Merge branch '13.next-cake4' into feature/manage-null-reference

.github/workflows/ci.yml

@@ -9,11 +9,11 @@ on:
 
 jobs:
   testsuite:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
       matrix:
-        php-version: ['7.3', '7.4', '8.0', '8.1']
+        php-version: ['7.4', '8.0', '8.1', '8.2', '8.3']
         db-type: [sqlite, mysql, pgsql]
         prefer-lowest: ['']
 
@@ -79,15 +79,15 @@ jobs:
 
   cs-stan:
     name: Coding Standard & Static Analysis
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
     - uses: actions/checkout@v2
 
     - name: Setup PHP
       uses: shivammathur/setup-php@v2
       with:
-        php-version: '7.3'
+        php-version: '7.4'
         extensions: mbstring, intl, apcu
         coverage: none
 
@@ -117,4 +117,4 @@ jobs:
 
     - name: Run phpstan
       if: success() || failure()
-      run: composer stan
+      run: composer stan

.semver

@@ -1,5 +1,5 @@
 ---
 :major: 11
-:minor: 2
+:minor: 3
 :patch: 0
 :special: ''

CHANGELOG.md

@@ -1,8 +1,61 @@
 Changelog
 =========
+Releases for CakePHP 4.5
+------------------------
+* 13.0.0
+  * Set dependecy for CakeDC/Auth to 9.0. Perform 2FA refactoring,
 
-Releases for CakePHP 4
--------------
+* 11.3.5
+  * Update ci.yml with php8.2 and php8.3
+  * fix: minor fix on last_login datetime format
+  * Update Permissions.md
+  * fix: config for updateLastLogin
+  * fix: remove deprecated code on profile logic
+  * feat:flash message on login, on cake4 
+
+* 11.3.4
+  * Fix `Detected invalid UTF-8 for field...` issue when storing session data from `Webauthn` in a mongo database.
+
+* 11.3.3
+  * Add display of unauthorized url in flash message when debug is true
+
+* 11.3.2
+  * Improve documentation, coding standards
+
+* 11.3.1
+  * Merge changes from diverged branches, including link generator and keep CakePHP 4.5 compatibility
+
+* 11.3.0
+  * Require CakePHP ^4.5
+
+Releases for CakePHP 4.4
+------------------------
+* 11.2.5
+  * Fix failed tests and code standards
+
+* 11.2.4
+  * Fix dependencies, require CakePHP 4.4.*
+
+* 11.2.3
+  * Improved documentation
+  * Deprecate (broken) compatibility with Linkedin Oauth based connector, they only provide compatibility with OpenID Connect now
+  * Add Dutch translation by Stefan
+  * Add `linkGenerator` for emails, useful for API driven apps
+  * Fix CakePHP 4.5 deprecations
+  * Fix webauthn loading issues
+
+* 11.2.2
+  * Fix issue with password rehash with a custom password field
+
+* 11.2.1
+  * Use UsersUrl and unify url building for login action
+
+* 11.2.0
+  * Feature/microsoft login by @arodu in #1000
+  * Add more events into login component (before login, after login failure) by @rochamarcelo in #1007
+
+* 11.1.1
+  * Use url builder for login redirect
 
 * 11.1.0
   * German (de) by @LordSimal
@@ -12,6 +65,22 @@ Releases for CakePHP 4
   * Switched tests to new cakephp schema
   * Update to PHPUnit 9.5
 
+* There are NO tags for 10.x we jumped from 9.x to 11.x
+
+Releases for CakePHP 4
+----------------------
+* 9.3.1
+  * Add CI tests for PHP 8.1
+  * Add events `EVENT_BEFORE_LOGIN`, `EVENT_AFTER_LOGIN_FAILURE`
+
+* 9.3.0
+  * Improve documentation
+  * Add webauthn as two factor authentication
+
+* 9.2.1
+  * Improve documentation
+  * Fix change password issue
+
 * 9.2.0
   * Switch to github actions
   * New event AfterEmailTokenValidation
@@ -30,7 +99,7 @@ Releases for CakePHP 4
   * Ukrainian (uk) by @yarkm13
   * Docs improvements
   * Fix DebugKit permissions issues
-  
+
 * 9.0.2
   * Added a custom Unauthorized Handler
     * If logged user access unauthorized url he is redirected to referer url or '/' if no referer url
@@ -54,9 +123,13 @@ Releases for CakePHP 4
    * Migrated usage of AuthComponent to Authorization/Authentication plugins.
 
 Releases for CakePHP 3
--------------
+----------------------
+* 8.5.2
+  * Add optional merge configuration option
+
 * 8.5.1
   * Added new `UsersAuthComponent::EVENT_SOCIAL_LOGIN_EXISTING_ACCOUNT`
+
 * 8.5.0
   * Added new `UsersAuthComponent::EVENT_BEFORE_SOCIAL_LOGIN_REDIRECT`
   * Added finder to get existing social account
@@ -72,10 +145,10 @@ Releases for CakePHP 3
 * 8.2.1
   * Fix scope in facebook social login
 
-* 8.2
+* 8.2.0
   * Removed deprecations for CakePHP 3.7
 
-* 8.1
+* 8.1.0
   * Added Yubico U2F Authentication
 
 * 8.0.3
@@ -222,7 +295,7 @@ Releases for CakePHP 3
   * Link social accounts in profile
 
 Releases for CakePHP 2
--------------
+----------------------
 
 * 2.1.3
   * Fixed unit tests for compatibility with CakePHP 2.7

Docs/Documentation/Authentication.md

@@ -1,6 +1,7 @@
 Authentication
 ==============
-This plugin uses the new authentication plugin [cakephp/authentication](https://github.com/cakephp/authentication/)
+
+This plugin uses the new CakePHP Authentication plugin [cakephp/authentication](https://github.com/cakephp/authentication/)
 instead of CakePHP Authentication component, but don't worry, the default configuration should be enough for your
 projects.
 
@@ -9,11 +10,11 @@ We've tried to simplify configuration as much as possible using defaults, but ke
 Authentication Component
 ------------------------
 
-The default behavior is to load the authentication component at UsersController,
-defining the default urls for loginAction, loginRedirect, logoutRedirect but not requiring
-the request to have a identity.
+The default behavior is to load the authentication component at ``UsersController``,
+defining the default URLs for ``loginAction``, ``loginRedirect``, ``logoutRedirect`` but not requiring
+the request to have an identity.
 
-If you prefer to load the component yourself you can set 'Auth.AuthenticationComponent.load':
+If you prefer to load the component yourself you can set ``Auth.AuthenticationComponent.load``:
 
 ```
 Configure:write('Auth.AuthenticationComponent.load', false);
@@ -27,7 +28,8 @@ $this->loadComponent('Authentication.Authentication', $authenticationConfig);
 $userId = $this->Authentication->getIdentity()->getIdentifier();
 $user = $this->Authentication->getIdentity()->getOriginalData();
 ```
-The default configuration for Auth.AuthenticationComponent is:
+
+The default configuration for ``Auth.AuthenticationComponent`` is:
 
 ```php
 [
@@ -37,28 +39,30 @@ The default configuration for Auth.AuthenticationComponent is:
 ]
 ```
 
-[Check the component options at the it's source code for more infomation](https://github.com/cakephp/authentication/blob/master/src/Controller/Component/AuthenticationComponent.php#L38)
+Check [the component options at the its source code](https://github.com/cakephp/authentication/blob/master/src/Controller/Component/AuthenticationComponent.php#L38) for more infomation.
 
 Authenticators
 --------------
 
-The cakephp/authentication plugin provides the main structure for the authenticators used in this plugin,
+The ``cakephp/authentication`` plugin provides the main structure for the authenticators used in this plugin,
 we also use some custom authenticators to work with social providers, reCaptcha and cookie. The default
 list of authenticators includes:
 
-- 'Authentication.Session'
-- 'CakeDC/Auth.Form'
-- 'Authentication.Token'
-- 'CakeDC/Auth.Cookie'
-- 'CakeDC/Users.Social'//Works with SocialAuthMiddleware
-- 'CakeDC/Users.SocialPendingEmail'
+- ``Authentication.Session``
+- ``CakeDC/Auth.Form``
+- ``Authentication.Token``
+- ``CakeDC/Auth.Cookie``
+- ``CakeDC/Users.Social`` which works with the ``SocialAuthMiddleware``
+- ``CakeDC/Users.SocialPendingEmail``
+
+If you enable ``OneTimePasswordAuthenticator.login`` we also load the ``CakeDC/Auth.TwoFactor``
 
-**If you enable 'OneTimePasswordAuthenticator.login' we also load the CakeDC/Auth.TwoFactor**
+These authenticators should be enough for your application, but you can easily customize it
+setting the ``Auth.Authenticators`` config key.
 
-These authenticators should be enough for your application, but you easily customize it
-setting the Auth.Authenticators config key.
+These authenticators are loaded by the ``\CakeDC\Users\Loader\AuthenticationServiceLoader`` class in the ``loadAuthenticators`` method. See [Authentication Service Loader](#authentication-service-loader) on how to adjust it to your needs.
 
-For example if you add JWT authenticator you must add this to your config/users.php file:
+For example, if you want to add the JWT authenticator you must add the following to your ``config/users.php`` file:
 
 ```php
 'Auth.Authenticators.Jwt' => [
@@ -68,26 +72,20 @@ For example if you add JWT authenticator you must add this to your config/users.
 ],
 ```
 
-**You may have noticed the 'skipTwoFactorVerify' option, this option is used to identify if a authenticator should skip
-the two factor flow**
-
-The authenticators are loaded by \CakeDC\Users\Loader\AuthenticationServiceLoader class at load authentication
-service method from plugin object.
-
-See the full Auth.Authenticators at config/users.php
+The ``skipTwoFactorVerify`` option is used to skip the two factor flow for a given authenticator
 
 Identifiers
 -----------
-The identifies are defined to work correctly with the default authenticators, we are using these identifiers:
 
-- Authentication.Password, for Form authenticator
-- CakeDC/Users.Social, for Social and SocialPendingEmail authenticators
-- Authentication.Token, for TokenAuthenticator
+The identifiers are defined to work correctly with the default authenticators, we are using these identifiers:
 
-As you add more authenticators you may need to add identifiers, please check identifiers available at
-[official documentation](https://github.com/cakephp/authentication/blob/master/docs/Identifiers.md)
+- ``Authentication.Password``, for ``Form`` authenticator
+- ``CakeDC/Users.Social``, for ``Social`` and ``SocialPendingEmail`` authenticators
+- ``Authentication.Token``, for ``Token`` authenticator
 
-The default value for Auth.Identifiers is:
+As you add more authenticators you may also need to add other identifiers, please see [the identifiers available in the official CakePHP Authentication plugin documentation](https://book.cakephp.org/authentication/2/en/identifiers.html).
+
+The default list for ``Auth.Identifiers`` is:
 
 ```php
 [
@@ -116,24 +114,25 @@ The default value for Auth.Identifiers is:
     ]
 ]
 ```
-The identifiers are loaded by \CakeDC\Users\Loader\AuthenticationServiceLoader class at load authentication
-service method from plugin object.
 
+These identifiers are loaded by the ``\CakeDC\Users\Loader\AuthenticationServiceLoader`` class in the ``loadIdentifiers`` method. See [Authentication Service Loader](#authentication-service-loader) on how to adjust it to your needs.
 
 Handling Login Result
 ---------------------
-For both form login and social login we use a base component 'CakeDC/Users.Login' to handle login,
-it check the result of authentication service to redirect user to a internal page or show an authentication
-error. It provide some error messages for specific authentication result status, please check the config/users.php file.
 
-To use a custom component to handle the login you should update your config/users.php file with:
+For both form login and social login we use a base component ``CakeDC/Users.Login`` to handle the login.
+It checks the result of the authentication service and either redirects the user or shows an authentication
+error. It provides some error messages for specific authentication results. Please check the ``config/users.php`` file.
+
+To use a custom component to handle the login you should update your ``config/users.php`` file with:
 
 ```php
 'Auth.SocialLoginFailure.component' => 'MyLoginA',
 'Auth.FormLoginFailure.component' => 'MyLoginB',
 ```
 
-The default configuration are:
+The default configuration is:
+
 ```php
 [
     ...
@@ -169,13 +168,14 @@ The default configuration are:
 
 Authentication Service Loader
 -----------------------------
-To make the integration with cakephp/authentication easier we load the authenticators and identifiers
-defined at Auth configuration and other components to work with social provider, two-factor authentication.
 
-If the configuration is not enough for your project you may create a custom loader extending the
-default provided.
+To make the integration with CakePHP Authenication plugin easier we load the authenticators and identifiers
+defined at the ``Auth`` configuration key.
 
-- Create file src/Loader/AppAuthenticationServiceLoader.php
+If the default configuration is not enough for your project's needs you may create a custom loader extending the
+default loader provided.
+
+For example, create a file ``src/Loader/AppAuthenticationServiceLoader.php``:
 
 ```php
 <?php
@@ -202,7 +202,8 @@ class AppAuthenticationServiceLoader extends AuthenticationServiceLoader
     }
 }
 ```
-- Add this to your config/users.php file to change the authentication service loader:
+
+Add the following to your ``config/users.php`` configuration to change the authentication service loader:
 
 ```php
 'Auth.Authentication.serviceLoader' => \App\Loader\AppAuthenticationServiceLoader::class,

Docs/Documentation/Authorization.md

@@ -10,7 +10,7 @@ If you don't want the plugin to autoload setup authorization, you can disable
 in your config/users.php with:
 
 ```php
-'Auth.Authorization.enabled' => false,
+'Auth.Authorization.enable' => false,
 ```
 
 Authorization Middleware

Docs/Documentation/Extending-the-Plugin.md

@@ -22,6 +22,13 @@ use CakeDC\Users\Model\Table\UsersTable;
  */
 class MyUsersTable extends UsersTable
 {
+    // important, you'll need to override the alias if you extend from an existing table
+    public function initialize(array $config): void
+    {
+        parent::initialize($config);
+
+        $this->setAlias('MyUsers');
+    }
 }
 ```
 

Docs/Documentation/Installation.md

@@ -14,7 +14,6 @@ If you want to use social login features...
 composer require league/oauth2-facebook:@stable
 composer require league/oauth2-instagram:@stable
 composer require league/oauth2-google:@stable
-composer require league/oauth2-linkedin:@stable
 composer require league/oauth1-client:@stable
 ```
 
@@ -106,7 +105,7 @@ section to check all the customization options
 You can create the first user, the super user by issuing the following command
 
 ```
-bin/cake users addSuperuser
+bin/cake users add_superuser
 ```
 
 Customization