Releases: cakephp/authentication
Releases · cakephp/authentication
CakePHP Authentication 1.2.0
Deprecations
- Setting the
unauthenticatedRedirect
,queryParam
andidentityAttribute
options onAuthenticationMiddleware
is deprecated. These options should now be set on the service.
New Features
- The
unauthenticatedRedirect
, andqueryParam
options can now be configured on theAuthenticationService
. This makes it easier to useRouter
to generate the redirect URL.
Other Changes
To fix a potential session fixation problem in the SessionAuthenticator
without impacting SecurityComponent
identity information is now persisted to the session after the controller action is complete. If your application accesses the currently logged in identity through the session directly you will get information from the previous request. You should consider updating your code to use $request->getAttribute('identity')
instead.
CakePHP Authentication 1.1.5
Fixes
- The session id rotation changes added in 1.1.3 have been reverted. They broke compatibility with
SecurityComponent
in a way that could not be fixed without other changes. - This release is susceptible to session fixation attacks due to the removed session id regeneration. Upgrade to 1.2.0 to resolve this.
CakePHP Authentication 1.1.4
Fixes
- Fixed session being rotated on each request. Now the session is only rotated when the session storage moves from empty to not empty.
CakePHP Authentication 1.1.3
Fixes
- Removed protocol and host from redirect query string parameter.
- Improved documentation on migrating from AuthComponent.
- Improved doc strings.
- SessionAuthenticator now rotates the session ID when persisting or clearing an identity.
Other
- Updated dependency on firebase/php-jwt
CakePHP Authentication 1.1.2
- Fixed redirect URL generation when the target URL contains a fragment.
CakePHP Authentication 1.1.1
- Fixed base directory handling for CakePHP applications inside a subdirectory.
CakePHP Authentication 1.1.0
- Fixed deprecation warnings related to CakePHP 3.7
- Started using new methods offered by CakePHP 3.7+
1.0.1
1.0.0
Authentication 1.0.0-rc9
Changes
- Unauthenticated requests are redirected with 302 response code.
New Features
AuthenticationComponent::getAuthenticationService()
has been added.