4.x major: Remove deprecations, fix up MultiChecker.

[dereuromark]

Prepare #716

[dereuromark]

For some reason 4.x is now protected already, even though just created.
I have the ready branch at "4.x-squashed", maybe someone with access can just force push into 4.x?

[ADmad]

For some reason 4.x is now protected already, even though just created.

The protection rule is set for *.x, that's way. I have temporarily changed it to 3.x, so you should be able to force push to 4.x now.

[dereuromark]

Auth code looks pretty clean and cake-user-friendly now, doesnt it?

[dereuromark]

@ADmad How do we merge our regression fix into this?
Do we want to keep the "cleaner" constructor of 4.x? Or do we move to the lazy defaulting?

[ADmad]

Doing it in getIdentifier() does have the benefit that the objects chain gets initialized only when needed.

[markstory]

Looking good. I think the impacts of these breaking changes should be a reasonable amount of work in a small section for most applications. I don't think we need to worry about rector here. I like how the authenticator + identifier relationship has ended up working.

[dereuromark]

Just to be clear:

Config needs to change from:

  $identifier = [
      'Authentication.Token' => [
          'tokenField' => 'id',
          'dataField' => 'key',
          'resolver' => [
              'className' => 'Authentication.Orm',
              'finder' => 'auth',
          ],
      ],
  ];

To:

  $identifier = [
      'className' => 'Authentication.Token',
      'tokenField' => 'id',
      'dataField' => 'key',
      'resolver' => [
          'className' => 'Authentication.Orm',
          'finder' => 'auth',
      ],
  ];

We could shim this (allow for the old array one), but then it would be possible to also insert multiple array key/value pairs or alike.

[ADmad]

I think just clarifying the change in a migration guide should suffice

[dereuromark]

Some things are auto-upgradable: cakephp/upgrade#370

Shall we start the release process on this major?

[ADmad]

Shall we start the release process on this major?

Since we are doing a new major I think we can make this a "proper" CakePHP plugin, i.e. add cakephp/cakephp to composer's require config. I highly doubt anyone is using the auth plugin outside of Cake.

If we do so then some housekeeping that can be done is, rename GenericUrlChecker to StringUrlChecker (and update it's docblock description). Similarly change/cleanup any other code which was meant for framework agnostic usage (can't think of anything off the top of my head though).

[dereuromark]

Technically, https://github.com/cakephp/authorization/blob/459cd4d752b3b93ff49791b33ae42a04b82cceb4/composer.json#L27 also only has one package

Couldnt we do the housekeeping for it anyways? and document it as such?

[ADmad]

Yes we can do the same for Authorization too.