Merge branch 'master' into 3.next

.varci.yml

@@ -40,5 +40,6 @@ ruleset:
       - body matches "/\[x\] bug/"
       - 'not(body matches "/CakePHP Version: v?(\d+\.)?(\d+\.)?(\*|\d+)/")'
       - 'not(body matches "/CakePHP Version: [0-9a-f]{5,40}/")'
+      - 'not(body matches "/cakephp\/cakephp\s+\d+\.\d+\.\d+/")'
     comment: '{{ user.login }}, please include the CakePHP version number you are using in your description. It helps us debug your issue.'
 

phpstan.neon

@@ -29,7 +29,7 @@ parameters:
         - '#PHPDoc tag @throws with type PHPUnit\\Exception is not subtype of Throwable#'
         - '#Call to an undefined method PHPUnit\\Framework\\MockObject\\MockObject#'
     earlyTerminatingMethodCalls:
-        Cake\Shell\Shell:
+        Cake\Console\Shell:
             - abort
 
 services:

src/Auth/BasicAuthenticate.php

@@ -27,27 +27,27 @@ use Cake\Http\ServerRequest;
  *
  * ### Using Basic auth
  *
- * In your controller's components array, add auth + the required config
+ * Load `AuthComponent` in your controller's `initialize()` and add 'Basic' in 'authenticate' key
  * ```
- *  public $components = [
- *      'Auth' => [
- *          'authenticate' => ['Basic']
- *      ]
- *  ];
+ *  $this->loadComponent('Auth', [
+ *      'authenticate' => ['Basic']
+ *      'storage' => 'Memory',
+ *      'unauthorizedRedirect' => false,
+ *  ]);
  * ```
  *
- * You should also set `AuthComponent::$sessionKey = false;` in your AppController's
- * beforeFilter() to prevent CakePHP from sending a session cookie to the client.
+ * You should set `storage` to `Memory` to prevent CakePHP from sending a
+ * session cookie to the client.
  *
- * Since HTTP Basic Authentication is stateless you don't need a login() action
+ * You should set `unauthorizedRedirect` to `false`. This causes `AuthComponent` to
+ * throw a `ForbiddenException` exception instead of redirecting to another page.
+ *
+ * Since HTTP Basic Authentication is stateless you don't need call `setUser()`
  * in your controller. The user credentials will be checked on each request. If
  * valid credentials are not provided, required authentication headers will be sent
  * by this authentication provider which triggers the login dialog in the browser/client.
  *
- * You may also want to use `$this->Auth->unauthorizedRedirect = false;`.
- * By default, unauthorized users are redirected to the referrer URL,
- * `AuthComponent::$loginAction`, or '/'. If unauthorizedRedirect is set to
- * false, a ForbiddenException exception is thrown instead of redirecting.
+ * @see https://book.cakephp.org/3.0/en/controllers/components/authentication.html
  */
 class BasicAuthenticate extends BaseAuthenticate
 {

src/Auth/DigestAuthenticate.php

@@ -25,27 +25,27 @@ use Cake\Utility\Security;
  *
  * ### Using Digest auth
  *
- * In your controller's components array, add auth + the required config
+ * Load `AuthComponent` in your controller's `initialize()` and add 'Digest' in 'authenticate' key
+ *
  * ```
- *  public $components = [
- *      'Auth' => [
- *          'authenticate' => ['Digest']
- *      ]
- *  ];
+ *  $this->loadComponent('Auth', [
+ *      'authenticate' => ['Digest'],
+ *      'storage' => 'Memory',
+ *      'unauthorizedRedirect' => false,
+ *  ]);
  * ```
  *
- * You should also set `AuthComponent::$sessionKey = false;` in your AppController's
- * beforeFilter() to prevent CakePHP from sending a session cookie to the client.
+ * You should set `storage` to `Memory` to prevent CakePHP from sending a
+ * session cookie to the client.
+ *
+ * You should set `unauthorizedRedirect` to `false`. This causes `AuthComponent` to
+ * throw a `ForbiddenException` exception instead of redirecting to another page.
  *
- * Since HTTP Digest Authentication is stateless you don't need a login() action
+ * Since HTTP Digest Authentication is stateless you don't need call `setUser()`
  * in your controller. The user credentials will be checked on each request. If
  * valid credentials are not provided, required authentication headers will be sent
  * by this authentication provider which triggers the login dialog in the browser/client.
  *
- * You may also want to use `$this->Auth->unauthorizedRedirect = false;`.
- * This causes AuthComponent to throw a ForbiddenException exception instead of
- * redirecting to another page.
- *
  * ### Generating passwords compatible with Digest authentication.
  *
  * DigestAuthenticate requires a special password hash that conforms to RFC2617.
@@ -60,6 +60,8 @@ use Cake\Utility\Security;
  * example `User.digest_pass` could be used for a digest password, while
  * `User.password` would store the password hash for use with other methods like
  * Basic or Form.
+ *
+ * @see https://book.cakephp.org/3.0/en/controllers/components/authentication.html
  */
 class DigestAuthenticate extends BasicAuthenticate
 {

src/Auth/FormAuthenticate.php

@@ -19,21 +19,30 @@ use Cake\Http\Response;
 use Cake\Http\ServerRequest;
 
 /**
- * An authentication adapter for AuthComponent. Provides the ability to authenticate using POST
- * data. Can be used by configuring AuthComponent to use it via the AuthComponent::$authenticate config.
+ * Form authentication adapter for AuthComponent.
+ *
+ * Allows you to authenticate users based on form POST data.
+ * Usually, this is a login form that users enter information into.
+ *
+ * ### Using Form auth
+ *
+ * Load `AuthComponent` in your controller's `initialize()` and add 'Form' in 'authenticate' key
  *
  * ```
- *  $this->Auth->authenticate = [
- *      'Form' => [
- *          'finder' => ['auth' => ['some_finder_option' => 'some_value']]
- *      ]
- *  ]
+ * $this->loadComponent('Auth', [
+ *     'authenticate' => [
+ *         'Form' => [
+ *             'fields' => ['username' => 'email', 'password' => 'passwd'],
+ *             'finder' => 'auth',
+ *         ]
+ *     ]
+ * ]);
  * ```
  *
- * When configuring FormAuthenticate you can pass in config to which fields, model and additional conditions
- * are used. See FormAuthenticate::$_config for more information.
+ * When configuring FormAuthenticate you can pass in config to which fields, model and finder
+ * are used. See `BaseAuthenticate::$_defaultConfig` for more information.
  *
- * @see \Cake\Controller\Component\AuthComponent::$authenticate
+ * @see https://book.cakephp.org/3.0/en/controllers/components/authentication.html
  */
 class FormAuthenticate extends BaseAuthenticate
 {

src/ORM/README.md

@@ -163,6 +163,75 @@ $cacheConfig = [
 Cache::setConfig('_cake_model_', $cacheConfig);
 ```
 
+## Creating Custom Table and Entity Classes
+
+By default, the Cake ORM uses the `\Cake\ORM\Table` and `\Cake\ORM\Entity` classes to
+interact with the database. While using the default classes makes sense for
+quick scripts and small applications, you will often want to use your own
+classes for adding your custom logic.
+
+When using the ORM as a standalone package, you are free to choose where to
+store these classes. For example, you could use the `Data` folder for this:
+
+```php
+<?php
+// in src/Data/Table/ArticlesTable.php
+namespace Acme\Data\Table;
+
+use Acme\Data\Entity\Article;
+use Acme\Data\Table\UsersTable;
+use Cake\ORM\Table;
+
+class ArticlesTable extends Table
+{
+    public function initialize()
+    {
+        $this->setEntityClass(Article::class);
+        $this->belongsTo('Users', ['className' => UsersTable::class]);
+    }
+}
+```
+
+This table class is now setup to connect to the `articles` table in your
+database and return instances of `Article` when fetching results. In order to
+get an instance of this class, as shown before, you can use the `TableLocator`:
+
+```php
+<?php
+use Acme\Data\Table\ArticlesTable;
+use Cake\ORM\Locator\TableLocator;
+
+$locator = new TableLocator();
+$articles = $locator->get('Articles', ['className' => ArticlesTable::class]);
+```
+
+### Using Conventions-Based Loading
+
+It may get quite tedious having to specify each time the class name to load. So
+the Cake ORM can do most of the work for you if you give it some configuration.
+
+The convention is to have all ORM related classes inside the `src/Model` folder,
+that is the `Model` sub-namespace for your app. So you will usually have the
+`src/Model/Table` and `src/Model/Entity` folders in your project. But first, we
+need to inform Cake of the namespace your application lives in:
+
+```php
+<?php
+use Cake\Core\Configure;
+
+Configure::write('App.namespace', 'Acme');
+```
+
+You can also set a longer namaspace up to the place where the `Model` folder is:
+
+```php
+<?php
+use Cake\Core\Configure;
+
+Configure::write('App.namespace', 'My\Log\SubNamespace');
+```
+
+
 ## Additional Documentation
 
 Consult [the CakePHP ORM documentation](https://book.cakephp.org/3.0/en/orm.html)

tests/TestCase/Http/Cookie/CookieTest.php

@@ -74,7 +74,7 @@ class CookieTest extends TestCase
         $result = $cookie->toHeaderValue();
         $this->assertEquals('cakephp=cakephp-rocks; path=/', $result);
 
-        $date = Chronos::createFromFormat('m/d/Y h:m:s', '12/1/2027 12:00:00');
+        $date = Chronos::createFromFormat('m/d/Y h:i:s', '12/1/2027 12:00:00');
 
         $cookie = new Cookie('cakephp', 'cakephp-rocks');
         $cookie = $cookie->withDomain('cakephp.org')
@@ -83,7 +83,7 @@ class CookieTest extends TestCase
             ->withSecure(true);
         $result = $cookie->toHeaderValue();
 
-        $expected = 'cakephp=cakephp-rocks; expires=Tue, 01-Dec-2026 12:00:00 GMT; path=/; domain=cakephp.org; secure; httponly';
+        $expected = 'cakephp=cakephp-rocks; expires=Wed, 01-Dec-2027 12:00:00 GMT; path=/; domain=cakephp.org; secure; httponly';
         $this->assertEquals($expected, $result);
     }
 

tests/bootstrap.php

@@ -117,11 +117,13 @@ Log::setConfig([
         'engine' => 'Cake\Log\Engine\FileLog',
         'levels' => ['notice', 'info', 'debug'],
         'file' => 'debug',
+        'path' => LOGS,
     ],
     'error' => [
         'engine' => 'Cake\Log\Engine\FileLog',
         'levels' => ['warning', 'error', 'critical', 'alert', 'emergency'],
         'file' => 'error',
+        'path' => LOGS,
     ]
 ]);