Ensure case sensitive method name matching when invoking action.

Refs #12793.

src/Controller/Component/AuthComponent.php

@@ -261,7 +261,7 @@ class AuthComponent extends Component implements EventDispatcherInterface
         /** @var \Cake\Controller\Controller $controller */
         $controller = $event->getSubject();
 
-        $action = strtolower($controller->getRequest()->getParam('action'));
+        $action = $controller->getRequest()->getParam('action');
         if (!$controller->isAction($action)) {
             return null;
         }

src/Controller/Controller.php

@@ -787,7 +787,7 @@ class Controller implements EventListenerInterface, EventDispatcherInterface
             return false;
         }
 
-        return $method->isPublic();
+        return $method->isPublic() && $method->getName() === $action;
     }
 
     /**

tests/TestCase/Controller/ControllerTest.php

@@ -850,6 +850,25 @@ class ControllerTest extends TestCase
     }
 
     /**
+     * test invoking action method with mismatched casing.
+     *
+     * @return void
+     */
+    public function testInvokeActionMethodCasing(): void
+    {
+        $this->expectException(\Cake\Controller\Exception\MissingActionException::class);
+        $this->expectExceptionMessage('Action TestController::RETURNER() could not be found, or is not accessible.');
+        $url = new ServerRequest([
+            'url' => 'test/RETURNER/',
+            'params' => ['controller' => 'Test', 'action' => 'RETURNER'],
+        ]);
+        $response = $this->getMockBuilder('Cake\Http\Response')->getMock();
+
+        $Controller = new TestController($url, $response);
+        $Controller->invokeAction();
+    }
+
+    /**
      * test invoking controller methods.
      *
      * @return void