // In a controller action $service = $this->request->getAttribute('authentication'); @@ -515,7 +514,7 @@ $authenticator = $service->getAuthenticationProvider(); You can also get the identifier that identified the user as well: -``` php +```php // In a controller action $service = $this->request->getAttribute('authentication'); @@ -530,7 +529,7 @@ you should remember that these authenticators will halt the request when authentication credentials are missing or invalid. This is necessary as these authenticators must send specific challenge headers in the response: -``` php +```php use Authentication\AuthenticationService; // Instantiate the service @@ -569,7 +568,7 @@ authenticated. You can convert this exception into a redirect using the You can also pass the current request target URI as a query parameter using the `queryParam` option: -``` php +```php // In the getAuthenticationService() method of your src/Application.php $service = new AuthenticationService(); @@ -584,7 +583,7 @@ $service->setConfig([ Then in your controller's login method you can use `getLoginRedirect()` to get the redirect target safely from the query string parameter: -``` php +```php public function login(): ?\Cake\Http\Response { $result = $this->Authentication->getResult(); @@ -613,7 +612,7 @@ authentication for your API, but sessions for your web interface. To support this flow you can return different authentication services based on the URL path, or any other request attribute: -``` php +```php public function getAuthenticationService( ServerRequestInterface $request ): AuthenticationServiceInterface { diff --git a/docs/en/contents.md b/docs/en/contents.md index 1f699378..adeb1ab8 100644 --- a/docs/en/contents.md +++ b/docs/en/contents.md @@ -1,6 +1,6 @@ # Contents -### CakePHP Authentication +## CakePHP Authentication - [Quick Start](index) - [Authenticators](authenticators) diff --git a/docs/en/identifiers.md b/docs/en/identifiers.md index 1f83caad..3c778999 100644 --- a/docs/en/identifiers.md +++ b/docs/en/identifiers.md @@ -4,7 +4,7 @@ Identifiers will identify a user or service based on the information that was extracted from the request by the authenticators. A holistic example of using the Password Identifier looks like: -``` php +```php $identifier = [ 'Authentication.Password' => [ 'fields' => [ @@ -118,7 +118,7 @@ Configuration options: Callback identifiers can either return `null|ArrayAccess` for simple results, or an `Authentication\Authenticator\Result` if you want to forward error messages: -``` php +```php // A simple callback identifier $identifier = [ 'Authentication.Callback' => [ @@ -185,7 +185,7 @@ reside under `App\Identifier\Resolver` namespace. Resolver can be configured using `resolver` config option: -``` php +```php $identifier = [ 'Authentication.Password' => [ 'resolver' => [ @@ -200,7 +200,7 @@ $identifier = [ Or pass the constructed resolver directly into the identifier configuration: -``` php +```php $resolver = new \App\Identifier\Resolver\CustomResolver(); $identifier = [ 'Authentication.Password' => [ diff --git a/docs/en/identity-object.md b/docs/en/identity-object.md index e6e5096c..7e082beb 100644 --- a/docs/en/identity-object.md +++ b/docs/en/identity-object.md @@ -7,7 +7,7 @@ called to get the primary id value of the current log in identity. The reason this object exists is to provide an interface that makes it implementations/sources: -``` php +```php // Service $authenticationService ->getIdentity() @@ -28,7 +28,7 @@ The identity object provides ArrayAccess but as well a `get()` method to access data. It is strongly recommended to use the `get()` method over array access because the get method is aware of the field mapping: -``` php +```php $identity->get('email'); $identity->get('username'); ``` @@ -38,7 +38,7 @@ The `get()` method can also be type-hinted via IDE meta file, e.g. through If you want, you can use property access, however: -``` text +```text $identity->email; $identity->username; ``` @@ -48,7 +48,7 @@ is pretty useful if the identifier of the identity is a non-conventional `id` field or if you want to map other fields to more generic and common names: -``` php +```php $identity = new Identity($data, [ 'fieldMap' => [ 'id' => 'uid', @@ -69,7 +69,7 @@ create your own identity object, your object must implement the If you’d like to continue using your existing User class with this plugin you can implement the `Authentication\IdentityInterface`: -``` php +```php namespace App\Model\Entity; use Authentication\IdentityInterface; @@ -103,7 +103,7 @@ If your identifiers cannot have their resulting objects modified to implement the `IdentityInterface` you can implement a custom decorator that implements the required interface: -``` php +```php // You can use a callable... $identityResolver = function ($data) { return new MyCustomIdentity($data); diff --git a/docs/en/impersonation.md b/docs/en/impersonation.md index 9a2247eb..2ed83075 100644 --- a/docs/en/impersonation.md +++ b/docs/en/impersonation.md @@ -10,7 +10,7 @@ To impersonate another user you can use the `impersonate()` method on the `AuthenticationComponent`. To impersonate a user you first need to load that user from your application's database: -``` php +```php // In a controller public function impersonate(): \Cake\Http\Response { @@ -44,7 +44,7 @@ Once you have started to impersonate a user, all subsequent requests will have Once you are done impersonating a user, you can then end impersonation and revert back to your previous identity using `AuthenticationComponent`: -``` php +```php // In a controller public function revertIdentity(): \Cake\Http\Response { @@ -64,6 +64,6 @@ public function revertIdentity(): \Cake\Http\Response There are a few limitations to impersonation. -1. Your application must be using the `Session` authenticator. -2. You cannot impersonate another user while impersonation is active. Instead +1. Your application must be using the `Session` authenticator. +2. You cannot impersonate another user while impersonation is active. Instead you must `stopImpersonating()` and then start it again. diff --git a/docs/en/index.md b/docs/en/index.md index 2956e3ee..202a83fd 100644 --- a/docs/en/index.md +++ b/docs/en/index.md @@ -3,7 +3,7 @@ Install the plugin with [composer](https://getcomposer.org/) from your CakePHP Project's ROOT directory (where the **composer.json** file is located) -``` bash +```bash php composer.phar require cakephp/authentication ``` @@ -11,7 +11,7 @@ Version 4 of the Authentication Plugin is compatible with CakePHP 5. Load the plugin using the following command: -``` shell +```shell bin/cake plugin load Authentication ``` @@ -22,7 +22,7 @@ be used as a component to make unauthenticated access simpler. First, let's apply the middleware. In **src/Application.php**, add the following to the class imports: -``` php +```php use Authentication\AuthenticationService; use Authentication\AuthenticationServiceInterface; use Authentication\AuthenticationServiceProviderInterface; @@ -42,7 +42,7 @@ class Application extends BaseApplication implements AuthenticationServiceProvid Then update your application's `middleware()` method to look like: -``` php +```php public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue { $middlewareQueue->add(new ErrorHandlerMiddleware(Configure::read('Error'))) @@ -70,7 +70,7 @@ it starts handling the request. This hook method allows your application to define the `AuthenticationService` it wants to use. Add the following method to your **src/Application.php**: -``` php +```php /** * Returns a service provider instance. * @@ -133,7 +133,7 @@ the middleware will add the authentication service to the request object as an Next, in your `AppController` load the [Authentication Component](authentication-component): -``` php +```php // in src/Controller/AppController.php public function initialize(): void { @@ -147,7 +147,7 @@ By default the component will require an authenticated user for **all** actions. You can disable this behavior in specific controllers using `allowUnauthenticated()`: -``` php +```php // in a controller beforeFilter or initialize // Make view and index not require a logged in user. $this->Authentication->allowUnauthenticated(['view', 'index']); @@ -158,7 +158,7 @@ $this->Authentication->allowUnauthenticated(['view', 'index']); Once you have the middleware applied to your application you'll need a way for users to login. Please ensure your database has been created with the Users table structure used in the [CMS tutorial](https://book.cakephp.org/5/en/tutorials-and-examples/cms/database.html). First generate a Users model and controller with bake: -``` bash +```bash bin/cake bake model Users bin/cake bake controller Users ``` @@ -166,7 +166,7 @@ bin/cake bake controller Users Then, we'll add a basic login action to your `UsersController`. It should look like: -``` php +```php // in src/Controller/UsersController.php public function login(): ?\Cake\Http\Response { @@ -189,7 +189,7 @@ Make sure that you allow access to the `login` action in your controller's `beforeFilter()` callback as mentioned in the previous section, so that unauthenticated users are able to access it: -``` php +```php // in src/Controller/UsersController.php public function beforeFilter(\Cake\Event\EventInterface $event): void { @@ -201,7 +201,7 @@ public function beforeFilter(\Cake\Event\EventInterface $event): void Next we'll add a view template for our login form: -``` php +```php // in templates/Users/login.php
Form->create() ?> @@ -217,7 +217,7 @@ Next we'll add a view template for our login form: Then add a simple logout action: -``` php +```php // in src/Controller/UsersController.php public function logout(): \Cake\Http\Response { @@ -235,7 +235,7 @@ In order to login your users will need to have hashed passwords. You can automatically hash passwords when users update their password using an entity setter method: -``` php +```php // in src/Model/Entity/User.php use Authentication\PasswordHasher\DefaultPasswordHasher; diff --git a/docs/en/middleware.md b/docs/en/middleware.md index 4feb64c8..12aeab08 100644 --- a/docs/en/middleware.md +++ b/docs/en/middleware.md @@ -31,7 +31,7 @@ of the application for example the API and Web UI. You can do so by using condit logic in your applications `getAuthenticationService()` hook method. By inspecting the request object you can configure authentication appropriately: -``` php +```php public function getAuthenticationService(ServerRequestInterface $request): AuthenticationServiceInterface { $path = $request->getPath(); diff --git a/docs/en/migration-from-the-authcomponent.md b/docs/en/migration-from-the-authcomponent.md index fcc63090..c8825827 100644 --- a/docs/en/migration-from-the-authcomponent.md +++ b/docs/en/migration-from-the-authcomponent.md @@ -53,7 +53,7 @@ implement the `IdentifierInterface`. The first step to migrating your application is to load the authentication plugin in your application's bootstrap method: -``` php +```php public function bootstrap(): void { parent::bootstrap(); @@ -65,7 +65,7 @@ Then update your application to implement the authentication provider interface. This lets the AuthenticationMiddleware know how to get the authentication service from your application: -``` php +```php // in src/Application.php // Add the following use statements. @@ -95,7 +95,7 @@ class Application extends BaseApplication implements AuthenticationServiceProvid Next add the `AuthenticationMiddleware` to your application: -``` php +```php // in src/Application.php public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue { @@ -114,7 +114,7 @@ The configuration array from `AuthComponent` needs to be split into identifiers and authenticators when configuring the service. So when you had your `AuthComponent` configured this way: -``` php +```php $this->loadComponent('Auth', [ 'authentication' => [ 'Form' => [ @@ -129,7 +129,7 @@ $this->loadComponent('Auth', [ You’ll now have to configure it this way: -``` php +```php // Instantiate the service $service = new AuthenticationService(); @@ -153,7 +153,7 @@ $service->loadAuthenticator('Authentication.Form', [ If you have customized the `userModel` you can use the following configuration: -``` php +```php // Instantiate the service $service = new AuthenticationService(); @@ -183,7 +183,7 @@ identity based on your authenticators. Usually after logging in, upon a successful login, change your login action to check the new identity results: -``` php +```php public function login(): ?\Cake\Http\Response { $result = $this->Authentication->getResult(); @@ -212,7 +212,7 @@ After applying the middleware you can use identity data by using the user is unauthenticated or if the provided credentials were invalid, the `identity` attribute will be `null`: -``` php +```php $user = $request->getAttribute('identity'); ``` @@ -220,7 +220,7 @@ For more details about the result of the authentication process you can access the result object that also comes with the request and is accessible on the `authentication` attribute: -``` php +```php $result = $request->getAttribute('authentication')->getResult(); // Boolean if the result is valid $isValid = $result->isValid(); @@ -233,7 +233,7 @@ $errors = $result->getErrors(); Any place you were calling `AuthComponent::setUser()`, you should now use `setIdentity()`: -``` php +```php // Assume you need to read a user by access token $user = $this->Users->find('byToken', token: $token)->first(); @@ -247,7 +247,7 @@ Like `AuthComponent` the `AuthenticationComponent` makes it easy to make specific actions ‘public’ and not require a valid identity to be present: -``` php +```php // In your controller's beforeFilter method. $this->Authentication->allowUnauthenticated(['view']); ``` @@ -257,7 +257,7 @@ action list. To mimic `$this->Auth->deny(['register']);` you can do: -``` php +```php $action = $this->getRequest()->getParam('action'); if ($action !== 'register') { $this->Authentication->allowUnauthenticated([$action]); @@ -276,7 +276,7 @@ You can also pass the current request target URI as a query parameter using the `queryParam` option. Note that the redirect parameter is only appended for GET requests to prevent redirecting to non-GET actions after login: -``` php +```php // In the getAuthenticationService() method of your src/Application.php $service = new AuthenticationService(); @@ -291,7 +291,7 @@ $service->setConfig([ Then in your controller's login method you can use `getLoginRedirect()` to get the redirect target safely from the query string parameter: -``` php +```php public function login(): ?\Cake\Http\Response { $result = $this->Authentication->getResult(); @@ -317,7 +317,7 @@ If your application uses `AuthComponent`’s hash upgrade functionality. You can replicate that logic with this plugin by leveraging the `AuthenticationService`: -``` php +```php public function login(): ?\Cake\Http\Response { $result = $this->Authentication->getResult(); diff --git a/docs/en/password-hashers.md b/docs/en/password-hashers.md index eb69cc37..9cb3ffea 100644 --- a/docs/en/password-hashers.md +++ b/docs/en/password-hashers.md @@ -36,7 +36,7 @@ algorithm to another, this is achieved through the Legacy password to the Default bcrypt hasher, you can configure the fallback hasher as follows: -``` php +```php $passwordIdentifier = [ 'Authentication.Password' => [ // Other config options @@ -59,7 +59,7 @@ Then in your login action you can use the authentication service to access the `Password` identifier and check if the current user’s password needs to be upgraded: -``` php +```php public function login(): ?\Cake\Http\Response { $authentication = $this->request->getAttribute('authentication'); diff --git a/docs/en/redirect-validation.md b/docs/en/redirect-validation.md index 4ca08b12..3f15fa80 100644 --- a/docs/en/redirect-validation.md +++ b/docs/en/redirect-validation.md @@ -11,7 +11,7 @@ By default, the authentication service does not validate redirect URLs beyond ch are relative (not external). This means that malicious actors or misconfigured bots could create deeply nested redirect chains like: -``` text +```text /login?redirect=/login?redirect=/login?redirect=/protected/page ``` @@ -23,7 +23,7 @@ exploits. To enable redirect validation, configure the `redirectValidation` option in your `AuthenticationService`: -``` php +```php // In src/Application.php getAuthenticationService() method $service = new AuthenticationService(); $service->setConfig([ @@ -66,7 +66,7 @@ via excessively long URLs. Here's a complete example with custom configuration: -``` php +```php $service = new AuthenticationService(); $service->setConfig([ 'unauthenticatedRedirect' => '/users/login', @@ -86,7 +86,7 @@ When redirect validation is enabled and a redirect URL fails validation, `getLog will return `null` instead of the invalid URL. Your application should handle this by redirecting to a default location: -``` php +```php // In your controller $target = $this->Authentication->getLoginRedirect() ?? '/'; return $this->redirect($target); @@ -96,9 +96,9 @@ return $this->redirect($target); The validation performs the following checks in order: -1. **Redirect Depth**: Counts occurrences of `redirect=` in the decoded URL -2. **Encoding Level**: Counts occurrences of `%25` (percent-encoded percent sign) -3. **URL Length**: Checks total character count +1. **Redirect Depth**: Counts occurrences of `redirect=` in the decoded URL +2. **Encoding Level**: Counts occurrences of `%25` (percent-encoded percent sign) +3. **URL Length**: Checks total character count If any check fails, the URL is rejected. @@ -107,7 +107,7 @@ If any check fails, the URL is rejected. You can extend `AuthenticationService` and override the `validateRedirect()` method to implement custom validation logic, such as blocking specific URL patterns: -``` php +```php namespace App\Auth; use Authentication\AuthenticationService; @@ -159,7 +159,7 @@ security strategy that includes: In production environments, bots (especially AI crawlers like GPTBot) have been observed creating redirect chains with 6-7 levels of nesting: -``` text +```text /login?redirect=%2Flogin%3Fredirect%3D%252Flogin%253Fredirect%253D... ``` diff --git a/docs/en/testing.md b/docs/en/testing.md index da1104ae..81bd6572 100644 --- a/docs/en/testing.md +++ b/docs/en/testing.md @@ -5,7 +5,7 @@ need to simulate authentication credentials in your integration tests. First, ensure that your controller or middleware tests are using the `IntegrationTestTrait`: -``` php +```php // In a controller test. use Cake\TestSuite\IntegrationTestTrait; use Cake\TestSuite\TestCase; @@ -28,7 +28,7 @@ Session based authentication requires simulating the User data that normally would be found in the session. In your test cases you can define a helper method that lets you 'login': -``` php +```php protected function login(int $userId = 1): void { $user = $this->fetchTable('Users')->get($userId); @@ -39,7 +39,7 @@ protected function login(int $userId = 1): void In your integration tests you can use `login()` to simulate a user being logged in: -``` php +```php public function testGet() { $this->login(); @@ -53,7 +53,7 @@ public function testGet() With token based authentication you need to simulate the `Authorization` header. After getting valid token setup the request: -``` php +```php protected function getToken(): string { // Get a token for a known user @@ -79,7 +79,7 @@ When testing Basic or Digest Authentication, you can add the environment variables that [PHP creates](https://php.net/manual/en/features.http-auth.php) automatically: -``` php +```php public function testGet(): void { $this->configRequest([ diff --git a/docs/en/upgrade-2-to-3.md b/docs/en/upgrade-2-to-3.md index 29fee23b..97c70917 100644 --- a/docs/en/upgrade-2-to-3.md +++ b/docs/en/upgrade-2-to-3.md @@ -1,6 +1,6 @@ # Upgrading from 2.x to 3.x -``` bash +```bash composer require cakephp/authentication:^3.0 -W ``` diff --git a/docs/en/upgrade-3-to-4.md b/docs/en/upgrade-3-to-4.md index 07751d5f..a8a4c25e 100644 --- a/docs/en/upgrade-3-to-4.md +++ b/docs/en/upgrade-3-to-4.md @@ -12,7 +12,7 @@ accept a nullable `IdentifierInterface` directly. **Before (3.x):** -``` php +```php use Authentication\Identifier\IdentifierCollection; $identifiers = new IdentifierCollection([ @@ -24,7 +24,7 @@ $authenticator = new FormAuthenticator($identifiers); **After (4.x):** -``` php +```php use Authentication\Identifier\IdentifierFactory; // Option 1: Pass identifier directly @@ -47,7 +47,7 @@ Identifiers are now managed by individual authenticators. **Before (3.x):** -``` php +```php $service = new AuthenticationService(); $service->loadIdentifier('Authentication.Password'); $service->loadAuthenticator('Authentication.Form'); @@ -55,7 +55,7 @@ $service->loadAuthenticator('Authentication.Form'); **After (4.x):** -``` php +```php $service = new AuthenticationService(); $service->loadAuthenticator('Authentication.Form', [ 'identifier' => 'Authentication.Password', @@ -69,7 +69,7 @@ moved from `AbstractIdentifier` to specific identifier implementations. **Before (3.x):** -``` php +```php use Authentication\Identifier\AbstractIdentifier; $fields = [ @@ -80,7 +80,7 @@ $fields = [ **After (4.x):** -``` php +```php use Authentication\Identifier\PasswordIdentifier; $fields = [ @@ -91,7 +91,7 @@ $fields = [ For LDAP authentication: -``` php +```php use Authentication\Identifier\LdapIdentifier; $fields = [ @@ -108,7 +108,7 @@ data from the database on each request. **Before (3.x):** -``` php +```php $service->loadAuthenticator('Authentication.Session', [ 'identify' => true, 'identifier' => 'Authentication.Password', @@ -117,7 +117,7 @@ $service->loadAuthenticator('Authentication.Session', [ **After (4.x):** -``` php +```php $service->loadAuthenticator('Authentication.PrimaryKeySession'); ``` @@ -131,7 +131,7 @@ URL checkers have been completely restructured: **Before (3.x):** -``` php +```php // Using CakeRouterUrlChecker explicitly $service->loadAuthenticator('Authentication.Form', [ 'urlChecker' => 'Authentication.CakeRouter', @@ -155,7 +155,7 @@ $service->loadAuthenticator('Authentication.Form', [ **After (4.x):** -``` php +```php // DefaultUrlChecker is now hardcoded (formerly CakeRouterUrlChecker) $service->loadAuthenticator('Authentication.Form', [ 'loginUrl' => [ @@ -178,7 +178,7 @@ For multiple URLs, you must explicitly use `MultiUrlChecker`. **Multiple URLs - Before (3.x):** -``` php +```php // This would auto-select the appropriate checker $service->loadAuthenticator('Authentication.Form', [ 'loginUrl' => [ @@ -190,7 +190,7 @@ $service->loadAuthenticator('Authentication.Form', [ **Multiple URLs - After (4.x):** -``` php +```php // Must explicitly configure MultiUrlChecker $service->loadAuthenticator('Authentication.Form', [ 'urlChecker' => 'Authentication.Multi', @@ -203,7 +203,7 @@ $service->loadAuthenticator('Authentication.Form', [ Single URLs work the same in both versions: -``` php +```php // String URL $service->loadAuthenticator('Authentication.Form', [ 'loginUrl' => '/users/login', @@ -232,7 +232,7 @@ It requires CakePHP Router and supports both string and array URLs. The 3.x `DefaultUrlChecker` has been renamed to `StringUrlChecker`. -``` php +```php // DefaultUrlChecker now requires CakePHP Router $checker = new DefaultUrlChecker(); $checker->check($request, ['controller' => 'Users', 'action' => 'login']); // Works @@ -250,7 +250,7 @@ $checker->check($request, ['controller' => 'Users']); // Throws exception New factory class for creating identifiers from configuration: -``` php +```php use Authentication\Identifier\IdentifierFactory; // Create from string @@ -272,7 +272,7 @@ $identifier = IdentifierFactory::create($existingIdentifier); New dedicated checker for multiple login URLs: -``` php +```php $service->loadAuthenticator('Authentication.Form', [ 'urlChecker' => 'Authentication.Multi', 'loginUrl' => [ @@ -285,12 +285,12 @@ $service->loadAuthenticator('Authentication.Form', [ ## Migration Tips -1. **Session Identify**: +1. **Session Identify**: If you used `'identify' => true` on `SessionAuthenticator`, switch to `PrimaryKeySessionAuthenticator` which always fetches fresh data. -2. **Search and Replace**: +2. **Search and Replace**: - `AbstractIdentifier::CREDENTIAL_` → `PasswordIdentifier::CREDENTIAL_` - `IdentifierCollection` → `IdentifierFactory` @@ -298,29 +298,29 @@ $service->loadAuthenticator('Authentication.Form', [ - `CakeRouterUrlChecker` → `DefaultUrlChecker` - Old 3.x `DefaultUrlChecker` → `StringUrlChecker` -3. **String URL Checking**: +3. **String URL Checking**: If you want to use string-only URL checking, explicitly configure `StringUrlChecker`: - ``` php + ```php $service->loadAuthenticator('Authentication.Form', [ 'urlChecker' => 'Authentication.String', 'loginUrl' => '/users/login', ]); ``` -4. **Multiple Login URLs**: +4. **Multiple Login URLs**: If you have multiple login URLs, add `'urlChecker' => 'Authentication.Multi'` to your authenticator configuration. -5. **Custom Identifier Setup**: +5. **Custom Identifier Setup**: If you were passing `IdentifierCollection` to authenticators, switch to either passing a single identifier or null (to use defaults). -6. **Test Thoroughly**: +6. **Test Thoroughly**: The changes to identifier management and URL checking are significant. Test all authentication flows after upgrading. diff --git a/docs/en/url-checkers.md b/docs/en/url-checkers.md index b7d845d3..b5b512e2 100644 --- a/docs/en/url-checkers.md +++ b/docs/en/url-checkers.md @@ -15,7 +15,7 @@ routing notation. Uses CakePHP Router and works with named routes. Single URL (string): -``` php +```php $service->loadAuthenticator('Authentication.Form', [ 'loginUrl' => '/users/login', ]); @@ -23,7 +23,7 @@ $service->loadAuthenticator('Authentication.Form', [ Single URL (CakePHP route array): -``` php +```php $service->loadAuthenticator('Authentication.Form', [ 'loginUrl' => [ 'prefix' => false, @@ -43,7 +43,7 @@ Options: Checker for string URLs. Supports regex matching. -``` php +```php $service->loadAuthenticator('Authentication.Form', [ 'urlChecker' => 'Authentication.String', 'loginUrl' => '/users/login', @@ -52,7 +52,7 @@ $service->loadAuthenticator('Authentication.Form', [ Using regex: -``` php +```php $service->loadAuthenticator('Authentication.Form', [ 'urlChecker' => [ 'className' => 'Authentication.String', @@ -76,7 +76,7 @@ You must explicitly configure this checker - it is not auto-detected. Multiple string URLs: -``` php +```php $service->loadAuthenticator('Authentication.Form', [ 'urlChecker' => 'Authentication.Multi', 'loginUrl' => [ @@ -88,7 +88,7 @@ $service->loadAuthenticator('Authentication.Form', [ Multiple CakePHP route arrays: -``` php +```php $service->loadAuthenticator('Authentication.Form', [ 'urlChecker' => 'Authentication.Multi', 'loginUrl' => [ diff --git a/docs/en/view-helper.md b/docs/en/view-helper.md index 452884a7..1ea7955c 100644 --- a/docs/en/view-helper.md +++ b/docs/en/view-helper.md @@ -2,13 +2,13 @@ In your AppView, load the Helper as: -``` php +```php $this->loadHelper('Authentication.Identity'); ``` For very simple checking whether the user is logged in you can use: -``` php +```php if ($this->Identity->isLoggedIn()) { ... } @@ -16,14 +16,14 @@ if ($this->Identity->isLoggedIn()) { Getting user data can be done with: -``` php +```php $username = $this->Identity->get('username'); ``` The following check can be used to tell if a record that belongs to some user is the current logged in user and compare other fields as well: -``` php +```php $isCurrentUser = $this->Identity->is($user->id); $isCurrentRole = $this->Identity->is($user->role_id, 'role_id'); ``` diff --git a/docs/package.json b/docs/package.json index fb3f3a14..51e11cb5 100644 --- a/docs/package.json +++ b/docs/package.json @@ -11,7 +11,7 @@ "keywords": [], "author": "", "license": "ISC", - "type": "commonjs", + "type": "module", "dependencies": { "@cakephp/docs-skeleton": "github:cakephp/docs-skeleton#node-package", "vitepress": "^2.0.0-alpha.16"