Releases: cakephp/authentication
Releases · cakephp/authentication
CakePHP Authentication 2.0.0
- Compatible with CakePHP 4.0
1.4.0
Improvements
- getIdentificationProvider() has been added to get the successful identification provider if available.
Authentication 1.3.0
Added
AuthenticationComponent::getLoginRedirect()
was added to make getting the post-login redirect URL simpler.- Documentation organization has been improved.
- Upgrade guide documentation improved.
CakePHP Authentication 1.2.1
Fixes
- Fix logout not taking effect when using SessionAuthenticator.
CakePHP Authentication 1.2.0
Deprecations
- Setting the
unauthenticatedRedirect
,queryParam
andidentityAttribute
options onAuthenticationMiddleware
is deprecated. These options should now be set on the service.
New Features
- The
unauthenticatedRedirect
, andqueryParam
options can now be configured on theAuthenticationService
. This makes it easier to useRouter
to generate the redirect URL.
Other Changes
To fix a potential session fixation problem in the SessionAuthenticator
without impacting SecurityComponent
identity information is now persisted to the session after the controller action is complete. If your application accesses the currently logged in identity through the session directly you will get information from the previous request. You should consider updating your code to use $request->getAttribute('identity')
instead.
CakePHP Authentication 1.1.5
Fixes
- The session id rotation changes added in 1.1.3 have been reverted. They broke compatibility with
SecurityComponent
in a way that could not be fixed without other changes. - This release is susceptible to session fixation attacks due to the removed session id regeneration. Upgrade to 1.2.0 to resolve this.
CakePHP Authentication 1.1.4
Fixes
- Fixed session being rotated on each request. Now the session is only rotated when the session storage moves from empty to not empty.
CakePHP Authentication 1.1.3
Fixes
- Removed protocol and host from redirect query string parameter.
- Improved documentation on migrating from AuthComponent.
- Improved doc strings.
- SessionAuthenticator now rotates the session ID when persisting or clearing an identity.
Other
- Updated dependency on firebase/php-jwt
CakePHP Authentication 1.1.2
- Fixed redirect URL generation when the target URL contains a fragment.
CakePHP Authentication 1.1.1
- Fixed base directory handling for CakePHP applications inside a subdirectory.