Introduce Authentication and Authorization plugins (#1924)

* feat: introduce authentication plugin

* feat: add ApplicationMiddleware

* feat: postman update

* feat: load auth_providers + UUID implementation

* chore: cs fix

* refactor: use `grant_type` methods

* fix: handle UUID auth header case

* feat: OAuth2 authentication

* chore: use `AbstractIdentifier`

* refactor: DinamicForm + minor changes

* feat: OTP auth

* feat: `isIdentityRequired` method

* fix: `afterIdentify` event

* refactor: remove old authenticate classes

* chore: do not use config but set finder instead

* test: remove tests + TokenMiddleware ref

* fix: update or comment Auth component references

* refactor: use return types

* chore: use `grant_type`

* feat: update identity usage

* feat: restore password hasher fallback

* chore: comment `setGrantType` for now

* chore: comment unnecessary tests

* feat: add `LoggedUserMiddleware`

* feat: add authorization plugin

* feat: endpoint policy

* fix: use checkAcceptable

* refactor: remove unused EndpointAuthorize class

* chore: @var annotations

* refactor: fix tests, add auth checks, code style

* fix: add auth checks

* test: update login tests

* chore: remove commented lines [ci skip]

* chore: remove commented lines

* feat: handle `Authentication.afterIdentify`

* refactor: handle various `/auth` cases

* refactor: cleanup controller actions

* chore: remove attribute

* refactor: code improvements

* test: update unit tests

* fix: add `enabled` finder

* chore: use string constants

* test: identifier tests

* refactor: update identifiers

* test: identifier related tests

* test: update tests

* fix: add `otp` field

* chore: remove unnecessary lines

* feat: handle `ExpiredTokenException`

* refactor: checkLoggedUser/setupLoggedUser methods

* chore: minor middleware refactor

* test: update controller tests

* fix: handle empty result

* test: `AuthenticationComponent` test

* test: use `AuthenticationService` in tests

* chore: don't use class property

* refactor: simplify some methods

* test: add ApplicationMiddleware tests

* test: endpoint policy test

* doc: rename postman files

* test: refactor extracting reusable logic in trait

* test: add LoggedUserMiddleware tests

* refactor: endpointperms signature + test

* chore: cover expired token exception

* test: fix test + improve coverage

* chore: add fixtures

* test: remove parenthesis from @dataProvder

* test: fix invalid daya provider

* chore: use class const

* test: 403 on auth failure

Co-authored-by: stefanorosanelli <[email protected]>

Author: batopa

composer.json

@@ -22,6 +22,8 @@
     ],
     "require": {
         "php": "^7.4 || ^8.0",
+        "cakephp/authentication": "^2.9",
+        "cakephp/authorization": "^2.2",
         "cakephp/cakephp": "~4.4.1",
         "firebase/php-jwt": "^5.5.1"
     },

config/routes.php

@@ -62,35 +62,30 @@
         );
 
         // Login.
-        $routes->connect(
+        $routes->post(
             '/auth',
-            ['controller' => 'Login', 'action' => 'login', '_method' => 'POST'],
-            ['_name' => 'login']
+            ['controller' => 'Login', 'action' => 'login'],
+            'login'
         );
-        $routes->connect(
+        $routes->post(
             '/auth/optout',
-            ['controller' => 'Login', 'action' => 'optout', '_method' => 'POST'],
-            ['_name' => 'login:optout']
+            ['controller' => 'Login', 'action' => 'optout'],
+            'login:optout'
         );
         $routes->connect(
             '/auth/change',
             ['controller' => 'Login', 'action' => 'change'],
             ['_name' => 'login:change']
         );
-        // GET /auth *deprecated* - to remove before `stable` relase
-        $routes->connect(
-            '/auth',
-            ['controller' => 'Login', 'action' => 'whoami', '_method' => 'GET']
-        );
-        $routes->connect(
+        $routes->get(
             '/auth/user',
-            ['controller' => 'Login', 'action' => 'whoami', '_method' => 'GET'],
-            ['_name' => 'login:whoami']
+            ['controller' => 'Login', 'action' => 'whoami'],
+            'login:whoami',
         );
-        $routes->connect(
+        $routes->patch(
             '/auth/user',
-            ['controller' => 'Login', 'action' => 'update', '_method' => 'PATCH'],
-            ['_name' => 'login:update']
+            ['controller' => 'Login', 'action' => 'update'],
+            'login:update'
         );
 
         // Signup.

postman/BE4-template.postman_environment.json postman/BE5-template.postman_environment.json

@@ -1,6 +1,6 @@
 {
   "id": "7054b9c8-4e47-4eac-863e-708b8ff3455d",
-  "name": "BE4-template",
+  "name": "BE5-template",
   "values": [
     {
       "enabled": true,