Merge pull request #11380 from cakephp/more-deprecations

Add deprecations for Controller

src/Controller/Component/AuthComponent.php

@@ -255,6 +255,14 @@ class AuthComponent extends Component
         $this->setEventManager($controller->getEventManager());
         $this->response =& $controller->response;
         $this->session = $controller->request->getSession();
+
+        if ($this->getConfig('ajaxLogin')) {
+            deprecationWarning(
+                'The `ajaxLogin` option is deprecated. Your client-side ' .
+                'code should instead check for 403 status code and show ' .
+                'appropriate login form.'
+            );
+        }
     }
 
     /**

src/Controller/Component/PaginatorComponent.php

@@ -286,6 +286,7 @@ class PaginatorComponent extends Component
      */
     public function config($key = null, $value = null, $merge = true)
     {
+        deprecationWarning('PaginatorComponent::config() is deprecated. Use getConfig()/setConfig() instead.');
         $return = $this->_paginator->config($key, $value, $merge);
         if ($return instanceof Paginator) {
             $return = $this;

src/Controller/Component/RequestHandlerComponent.php

@@ -258,6 +258,11 @@ class RequestHandlerComponent extends Component
         if (!$this->getConfig('enableBeforeRedirect')) {
             return null;
         }
+        deprecationWarning(
+            'RequestHandlerComponent::beforeRedirect() is deprecated. ' .
+            'This functionality will be removed in 4.0.0. Set the `enableBeforeRedirect` ' .
+            'option to `false` to disable this warning.'
+        );
         $request = $this->request;
         if (!$request->is('ajax')) {
             return null;
@@ -712,9 +717,8 @@ class RequestHandlerComponent extends Component
      */
     public function addInputType($type, $handler)
     {
-        trigger_error(
-            'RequestHandlerComponent::addInputType() is deprecated. Use setConfig("inputTypeMap", ...) instead.',
-            E_USER_DEPRECATED
+        deprecationWarning(
+            'RequestHandlerComponent::addInputType() is deprecated. Use setConfig("inputTypeMap", ...) instead.'
         );
         if (!is_array($handler) || !isset($handler[0]) || !is_callable($handler[0])) {
             throw new Exception('You must give a handler callback.');
@@ -732,9 +736,8 @@ class RequestHandlerComponent extends Component
      */
     public function viewClassMap($type = null, $viewClass = null)
     {
-        trigger_error(
-            'RequestHandlerComponent::viewClassMap() is deprecated. Use setConfig("viewClassMap", ...) instead.',
-            E_USER_DEPRECATED
+        deprecationWarning(
+            'RequestHandlerComponent::viewClassMap() is deprecated. Use setConfig("viewClassMap", ...) instead.'
         );
         if (!$viewClass && is_string($type)) {
             return $this->getConfig('viewClassMap.' . $type);

src/Controller/Component/SecurityComponent.php

@@ -166,6 +166,7 @@ class SecurityComponent extends Component
      */
     public function requireAuth($actions)
     {
+        deprecationWarning('SecurityComponent::requireAuth() will be removed in 4.0.0.');
         $this->_requireMethod('Auth', (array)$actions);
     }
 
@@ -263,6 +264,7 @@ class SecurityComponent extends Component
             !empty($this->_config['requireAuth']) &&
             $request->getData()
         ) {
+            deprecationWarning('SecurityComponent::requireAuth() will be removed in 4.0.0.');
             $requireAuth = $this->_config['requireAuth'];
 
             if (in_array($request->getParam('action'), $requireAuth) || $requireAuth == ['*']) {

tests/TestCase/Controller/Component/PaginatorComponentTest.php

@@ -533,7 +533,7 @@ class PaginatorComponentTest extends TestCase
             'limit' => 20,
             'maxLimit' => 100,
         ];
-        $this->Paginator->config('whitelist', ['fields']);
+        $this->Paginator->setConfig('whitelist', ['fields']);
         $result = $this->Paginator->mergeOptions('Post', $settings);
         $expected = [
             'page' => 10, 'limit' => 10, 'maxLimit' => 100, 'fields' => ['bad.stuff'], 'whitelist' => ['limit', 'sort', 'page', 'direction', 'fields']

tests/TestCase/Controller/Component/RequestHandlerComponentTest.php

@@ -597,35 +597,41 @@ class RequestHandlerComponentTest extends TestCase
     /**
      * testNonAjaxRedirect method
      *
+     * @group deprecated
      * @return void
      * @triggers Controller.startup $this->Controller
      */
     public function testNonAjaxRedirect()
     {
-        $event = new Event('Controller.startup', $this->Controller);
-        $this->RequestHandler->initialize([]);
-        $this->RequestHandler->startup($event);
-        $this->assertNull($this->RequestHandler->beforeRedirect($event, '/', $this->Controller->response));
+        $this->deprecated(function () {
+            $event = new Event('Controller.startup', $this->Controller);
+            $this->RequestHandler->initialize([]);
+            $this->RequestHandler->startup($event);
+            $this->assertNull($this->RequestHandler->beforeRedirect($event, '/', $this->Controller->response));
+        });
     }
 
     /**
      * test that redirects with ajax and no URL don't do anything.
      *
+     * @group deprecated
      * @return void
      * @triggers Controller.startup $this->Controller
      */
     public function testAjaxRedirectWithNoUrl()
     {
-        $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest';
-        $event = new Event('Controller.startup', $this->Controller);
-        $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')->getMock();
+        $this->deprecated(function () {
+            $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest';
+            $event = new Event('Controller.startup', $this->Controller);
+            $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')->getMock();
 
-        $this->Controller->response->expects($this->never())
-            ->method('body');
+            $this->Controller->response->expects($this->never())
+                ->method('body');
 
-        $this->RequestHandler->initialize([]);
-        $this->RequestHandler->startup($event);
-        $this->assertNull($this->RequestHandler->beforeRedirect($event, null, $this->Controller->response));
+            $this->RequestHandler->initialize([]);
+            $this->RequestHandler->startup($event);
+            $this->assertNull($this->RequestHandler->beforeRedirect($event, null, $this->Controller->response));
+        });
     }
 
     /**
@@ -903,170 +909,185 @@ class RequestHandlerComponentTest extends TestCase
     /**
      * test that AJAX requests involving redirects trigger requestAction instead.
      *
+     * @group deprecated
      * @return void
      * @triggers Controller.beforeRedirect $this->Controller
      */
     public function testAjaxRedirectAsRequestAction()
     {
-        static::setAppNamespace();
-        Router::connect('/:controller/:action');
-        $event = new Event('Controller.beforeRedirect', $this->Controller);
-
-        $this->RequestHandler = new RequestHandlerComponent($this->Controller->components());
-        $this->Controller->request = $this->getMockBuilder('Cake\Http\ServerRequest')
-            ->setMethods(['is'])
-            ->getMock();
-        $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')
-            ->setMethods(['_sendHeader', 'stop'])
-            ->getMock();
-        $this->Controller->request->expects($this->any())
-            ->method('is')
-            ->will($this->returnValue(true));
-
-        $response = $this->RequestHandler->beforeRedirect(
-            $event,
-            ['controller' => 'RequestHandlerTest', 'action' => 'destination'],
-            $this->Controller->response
-        );
-        $this->assertRegExp('/posts index/', $response->body(), 'RequestAction redirect failed.');
+        $this->deprecated(function () {
+            static::setAppNamespace();
+            Router::connect('/:controller/:action');
+            $event = new Event('Controller.beforeRedirect', $this->Controller);
+
+            $this->RequestHandler = new RequestHandlerComponent($this->Controller->components());
+            $this->Controller->request = $this->getMockBuilder('Cake\Http\ServerRequest')
+                ->setMethods(['is'])
+                ->getMock();
+            $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')
+                ->setMethods(['_sendHeader', 'stop'])
+                ->getMock();
+            $this->Controller->request->expects($this->any())
+                ->method('is')
+                ->will($this->returnValue(true));
+
+            $response = $this->RequestHandler->beforeRedirect(
+                $event,
+                ['controller' => 'RequestHandlerTest', 'action' => 'destination'],
+                $this->Controller->response
+            );
+            $this->assertRegExp('/posts index/', $response->body(), 'RequestAction redirect failed.');
+        });
     }
 
     /**
      * Test that AJAX requests involving redirects handle querystrings
      *
+     * @group deprecated
      * @return void
      * @triggers Controller.beforeRedirect $this->Controller
      */
     public function testAjaxRedirectAsRequestActionWithQueryString()
     {
-        static::setAppNamespace();
-        Router::connect('/:controller/:action');
-
-        $this->RequestHandler = new RequestHandlerComponent($this->Controller->components());
-        $this->Controller->request = $this->getMockBuilder('Cake\Http\ServerRequest')
-            ->setMethods(['is'])
-            ->getMock();
-        $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')
-            ->setMethods(['_sendHeader', 'stop'])
-            ->getMock();
-        $this->Controller->request->expects($this->any())
-            ->method('is')
-            ->with('ajax')
-            ->will($this->returnValue(true));
-        $event = new Event('Controller.beforeRedirect', $this->Controller);
-
-        $response = $this->RequestHandler->beforeRedirect(
-            $event,
-            '/request_action/params_pass?a=b&x=y?ish',
-            $this->Controller->response
-        );
-        $data = json_decode($response, true);
-        $this->assertEquals('/request_action/params_pass', $data['here']);
-
-        $response = $this->RequestHandler->beforeRedirect(
-            $event,
-            '/request_action/query_pass?a=b&x=y?ish',
-            $this->Controller->response
-        );
-        $data = json_decode($response, true);
-        $this->assertEquals('y?ish', $data['x']);
+        $this->deprecated(function () {
+            static::setAppNamespace();
+            Router::connect('/:controller/:action');
+
+            $this->RequestHandler = new RequestHandlerComponent($this->Controller->components());
+            $this->Controller->request = $this->getMockBuilder('Cake\Http\ServerRequest')
+                ->setMethods(['is'])
+                ->getMock();
+            $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')
+                ->setMethods(['_sendHeader', 'stop'])
+                ->getMock();
+            $this->Controller->request->expects($this->any())
+                ->method('is')
+                ->with('ajax')
+                ->will($this->returnValue(true));
+            $event = new Event('Controller.beforeRedirect', $this->Controller);
+
+            $response = $this->RequestHandler->beforeRedirect(
+                $event,
+                '/request_action/params_pass?a=b&x=y?ish',
+                $this->Controller->response
+            );
+            $data = json_decode($response, true);
+            $this->assertEquals('/request_action/params_pass', $data['here']);
+
+            $response = $this->RequestHandler->beforeRedirect(
+                $event,
+                '/request_action/query_pass?a=b&x=y?ish',
+                $this->Controller->response
+            );
+            $data = json_decode($response, true);
+            $this->assertEquals('y?ish', $data['x']);
+        });
     }
 
     /**
      * Test that AJAX requests involving redirects handle cookie data
      *
+     * @group deprecated
      * @return void
      * @triggers Controller.beforeRedirect $this->Controller
      */
     public function testAjaxRedirectAsRequestActionWithCookieData()
     {
-        static::setAppNamespace();
-        Router::connect('/:controller/:action');
-        $event = new Event('Controller.beforeRedirect', $this->Controller);
-
-        $this->RequestHandler = new RequestHandlerComponent($this->Controller->components());
-        $this->Controller->request = $this->getMockBuilder('Cake\Http\ServerRequest')
-            ->setMethods(['is'])
-            ->getMock();
-        $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')
-            ->setMethods(['_sendHeader', 'stop'])
-            ->getMock();
-        $this->Controller->request->expects($this->any())->method('is')->will($this->returnValue(true));
-
-        $cookies = [
-            'foo' => 'bar'
-        ];
-        $this->Controller->request->cookies = $cookies;
-
-        $response = $this->RequestHandler->beforeRedirect(
-            $event,
-            '/request_action/cookie_pass',
-            $this->Controller->response
-        );
-        $data = json_decode($response, true);
-        $this->assertEquals($cookies, $data);
+        $this->deprecated(function () {
+            static::setAppNamespace();
+            Router::connect('/:controller/:action');
+            $event = new Event('Controller.beforeRedirect', $this->Controller);
+
+            $this->RequestHandler = new RequestHandlerComponent($this->Controller->components());
+            $this->Controller->request = $this->getMockBuilder('Cake\Http\ServerRequest')
+                ->setMethods(['is'])
+                ->getMock();
+            $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')
+                ->setMethods(['_sendHeader', 'stop'])
+                ->getMock();
+            $this->Controller->request->expects($this->any())->method('is')->will($this->returnValue(true));
+
+            $cookies = [
+                'foo' => 'bar'
+            ];
+            $this->Controller->request->cookies = $cookies;
+
+            $response = $this->RequestHandler->beforeRedirect(
+                $event,
+                '/request_action/cookie_pass',
+                $this->Controller->response
+            );
+            $data = json_decode($response, true);
+            $this->assertEquals($cookies, $data);
+        });
     }
 
     /**
      * Tests that AJAX requests involving redirects don't let the status code bleed through.
      *
+     * @group deprecated
      * @return void
      * @triggers Controller.beforeRedirect $this->Controller
      */
     public function testAjaxRedirectAsRequestActionStatusCode()
     {
-        static::setAppNamespace();
-        Router::connect('/:controller/:action');
-        $event = new Event('Controller.beforeRedirect', $this->Controller);
-
-        $this->RequestHandler = new RequestHandlerComponent($this->Controller->components());
-        $this->Controller->request = $this->getMockBuilder('Cake\Http\ServerRequest')
-            ->setMethods(['is'])
-            ->getMock();
-        $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')
-            ->setMethods(['_sendHeader', 'stop'])
-            ->getMock();
-        $this->Controller->response->statusCode(302);
-        $this->Controller->request->expects($this->any())->method('is')->will($this->returnValue(true));
-
-        $response = $this->RequestHandler->beforeRedirect(
-            $event,
-            ['controller' => 'RequestHandlerTest', 'action' => 'destination'],
-            $this->Controller->response
-        );
-        $this->assertRegExp('/posts index/', $response->body(), 'RequestAction redirect failed.');
-        $this->assertSame(200, $response->statusCode());
+        $this->deprecated(function () {
+            static::setAppNamespace();
+            Router::connect('/:controller/:action');
+            $event = new Event('Controller.beforeRedirect', $this->Controller);
+
+            $this->RequestHandler = new RequestHandlerComponent($this->Controller->components());
+            $this->Controller->request = $this->getMockBuilder('Cake\Http\ServerRequest')
+                ->setMethods(['is'])
+                ->getMock();
+            $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')
+                ->setMethods(['_sendHeader', 'stop'])
+                ->getMock();
+            $this->Controller->response->statusCode(302);
+            $this->Controller->request->expects($this->any())->method('is')->will($this->returnValue(true));
+
+            $response = $this->RequestHandler->beforeRedirect(
+                $event,
+                ['controller' => 'RequestHandlerTest', 'action' => 'destination'],
+                $this->Controller->response
+            );
+            $this->assertRegExp('/posts index/', $response->body(), 'RequestAction redirect failed.');
+            $this->assertSame(200, $response->statusCode());
+        });
     }
 
     /**
      * test that ajax requests involving redirects don't force no layout
      * this would cause the ajax layout to not be rendered.
      *
+     * @group deprecated
      * @return void
      * @triggers Controller.beforeRedirect $this->Controller
      */
     public function testAjaxRedirectAsRequestActionStillRenderingLayout()
     {
-        static::setAppNamespace();
-        Router::connect('/:controller/:action');
-        $event = new Event('Controller.beforeRedirect', $this->Controller);
-
-        $this->RequestHandler = new RequestHandlerComponent($this->Controller->components());
-        $this->Controller->request = $this->getMockBuilder('Cake\Http\ServerRequest')
-            ->setMethods(['is'])
-            ->getMock();
-        $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')
-            ->setMethods(['_sendHeader', 'stop'])
-            ->getMock();
-        $this->Controller->request->expects($this->any())->method('is')->will($this->returnValue(true));
-
-        $response = $this->RequestHandler->beforeRedirect(
-            $event,
-            ['controller' => 'RequestHandlerTest', 'action' => 'ajax2_layout'],
-            $this->Controller->response
-        );
-        $this->assertRegExp('/posts index/', $response->body(), 'RequestAction redirect failed.');
-        $this->assertRegExp('/Ajax!/', $response->body(), 'Layout was not rendered.');
+        $this->deprecated(function () {
+            static::setAppNamespace();
+            Router::connect('/:controller/:action');
+            $event = new Event('Controller.beforeRedirect', $this->Controller);
+
+            $this->RequestHandler = new RequestHandlerComponent($this->Controller->components());
+            $this->Controller->request = $this->getMockBuilder('Cake\Http\ServerRequest')
+                ->setMethods(['is'])
+                ->getMock();
+            $this->Controller->response = $this->getMockBuilder('Cake\Http\Response')
+                ->setMethods(['_sendHeader', 'stop'])
+                ->getMock();
+            $this->Controller->request->expects($this->any())->method('is')->will($this->returnValue(true));
+
+            $response = $this->RequestHandler->beforeRedirect(
+                $event,
+                ['controller' => 'RequestHandlerTest', 'action' => 'ajax2_layout'],
+                $this->Controller->response
+            );
+            $this->assertRegExp('/posts index/', $response->body(), 'RequestAction redirect failed.');
+            $this->assertRegExp('/Ajax!/', $response->body(), 'Layout was not rendered.');
+        });
     }
 
     /**
@@ -1074,32 +1095,35 @@ class RequestHandlerComponentTest extends TestCase
      * array URLs into their correct string ones, and adds base => false so
      * the correct URLs are generated.
      *
+     * @group deprecated
      * @return void
      * @triggers Controller.beforeRender $this->Controller
      */
     public function testBeforeRedirectCallbackWithArrayUrl()
     {
-        static::setAppNamespace();
-        Router::connect('/:controller/:action/*');
-        $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest';
-        $event = new Event('Controller.beforeRender', $this->Controller);
-
-        Router::setRequestInfo([
-            ['plugin' => null, 'controller' => 'accounts', 'action' => 'index', 'pass' => []],
-            ['base' => '', 'here' => '/accounts/', 'webroot' => '/']
-        ]);
-
-        $RequestHandler = new RequestHandlerComponent($this->Controller->components());
-        $this->Controller->request = new ServerRequest('posts/index');
-
-        ob_start();
-        $RequestHandler->beforeRedirect(
-            $event,
-            ['controller' => 'RequestHandlerTest', 'action' => 'param_method', 'first', 'second'],
-            $this->Controller->response
-        );
-        $result = ob_get_clean();
-        $this->assertEquals('one: first two: second', $result);
+        $this->deprecated(function () {
+            static::setAppNamespace();
+            Router::connect('/:controller/:action/*');
+            $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest';
+            $event = new Event('Controller.beforeRender', $this->Controller);
+
+            Router::setRequestInfo([
+                ['plugin' => null, 'controller' => 'accounts', 'action' => 'index', 'pass' => []],
+                ['base' => '', 'here' => '/accounts/', 'webroot' => '/']
+            ]);
+
+            $RequestHandler = new RequestHandlerComponent($this->Controller->components());
+            $this->Controller->request = new ServerRequest('posts/index');
+
+            ob_start();
+            $RequestHandler->beforeRedirect(
+                $event,
+                ['controller' => 'RequestHandlerTest', 'action' => 'param_method', 'first', 'second'],
+                $this->Controller->response
+            );
+            $result = ob_get_clean();
+            $this->assertEquals('one: first two: second', $result);
+        });
     }
 
     /**

tests/TestCase/Controller/Component/SecurityComponentTest.php

@@ -355,73 +355,79 @@ class SecurityComponentTest extends TestCase
     /**
      * testRequireAuthFail method
      *
+     * @group deprecated
      * @return void
      * @triggers Controller.startup $this->Controller
      */
     public function testRequireAuthFail()
     {
-        $event = new Event('Controller.startup', $this->Controller);
-        $_SERVER['REQUEST_METHOD'] = 'AUTH';
-        $this->Controller->request['action'] = 'posted';
-        $this->Controller->request->data = ['username' => 'willy', 'password' => 'somePass'];
-        $this->Security->requireAuth(['posted']);
-        $this->Security->startup($event);
-        $this->assertTrue($this->Controller->failed);
-
-        $this->Security->session->write('_Token', ['allowedControllers' => []]);
-        $this->Controller->request->data = ['username' => 'willy', 'password' => 'somePass'];
-        $this->Controller->request['action'] = 'posted';
-        $this->Security->requireAuth('posted');
-        $this->Security->startup($event);
-        $this->assertTrue($this->Controller->failed);
-
-        $this->Security->session->write('_Token', [
-            'allowedControllers' => ['SecurityTest'], 'allowedActions' => ['posted2']
-        ]);
-        $this->Controller->request->data = ['username' => 'willy', 'password' => 'somePass'];
-        $this->Controller->request['action'] = 'posted';
-        $this->Security->requireAuth('posted');
-        $this->Security->startup($event);
-        $this->assertTrue($this->Controller->failed);
+        $this->deprecated(function () {
+            $event = new Event('Controller.startup', $this->Controller);
+            $_SERVER['REQUEST_METHOD'] = 'AUTH';
+            $this->Controller->request['action'] = 'posted';
+            $this->Controller->request->data = ['username' => 'willy', 'password' => 'somePass'];
+            $this->Security->requireAuth(['posted']);
+            $this->Security->startup($event);
+            $this->assertTrue($this->Controller->failed);
+
+            $this->Security->session->write('_Token', ['allowedControllers' => []]);
+            $this->Controller->request->data = ['username' => 'willy', 'password' => 'somePass'];
+            $this->Controller->request['action'] = 'posted';
+            $this->Security->requireAuth('posted');
+            $this->Security->startup($event);
+            $this->assertTrue($this->Controller->failed);
+
+            $this->Security->session->write('_Token', [
+                'allowedControllers' => ['SecurityTest'], 'allowedActions' => ['posted2']
+            ]);
+            $this->Controller->request->data = ['username' => 'willy', 'password' => 'somePass'];
+            $this->Controller->request['action'] = 'posted';
+            $this->Security->requireAuth('posted');
+            $this->Security->startup($event);
+            $this->assertTrue($this->Controller->failed);
+        });
     }
 
     /**
      * testRequireAuthSucceed method
      *
+     * @group deprecated
      * @return void
      * @triggers Controller.startup $this->Controller
      */
     public function testRequireAuthSucceed()
     {
-        $_SERVER['REQUEST_METHOD'] = 'AUTH';
-        $this->Controller->Security->config('validatePost', false);
-
-        $event = new Event('Controller.startup', $this->Controller);
-        $this->Controller->request->addParams([
-            'action' => 'posted'
-        ]);
-        $this->Security->requireAuth('posted');
-        $this->Security->startup($event);
-        $this->assertFalse($this->Controller->failed);
-
-        $this->Controller->Security->session->write('_Token', [
-            'allowedControllers' => ['SecurityTest'],
-            'allowedActions' => ['posted'],
-        ]);
-        $this->Controller->request->addParams([
-            'controller' => 'SecurityTest',
-            'action' => 'posted'
-        ]);
-
-        $this->Controller->request->data = [
-            'username' => 'willy',
-            'password' => 'somePass',
-            '_Token' => ''
-        ];
-        $this->Controller->action = 'posted';
-        $this->Controller->Security->requireAuth('posted');
-        $this->Controller->Security->startup($event);
-        $this->assertFalse($this->Controller->failed);
+        $this->deprecated(function () {
+            $_SERVER['REQUEST_METHOD'] = 'AUTH';
+            $this->Controller->Security->config('validatePost', false);
+
+            $event = new Event('Controller.startup', $this->Controller);
+            $this->Controller->request->addParams([
+                'action' => 'posted'
+            ]);
+            $this->Security->requireAuth('posted');
+            $this->Security->startup($event);
+            $this->assertFalse($this->Controller->failed);
+
+            $this->Controller->Security->session->write('_Token', [
+                'allowedControllers' => ['SecurityTest'],
+                'allowedActions' => ['posted'],
+            ]);
+            $this->Controller->request->addParams([
+                'controller' => 'SecurityTest',
+                'action' => 'posted'
+            ]);
+
+            $this->Controller->request->data = [
+                'username' => 'willy',
+                'password' => 'somePass',
+                '_Token' => ''
+            ];
+            $this->Controller->action = 'posted';
+            $this->Controller->Security->requireAuth('posted');
+            $this->Controller->Security->startup($event);
+            $this->assertFalse($this->Controller->failed);
+        });
     }
 
     /**
@@ -1635,6 +1641,7 @@ class SecurityComponentTest extends TestCase
      *
      * Auth required throws exception token not found.
      *
+     * @group deprecated
      * @return void
      * @expectedException \Cake\Controller\Exception\AuthSecurityException
      * @expectedExceptionMessage '_Token' was not found in request data.
@@ -1642,10 +1649,12 @@ class SecurityComponentTest extends TestCase
      */
     public function testAuthRequiredThrowsExceptionTokenNotFoundPost()
     {
-        $this->Security->config('requireAuth', ['protected']);
-        $this->Controller->request->params['action'] = 'protected';
-        $this->Controller->request->data = 'notEmpty';
-        $this->Security->authRequired($this->Controller);
+        $this->deprecated(function () {
+            $this->Security->config('requireAuth', ['protected']);
+            $this->Controller->request->params['action'] = 'protected';
+            $this->Controller->request->data = 'notEmpty';
+            $this->Security->authRequired($this->Controller);
+        });
     }
 
     /**
@@ -1653,6 +1662,7 @@ class SecurityComponentTest extends TestCase
      *
      * Auth required throws exception token not found in Session.
      *
+     * @group deprecated
      * @return void
      * @expectedException \Cake\Controller\Exception\AuthSecurityException
      * @expectedExceptionMessage '_Token' was not found in session.
@@ -1660,10 +1670,12 @@ class SecurityComponentTest extends TestCase
      */
     public function testAuthRequiredThrowsExceptionTokenNotFoundSession()
     {
-        $this->Security->config('requireAuth', ['protected']);
-        $this->Controller->request->params['action'] = 'protected';
-        $this->Controller->request->data = ['_Token' => 'not empty'];
-        $this->Security->authRequired($this->Controller);
+        $this->deprecated(function () {
+            $this->Security->config('requireAuth', ['protected']);
+            $this->Controller->request->params['action'] = 'protected';
+            $this->Controller->request->data = ['_Token' => 'not empty'];
+            $this->Security->authRequired($this->Controller);
+        });
     }
 
     /**
@@ -1671,6 +1683,7 @@ class SecurityComponentTest extends TestCase
      *
      * Auth required throws exception controller not allowed.
      *
+     * @group deprecated
      * @return void
      * @expectedException \Cake\Controller\Exception\AuthSecurityException
      * @expectedExceptionMessage Controller 'NotAllowed' was not found in allowed controllers: 'Allowed, AnotherAllowed'.
@@ -1678,14 +1691,16 @@ class SecurityComponentTest extends TestCase
      */
     public function testAuthRequiredThrowsExceptionControllerNotAllowed()
     {
-        $this->Security->config('requireAuth', ['protected']);
-        $this->Controller->request->params['controller'] = 'NotAllowed';
-        $this->Controller->request->params['action'] = 'protected';
-        $this->Controller->request->data = ['_Token' => 'not empty'];
-        $this->Controller->request->session()->write('_Token', [
-            'allowedControllers' => ['Allowed', 'AnotherAllowed']
-        ]);
-        $this->Security->authRequired($this->Controller);
+        $this->deprecated(function () {
+            $this->Security->config('requireAuth', ['protected']);
+            $this->Controller->request->params['controller'] = 'NotAllowed';
+            $this->Controller->request->params['action'] = 'protected';
+            $this->Controller->request->data = ['_Token' => 'not empty'];
+            $this->Controller->request->session()->write('_Token', [
+                'allowedControllers' => ['Allowed', 'AnotherAllowed']
+            ]);
+            $this->Security->authRequired($this->Controller);
+        });
     }
 
     /**
@@ -1700,14 +1715,16 @@ class SecurityComponentTest extends TestCase
      */
     public function testAuthRequiredThrowsExceptionActionNotAllowed()
     {
-        $this->Security->config('requireAuth', ['protected']);
-        $this->Controller->request->params['controller'] = 'NotAllowed';
-        $this->Controller->request->params['action'] = 'protected';
-        $this->Controller->request->data = ['_Token' => 'not empty'];
-        $this->Controller->request->session()->write('_Token', [
-            'allowedActions' => ['index', 'view']
-        ]);
-        $this->Security->authRequired($this->Controller);
+        $this->deprecated(function () {
+            $this->Security->config('requireAuth', ['protected']);
+            $this->Controller->request->params['controller'] = 'NotAllowed';
+            $this->Controller->request->params['action'] = 'protected';
+            $this->Controller->request->data = ['_Token' => 'not empty'];
+            $this->Controller->request->session()->write('_Token', [
+                'allowedActions' => ['index', 'view']
+            ]);
+            $this->Security->authRequired($this->Controller);
+        });
     }
 
     /**
@@ -1720,14 +1737,16 @@ class SecurityComponentTest extends TestCase
      */
     public function testAuthRequired()
     {
-        $this->Security->config('requireAuth', ['protected']);
-        $this->Controller->request->params['controller'] = 'Allowed';
-        $this->Controller->request->params['action'] = 'protected';
-        $this->Controller->request->data = ['_Token' => 'not empty'];
-        $this->Controller->request->session()->write('_Token', [
-            'allowedActions' => ['protected'],
-            'allowedControllers' => ['Allowed'],
-        ]);
-        $this->assertTrue($this->Security->authRequired($this->Controller));
+        $this->deprecated(function () {
+            $this->Security->config('requireAuth', ['protected']);
+            $this->Controller->request->params['controller'] = 'Allowed';
+            $this->Controller->request->params['action'] = 'protected';
+            $this->Controller->request->data = ['_Token' => 'not empty'];
+            $this->Controller->request->session()->write('_Token', [
+                'allowedActions' => ['protected'],
+                'allowedControllers' => ['Allowed'],
+            ]);
+            $this->assertTrue($this->Security->authRequired($this->Controller));
+        });
     }
 }

tests/test_app/TestApp/Controller/PostsController.php

@@ -28,7 +28,9 @@ class PostsController extends AppController
      */
     public $components = [
         'Flash',
-        'RequestHandler',
+        'RequestHandler' => [
+            'enableBeforeRedirect' => false
+        ],
         'Security',
     ];
 

tests/test_app/TestApp/Controller/TestsAppsController.php

@@ -22,7 +22,11 @@ namespace TestApp\Controller;
 
 class TestsAppsController extends AppController
 {
-    public $components = ['RequestHandler'];
+    public $components = [
+        'RequestHandler' => [
+           'enableBeforeRedirect' => false
+        ]
+    ];
 
     public function index()
     {