Skip to content

Releases: cakephp/authentication

Authentication 2.11.2

Choose a tag to compare

@markstory markstory released this 10 Jul 02:41
35bcf35

What's Changed

Full Changelog: 2.11.1...2.11.2

Authentication 4.2.1

Choose a tag to compare

@markstory markstory released this 10 Jul 02:40
ad01885

What's Changed

Full Changelog: 4.2.0...4.2.1

Authentication 3.3.7

Choose a tag to compare

@markstory markstory released this 10 Jul 02:41
a96a198

What's Changed

  • Update link to finder documentation by @PhantomWatson in #804
  • 3.x - security: replace unencrypted cookie auth tokens with verified, work-factor-bounded HMAC-SHA256 tokens by @markstory in #806

Full Changelog: 3.3.6...3.3.7

Authentication 2.11.1

Choose a tag to compare

@markstory markstory released this 25 Jun 03:17
9aec999

What's Changed

Full Changelog: 2.11.0...2.11.1

Authentication 4.2.0

Choose a tag to compare

@dereuromark dereuromark released this 21 Jun 10:32
d4d7804

What's Changed

Full Changelog: 4.1.1...4.2.0

Authentication 3.3.6

Choose a tag to compare

@markstory markstory released this 14 Jun 15:37
86db711

What's Changed

  • Fix an open redirect weakness in getLoginRedirect() by @markstory in #796

Full Changelog: 3.3.5...3.3.6

Authentication 4.1.1

Choose a tag to compare

@markstory markstory released this 14 Jun 15:37
ee24bd4

What's Changed

Full Changelog: 4.1.0...4.1.1

Authentication 4.1.0

Choose a tag to compare

@dereuromark dereuromark released this 22 Apr 11:31
ed41893

Improvements

  • Added AuthenticationComponent::redirectAfterLogin() helper to make the safe post-login redirect path the obvious one. It resolves the validated local redirect target via the existing getLoginRedirect() logic and falls back to the provided default, returning the controller redirect response directly (#787).

    if ($result->isValid()) {
        return $this->Authentication->redirectAfterLogin('/dashboard');
    }

Full Changelog: 4.0.1...4.1.0

Authentication 4.0.1

Choose a tag to compare

@ADmad ADmad released this 27 Feb 07:53
5c6afb1

What's Changed

Full Changelog: 4.0.0...4.0.1

Authentication 4.0.0

Choose a tag to compare

@dereuromark dereuromark released this 09 Feb 13:45

Breaking Changes

  • Identifier configuration format changed - Moved from nested array to flatter structure:

    // Before
    'identifier' => ['Authentication.Token' => ['tokenField' => 'id', ...]]
    
    // After
    'identifier' => ['className' => 'Authentication.Token', 'tokenField' => 'id', ...]
  • Class renames:

    • CakeRouterUrlCheckerDefaultUrlChecker
    • DefaultUrlChecker (framework-agnostic) → GenericUrlChecker
  • SessionAuthenticator identify option removed - This deprecated option has been removed. Use PrimaryKeySessionAuthenticator if you need session-based authentication without password re-verification.

  • Identifier parameter now optional in AbstractAuthenticator constructor

  • Removed deprecated code including loadIdentifier() method

  • Updated dependency: firebase/php-jwt now requires ^7.0

Improvements

  • Lazy identifier initialization via getIdentifier() method
  • Cleaner authenticator/identifier relationship
  • Redirect validation feature (backported from 3.x)
  • Plugin now properly declares cakephp/cakephp as dependency
  • Identity::get() now supports dot-separated field names for nested data access
  • New IdentityHelper::getIdentity() method for easier identity access in templates
  • PrimaryKeySessionAuthenticator now has a default TokenIdentifier configured

Migration

Rector rules available at cakephp/upgrade#370 for automated migration assistance.

Full Changelog: 3.3.5...4.0.0