From 5695fef46f7042bc8e286621b936ec26adc61fff Mon Sep 17 00:00:00 2001
From: db-bogdan <ba.ro@dinnerbooking.com>
Date: Mon, 27 Nov 2017 11:59:34 +0200
Subject: [PATCH 1/3] fixes #11468

---
 lib/Cake/Controller/Component/AuthComponent.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/Cake/Controller/Component/AuthComponent.php b/lib/Cake/Controller/Component/AuthComponent.php
index e21f6e085..a652e950a 100644
--- a/lib/Cake/Controller/Component/AuthComponent.php
+++ b/lib/Cake/Controller/Component/AuthComponent.php
@@ -298,6 +298,7 @@ class AuthComponent extends Component {
 		}
 
 		if ($this->_isAllowed($controller)) {
+			$this->_getUser();
 			return true;
 		}
 

From 94e06dfeb3c6e9162ab8c125dd2650f3e4da2ee8 Mon Sep 17 00:00:00 2001
From: db-bogdan <ba.ro@dinnerbooking.com>
Date: Tue, 28 Nov 2017 11:31:46 +0200
Subject: [PATCH 2/3] add unit test

---
 .../Component/AuthComponentTest.php           | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
index 1e5d79f2a..25ed6e9bb 100644
--- a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
+++ b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
@@ -1818,4 +1818,31 @@ class AuthComponentTest extends CakeTestCase {
 
 		$this->assertEquals('/users/login', $this->Controller->testUrl);
 	}
+
+/**
+ * testStatelessAuthAllowedActionsRetrieveUser method
+ *
+ * @return void
+ */
+	public function testStatelessAuthAllowedActionsRetrieveUser() {
+		$_SERVER['PHP_AUTH_USER'] = 'mariano';
+		$_SERVER['PHP_AUTH_PW'] = 'cake';
+		$url = '/auth_test/add';
+		$this->Controller->request->addParams(Router::parse($url));
+		$this->Controller->Auth->authenticate = array(
+			'Basic' => array('userModel' => 'AuthUser')
+		);
+		$this->Controller->Auth->initialize($this->Controller);
+		$this->Controller->Auth->allow();
+		$this->Controller->Auth->startup($this->Controller);
+
+		$expectedUser = array(
+			'id' => '1',
+			'username' => 'mariano',
+			'created' => '2007-03-17 01:16:23',
+			'updated' => '2007-03-17 01:18:31',
+		);
+
+		$this->assertEquals($expectedUser, $this->Controller->Auth->user());
+	}
 }

From e824346cca9ac4d91ca317f6e70c76ebcd786b97 Mon Sep 17 00:00:00 2001
From: db-bogdan <ba.ro@dinnerbooking.com>
Date: Tue, 28 Nov 2017 11:43:55 +0200
Subject: [PATCH 3/3] extra fix

---
 .../Case/Controller/Component/AuthComponentTest.php   | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
index 25ed6e9bb..09e99c92e 100644
--- a/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
+++ b/lib/Cake/Test/Case/Controller/Component/AuthComponentTest.php
@@ -1825,13 +1825,20 @@ class AuthComponentTest extends CakeTestCase {
  * @return void
  */
 	public function testStatelessAuthAllowedActionsRetrieveUser() {
+		if (CakeSession::id()) {
+			session_destroy();
+			CakeSession::$id = null;
+		}
+		$_SESSION = null;
+
 		$_SERVER['PHP_AUTH_USER'] = 'mariano';
 		$_SERVER['PHP_AUTH_PW'] = 'cake';
-		$url = '/auth_test/add';
-		$this->Controller->request->addParams(Router::parse($url));
+
+		AuthComponent::$sessionKey = false;
 		$this->Controller->Auth->authenticate = array(
 			'Basic' => array('userModel' => 'AuthUser')
 		);
+		$this->Controller->request['action'] = 'add';
 		$this->Controller->Auth->initialize($this->Controller);
 		$this->Controller->Auth->allow();
 		$this->Controller->Auth->startup($this->Controller);