| # |
May 29th 2017, 15:07 |
 spriz |
It doesn't do anything and serve(d) no purpose prior to 3.3 (including in 2.x) |
| # |
May 29th 2017, 15:06 |
spriz |
at least line 33 -> 56 |
| # |
May 29th 2017, 15:06 |
spriz |
I'd call this boilerplate: https://gist.github.com/Spriz/30cd4559f5671e5b20d4706a550320d8 :P |
| # |
May 29th 2017, 15:06 |
hmic |
probably thats why nobody hit the issue before, since 3.3 is out for quite some time already... |
| # |
May 29th 2017, 15:05 |
hmic |
spritz: that's not boilerplate. thats what *any crud mapped action* needs to do! call Crud->execute()! |
| # |
May 29th 2017, 15:05 |
hmic |
still, you are correct with your suggested pr, following the (not so) recent changes in the cakephp request cycle regarding the authcomponent |
| # |
May 29th 2017, 15:04 |
spriz |
okay @hmic :slightly_smiling_face: that's fair enough - we'll just add this boilerplate all over :) |
| # |
May 29th 2017, 15:04 |
hmic |
if it does not - thats a problem on it's own! |
| # |
May 29th 2017, 15:03 |
hmic |
*any* crud mapped action is to call Crud->execute()! |
| # |
May 29th 2017, 15:03 |
admad |
cya'll |
| # |
May 29th 2017, 15:03 |
hmic |
spritz: i don't consider this a problem |
| # |
May 29th 2017, 15:02 |
admad |
i avoid commenting when i can't really help, unless it's my personal repo |
| # |
May 29th 2017, 15:01 |
spriz |
just wanted to hear if it was "do'h, don't want to answer that" or "Don't have time for assisting with the test" :muscle: |
| # |
May 29th 2017, 15:01 |
spriz |
@admad aye, it's https://github.com/FriendsOfCake/crud/pull/534 :slightly_smiling_face: And fair enough :muscle: |
| # |
May 29th 2017, 15:00 |
admad |
@spriz I presume the "serious" one you are referring to is #534. I at least don't have time right now to help you with test case. |
| # |
May 29th 2017, 15:00 |
hmic |
i dont quite care. the only one that matters to me is the jwt alg fix, as its really bad thing if you are talking jwt to 3rd party services and they can compomise your data that easily... |
| # |
May 29th 2017, 14:58 |
admad |
hmic: any other PRs of yours i have missed? :slightly_smiling_face: |
| # |
May 29th 2017, 14:57 |
admad |
"allowedAlgs" was a silly choice of key name, but meh :P |
| # |
May 29th 2017, 14:56 |
hmic |
:d |
| # |
May 29th 2017, 14:56 |
admad |
i'll take care of it later today |
| # |
May 29th 2017, 14:56 |
hmic |
jap! |
| # |
May 29th 2017, 14:56 |
admad |
gotcha, avoiding merging of algos is better in any case |
| # |
May 29th 2017, 14:56 |
hmic |
and can be used to sign a hs256, as your default config adds that method in any case! |
| # |
May 29th 2017, 14:56 |
admad |
ah |
| # |
May 29th 2017, 14:55 |
hmic |
but when using rs256 the key is public |
| # |
May 29th 2017, 14:55 |
admad |
"..create a good signature with just the public key" well the key used for HS265 isn't public key. You are supposed to keep it protected. |
| # |
May 29th 2017, 14:55 |
admad |
guess i am getting old then |
| # |
May 29th 2017, 14:55 |
hmic |
both are just 1 liners, should be a minutes work |
| # |
May 29th 2017, 14:54 |
hmic |
we have talked about it here 4 weeks ago :/ you even left a comment on gh... |
| # |
May 29th 2017, 14:54 |
HenriqueMachado |
Somebody has an example of a follow system (like twitter) working on cake 3.4? |
| # |
May 29th 2017, 14:54 |
admad |
hmic: i must have missed notifications for that (or GH gobbled up notification), will check it soon |
| # |
May 29th 2017, 14:51 |
hmic |
the wrong bearer verification that does not allow basic auth to be used in conjunction with jwt is not that serve and you have provided a workaround in the issue already - while not fixing the cause back then :d |
| # |
May 29th 2017, 14:50 |
hmic |
admad: i'm talking at least this one: https://github.com/ADmad/cakephp-jwt-auth/pull/54 |
| # |
May 29th 2017, 14:49 |
spriz |
but what I wanted was to ask if I misunderstood something :slightly_smiling_face: |
| # |
May 29th 2017, 14:49 |
spriz |
@admad you commented at one of the, the other one I consider rather serious compared to :) |
| # |
May 29th 2017, 14:49 |
hmic |
one is a really bad security issue! |
| # |
May 29th 2017, 14:48 |
admad |
you have made PRs? :P |
| # |
May 29th 2017, 14:48 |
hmic |
have been 4 weeks in china, still they are open :p |
| # |
May 29th 2017, 14:48 |
hmic |
why don't you pick up on my PRs? |
| # |
May 29th 2017, 14:48 |
hmic |
admad: speaking of which... |
| # |
May 29th 2017, 14:45 |
admad |
if you pushed new updates within previous 24hrs be patient |