Implemented stateless login for Auth

[ADmad]

I think I have finally managed to get stateless auth working in a sensible way with minimal hacking of the AuthComponent.

With this patch when using only BasicAuthenticate there is no redirection to login action nor session starting.

When using Basic and Form authenticators together (order matters) if required http headers are passed and valid user is found it behaves as mentioned above else continues with regular form basic authentication.

For now I only modified existing tests to pass. More tests need to be added after wiser men confirm what I have done is a good idea 😄

[markstory]

Are you sure we don't need the realm anymore? I thought it was required to properly generate digest hashes.

[ADmad]

It is required but now DigestAuthenticate extends BasicAuthenticate and its constructor already sets the realm.

[lorenzo]

This looks good to me, just a bit concerned about the clarity on how unauthenticated() works

[ADmad]

@markstory @lorenzo Updated docblocks and added new tests. Although session start was prevented when correct credentials were passed for basic/digest auth, I had to add one more tweak to ensure session is not started when no or incorrect credentials are passed (check third commit).

[markstory]

Left over debug()

[ADmad]

Does anyone have anymore feedback on this or should I get the manual updates ready and merge?

[markstory]

I think it looks good.

[lorenzo]

Don't forget to document in the book! :)

[ADmad]

I thought my previous message would be hint enough that I intend to. :)

[lorenzo]

I was not enough