Merge branch '2.x' into 2.next

Author: markstory

.github/workflows/stale.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/stale@v5
+    - uses: actions/stale@v6
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         stale-issue-message: 'This issue is stale because it has been open for 120 days with no activity. Remove the `stale` label or comment or this will be closed in 15 days'

readme.md

@@ -40,3 +40,7 @@ public function bootstrap(): void
 ## Documentation
 
 Documentation for this plugin can be found in the [CakePHP Cookbook](https://book.cakephp.org/authentication/2/en/).
+
+## IDE compatibility improvements
+
+For `AuthenticationService::loadIdentifier()` you an find an IdeHelper task in [IdeHelperExtra plugin](https://github.com/dereuromark/cakephp-ide-helper-extra/).

src/Authenticator/SessionAuthenticator.php

@@ -31,7 +31,9 @@ class SessionAuthenticator extends AbstractAuthenticator implements PersistenceI
      * Default config for this object.
      * - `fields` The fields to use to verify a user by.
      * - `sessionKey` Session key.
-     * - `identify` Whether or not to identify user data stored in a session.
+     * - `identify` Whether or not to identify user data stored in a session. This is
+     *   useful if you want to remotely end sessions that have a different password stored,
+     *   or if your identification logic needs additional conditions before a user can login.
      *
      * @var array
      */

tests/TestCase/AuthenticationServiceTest.php

@@ -32,6 +32,7 @@
 use Cake\Http\ServerRequest;
 use Cake\Http\ServerRequestFactory;
 use Cake\Http\Uri;
+use Cake\I18n\FrozenTime;
 use Psr\Http\Message\RequestInterface;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
@@ -135,6 +136,58 @@ public function testAuthenticateWithChallengeDisabled()
         $this->assertFalse($result->isValid());
     }
 
+    /**
+     * Integration test for session auth + identify always getting a fresh user record.
+     *
+     * @return void
+     */
+    public function testAuthenticationWithSessionIdentify()
+    {
+        $users = $this->fetchTable('Users');
+        $user = $users->get(1);
+
+        $request = ServerRequestFactory::fromGlobals([
+            'SERVER_NAME' => 'example.com',
+            'REQUEST_URI' => '/testpath',
+        ]);
+        $request->getSession()->write('Auth', [
+            'username' => $user->username,
+            'password' => $user->password,
+        ]);
+
+        $factory = function () {
+            return new AuthenticationService([
+                'identifiers' => [
+                    'Authentication.Password',
+                ],
+                'authenticators' => [
+                    'Authentication.Session' => [
+                        'identify' => true,
+                    ],
+                ],
+            ]);
+        };
+        $service = $factory();
+        $result = $service->authenticate($request);
+        $this->assertTrue($result->isValid());
+
+        $dateValue = new FrozenTime('2022-01-01 10:11:12');
+        $identity = $result->getData();
+        $this->assertEquals($identity->username, $user->username);
+        $this->assertNotEquals($identity->created, $dateValue);
+
+        // Update the user so that we can ensure session is reading from the db.
+        $user->created = $dateValue;
+        $users->saveOrFail($user);
+
+        $service = $factory();
+        $result = $service->authenticate($request);
+        $this->assertTrue($result->isValid());
+        $identity = $result->getData();
+        $this->assertEquals($identity->username, $user->username);
+        $this->assertEquals($identity->created, $dateValue);
+    }
+
     /**
      * testLoadAuthenticatorException
      */