Merge pull request #708 from cakephp/allow-unauthenticated-All

markstory · web-flow · commit 88da164f0bd6 · 2025-04-20T10:43:48.000-04:00
Allow unauthenticated all
diff --git a/docs/en/authentication-component.rst b/docs/en/authentication-component.rst
@@ -103,4 +103,6 @@ applied during the ``Controller.initialize`` event instead::
     ]);
 
 You can also disable identity checks entirely with the ``requireIdentity``
-option.
+option or by calling ``disableIdentityCheck`` from the controller's ``beforeFilter()`` method itself::
+
+    $this->Authentication->disableIdentityCheck();
diff --git a/src/Controller/Component/AuthenticationComponent.php b/src/Controller/Component/AuthenticationComponent.php
@@ -190,6 +190,17 @@ protected function doIdentityCheck(): void
         }
     }
 
+    /**
+     * Disables the identity check for this controller and as all its actions.
+     * They then don't require an authentication identity to be present.
+     *
+     * @return void
+     */
+    public function disableIdentityCheck(): void
+    {
+        $this->setConfig('requireIdentity', false);
+    }
+
     /**
      * Set the list of actions that don't require an authentication identity to be present.
      *
diff --git a/tests/TestCase/Controller/Component/AuthenticationComponentTest.php b/tests/TestCase/Controller/Component/AuthenticationComponentTest.php
@@ -490,7 +490,7 @@ public function testUnauthenticatedActionsNoActionsFails()
     }
 
     /**
-     * test disabling requireidentity via settings
+     * test disabling requireIdentity via settings
      *
      * @return void
      */
@@ -511,6 +511,27 @@ public function testUnauthenticatedActionsDisabledOptions()
         $this->assertTrue(true, 'No exception should be raised as require identity is off.');
     }
 
+    /**
+     * test disabling requireIdentity via convenience method
+     *
+     * @return void
+     */
+    public function testUnauthenticatedActionsDisabledOptionsCall()
+    {
+        $request = $this->request
+            ->withParam('action', 'view')
+            ->withAttribute('authentication', $this->service);
+
+        $controller = new Controller($request);
+        $controller->loadComponent('Authentication.Authentication');
+        $controller->Authentication->disableIdentityCheck();
+
+        // Mismatched actions would normally cause an error.
+        $controller->Authentication->allowUnauthenticated(['index', 'add']);
+        $controller->startupProcess();
+        $this->assertTrue(true, 'No exception should be raised as require identity is off.');
+    }
+
     /**
      * Test that the identity check can be run from callback for Controller.initialize
      *

Original file line number	Diff line number	Diff line change
`@@ -190,6 +190,17 @@ protected function doIdentityCheck(): void`
`190`	`190`	`}`
`191`	`191`	`}`
`192`	`192`
	`193`	`+ /**`
	`194`	`+ * Disables the identity check for this controller and as all its actions.`
	`195`	`+ * They then don't require an authentication identity to be present.`
	`196`	`+ *`
	`197`	`+ * @return void`
	`198`	`+ */`
	`199`	`+ public function disableIdentityCheck(): void`
	`200`	`+ {`
	`201`	`+ $this->setConfig('requireIdentity', false);`
	`202`	`+ }`
	`203`	`+`
`193`	`204`	`/**`
`194`	`205`	`* Set the list of actions that don't require an authentication identity to be present.`
`195`	`206`	`*`