Adding a response parameter to authenticate() both basic and digest auth need to set response headers.

cake/libs/controller/components/auth.php

@@ -34,7 +34,7 @@ App::import('Component', 'auth/base_authorize');
  */
 class AuthComponent extends Component {
 
-	const ALL = '*';
+	const ALL = 'all';
 
 /**
  * Maintains current user login state.
@@ -231,6 +231,13 @@ class AuthComponent extends Component {
  */
 	public $request;
 
+/**
+ * Response object
+ *
+ * @var CakeResponse
+ */
+	public $response;
+
 /**
  * Method list for bound controller
  *
@@ -246,6 +253,7 @@ class AuthComponent extends Component {
  */
 	public function initialize($controller) {
 		$this->request = $controller->request;
+		$this->response = $controller->response;
 		$this->_methods = $controller->methods;
 
 		if (Configure::read('debug') > 0) {
@@ -507,7 +515,7 @@ class AuthComponent extends Component {
 		$this->_loggedIn = false;
 
 		if (empty($user)) {
-			$user = $this->identify($this->request);
+			$user = $this->identify($this->request, $this->response);
 		}
 		if ($user) {
 			$this->Session->write(self::$sessionKey, $user);
@@ -587,12 +595,12 @@ class AuthComponent extends Component {
  * @param CakeRequest $request The request that contains authentication data.
  * @return array User record data, or false, if the user could not be identified.
  */
-	public function identify(CakeRequest $request) {
+	public function identify(CakeRequest $request, CakeResponse $response) {
 		if (empty($this->_authenticateObjects)) {
 			$this->constructAuthenticate();
 		}
 		foreach ($this->_authenticateObjects as $auth) {
-			$result = $auth->authenticate($request);
+			$result = $auth->authenticate($request, $response);
 			if (!empty($result) && is_array($result)) {
 				return $result;
 			}

cake/libs/controller/components/auth/base_authenticate.php

@@ -63,7 +63,8 @@ abstract class BaseAuthenticate {
  * Authenticate a user based on the request information.
  *
  * @param CakeRequest $request Request to get authentication information from.
+ * @param CakeResponse $response A response object that can have headers added.
  * @return mixed Either false on failure, or an array of user data on success.
  */
-	abstract public function authenticate(CakeRequest $request);
+	abstract public function authenticate(CakeRequest $request, CakeResponse $response);
 }

cake/libs/controller/components/auth/form_authenticate.php

@@ -41,9 +41,10 @@ class FormAuthenticate extends BaseAuthenticate {
  * there is no post data, either username or password is missing, of if the scope conditions have not been met.
  *
  * @param CakeRequest $request The request that contains login information.
+ * @param CakeResponse $response Unused response object.
  * @return mixed.  False on login failure.  An array of User data on success.
  */
-	public function authenticate(CakeRequest $request) {
+	public function authenticate(CakeRequest $request, CakeResponse $response) {
 		$userModel = $this->settings['userModel'];
 		list($plugin, $model) = pluginSplit($userModel);
 

cake/tests/cases/libs/controller/components/auth/form_authenticate.test.php

@@ -17,6 +17,7 @@
 App::import('Component', 'auth/form_authenticate');
 App::import('Model', 'AppModel');
 App::import('Core', 'CakeRequest');
+App::import('Core', 'CakeResponse');
 
 require_once  CAKE_TESTS . 'cases' . DS . 'libs' . DS . 'model' . DS . 'models.php';
 
@@ -42,6 +43,7 @@ class FormAuthenticateTest extends CakeTestCase {
 		));
 		$password = Security::hash('password', null, true);
 		ClassRegistry::init('User')->updateAll(array('password' => '"' . $password . '"'));
+		$this->response = $this->getMock('CakeResponse');
 	}
 
 /**
@@ -66,7 +68,7 @@ class FormAuthenticateTest extends CakeTestCase {
 	function testAuthenticateNoData() {
 		$request = new CakeRequest('posts/index', false);
 		$request->data = array();
-		$this->assertFalse($this->auth->authenticate($request));
+		$this->assertFalse($this->auth->authenticate($request, $this->response));
 	}
 
 /**
@@ -77,7 +79,7 @@ class FormAuthenticateTest extends CakeTestCase {
 	function testAuthenticateNoUsername() {
 		$request = new CakeRequest('posts/index', false);
 		$request->data = array('User' => array('password' => 'foobar'));
-		$this->assertFalse($this->auth->authenticate($request));
+		$this->assertFalse($this->auth->authenticate($request, $this->response));
 	}
 
 /**
@@ -88,7 +90,7 @@ class FormAuthenticateTest extends CakeTestCase {
 	function testAuthenticateNoPassword() {
 		$request = new CakeRequest('posts/index', false);
 		$request->data = array('User' => array('user' => 'mariano'));
-		$this->assertFalse($this->auth->authenticate($request));
+		$this->assertFalse($this->auth->authenticate($request, $this->response));
 	}
 
 /**
@@ -103,7 +105,7 @@ class FormAuthenticateTest extends CakeTestCase {
 				'user' => '> 1',
 				'password' => "' OR 1 = 1"
 		));
-		$this->assertFalse($this->auth->authenticate($request));
+		$this->assertFalse($this->auth->authenticate($request, $this->response));
 	}
 
 /**
@@ -117,7 +119,7 @@ class FormAuthenticateTest extends CakeTestCase {
 			'user' => 'mariano',
 			'password' => 'password'
 		));
-		$result = $this->auth->authenticate($request);
+		$result = $this->auth->authenticate($request, $this->response);
 		$expected = array(
 			'id' => 1,
 			'user' => 'mariano',
@@ -140,7 +142,7 @@ class FormAuthenticateTest extends CakeTestCase {
 			'password' => 'password'
 		));
 
-		$this->assertFalse($this->auth->authenticate($request));
+		$this->assertFalse($this->auth->authenticate($request, $this->response));
 	}
 
 /**
@@ -170,7 +172,7 @@ class FormAuthenticateTest extends CakeTestCase {
 			'password' => 'cake'
 		));
 
-		$result = $this->auth->authenticate($request);
+		$result = $this->auth->authenticate($request, $this->response);
 		$expected = array(
 			'id' => 1,
 			'username' => 'gwoo',