Bump cakephp/authentication from 3.3.4 to 4.0.0

[dependabot]

Bumps cakephp/authentication from 3.3.4 to 4.0.0.

Release notes

Sourced from cakephp/authentication's releases.

CakePHP Authentication 4.0.0

Breaking Changes

• Identifier configuration format changed - Moved from nested array to flatter structure:

  // Before
  'identifier' => ['Authentication.Token' => ['tokenField' => 'id', ...]]
  // After
  'identifier' => ['className' => 'Authentication.Token', 'tokenField' => 'id', ...]

• Class renames:

  • CakeRouterUrlChecker → DefaultUrlChecker
  • DefaultUrlChecker (framework-agnostic) → GenericUrlChecker

• SessionAuthenticator identify option removed - This deprecated option has been removed. Use PrimaryKeySessionAuthenticator if you need session-based authentication without password re-verification.

• Identifier parameter now optional in AbstractAuthenticator constructor

• Removed deprecated code including loadIdentifier() method

• Updated dependency: firebase/php-jwt now requires ^7.0

Improvements

• Lazy identifier initialization via getIdentifier() method
• Cleaner authenticator/identifier relationship
• Redirect validation feature (backported from 3.x)
• Plugin now properly declares cakephp/cakephp as dependency
• Identity::get() now supports dot-separated field names for nested data access
• New IdentityHelper::getIdentity() method for easier identity access in templates
• PrimaryKeySessionAuthenticator now has a default TokenIdentifier configured

Migration

Rector rules available at cakephp/upgrade#370 for automated migration assistance.

Full Changelog: cakephp/authentication@3.3.5...4.0.0

CakePHP Authentication 3.3.5

Deprecations

• SessionAuthenticator identify option deprecated - This option was ineffective for detecting password changes or remotely invalidating sessions. Use PrimaryKeySessionAuthenticator instead if you need to fetch fresh user data from the database on each request. (#763)

Fixes

• Fixed PHP deprecation errors (#759)
• Improved deprecation notice wording for authenticators without identifiers

... (truncated)

Commits

• 8faadab Make identifier parameter optional in AbstractAuthenticator
• a3f120a Clean up dormant code after identify option removal
• 18afbf8 Remove deprecated identify option from SessionAuthenticator
• e5f710c Merge branch '3.x' into 4.x
• e559c80 Merge pull request #767 from cakephp/identity-helper
• 95215e4 Merge pull request #766 from cakephp/identity-get
• 9a12edc Merge pull request #763 from cakephp/fix/deprecate-session-identify
• 79c784a Merge pull request #768 from cakephp/copilot/sub-pr-767
• c52efc2 Add test for getIdentity() returning null without identity
• cbc12d3 Initial plan
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #174.