Skip to content

Require authentication v4 and conflict with older majors#335

Merged
dereuromark merged 2 commits into
masterfrom
conflict-authentication-v3
May 25, 2026
Merged

Require authentication v4 and conflict with older majors#335
dereuromark merged 2 commits into
masterfrom
conflict-authentication-v3

Conversation

@dereuromark
Copy link
Copy Markdown
Owner

@dereuromark dereuromark commented May 25, 2026

Summary

Tools\Authenticator\LoginLinkAuthenticator and Tools\Identifier\LoginLinkIdentifier build on cakephp/authentication, but the plugin never constrains which major a consumer installs — it only pinned it in require-dev (^3.1.0). A consumer could therefore pair this plugin with an incompatible authentication major.

The LoginLink classes follow authentication v4's current API (matching authenticate(ServerRequestInterface): ResultInterface signature, CakePHP 5.1+).

Change

  • Move the dev requirement to cakephp/authentication: ^4.0.0 (CI now tests against v4).
  • Declare conflict: cakephp/authentication: <4.0.0 so the older v3 (and the CakePHP-4-only v2) can't be installed alongside this plugin.

This keeps users from installing the wrong authentication version with the LoginLink feature.

@dereuromark
Require authentication v4 and conflict with older majors
8cef34c 
The LoginLink authenticator and identifier follow cakephp/authentication v4's
current API (matching method signatures, CakePHP 5.1+). Move the dev requirement
to v4 and declare a conflict with anything below 4.0, so consumers cannot pair
this plugin with an incompatible authentication major.
Copilot AI review requested due to automatic review settings May 25, 2026 20:32
Copilot AI reviewed May 25, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR ensures the plugin can’t be installed alongside incompatible major versions of cakephp/authentication, aligning dependency constraints with the LoginLinkAuthenticator / LoginLinkIdentifier code that targets the v4 API.

Changes:

  • Add a Composer conflict rule blocking cakephp/authentication versions <4.0.0.
  • Update the require-dev constraint for cakephp/authentication from ^3.1.0 to ^4.0.0 so CI/tests run against the correct major.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dereuromark dereuromark marked this pull request as draft May 25, 2026 20:34
@dereuromark
Copy link
Copy Markdown
Owner Author

dereuromark commented May 25, 2026

Marking draft: bumping require-dev to authentication ^4 reveals that LoginLink is not v4-ready yet. CI surfaces real v4 BC breaks:

  • Authentication\Identifier\IdentifierCollection not found (in LoginLinkAuthenticatorTest)
  • identifiers()->get() is now nullable — getErrors()/identify() called on IdentifierInterface|null
  • LoginLinkIdentifier::$_defaultConfig type not covariant with v4's AbstractIdentifier::$_defaultConfig (array<string, mixed>)

So declaring v4-only + conflict <4.0 requires porting the LoginLink authenticator/identifier (and their tests) to authentication v4 first. Holding as draft pending that port.

@dereuromark
Port LoginLink to authentication v4
6fcfe07 
Authentication v4 made the authenticator's identifier nullable, removed
IdentifierCollection, and typed the abstract identifier's default config:

- use getIdentifier() instead of the now-nullable identifier property
- type LoginLinkIdentifier's default config as a string-keyed array
- construct the identifier directly in the authenticator test (no collection)
@dereuromark dereuromark marked this pull request as ready for review May 25, 2026 20:41
Copilot AI review requested due to automatic review settings May 25, 2026 20:41
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 25, 2026

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

❌ Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 80.86%. Comparing base (8d7b54d) to head (6fcfe07).

Files with missing lines Patch % Lines
src/Authenticator/LoginLinkAuthenticator.php 50.00% 1 Missing ⚠️
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.
Additional details and impacted files 
@@            Coverage Diff            @@
##             master     #335   +/-   ##
=========================================
  Coverage     80.86%   80.86%           
  Complexity     2133     2133           
=========================================
  Files            85       85           
  Lines          5847     5847           
=========================================
  Hits           4728     4728           
  Misses         1119     1119

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Copilot AI reviewed May 25, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.

@dereuromark dereuromark merged commit dbcdc0e into master May 25, 2026
20 checks passed
@dereuromark dereuromark deleted the conflict-authentication-v3 branch May 25, 2026 20:59
@dereuromark dereuromark mentioned this pull request May 25, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dereuromark @codecov-commenter