From 230dbd34e2e7dd37eb987436302a75f85f8a35dd Mon Sep 17 00:00:00 2001
From: mscherer <dereuromark@web.de>
Date: Thu, 24 Apr 2025 19:00:23 +0200
Subject: [PATCH] Alert about wrong configuration.

---
 src/Authenticator/CookieAuthenticator.php     |  7 ++++-
 .../Authenticator/CookieAuthenticatorTest.php | 31 +++++++++++++++++++
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/src/Authenticator/CookieAuthenticator.php b/src/Authenticator/CookieAuthenticator.php
index bc6a4ef3..6c16053f 100644
--- a/src/Authenticator/CookieAuthenticator.php
+++ b/src/Authenticator/CookieAuthenticator.php
@@ -134,9 +134,14 @@ protected function _createPlainToken(ArrayAccess|array $identity): string
         $usernameField = $this->getConfig('fields.username');
         $passwordField = $this->getConfig('fields.password');
 
-        $salt = $this->getConfig('salt', '');
+        if ($identity[$usernameField] === null || $identity[$passwordField] === null) {
+            throw new InvalidArgumentException(
+                sprintf('Fields %s cannot be found in entity', '`' . $usernameField . '`/`' . $passwordField . '`'),
+            );
+        }
 
         $value = $identity[$usernameField] . $identity[$passwordField];
+        $salt = $this->getConfig('salt', '');
 
         if ($salt === false) {
             return $value;
diff --git a/tests/TestCase/Authenticator/CookieAuthenticatorTest.php b/tests/TestCase/Authenticator/CookieAuthenticatorTest.php
index b69f721d..a6e468e8 100644
--- a/tests/TestCase/Authenticator/CookieAuthenticatorTest.php
+++ b/tests/TestCase/Authenticator/CookieAuthenticatorTest.php
@@ -382,6 +382,37 @@ public function testPersistIdentityLoginUrlMismatch()
         );
     }
 
+    /**
+     * @return void
+     */
+    public function testPersistIdentityInvalidConfig()
+    {
+        $identifiers = new IdentifierCollection([
+            'Authentication.Password',
+        ]);
+
+        $request = ServerRequestFactory::fromGlobals(
+            ['REQUEST_URI' => '/users/login'],
+        );
+        $request = $request->withParsedBody([
+            'remember_me' => 1,
+        ]);
+        $response = new Response();
+
+        $authenticator = new CookieAuthenticator($identifiers, [
+            'loginUrl' => '/users/login',
+        ]);
+
+        $identity = new ArrayObject([
+            'username' => null,
+            'password' => '$2a$10$u05j8FjsvLBNdfhBhc21LOuVMpzpabVXQ9OpC2wO3pSO0q6t7HHMO',
+        ]);
+
+        $this->expectException(InvalidArgumentException::class);
+
+        $authenticator->persistIdentity($request, $response, $identity);
+    }
+
     /**
      * testClearIdentity
      *