resolve conflicts

.github/workflows/ci.yml

@@ -9,11 +9,11 @@ on:
 
 jobs:
   testsuite:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
       matrix:
-        php-version: ['7.3', '7.4', '8.0', '8.1']
+        php-version: ['7.4', '8.0', '8.1']
         db-type: [sqlite, mysql, pgsql]
         prefer-lowest: ['']
 
@@ -79,15 +79,15 @@ jobs:
 
   cs-stan:
     name: Coding Standard & Static Analysis
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
     - uses: actions/checkout@v2
 
     - name: Setup PHP
       uses: shivammathur/setup-php@v2
       with:
-        php-version: '7.3'
+        php-version: '7.4'
         extensions: mbstring, intl, apcu
         coverage: none
 

.semver

@@ -1,5 +1,5 @@
 ---
 :major: 11
-:minor: 2
+:minor: 3
 :patch: 0
 :special: ''

CHANGELOG.md

@@ -1,9 +1,12 @@
 Changelog
 =========
-
-Releases for CakePHP 4
+Releases for CakePHP 4.3
 -------------
 
+* 11.2.0
+  * Feature/microsoft login by @arodu in #1000
+  * add more events into login component (before login, after login failure) by @rochamarcelo in #1007
+
 * 11.1.0
   * German (de) by @LordSimal
   * Fixed labels not using the right translation domain
@@ -12,6 +15,8 @@ Releases for CakePHP 4
   * Switched tests to new cakephp schema
   * Update to PHPUnit 9.5
 
+Releases for CakePHP 4
+-------------
 * 9.2.0
   * Switch to github actions
   * New event AfterEmailTokenValidation

Docs/Documentation/Authentication.md

@@ -1,6 +1,7 @@
 Authentication
 ==============
-This plugin uses the new authentication plugin [cakephp/authentication](https://github.com/cakephp/authentication/)
+
+This plugin uses the new CakePHP Authentication plugin [cakephp/authentication](https://github.com/cakephp/authentication/)
 instead of CakePHP Authentication component, but don't worry, the default configuration should be enough for your
 projects.
 
@@ -9,11 +10,11 @@ We've tried to simplify configuration as much as possible using defaults, but ke
 Authentication Component
 ------------------------
 
-The default behavior is to load the authentication component at UsersController,
-defining the default urls for loginAction, loginRedirect, logoutRedirect but not requiring
-the request to have a identity.
+The default behavior is to load the authentication component at ``UsersController``,
+defining the default URLs for ``loginAction``, ``loginRedirect``, ``logoutRedirect`` but not requiring
+the request to have an identity.
 
-If you prefer to load the component yourself you can set 'Auth.AuthenticationComponent.load':
+If you prefer to load the component yourself you can set ``Auth.AuthenticationComponent.load``:
 
 ```
 Configure:write('Auth.AuthenticationComponent.load', false);
@@ -27,7 +28,8 @@ $this->loadComponent('Authentication.Authentication', $authenticationConfig);
 $userId = $this->Authentication->getIdentity()->getIdentifier();
 $user = $this->Authentication->getIdentity()->getOriginalData();
 ```
-The default configuration for Auth.AuthenticationComponent is:
+
+The default configuration for ``Auth.AuthenticationComponent`` is:
 
 ```php
 [
@@ -37,28 +39,30 @@ The default configuration for Auth.AuthenticationComponent is:
 ]
 ```
 
-[Check the component options at the it's source code for more infomation](https://github.com/cakephp/authentication/blob/master/src/Controller/Component/AuthenticationComponent.php#L38)
+Check [the component options at the its source code](https://github.com/cakephp/authentication/blob/master/src/Controller/Component/AuthenticationComponent.php#L38) for more infomation.
 
 Authenticators
 --------------
 
-The cakephp/authentication plugin provides the main structure for the authenticators used in this plugin,
+The ``cakephp/authentication`` plugin provides the main structure for the authenticators used in this plugin,
 we also use some custom authenticators to work with social providers, reCaptcha and cookie. The default
 list of authenticators includes:
 
-- 'Authentication.Session'
-- 'CakeDC/Auth.Form'
-- 'Authentication.Token'
-- 'CakeDC/Auth.Cookie'
-- 'CakeDC/Users.Social'//Works with SocialAuthMiddleware
-- 'CakeDC/Users.SocialPendingEmail'
+- ``Authentication.Session``
+- ``CakeDC/Auth.Form``
+- ``Authentication.Token``
+- ``CakeDC/Auth.Cookie``
+- ``CakeDC/Users.Social`` which works with the ``SocialAuthMiddleware``
+- ``CakeDC/Users.SocialPendingEmail``
+
+If you enable ``OneTimePasswordAuthenticator.login`` we also load the ``CakeDC/Auth.TwoFactor``
 
-**If you enable 'OneTimePasswordAuthenticator.login' we also load the CakeDC/Auth.TwoFactor**
+These authenticators should be enough for your application, but you can easily customize it
+setting the ``Auth.Authenticators`` config key.
 
-These authenticators should be enough for your application, but you easily customize it
-setting the Auth.Authenticators config key.
+These authenticators are loaded by the ``\CakeDC\Users\Loader\AuthenticationServiceLoader`` class in the ``loadAuthenticators`` method. See [Authentication Service Loader](#authentication-service-loader) on how to adjust it to your needs.
 
-For example if you add JWT authenticator you must add this to your config/users.php file:
+For example, if you want to add the JWT authenticator you must add the following to your ``config/users.php`` file:
 
 ```php
 'Auth.Authenticators.Jwt' => [
@@ -68,26 +72,20 @@ For example if you add JWT authenticator you must add this to your config/users.
 ],
 ```
 
-**You may have noticed the 'skipTwoFactorVerify' option, this option is used to identify if a authenticator should skip
-the two factor flow**
-
-The authenticators are loaded by \CakeDC\Users\Loader\AuthenticationServiceLoader class at load authentication
-service method from plugin object.
-
-See the full Auth.Authenticators at config/users.php
+The ``skipTwoFactorVerify`` option is used to skip the two factor flow for a given authenticator
 
 Identifiers
 -----------
-The identifies are defined to work correctly with the default authenticators, we are using these identifiers:
 
-- Authentication.Password, for Form authenticator
-- CakeDC/Users.Social, for Social and SocialPendingEmail authenticators
-- Authentication.Token, for TokenAuthenticator
+The identifiers are defined to work correctly with the default authenticators, we are using these identifiers:
 
-As you add more authenticators you may need to add identifiers, please check identifiers available at
-[official documentation](https://github.com/cakephp/authentication/blob/master/docs/Identifiers.md)
+- ``Authentication.Password``, for ``Form`` authenticator
+- ``CakeDC/Users.Social``, for ``Social`` and ``SocialPendingEmail`` authenticators
+- ``Authentication.Token``, for ``Token`` authenticator
 
-The default value for Auth.Identifiers is:
+As you add more authenticators you may also need to add other identifiers, please see [the identifiers available in the official CakePHP Authentication plugin documentation](https://book.cakephp.org/authentication/2/en/identifiers.html).
+
+The default list for ``Auth.Identifiers`` is:
 
 ```php
 [
@@ -116,24 +114,25 @@ The default value for Auth.Identifiers is:
     ]
 ]
 ```
-The identifiers are loaded by \CakeDC\Users\Loader\AuthenticationServiceLoader class at load authentication
-service method from plugin object.
 
+These identifiers are loaded by the ``\CakeDC\Users\Loader\AuthenticationServiceLoader`` class in the ``loadIdentifiers`` method. See [Authentication Service Loader](#authentication-service-loader) on how to adjust it to your needs.
 
 Handling Login Result
 ---------------------
-For both form login and social login we use a base component 'CakeDC/Users.Login' to handle login,
-it check the result of authentication service to redirect user to a internal page or show an authentication
-error. It provide some error messages for specific authentication result status, please check the config/users.php file.
 
-To use a custom component to handle the login you should update your config/users.php file with:
+For both form login and social login we use a base component ``CakeDC/Users.Login`` to handle the login.
+It checks the result of the authentication service and either redirects the user or shows an authentication
+error. It provides some error messages for specific authentication results. Please check the ``config/users.php`` file.
+
+To use a custom component to handle the login you should update your ``config/users.php`` file with:
 
 ```php
 'Auth.SocialLoginFailure.component' => 'MyLoginA',
 'Auth.FormLoginFailure.component' => 'MyLoginB',
 ```
 
-The default configuration are:
+The default configuration is:
+
 ```php
 [
     ...
@@ -169,13 +168,14 @@ The default configuration are:
 
 Authentication Service Loader
 -----------------------------
-To make the integration with cakephp/authentication easier we load the authenticators and identifiers
-defined at Auth configuration and other components to work with social provider, two-factor authentication.
 
-If the configuration is not enough for your project you may create a custom loader extending the
-default provided.
+To make the integration with CakePHP Authenication plugin easier we load the authenticators and identifiers
+defined at the ``Auth`` configuration key.
 
-- Create file src/Loader/AppAuthenticationServiceLoader.php
+If the default configuration is not enough for your project's needs you may create a custom loader extending the
+default loader provided.
+
+For example, create a file ``src/Loader/AppAuthenticationServiceLoader.php``:
 
 ```php
 <?php
@@ -202,7 +202,8 @@ class AppAuthenticationServiceLoader extends AuthenticationServiceLoader
     }
 }
 ```
-- Add this to your config/users.php file to change the authentication service loader:
+
+Add the following to your ``config/users.php`` configuration to change the authentication service loader:
 
 ```php
 'Auth.Authentication.serviceLoader' => \App\Loader\AppAuthenticationServiceLoader::class,

Docs/Documentation/Authorization.md

@@ -10,7 +10,7 @@ If you don't want the plugin to autoload setup authorization, you can disable
 in your config/users.php with:
 
 ```php
-'Auth.Authorization.enabled' => false,
+'Auth.Authorization.enable' => false,
 ```
 
 Authorization Middleware

Docs/Documentation/Extending-the-Plugin.md

@@ -22,6 +22,13 @@ use CakeDC\Users\Model\Table\UsersTable;
  */
 class MyUsersTable extends UsersTable
 {
+    // important, you'll need to override the alias if you extend from an existing table
+    public function initialize(array $config): void
+    {
+        parent::initialize($config);
+
+        $this->setAlias('MyUsers');
+    }
 }
 ```
 

Docs/Documentation/Installation.md

@@ -14,7 +14,6 @@ If you want to use social login features...
 composer require league/oauth2-facebook:@stable
 composer require league/oauth2-instagram:@stable
 composer require league/oauth2-google:@stable
-composer require league/oauth2-linkedin:@stable
 composer require league/oauth1-client:@stable
 ```
 
@@ -106,7 +105,7 @@ section to check all the customization options
 You can create the first user, the super user by issuing the following command
 
 ```
-bin/cake users addSuperuser
+bin/cake users add_superuser
 ```
 
 Customization

Docs/Documentation/Overview.md

@@ -8,7 +8,7 @@ The plugin itself is already capable of:
 * User registration
 * Account verification by a token sent via email
 * User login (email / password)
-* Social login (Twitter, Facebook, Google, Instagram, LinkedIn)
+* Social login (Twitter, Facebook, Google, Instagram)
 * Password reset based on requesting a token by email and entering a new password
 * User management (add / edit / delete)
 * Simple roles management

Docs/Documentation/SocialAuthentication.md

@@ -6,9 +6,9 @@ We currently support the following providers to perform login as well as to link
 * Facebook
 * Twitter
 * Google
-* LinkedIn
 * Instagram
 * Amazon
+* LinkedIn (deprecated, it's not working with the OAuth 2.0 provider. They switched to OpenID-Connect.)
 
 Please [contact us](https://cakedc.com/contact) if you need to support another provider.
 
@@ -23,11 +23,21 @@ Facebook/Twitter applications you want to use and update your file config/users.
 //This enable social login (authentication)
 'Users.Social.login' => true,
 //This is the required config to setup facebook.
-'OAuth.providers.facebook.options.clientId', 'YOUR APP ID';
-'OAuth.providers.facebook.options.clientSecret', 'YOUR APP SECRET';
+'OAuth.providers.facebook.options.clientId' => 'YOUR APP ID',
+'OAuth.providers.facebook.options.clientSecret' => 'YOUR APP SECRET',
 //This is the required config to setup twitter
-'OAuth.providers.twitter.options.clientId', 'YOUR APP ID';
-'OAuth.providers.twitter.options.clientSecret', 'YOUR APP SECRET';
+'OAuth.providers.twitter.options.clientId' => 'YOUR APP ID',
+'OAuth.providers.twitter.options.clientSecret' => 'YOUR APP SECRET',
+```
+
+By default the social login validation is enabled for existing accounts. First social login attempt to an existing account will require additional email validation before it can be used. If you trust the providers you are using you can disable this feature globally in your config/users.php file:
+```php
+'Users.Social.validateSocialAccount' => false,
+
+```
+Alternatively you can also skip this validation for some providers that you trust in your config/users.php file:
+```php
+'OAuth.providers.facebook.skipSocialAccountValidation' => true,
 ```
 Check optional configs at [config/users.php](./../../config/users.php) inside 'OAuth' key
 

Docs/Documentation/Translations.md

@@ -13,6 +13,8 @@ The Plugin is translated into several languages:
 * Turkish (tr_TR) by @sayinserdar
 * Ukrainian (uk) by @yarkm13
 * German (de) by @LordSimal
+* Czech (cs_CZ) by @Mapiiik
+* Dutch (nl_NL) by @StefanvanR
 
 **Note:** To overwrite the plugin translations, create a file inside your project 'resources/locales//{$lang}/' folder, with the name 'Users.po' and add the strings with the new translations.
 

Docs/Documentation/Yubico-U2F.md

@@ -1,8 +1,7 @@
 YubicoKey U2F
 =============
 
-The plugin offers an easy way to integrate U2F in the users login flow
-of your application.
+**U2F is no longer supported by chrome, we suggest using Webauthn as a replacement**
 
 Enabling
 --------

Docs/Home.md

@@ -16,10 +16,11 @@ Documentation
 * [Authentication](Documentation/Authentication.md)
 * [Authorization](Documentation/Authorization.md)
 * [SimpleRbacAuthorize](https://github.com/CakeDC/auth/blob/master/Docs/Documentation/SimpleRbacAuthorize.md)
+* [Permissions](Documentation/Permissions.md)
 * [SuperuserAuthorize](https://github.com/CakeDC/auth/blob/master/Docs/Documentation/SuperuserAuthorize.md)
 * [Intercept Login Action](Documentation/InterceptLoginAction.md)
 * [Social Authentication](Documentation/SocialAuthentication.md)
-* [Google Authenticator](Documentation/Two-Factor-Authenticator.md)
+* [Two Factor Authenticator](Documentation/Two-Factor-Authenticator.md)
 * [Yubico U2F](Documentation/Yubico-U2F.md)
 * [UserHelper](Documentation/UserHelper.md)
 * [AuthLinkHelper](Documentation/AuthLinkHelper.md)

README.md

@@ -53,7 +53,7 @@ Requirements
 ------------
 
 * CakePHP 4.0+
-* PHP 7.2+
+* PHP 7.3+
 
 Documentation
 -------------

composer.json

@@ -27,10 +27,10 @@
         "source": "https://github.com/CakeDC/users"
     },
     "minimum-stability": "dev",
-	"prefer-stable": true,
+	  "prefer-stable": true,
     "require": {
-        "php": ">=7.2.0",
-        "cakephp/cakephp": "^4.0",
+        "php": ">=7.4.0",
+        "cakephp/cakephp": "^4.5",
         "cakedc/auth": "^7.0",
         "cakephp/authorization": "^2.0.0",
         "cakephp/authentication": "^2.0.0"