allowUnauthenticated() for all actions

cakephp / authentication

Authentication plugin for CakePHP. Can also be used in PSR7 based applications.

MIT License

115 stars 101 forks source link

allowUnauthenticated() for all actions #645

Open dereuromark opened 8 months ago

dereuromark commented 8 months ago

Refs https://github.com/cakephp/authentication/issues/361

It would be nice to have a less hacky way of

$this->Authentication->allowUnauthenticated([$this->request->getParam('action')]);

I can understand that not using any argument does not feel "safe" by default. As such, maybe the proposed '*' string could be very clear on this. Or we provide an own speaking method for it?

$this->Authentication->allowUnauthenticatedAll()

All()/Any() etc

LordSimal commented 8 months ago

This can be achieved by just setting the requireIdentity to false https://book.cakephp.org/authentication/2/en/authentication-component.html#configure-automatic-identity-checks

dereuromark commented 8 months ago

An option for specific controllers? As this is only to be applied for very specific controllers that know all their actions are to be public.

github-actions[bot] commented 4 months ago

This issue is stale because it has been open for 120 days with no activity. Remove the stale label or comment or this will be closed in 15 days