Log message #4033447

# At Username Text
# May 29th 2017, 15:00 admad @spriz I presume the "serious" one you are referring to is #534. I at least don't have time right now to help you with test case.
# May 29th 2017, 15:00 hmic i dont quite care. the only one that matters to me is the jwt alg fix, as its really bad thing if you are talking jwt to 3rd party services and they can compomise your data that easily...
# May 29th 2017, 14:58 admad hmic: any other PRs of yours i have missed? :slightly_smiling_face:
# May 29th 2017, 14:57 admad "allowedAlgs" was a silly choice of key name, but meh :P
# May 29th 2017, 14:56 hmic :d
# May 29th 2017, 14:56 admad i'll take care of it later today
# May 29th 2017, 14:56 hmic jap!
# May 29th 2017, 14:56 admad gotcha, avoiding merging of algos is better in any case
# May 29th 2017, 14:56 hmic and can be used to sign a hs256, as your default config adds that method in any case!
# May 29th 2017, 14:56 admad ah
# May 29th 2017, 14:55 hmic but when using rs256 the key is public
# May 29th 2017, 14:55 admad "..create a good signature with just the public key" well the key used for HS265 isn't public key. You are supposed to keep it protected.
# May 29th 2017, 14:55 admad guess i am getting old then
# May 29th 2017, 14:55 hmic both are just 1 liners, should be a minutes work
# May 29th 2017, 14:54 hmic we have talked about it here 4 weeks ago :/ you even left a comment on gh...
# May 29th 2017, 14:54 HenriqueMachado Somebody has an example of a follow system (like twitter) working on cake 3.4?
# May 29th 2017, 14:54 admad hmic: i must have missed notifications for that (or GH gobbled up notification), will check it soon
# May 29th 2017, 14:51 hmic the wrong bearer verification that does not allow basic auth to be used in conjunction with jwt is not that serve and you have provided a workaround in the issue already - while not fixing the cause back then :d
# May 29th 2017, 14:50 hmic admad: i'm talking at least this one: https://github.com/ADmad/cakephp-jwt-auth/pull/54
# May 29th 2017, 14:49 spriz but what I wanted was to ask if I misunderstood something :slightly_smiling_face:
# May 29th 2017, 14:49 spriz @admad you commented at one of the, the other one I consider rather serious compared to :)
# May 29th 2017, 14:49 hmic one is a really bad security issue!
# May 29th 2017, 14:48 admad you have made PRs? :P
# May 29th 2017, 14:48 hmic have been 4 weeks in china, still they are open :p
# May 29th 2017, 14:48 hmic why don't you pick up on my PRs?
# May 29th 2017, 14:48 hmic admad: speaking of which...
# May 29th 2017, 14:45 admad if you pushed new updates within previous 24hrs be patient
# May 29th 2017, 14:45 admad @spriz i already responded to your PRs
# May 29th 2017, 14:27 spriz ,:) *
# May 29th 2017, 14:27 spriz @hmic just keen to get feedback on a PR ,:(
# May 29th 2017, 14:26 hmic i'm not. but whats wrong spriz?
# May 29th 2017, 14:13 spriz Thanks @cleptric :raised_hands:
# May 29th 2017, 14:13 cleptric @spriz -> friendsofcake
# May 29th 2017, 14:12 spriz Any FoC/Crud maintainers around? :tada:
# May 29th 2017, 13:43 npm.i.sniggsnack +i'm
# May 29th 2017, 13:41 npm.i.sniggsnack @redvelvet thank you trying to fix this up
# May 29th 2017, 13:27 TVSET I'm an idiot ... there is no need to flatten the data ... :)
# May 29th 2017, 13:23 HenriqueMachado and this is the "follow" function: https://pastebin.com/6fWYwFiR
# May 29th 2017, 13:22 bernat npm, I'd try to put it in the model via custom finders or some filtering method, and called from the controller. Nothing in the view.
# May 29th 2017, 13:11 npm.i.sniggsnack if you guys would have a view with a list - but specific users should see specific things in that list - where would you filter the data? controller or view ? atm i'd go for the controller and give the filtered data to the view to have a minimum of "logic" in my view.. is that right?
# May 29th 2017, 13:08 chris-andre @hmic When I do update, Sessions.data is still the same. It did not change