Merge branch '2.next'

markstory · markstory · commit 048648d2e1da · 2020-12-29T18:33:37.000-05:00
diff --git a/composer.json b/composer.json
@@ -11,11 +11,11 @@
     "homepage": "https://cakephp.org",
     "require": {
         "cakephp/core": "^4.0",
+        "laminas/laminas-diactoros": "^2.2.2",
         "psr/http-client": "^1.0",
         "psr/http-message": "^1.0",
         "psr/http-server-handler": "^1.0",
-        "psr/http-server-middleware": "^1.0",
-        "zendframework/zend-diactoros": "^2.0"
+        "psr/http-server-middleware": "^1.0"
     },
     "require-dev": {
         "cakephp/cakephp": "^4.0",
diff --git a/docs/en/authenticators.rst b/docs/en/authenticators.rst
@@ -174,7 +174,7 @@ configuring your app as follows::
     ], [
         'controller' => '(jwks)',
     ]); // connect /.well-known/jwks.json to JwksController
-    
+
     // controller/JwksController.php
     public function index()
     {
@@ -194,7 +194,7 @@ configuring your app as follows::
         $this->set(compact('keys'));
         $this->viewBuilder()->setOption('serialize', 'keys');
     }
-    
+
 Refer to https://tools.ietf.org/html/rfc7517 or https://auth0.com/docs/tokens/concepts/jwks for
 more information about JWKS.
 
@@ -243,8 +243,13 @@ Configuration options:
    -  **path**: Path, default is ``/``
    -  **domain**: Domain, default is an empty string.
    -  **secure**: Bool, default is ``false``
-   -  **httpOnly**: Bool, default is ``false``
+   -  **httponly**: Bool, default is ``false``
    -  **value**: Value, default is an empty string.
+   -  **samesite**: String/null The value for the same site attribute.
+
+   The defaults for the various options besides ``cookie.name`` will be those
+   set for the ``Cake\Http\Cookie\Cookie`` class. See `Cookie::setDefaults() <https://api.cakephp.org/4.0/class-Cake.Http.Cookie.Cookie.html#setDefaults>`_
+   for the default values.
 
 -  **fields**: Array that maps ``username`` and ``password`` to the
    specified identity fields.
diff --git a/src/AuthenticationService.php b/src/AuthenticationService.php
@@ -247,9 +247,7 @@ public function persistIdentity(ServerRequestInterface $request, ResponseInterfa
             }
         }
 
-        if (!($identity instanceof IdentityInterface)) {
-            $identity = $this->buildIdentity($identity);
-        }
+        $identity = $this->buildIdentity($identity);
 
         return [
             'request' => $request->withAttribute($this->getConfig('identityAttribute'), $identity),
diff --git a/src/Authenticator/CookieAuthenticator.php b/src/Authenticator/CookieAuthenticator.php
@@ -49,11 +49,6 @@ class CookieAuthenticator extends AbstractAuthenticator implements PersistenceIn
         ],
         'cookie' => [
             'name' => 'CookieAuth',
-            'expire' => null,
-            'path' => '/',
-            'domain' => '',
-            'secure' => false,
-            'httpOnly' => false,
         ],
         'passwordHasher' => 'Authentication.Default',
     ];
@@ -215,16 +210,25 @@ public function clearIdentity(ServerRequestInterface $request, ResponseInterface
      */
     protected function _createCookie($value): CookieInterface
     {
-        $data = $this->getConfig('cookie');
+        $options = $this->getConfig('cookie');
+        $name = $options['name'];
+        unset($options['name']);
+
+        if (array_key_exists('expire', $options)) {
+            deprecationWarning('Config key `expire` is deprecated, use `expires` instead.');
+            $options['expires'] = $options['expire'];
+            unset($options['expire']);
+        }
+        if (array_key_exists('httpOnly', $options)) {
+            deprecationWarning('Config key `httpOnly` is deprecated, use `httponly` instead.');
+            $options['httponly'] = $options['httpOnly'];
+            unset($options['httpOnly']);
+        }
 
-        $cookie = new Cookie(
-            $data['name'],
+        $cookie = Cookie::create(
+            $name,
             $value,
-            $data['expire'],
-            $data['path'],
-            $data['domain'],
-            $data['secure'],
-            $data['httpOnly']
+            $options
         );
 
         return $cookie;
diff --git a/src/Middleware/AuthenticationMiddleware.php b/src/Middleware/AuthenticationMiddleware.php
@@ -24,14 +24,14 @@
 use Authentication\Authenticator\UnauthenticatedException;
 use Cake\Core\InstanceConfigTrait;
 use InvalidArgumentException;
+use Laminas\Diactoros\Response;
+use Laminas\Diactoros\Response\RedirectResponse;
+use Laminas\Diactoros\Stream;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\MiddlewareInterface;
 use Psr\Http\Server\RequestHandlerInterface;
 use RuntimeException;
-use Zend\Diactoros\Response;
-use Zend\Diactoros\Response\RedirectResponse;
-use Zend\Diactoros\Stream;
 
 /**
  * Authentication Middleware
diff --git a/tests/TestCase/AuthenticationServiceTest.php b/tests/TestCase/AuthenticationServiceTest.php
@@ -396,13 +396,13 @@ public function testPersistIdentityInterface()
     {
         $request = new ServerRequest();
         $response = new Response();
-        $identity = $this->createMock(IdentityInterface::class);
+        $identity = new ArrayObject();
 
         $service = new AuthenticationService();
 
         $result = $service->persistIdentity($request, $response, $identity);
 
-        $this->assertSame($identity, $result['request']->getAttribute('identity'));
+        $this->assertInstanceOf(IdentityInterface::class, $result['request']->getAttribute('identity'));
     }
 
     /**
diff --git a/tests/TestCase/Authenticator/CookieAuthenticatorTest.php b/tests/TestCase/Authenticator/CookieAuthenticatorTest.php
@@ -230,7 +230,10 @@ public function testPersistIdentity()
         ]);
         $response = new Response();
 
-        $authenticator = new CookieAuthenticator($identifiers);
+        Cookie::setDefaults(['samesite' => 'None']);
+        $authenticator = new CookieAuthenticator($identifiers, [
+            'cookie' => ['expires' => '2030-01-01 00:00:00'],
+        ]);
 
         $identity = new ArrayObject([
             'username' => 'mariano',
@@ -247,6 +250,16 @@ public function testPersistIdentity()
             'CookieAuth=%5B%22mariano%22%2C%22%242y%2410%24',
             $result['response']->getHeaderLine('Set-Cookie')
         );
+        $this->assertStringContainsString(
+            'expires=Tue, 01-Jan-2030 00:00:00 GMT;',
+            $result['response']->getHeaderLine('Set-Cookie')
+        );
+        $this->assertStringContainsString(
+            'samesite=None',
+            $result['response']->getHeaderLine('Set-Cookie')
+        );
+
+        Cookie::setDefaults(['samesite' => null]);
 
         // Testing that the field is not present
         $request = $request->withParsedBody([]);

Original file line number	Diff line number	Diff line change
`@@ -247,9 +247,7 @@ public function persistIdentity(ServerRequestInterface $request, ResponseInterfa`
`247`	`247`	`}`
`248`	`248`	`}`
`249`	`249`
`250`		`- if (!($identity instanceof IdentityInterface)) {`
`251`		`- $identity = $this->buildIdentity($identity);`
`252`		`- }`
	`250`	`+ $identity = $this->buildIdentity($identity);`
`253`	`251`
`254`	`252`	`return [`
`255`	`253`	`'request' => $request->withAttribute($this->getConfig('identityAttribute'), $identity),`
Original file line number	Diff line number	Diff line change
`@@ -396,13 +396,13 @@ public function testPersistIdentityInterface()`
`396`	`396`	`{`
`397`	`397`	`$request = new ServerRequest();`
`398`	`398`	`$response = new Response();`
`399`		`- $identity = $this->createMock(IdentityInterface::class);`
	`399`	`+ $identity = new ArrayObject();`
`400`	`400`
`401`	`401`	`$service = new AuthenticationService();`
`402`	`402`
`403`	`403`	`$result = $service->persistIdentity($request, $response, $identity);`
`404`	`404`
`405`		`- $this->assertSame($identity, $result['request']->getAttribute('identity'));`
	`405`	`+ $this->assertInstanceOf(IdentityInterface::class, $result['request']->getAttribute('identity'));`
`406`	`406`	`}`
`407`	`407`
`408`	`408`	`/**`