Commit graph

116 commits

Author SHA1 Message Date
José Lorenzo Rodríguez
9c4775a220 Merge pull request #1393 from markstory/constant-time-login
Hash passwords even when users don't exist.
2013-07-03 13:49:03 -07:00
mark_story
c597855fe4 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Test/Case/Network/CakeRequestTest.php
2013-07-03 14:21:09 -04:00
mark_story
17e4eee73d Hash passwords even when users don't exist.
Not hashing passwords when users don't exist means there is an
opportunity for timing attacks when people use blowfish or other
expensive hashing algorithms.
2013-07-01 21:52:15 -04:00
Marc Würth
e84bf65016 Typo in FormAuthenticate.php 2013-07-01 00:03:03 +02:00
ADmad
f3c69c9f40 docblock updates 2013-06-03 01:04:00 +05:30
ADmad
3303a2cda1 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/Console/Templates/skel/Config/Schema/db_acl.php
	lib/Cake/Console/Templates/skel/Config/Schema/i18n.php
	lib/Cake/Console/Templates/skel/Config/Schema/sessions.php
	lib/Cake/Console/Templates/skel/Config/acl.ini.php
	lib/Cake/Console/Templates/skel/Config/acl.php
	lib/Cake/Console/Templates/skel/Config/bootstrap.php
	lib/Cake/Console/Templates/skel/Config/core.php
	lib/Cake/Console/Templates/skel/Config/database.php.default
	lib/Cake/Console/Templates/skel/Config/email.php.default
	lib/Cake/Console/Templates/skel/Config/routes.php
	lib/Cake/Console/Templates/skel/Console/Command/AppShell.php
	lib/Cake/Console/Templates/skel/Console/cake.bat
	lib/Cake/Console/Templates/skel/Console/cake.php
	lib/Cake/Console/Templates/skel/Controller/AppController.php
	lib/Cake/Console/Templates/skel/Controller/PagesController.php
	lib/Cake/Console/Templates/skel/Model/AppModel.php
	lib/Cake/Console/Templates/skel/View/Errors/error400.ctp
	lib/Cake/Console/Templates/skel/View/Errors/error500.ctp
	lib/Cake/Console/Templates/skel/View/Helper/AppHelper.php
	lib/Cake/Console/Templates/skel/View/Layouts/Emails/html/default.ctp
	lib/Cake/Console/Templates/skel/View/Layouts/ajax.ctp
	lib/Cake/Console/Templates/skel/View/Layouts/default.ctp
	lib/Cake/Console/Templates/skel/View/Layouts/error.ctp
	lib/Cake/Console/Templates/skel/View/Layouts/flash.ctp
	lib/Cake/Console/Templates/skel/View/Pages/home.ctp
	lib/Cake/Console/Templates/skel/index.php
	lib/Cake/Console/Templates/skel/webroot/index.php
	lib/Cake/Console/Templates/skel/webroot/test.php
2013-06-02 18:03:59 +05:30
Marc Würth
4c9f0414cb Improved the DocBlocks and other code cleanup
Fixed @license tag, url comes first
Whitespace and other minor code cleanup
Added some docblocks
2013-05-31 00:11:19 +02:00
ADmad
56fa0dccda Remove unnecessary overriding of '_findUser()' in 'DigestAuthenticate'. 2013-05-26 12:31:40 +05:30
ADmad
dd2892ad8d Added password hasher 2013-05-26 11:29:06 +05:30
ADmad
19f8274a95 Merge branch 'master' into 2.4
Conflicts:
	lib/Cake/VERSION.txt
2013-04-25 03:06:04 +05:30
Jose Lorenzo Rodriguez
db6dd18f86 Fixing case where it was possible to pass array data to FormAuthenticate
fields
2013-04-24 22:33:24 +02:00
Ceeram
89ecd95e55 fix failing tests 2013-03-18 18:47:05 +01:00
Ceeram
b28ea65b24 stop execution when unauthenticated, to prevent the page to show when canceling auth popup 2013-03-18 15:41:34 +01:00
ADmad
b7834a2b16 Implemented stateless login for Auth 2013-03-10 00:11:35 +05:30
Adam Taylor
433dd09ec4 Fix typos 2013-03-05 00:05:14 -07:00
euromark
111366d5c8 == to === and != to !== where applicable 2013-02-12 03:38:08 +01:00
ADmad
a9bbfd80c7 Added type hinting 2013-02-09 18:09:11 +05:30
Graham Weldon
66d856d883 Added extra line for referencing license file for copyright 2013-02-08 21:22:51 +09:00
Graham Weldon
7b860debe4 This commit is dedicated to Mark Story, who has put in much dedicated time and effort into CakePHP over the years.
I just wanted to ruin his evening, because this change needs to be merged into CakePHP 3.0.
2013-02-08 20:59:49 +09:00
Ceeram
3f4d24bfc0 remove unused local variables and a few improvements 2012-12-23 13:53:13 +01:00
euromark
b811afbc44 double spaces to single ones 2012-12-22 23:48:15 +01:00
ADmad
72d6ca636f Docblock fixes 2012-11-29 04:36:29 +05:30
Heath Nail
895fcac0cd Improve Blowfish Docblocks 2012-11-12 14:36:43 -05:00
mark_story
e0aab77dab Merge branch 'master' into 2.3
Conflicts:
	app/Config/Schema/i18n.php
	lib/Cake/I18n/Multibyte.php
	lib/Cake/Test/Case/Log/CakeLogTest.php
	lib/Cake/Test/Case/Routing/DispatcherTest.php
2012-11-10 21:33:26 -05:00
mark_story
3de72baeb1 Remove int cast from authentication adapters.
Forcing an int cast makes using the contain option difficult as you are
also required to manually set the recursive option. Omitting the
cast allows recursive to be set to null.

Fixes #3347
2012-11-06 20:27:28 -05:00
Adam Taylor
4090c2e932 Remove trailing whitespace from comments
See http://groups.google.com/d/topic/cakephp-core/fuHTYMKVJno/discussion
2012-10-15 18:19:37 -06:00
mark_story
6a95b5746a Remove un-necessary parameter. 2012-08-30 14:48:13 +01:00
mark_story
19c2a58185 Fix strict errors. 2012-08-30 14:46:29 +01:00
Heath Nail
d24bbcb255 Add BlowfishAuthenticate adapter. 2012-08-23 11:23:51 -04:00
euromark
3945c0e6a8 rtim files 2012-07-18 03:55:29 +02:00
Jelle Henkens
f7ce5262b7 Updating mixed @param documentation to seperate list of accepted types 2012-05-21 21:55:10 +01:00
Mark Story
37d235fa16 Merge pull request #594 from tigrang/auth-ext
Added `contain` option to AuthComponent's Authentication objects
2012-05-09 17:48:44 -07:00
Tigran Gabrielyan
3c4087da4f Fixing default value of contain 2012-04-04 19:06:54 -07:00
Tigran Gabrielyan
bf628c493c Added ability for Auth login to use contain 2012-04-04 18:09:38 -07:00
mark_story
19e0d8d946 Switch usage to Hash where possible. 2012-03-26 22:32:53 -04:00
Juan Basso
c754fb2dcb Updated copyright to 2012. 2012-03-12 22:46:46 -04:00
Thomas Ploch
79cab67be7 Adding missing 'recursive' option to DigestAuthenticate object.
Used integer casting in _findUser() method for 'recursive' option.
2012-03-05 11:06:46 +01:00
mark_story
61aba0f0f8 Fix most coding standard issues in Controller. 2012-03-03 19:27:46 -05:00
euromark
22452f61f8 type hinting controllers and views 2012-02-25 19:46:06 -05:00
mark_story
2afb05b590 Merge branch '2.0' into 2.1
Conflicts:
	app/View/Pages/home.ctp
	lib/Cake/Config/config.php
	lib/Cake/Core/App.php
	lib/Cake/VERSION.txt
	lib/Cake/View/Helper/NumberHelper.php
2012-02-12 10:06:13 -05:00
mark_story
6f914174a6 Fix issues with double / & leading/trailing /
Authorize classes should remove // and leading trailing /
Without this incorrect paths that fail to match nodes can be
generated.  This also allows settings[actionPath] to be
permissive in what it accepts.

Fixes #2563
2012-02-11 10:29:18 -05:00
Mark Story
b76f8f8832 Merge pull request #260 from tPl0ch/2.1-authenticate
Added 'recursive' settings option to BaseAuthenticate and BasicAuthenticate
2012-01-12 18:53:19 -08:00
Kyle Robinson Young
1e1c7a036d Code consistency formatting tweaks 2011-12-06 12:52:48 -08:00
Kyle Robinson Young
8197f87dbc Spelling and grammar fixes 2011-12-01 21:58:09 -08:00
Gun.io Whitespace Robot
4742168253 Remove whitespace [Gun.io WhitespaceBot] 2011-10-28 18:25:08 -04:00
Thomas Ploch
521dff8468 Added 'recursive' settings option to BaseAuthenticate and BasicAuthenticate to have a bit more fine grained control in custom Authenticate objects. 2011-10-19 17:54:08 +02:00
mark_story
9e080951b1 Adding additional documentation for CrudAuthorize.
Fixes #2034
2011-09-28 23:25:14 -04:00
mark_story
a5fe702624 Updating CrudAuthorize to work like ActionsAuthorize.
Updating tests.
Fixes #1749
2011-09-26 20:38:38 -04:00
mark_story
7cabb4e4d5 Extracting password hashing into as separate method.
This makes is much easier for a subclass to only change how passwords
are hashed.
2011-09-21 07:38:22 -04:00
Juan Basso
0575e92833 Added visibility in some methods and attributes. 2011-08-18 22:30:28 -04:00
Juan Basso
16ef234180 Removing trailing spaces. 2011-08-15 23:55:08 -04:00
Juan Basso
fedadc091c Included @throws in API that was missing. 2011-07-31 16:55:52 -04:00
Juan Basso
fbbfbaf870 Fixed some API doc in controller. 2011-07-29 00:06:43 -04:00
Jose Lorenzo Rodriguez
cfd2d9e00b Updating all @package annotations in doc blocks 2011-07-26 01:46:14 -04:30
mark_story
71933f5cf5 Adding a logout callback to authenticate objects.
Adding tests for the callback.
Adding doc blocks for the new callback.
Fixes #1758
2011-07-03 12:53:21 -04:00
mark_story
cbc7e82bd2 Fixing issue where Aro nodes would be incorrectly formatted for use
with the AclComponent.  Fixes #1749
2011-06-02 21:53:56 -04:00
Juan Basso
192812ee7f Updating the copyright to 2011. 2011-05-30 22:32:43 -04:00
Renan Gonçalves
438050dcaa Adding 'public' visibility to all public methods. 2011-05-30 22:02:32 +02:00
AD7six
32df3156a7 consolidate cake_error and cake_developer to simply "cake_dev"
it's a lot easier for adding new translations to think:
	is it for the end user?
		use 'cake' as the domain
	is it for the developer
		use 'cake_dev' as the domain
	is it for the console
		use 'cake_console' as the domain

also neatly avoids the "this message is an error, and it's in
cake_developer, why?" - question (because cake_error was intended for
anything which is used in trigger_error/exceptions, not a variable named
$error
2011-03-20 16:38:31 +01:00
AD7six
f95340b361 use the domain cake_error for error message intended for the developer 2011-03-19 18:07:05 +01:00
AD7six
cb7f0f087e translation changes in the controller ditranslation changes in the
controller dirr
2011-03-12 19:59:40 +01:00
Jose Lorenzo Rodriguez
0696dd9200 Fixing BasicAuthenticate test 2011-03-05 19:37:56 -04:30
Jose Lorenzo Rodriguez
ec8577a562 Fixing CrudAuthorize test 2011-03-05 19:30:05 -04:30
Jose Lorenzo Rodriguez
f1e2f5e949 Starting to migrate AuthComponent to the new class loader 2011-03-05 17:40:42 -04:30
Jose Lorenzo Rodriguez
3ee49c0c5c Moving BaseAuthenticate class 2011-03-05 17:37:09 -04:30
Jose Lorenzo Rodriguez
82834f2ec0 Moving Auth related classes to the new structure 2011-03-01 23:38:39 -04:30