CakePHP: the rapid development php framework: CakeBot

Log message #4033450

#	At	Username	Text
#	May 29th 2017, 15:02	admad	i avoid commenting when i can't really help, unless it's my personal repo
#	May 29th 2017, 15:01	spriz	just wanted to hear if it was "do'h, don't want to answer that" or "Don't have time for assisting with the test" :muscle:
#	May 29th 2017, 15:01	spriz	@admad aye, it's https://github.com/FriendsOfCake/crud/pull/534 :slightly_smiling_face: And fair enough :muscle:
#	May 29th 2017, 15:00	admad	@spriz I presume the "serious" one you are referring to is #534. I at least don't have time right now to help you with test case.
#	May 29th 2017, 15:00	hmic	i dont quite care. the only one that matters to me is the jwt alg fix, as its really bad thing if you are talking jwt to 3rd party services and they can compomise your data that easily...
#	May 29th 2017, 14:58	admad	hmic: any other PRs of yours i have missed? :slightly_smiling_face:
#	May 29th 2017, 14:57	admad	"allowedAlgs" was a silly choice of key name, but meh :P
#	May 29th 2017, 14:56	hmic	:d
#	May 29th 2017, 14:56	admad	i'll take care of it later today
#	May 29th 2017, 14:56	hmic	jap!
#	May 29th 2017, 14:56	admad	gotcha, avoiding merging of algos is better in any case
#	May 29th 2017, 14:56	hmic	and can be used to sign a hs256, as your default config adds that method in any case!
#	May 29th 2017, 14:56	admad	ah
#	May 29th 2017, 14:55	hmic	but when using rs256 the key is public
#	May 29th 2017, 14:55	admad	"..create a good signature with just the public key" well the key used for HS265 isn't public key. You are supposed to keep it protected.
#	May 29th 2017, 14:55	admad	guess i am getting old then
#	May 29th 2017, 14:55	hmic	both are just 1 liners, should be a minutes work
#	May 29th 2017, 14:54	hmic	we have talked about it here 4 weeks ago :/ you even left a comment on gh...
#	May 29th 2017, 14:54	HenriqueMachado	Somebody has an example of a follow system (like twitter) working on cake 3.4?
#	May 29th 2017, 14:54	admad	hmic: i must have missed notifications for that (or GH gobbled up notification), will check it soon
#	May 29th 2017, 14:51	hmic	the wrong bearer verification that does not allow basic auth to be used in conjunction with jwt is not that serve and you have provided a workaround in the issue already - while not fixing the cause back then :d
#	May 29th 2017, 14:50	hmic	admad: i'm talking at least this one: https://github.com/ADmad/cakephp-jwt-auth/pull/54
#	May 29th 2017, 14:49	spriz	but what I wanted was to ask if I misunderstood something :slightly_smiling_face:
#	May 29th 2017, 14:49	spriz	@admad you commented at one of the, the other one I consider rather serious compared to :)
#	May 29th 2017, 14:49	hmic	one is a really bad security issue!
#	May 29th 2017, 14:48	admad	you have made PRs? :P
#	May 29th 2017, 14:48	hmic	have been 4 weeks in china, still they are open :p
#	May 29th 2017, 14:48	hmic	why don't you pick up on my PRs?
#	May 29th 2017, 14:48	hmic	admad: speaking of which...
#	May 29th 2017, 14:45	admad	if you pushed new updates within previous 24hrs be patient
#	May 29th 2017, 14:45	admad	@spriz i already responded to your PRs
#	May 29th 2017, 14:27	spriz	,:) *
#	May 29th 2017, 14:27	spriz	@hmic just keen to get feedback on a PR ,:(
#	May 29th 2017, 14:26	hmic	i'm not. but whats wrong spriz?
#	May 29th 2017, 14:13	spriz	Thanks @cleptric :raised_hands:
#	May 29th 2017, 14:13	cleptric	@spriz -> friendsofcake
#	May 29th 2017, 14:12	spriz	Any FoC/Crud maintainers around? :tada:
#	May 29th 2017, 13:43	npm.i.sniggsnack	+i'm
#	May 29th 2017, 13:41	npm.i.sniggsnack	@redvelvet thank you trying to fix this up
#	May 29th 2017, 13:27	TVSET	I'm an idiot ... there is no need to flatten the data ... :)
#	May 29th 2017, 13:23	HenriqueMachado	and this is the "follow" function: https://pastebin.com/6fWYwFiR