Commit graph

417 commits

Author SHA1 Message Date
Sebastien Barre
4bada05028 Fix doc/style 2014-11-05 18:37:20 -05:00
Sebastien Barre
ee73c1732b Have BaseAuthenticate implement CakeEventListener instead 2014-11-05 18:03:26 -05:00
Sebastien Barre
f78e6c0621 Move App::uses() again 2014-11-05 13:46:45 -05:00
Sebastien Barre
4c59ab6eca Move App::uses(), rename helper class to avoid conflict 2014-11-05 13:36:29 -05:00
Sebastien Barre
0cdb93b265 Ticket 5041: have Auth::login() send Auth.afterIdentify event 2014-11-05 12:34:25 -05:00
Sebastien Barre
544ddac08c Fix indentation 2014-10-31 16:38:09 -04:00
Sebastien Barre
60917974bf Add test for userFields and related models 2014-10-31 16:35:55 -04:00
Sebastien Barre
f6c71024c5 Add test for the 'contain' setting, which was missing (unrelated to feature) 2014-10-31 16:04:09 -04:00
Sebastien Barre
2f62ee2cde ticket #5017 add userFields setting to BaseAuthenticate 2014-10-31 15:00:19 -04:00
mark_story
b98d2a3365 Merge branch 'master' into 2.6 2014-10-24 22:05:46 -04:00
mark_story
cdc67116c5 Handle query string arguments in digest auth data.
Handle &, ? in digest auth data uri.

Refs #4908
2014-10-17 23:12:41 -04:00
Ceeram
fcffe3961f Revert "add test to prove requesthandler works correct with Angular wonky accept headers"
This reverts commit 8507ef83f1.

Incorrect header was used for this test, Cake cannot safely determine correct header.
To get CakePHP to respond with json, you can modify the angular common headers.
2014-10-02 22:12:35 +02:00
Ceeram
8507ef83f1 add test to prove requesthandler works correct with Angular wonky accept headers 2014-10-02 16:07:10 +02:00
Jeremy Harris
66b2173566 Made AuthComponent::mapActions() act as a getter refs #3331 2014-08-29 08:23:41 -05:00
mark_story
f9785042bc Fix indentation.
Refs #4108
2014-07-29 21:53:55 -04:00
Steve Tauber
e6f6ded334 Adding unit test for HTTP DELETE and RequestHandlerComponent::requestedWith 2014-07-29 16:34:11 +02:00
David Steinsland
6e777a54a3 Mocking _sendHeader instead of send() 2014-07-22 15:05:06 +02:00
David Steinsland
d98abc58d1 Added test case for CakeResponse::send() and ajaxLogin 2014-07-22 14:45:18 +02:00
Schlaefer
1e961a8aac increases time window in CSRF token expiry tests to 2 seconds
travis-cs failed with 1 second margin
2014-07-06 13:54:24 +02:00
Schlaefer
9fa7afa354 fixes #3887 CSRF reusable token expires 2014-07-06 10:39:00 +02:00
euromark
974ca851c2 Correct doc blocks according to cs guidelines.
Remove superfluous empty lines.
2014-07-03 15:36:42 +02:00
mark_story
b4bcd74e60 Whitelist more URL-y characters in digest parsing.
Android clients include a full URL instead of just the URI. Also handle
situations where URLencoded bytes and document fragments are used.

Refs #3779
2014-06-23 14:39:35 -04:00
mark_story
975e4c3af0 Allow username of 0 in basic authentication.
Refs #3624
2014-06-02 22:02:28 -04:00
mark_story
d1e4dfac47 Add tests for #3624
The username of '0' should be accepted by FormAuthenticate.

Refs #3624
2014-06-02 21:58:50 -04:00
mark_story
66e733f8b1 Fix test I forgot to fix in b8fa7ce134 2014-05-13 22:12:39 -04:00
mark_story
a34d5f733d Fix PaginatorComponent tests.
Because count() queries don't happen in many cases now, the lastQueries
index needs to shift up by one because a query isn't happening anymore.

Refs #3333
2014-05-12 22:10:27 -04:00
mark_story
89cd114e6f Merge branch 'master' into 2.5 2014-05-12 14:30:02 -04:00
José Lorenzo Rodríguez
751d2d8f2d Merge pull request #3448 from dereuromark/master-controller
Controller::referer() and local URL
2014-05-07 22:42:28 +02:00
Renan Gonçalves
87683b10f1 Allowing same Authenticate object to be setup with different settings. 2014-05-06 22:10:41 +02:00
ADmad
d466e00644 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Model/Datasource/DboSource.php
	lib/Cake/Test/Case/Model/Datasource/Database/MysqlTest.php
	lib/Cake/Utility/Folder.php
	lib/Cake/VERSION.txt
2014-05-04 14:35:36 +05:30
mark_story
1d1a2f859c Fix coding standards error. 2014-04-28 20:56:06 -04:00
euromark
8679c5cd18 Fix test 2014-04-28 17:33:56 +02:00
mark_story
cf96e9f54f Merge branch 'master' into 2.5 2014-04-26 22:04:19 -04:00
mark_story
a28158d614 Add additional test for f23d811ff5
I neglected to put a negative test to ensure validatePost fails when the
URL differs.
2014-04-26 10:23:27 -04:00
ADmad
68572d8046 Cannot use php 5.4+ array syntax for 2.x. 2014-04-26 17:30:31 +05:30
mark_story
de0062de77 Merge branch 'master' into 2.5 2014-04-25 22:10:02 -04:00
mark_story
f23d811ff5 Use the form action URL in generated form hashes.
By including the URL in generated hash for secured forms we prevent
a class of abuse where a user uses one secured form to post into a
controller action the form was not originally intended for. These cross
action requests could potentially violate developer's mental model of
how SecurityComponent works and produce unexpected/undesirable outcomes.

Thanks to Kurita Takashi for pointing this issue out, and suggesting
a fix.
2014-04-25 22:05:58 -04:00
mark_story
d54fbe6f60 Merge branch 'master' into 2.5 2014-04-18 22:13:56 -04:00
Stephen Young
b55fa98a2d Updated documentation
* Removed references to nonexistent `AclBase` class
* Added references to `AclInterface` requirements
2014-04-11 15:10:56 -04:00
Jose Lorenzo Rodriguez
343d3279b9 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Test/Case/Utility/FileTest.php
	lib/Cake/VERSION.txt
2014-04-06 21:50:41 +02:00
euromark
0d09a54033 more missing doc block tags added 2014-04-02 03:02:37 +02:00
ADmad
abacf0d14b Remove setting of Controller::$ext by RequestHandler.
Closes #3022
2014-03-16 20:09:08 +05:30
mark_story
6c3bc48ce0 Merge branch 'master' into 2.5 2014-03-06 17:45:00 -05:00
Mark
3ca338fe26 Merge pull request #2781 from davidsteinsland/2.5
Fixed HTTP Status code when ajaxLogin is set
2014-03-06 12:37:51 +01:00
ndm2
01e1b5ca61 Fix failing tests caused by already existing classes 2014-03-01 20:24:32 +01:00
ndm2
008ad3237c Fix verification of expected invocations #2919 2014-03-01 19:06:17 +01:00
mark_story
2c5d96e916 Merge branch 'master' into 2.5
Conflicts:
	lib/Cake/Model/Datasource/DboSource.php
2014-02-16 14:24:19 -05:00
mark_story
827dc77a11 Fix incorrect assertion. 2014-02-11 22:00:24 -05:00
mark_story
a5d50da040 Remove dead and unused code. 2014-02-11 16:38:24 -05:00
David Steinsland
f2b9aa5ca4 Fixed HTTP Status code when ajaxLogin is set 2014-02-05 16:05:02 +01:00
José Lorenzo Rodríguez
e36c954da7 Merge pull request #2693 from ADmad/2.5-session-start
Don't start a session if it's known to be empty.
2014-02-01 04:08:48 -08:00
Rachman Chavik
b83b59a9d7 Log errors instead of calling trigger_error() 2014-01-29 17:51:07 +07:00
ADmad
84932fcc4a Don't start a session if it's known to be empty.
If an app only reads/checks the session there's no need to start a
session to know that the read/checked session value is empty.

Fixes #1981
2014-01-22 01:17:16 +05:30
euromark
97e43e5806 unify to expected 2014-01-09 16:52:21 +01:00
euromark
29e15386b2 Follow the deprecation note of 2.1 migration guide and switch to fetch(title)
correct assert order for test
2014-01-09 16:45:49 +01:00
ADmad
27979286b2 Revert change done in 11f543f1f2.
The change is unneeded now as Security::encrypt() no longer throws exception
for falsey values.
2013-12-15 20:29:41 +05:30
Mark Story
bf96ea36d9 Merge pull request #2482 from zoghal/2.5-cookie-fix2
fix CookieComponent - when write null or empty string
2013-12-14 16:21:58 -08:00
Saleh Souzanchi
11f543f1f2 fix CookieComponent - when write null or empty string 2013-12-15 02:15:36 +03:30
José Lorenzo Rodríguez
6358741944 Merge pull request #2449 from cakephp/fix-session-cyclic-error
Fixed error in CakeSession that would call start() in an infinite loop
2013-12-09 02:18:21 -08:00
Jose Lorenzo Rodriguez
3a2c497206 Fixed failing test 2013-12-08 14:08:57 +01:00
ADmad
738d0e2277 Fixed edge case which allowed login with empty password.
Ensure skipping call to FormAuthenticate::_checkFields() does not allow
logging in with empty password. Closes #2441.
2013-12-07 18:40:08 +05:30
ADmad
c72def4840 Moved exception throwing to after paging info it set for request.
This fixes the regression caused in 2096d3f632. When catching exception
thrown by PaginatorComponent::paginate() in controller, developer again
has access to paging info in request object.

Closes #2402
2013-11-30 19:00:08 +05:30
Marc Würth
7cfa0116f4 Removed "PHP 5" from file header DocBlocks
This statement does not serve a purpose anymore.
In a long forgotten world it indicated the main version number of PHP which the code in the file was compatible to.
http://pear.php.net/manual/en/standards.sample.php
But since PHP 5.1 and later this is only marginally true.
Thus I propose to remove it from CakePHP.
2013-11-13 22:58:39 +01:00
Luis Ramos
e33653a8d7 Add test case 2013-10-30 16:06:27 -06:00
mark_story
07f4779efe Fix cookie component being inconsistent about writes.
Instead of treating multi-key and single key writes differently, they
should be treated consistently to allow simpler and more consistent interactions
with the stored data. This also results in fewer cookies being sent
across the wire which is an added benefit.

Fixes #2182
2013-10-28 23:13:51 -04:00
euromark
1cb24ae537 CS fixes using phpcs-fixer auto-correction. 2013-10-12 01:27:00 +02:00
Bryan Crowe
c1dd0e4393 Changed url to URL where appropriate 2013-10-07 23:17:58 -04:00
mark_story
530731ec5d More gracefully handle invalid data in Accept headers.
Some browsers have invalid accept headers, we should ignore the invalid
extension data as assuming it will be a qualifier can result in
incorrect results.

Fixes #4105
2013-10-02 11:29:04 -04:00
mark_story
314ae1c8b4 Merge branch 'master' of github.com:cakephp/cakephp 2013-10-01 15:12:34 -04:00
Simon Males
c998888fe7 Do not assume CONTENT_TYPE is available.
In some server environments notably the CLI server, _SERVER['CONTENT_TYPE'] is not available.
In these cases, fall back to the HTTP_CONTENT_TYPE header.

Refs #GH-1661
2013-10-01 15:10:33 -04:00
ADmad
4dbf9107a8 Fixed infinite redirects for authenticated users accessing login page. 2013-09-27 22:33:07 +05:30
euromark
17bd465cae simplify tests 2013-09-19 00:17:21 +02:00
euromark
382f75dbfc cs corrections, bool to boolean and int to integer. 2013-09-17 14:44:34 +02:00
euromark
a796b26f13 fix renderLayout and update deprecated and outdated code 2013-09-13 00:09:31 +02:00
ADmad
1d0c785725 Fixed setting of order in Paginator options when using model's order. Refs f680c76, #3902 2013-09-10 22:47:31 +05:30
Jose Lorenzo Rodriguez
9d07fc4330 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Console/ShellDispatcher.php
	lib/Cake/Utility/CakeNumber.php
	lib/Cake/View/Elements/sql_dump.ctp
2013-08-11 23:31:10 +02:00
mark_story
9efad54e31 Fix missing expiry times on cookies.
When writing multiple cookies in a single request with the default
expiry time, cookies after the first should continue to have the default
expiry time used.

Fixes #3965
2013-08-06 22:01:13 -04:00
ADmad
38b050a711 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Console/Command/ConsoleShell.php
2013-08-04 19:26:55 +05:30
Christian Winther
227f9aaa88 Merge pull request #1440 from Phally/master-postgres-fails
Adds order to the test models to make the results more predictable.
2013-08-01 02:38:33 -07:00
Marc Würth
1cac1846a3 Added missing calls to setUp & tearDown in tests 2013-07-29 01:52:39 +02:00
Phally
933013f808 Test case to prove base urls are stripped.
Refs #3938, #3916.
2013-07-26 19:57:12 +02:00
Phally
6b41eaa950 Merge branch 'master' into 2.4 2013-07-26 19:44:11 +02:00
Phally
f7eab23a5c Strips the base off the generated URL from the AuthComponent.
Fixes #3922.
2013-07-26 15:18:28 +02:00
Phally
db1876d837 Adds order to the test models to make the results more predictable.
Even though there was some code in place to prevent results in random
order from PostgreSQL we were still experiencing this with Jenkins
and Travis.

This commit removes the old code that handled this. From now on this
will be handled differently. Every test model will order by its
primary key. You can disable this by changing the order property
of the model to `null`: `$testModel->order = null`.
2013-07-19 22:31:09 +02:00
mark_story
e03d3df0fe Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Test/Case/View/HelperTest.php
	lib/Cake/VERSION.txt
2013-07-17 22:40:09 -04:00
mark_story
b873186468 Fix being unable to sort on custom synthetic columns.
If a sort field whitelist is used we should trust its data and also
trust that the developer wanted what they asked for. This solves issues
where it was impossible to sort on synthetic columns added in custom
find types.

Fixes #3919
2013-07-16 10:19:18 -04:00
ADmad
4ded269549 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Controller/Component/Auth/BlowfishAuthenticate.php
	lib/Cake/VERSION.txt
2013-07-07 12:22:12 +05:30
euromark
ba02678693 doc block corrections 2013-07-05 16:17:23 +02:00
euromark
e7f380d2b7 doublespace to single space 2013-07-05 14:36:40 +02:00
mark_story
22a198a8ba Merge branch 'master' into 2.4 2013-07-04 21:40:51 -04:00
euromark
a620fbbbb8 fix cs 2013-07-04 13:30:08 +02:00
euromark
f680c763b2 ticket-3902 - paginator and display of order via model default order 2013-07-04 13:07:14 +02:00
Mark Story
94db8fbed6 Merge pull request #1380 from ceeram/2.4-ext
Set extension with multiple accept based on order in parseExtensions.
2013-06-30 19:42:50 -07:00
mark_story
f09693f6e8 Merge branch 'master' into 2.4 2013-06-29 23:26:26 -04:00
mark_story
1d18a4f702 Fix issue where redirectURLs were not generated correctly.
When the first path segment matches the base path an incorrect URL was
generated. Trimming slashes off makes Router normalize the URL correctly
as the leading / implies that the base is already prepended.

Fixes #3897
2013-06-29 23:26:13 -04:00
Ceeram
6a0185d7e6 Set extension with multiple accept based on order in parseExtensions, currently with multiple accepted types, no extension is set at all 2013-06-27 14:34:00 +02:00
Marc Würth
2609016dfe Changed http links to lighthouse, groups.google and github to https
Because they get redirected anyway and we should follow good practices.
Also in many cases similar URLs were already using https
2013-06-25 22:58:30 +02:00
Rachman Chavik
0d486bdab4 AuthComponent: Allow suppressing authError message
When unauthenticated users accesses protected areas, they are greeted
with the default 'You are not allowed to access that location' which is
not desired in some cases.

This patch allows applications to suppress this message by setting
AuthComponent::authError to false bypassing the call to
SessionComponent::setFlash() altogether.

Refs: https://github.com/croogo/croogo/pull/175#discussion_r4714240
2013-06-17 09:33:59 +07:00
mark_story
cd3c54bb9d Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/VERSION.txt
2013-06-10 22:12:10 -04:00
euromark
4518624187 more whitespace coding standard corrections 2013-06-09 17:39:48 +02:00