Viable alternatives:

• https://github.com/socialconnect/openid-connect
• https://github.com/jumbojett/OpenID-Connect-PHP

To provide "Login with LinkedIn" replacement as their current OAuth 2 based provider is not working anymore

Is there a way to get the user's api key if he is authenticated by a form? It seems $this->Auth->identify() does not return that field.

Hello, I'm struggling with this issue on production just after deployment.

2022-05-20 16:40:25 error: [Error] Class "Zend\Diactoros\Uri" not found in /app/vendor/cakedc/auth/src/Traits/IsAuthorizedTrait.php on line 74
Stack Trace:
- /app/vendor/cakedc/auth/src/Traits/IsAuthorizedTrait.php:61
- /app/vendor/cakedc/auth/src/Traits/IsAuthorizedTrait.php:37
- /app/vendor/cakedc/users/src/View/Helper/AuthLinkHelper.php:49
- /app/templates/element/global/navbar.php:27
- /app/vendor/cakephp/cakephp/src/View/View.php:1181
- /app/vendor/cakephp/cakephp/src/View/View.php:1138
- /app/vendor/cakephp/cakephp/src/View/View.php:1673
- /app/vendor/cakephp/cakephp/src/View/View.php:660
- /app/templates/layout/default.php:10
- /app/vendor/cakephp/cakephp/src/View/View.php:1181
- /app/vendor/cakephp/cakephp/src/View/View.php:1138
- /app/vendor/cakephp/cakephp/src/View/View.php:821
- /app/vendor/cakephp/cakephp/src/View/View.php:780
- /app/vendor/cakephp/cakephp/src/Controller/Controller.php:764
- /app/src/Controller/PagesController.php:65
- /app/vendor/cakephp/cakephp/src/Controller/Controller.php:539
- /app/vendor/cakephp/cakephp/src/Controller/ControllerFactory.php:140
- /app/vendor/cakephp/cakephp/src/Controller/ControllerFactory.php:115
- /app/vendor/cakephp/cakephp/src/Http/BaseApplication.php:317
- /app/vendor/cakephp/cakephp/src/Http/Runner.php:77
- /app/vendor/cakephp/authorization/src/Middleware/RequestAuthorizationMiddleware.php:102
- /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
- /app/vendor/cakephp/authorization/src/Middleware/AuthorizationMiddleware.php:129
- /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
- /app/vendor/cakephp/authentication/src/Middleware/AuthenticationMiddleware.php:124
- /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
- /app/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php:174
- /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
- /app/vendor/cakephp/cakephp/src/Http/Middleware/BodyParserMiddleware.php:157
- /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
- /app/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php:161
- /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
- /app/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php:68
- /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
- /app/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php:126
- /app/vendor/cakephp/cakephp/src/Http/Runner.php:73
- /app/vendor/cakephp/cakephp/src/Http/Runner.php:58
- /app/vendor/cakephp/cakephp/src/Http/Server.php:90
- /app/webroot/index.php:40

Runtime PHP 8.1.6

Composer.lock deps :

            "name": "cakedc/users",
            "version": "11.1.0",
            
            "name": "cakedc/auth",
            "version": "7.0.1",

I don't understand what's wrong and why I have no problem in dev env.

Tell me if you want more informations for trying to reproduce this strange behaviour

Upgrade to 3.6 and remove deprecations

Is there a way to set up certain pages, controllers to be accessible without login? If so I think it should go to the documentation.

CakeDC/Users is breaking with the recently released CakePHP 3.6.12.

Notice (1024): Undefined property: PagesController::$Cookie in /cakesandbox/vendor/cakedc/auth/src/Auth/RememberMeAuthenticate.php on line 42 [CORE/src/Controller/Controller.php, line 387]

I'm using CakeDC/Users and this repo is a dependency.

^ This like is causing the issue, it's not critical but already annoyed a couple users migrating from previous version to 2.0 and getting the permissions NOT loaded.

The current authentication is expecting a field which stores the role of the user.
In the permission.php permission can be checked against this role of the user.

I have an application where the user should be assigend to more than one role.
E.g. a user can be athlete, trainer and club_admin at the same time.

I was wondering if it would be possible to extend the configuration in a way that an association can be used instead of an attribute of the user table: (e.g. user_roles._ids as it is used in views)

The solution I have in view is:
The developer extends the user model with an association to the roles the user is mapped to.
In configuration of the auth plugin the developer can configure that the relation is used to check permission.
'role_field' => 'user_roles._ids',

I have just updated from 6.1.0 to 6.2.0 and I received this errors after login

Warning (2): class_implements(): object or string expected [ROOT/vendor/cakedc/auth/src/Authentication/Webauthn2fAuthenticationCheckerFactory.php, line 32]

I had to revert back to 6.1 to make my app work again

Thank you

Rudy

I tried to create a permissions.php file in the plugins/SharpAgent/config directory, however it wasn't loaded...

How can I add in my plugin bootstrap the following?

return [
    'Users.SimpleRbac.permissions' => [
        [
            'role' => ['user', 'member', 'admin'],
            'plugin' => 'SharpAgent',
            'controller' => 'Agent',
            'action' => '*',
            'allowed' => true,
        ]
]];

Wrapping exception message (for e.g. those used in Owner class) in translation function doesn't serve any purpose IMHO. Nobody actually translates them. All they do is clutter the .po files when extracting message strings from plugins and create unnecessary headache for translators. We have also stopped using translation function for developer centric exception message in the core for same reason.

If you guys agree I can open an PR.

Is there a method or way to invalid remember authorizations? Besides changing the cookie name?

hello, I have an application working with the plugin cakedc users, I have two diferent roles, I need the same users can enter the site through a security token, is this possible with the api key and token?

ApiKeyAuthenticate? some example, thanks a lot.

I have a plugin named Ord. When using 'plugin' => 'Ord' in my permissions array, the _matchPermission() method evaluates is_callable('Ord') as true and attempts to call_user_func().

ord() is a built-in PHP function so is_callable() returns true. Additional checks on $value should be performed: if(!is_string($value) and is_callable($value))

Hello 👋

I get random Call to undefined method ArrayObject::toArray()

2021-09-03 16:46:34 Error: [Error] Call to undefined method ArrayObject::toArray() in /var/www/html/vendor/cakedc/auth/src/Authentication/AuthenticationService.php on line 117
Stack Trace:
- /var/www/html/vendor/cakephp/authentication/src/Middleware/AuthenticationMiddleware.php:105
- /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:73
- /var/www/html/vendor/cakephp/cakephp/src/Http/Middleware/BodyParserMiddleware.php:159
- /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:73
- /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:77
- /var/www/html/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php:169
- /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:73
- /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:58
- /var/www/html/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php:167
- /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:73
- /var/www/html/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php:68
- /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:73
- /var/www/html/vendor/cakephp/cakephp/src/Http/Runner.php:58
- /var/www/html/vendor/cakephp/cakephp/src/Http/Server.php:90
- /var/www/html/webroot/index.php:40

I am not able to reproduce this always and I do not understand why this happen sometimes and not everytimes.

When the error occurs, the app is blocked for all pages for the current logged in user.

Clearing CakePHP cache with bin/cake cache clear_all or clearing the cookies for the app (thus destroying the session) solves the problem until next time.

cakedc/auth version is 6.1.0  ; CakePHP version is 4.2.6

Have you any idea ?

Use github actions instead of travis for CI pipeline, see https://github.com/cakephp/cakephp.org/tree/master/.github/workflows

Hi,

In the source code there a parameter to allow an empty field from request pass as valid, but that parameter are never read.

I tried write a permission rule as below, to allow anyone access any action without a prefix:

[
        'role' => '*',
        'prefix' => null,
        'extension' => '*',
        'plugin' => '*',
        'controller' => '*',
        'action' => '*',
]

But the method _matchOrAsterisk fail because in_array(null, []) === false.

Currently SimpleRbacAuthorize can only be used as an authorize adapter for the AuthComponent. It would be nice if it was converted into a standalone lib which could then be used through a middleware.

I use ApiKey authentication for a vuejs frontend application, haveing CakePHP at the backend. At first the user give his email and password to identify himself and in the response he gets his ApiKey, and all later requests happens by ApiKey authentication - currently as a query string parameter.

I want to use it as a header instead of the query string.

The problem is the following. When I send an ajax request to the backend it sends OPTIONS request without the ApiKey header. It is because by CORS policy it will send a preflight requests. Perhaps because the ApiKey header is missing the backend sends back a 302 response instead of the actual content.

So what I would need is allowing OPTIONS requests to the application without the ApiKey.