Merge pull request #7336 from cakephp/issue-7318

Check whether Auth.afterIdentify event has a return value.

src/Controller/Component/AuthComponent.php

@@ -767,7 +767,10 @@ class AuthComponent extends Component
             $result = $auth->authenticate($this->request, $this->response);
             if (!empty($result) && is_array($result)) {
                 $this->_authenticationProvider = $auth;
-                $this->dispatchEvent('Auth.afterIdentify', [$result]);
+                $event = $this->dispatchEvent('Auth.afterIdentify', [$result]);
+                if ($event->result !== null) {
+                    return $event->result;
+                }
                 return $result;
             }
         }

tests/TestCase/Controller/Component/AuthComponentTest.php

@@ -1142,12 +1142,20 @@ class AuthComponentTest extends TestCase
             'Test' => ['className' => 'TestApp\Auth\TestAuthenticate']
         ]);
 
-        $this->Auth->identify();
+        $user = $this->Auth->identify();
         $this->Auth->logout();
         $authObject = $this->Auth->authenticationProvider();
 
         $expected = ['afterIdentify', 'logout'];
         $this->assertEquals($expected, $authObject->callStack);
+        $expected = ['id' => 1, 'username' => 'admad'];
+        $this->assertEquals($expected, $user);
+
+        // Callback for Auth.afterIdentify returns a value
+        $authObject->modifiedUser = true;
+        $user = $this->Auth->identify();
+        $expected = ['id' => 1, 'username' => 'admad', 'extra' => 'foo'];
+        $this->assertEquals($expected, $user);
     }
 
     /**

tests/test_app/TestApp/Auth/TestAuthenticate.php

@@ -43,6 +43,10 @@ class TestAuthenticate extends BaseAuthenticate
     public function afterIdentify(Event $event, array $user)
     {
         $this->callStack[] = __FUNCTION__;
+
+        if (!empty($this->modifiedUser)) {
+            return $user + ['extra' => 'foo'];
+        }
     }
 
     public function logout(Event $event, array $user)