Log message #4033457

# At Username Text
# May 29th 2017, 15:05 hmic spritz: that's not boilerplate. thats what *any crud mapped action* needs to do! call Crud->execute()!
# May 29th 2017, 15:05 hmic still, you are correct with your suggested pr, following the (not so) recent changes in the cakephp request cycle regarding the authcomponent
# May 29th 2017, 15:04 spriz okay @hmic :slightly_smiling_face: that's fair enough - we'll just add this boilerplate all over :)
# May 29th 2017, 15:04 hmic if it does not - thats a problem on it's own!
# May 29th 2017, 15:03 hmic *any* crud mapped action is to call Crud->execute()!
# May 29th 2017, 15:03 admad cya'll
# May 29th 2017, 15:03 hmic spritz: i don't consider this a problem
# May 29th 2017, 15:02 admad i avoid commenting when i can't really help, unless it's my personal repo
# May 29th 2017, 15:01 spriz just wanted to hear if it was "do'h, don't want to answer that" or "Don't have time for assisting with the test" :muscle:
# May 29th 2017, 15:01 spriz @admad aye, it's https://github.com/FriendsOfCake/crud/pull/534 :slightly_smiling_face: And fair enough :muscle:
# May 29th 2017, 15:00 admad @spriz I presume the "serious" one you are referring to is #534. I at least don't have time right now to help you with test case.
# May 29th 2017, 15:00 hmic i dont quite care. the only one that matters to me is the jwt alg fix, as its really bad thing if you are talking jwt to 3rd party services and they can compomise your data that easily...
# May 29th 2017, 14:58 admad hmic: any other PRs of yours i have missed? :slightly_smiling_face:
# May 29th 2017, 14:57 admad "allowedAlgs" was a silly choice of key name, but meh :P
# May 29th 2017, 14:56 hmic :d
# May 29th 2017, 14:56 admad i'll take care of it later today
# May 29th 2017, 14:56 hmic jap!
# May 29th 2017, 14:56 admad gotcha, avoiding merging of algos is better in any case
# May 29th 2017, 14:56 hmic and can be used to sign a hs256, as your default config adds that method in any case!
# May 29th 2017, 14:56 admad ah
# May 29th 2017, 14:55 hmic but when using rs256 the key is public
# May 29th 2017, 14:55 admad "..create a good signature with just the public key" well the key used for HS265 isn't public key. You are supposed to keep it protected.
# May 29th 2017, 14:55 admad guess i am getting old then
# May 29th 2017, 14:55 hmic both are just 1 liners, should be a minutes work
# May 29th 2017, 14:54 hmic we have talked about it here 4 weeks ago :/ you even left a comment on gh...
# May 29th 2017, 14:54 HenriqueMachado Somebody has an example of a follow system (like twitter) working on cake 3.4?
# May 29th 2017, 14:54 admad hmic: i must have missed notifications for that (or GH gobbled up notification), will check it soon
# May 29th 2017, 14:51 hmic the wrong bearer verification that does not allow basic auth to be used in conjunction with jwt is not that serve and you have provided a workaround in the issue already - while not fixing the cause back then :d
# May 29th 2017, 14:50 hmic admad: i'm talking at least this one: https://github.com/ADmad/cakephp-jwt-auth/pull/54
# May 29th 2017, 14:49 spriz but what I wanted was to ask if I misunderstood something :slightly_smiling_face:
# May 29th 2017, 14:49 spriz @admad you commented at one of the, the other one I consider rather serious compared to :)
# May 29th 2017, 14:49 hmic one is a really bad security issue!
# May 29th 2017, 14:48 admad you have made PRs? :P
# May 29th 2017, 14:48 hmic have been 4 weeks in china, still they are open :p
# May 29th 2017, 14:48 hmic why don't you pick up on my PRs?
# May 29th 2017, 14:48 hmic admad: speaking of which...
# May 29th 2017, 14:45 admad if you pushed new updates within previous 24hrs be patient
# May 29th 2017, 14:45 admad @spriz i already responded to your PRs
# May 29th 2017, 14:27 spriz ,:) *
# May 29th 2017, 14:27 spriz @hmic just keen to get feedback on a PR ,:(
# May 29th 2017, 14:26 hmic i'm not. but whats wrong spriz?