Feature/remove deprecate u2f

CHANGELOG.md

@@ -1,5 +1,14 @@
 Changelog
 =========
+Releases for CakePHP 5
+-------------
+* 12.0
+    * Migrated to web-auth/webauthn-lib:^4.4
+    * Migrated to robthree/twofactorauth:^2.0
+    * Removed deprecated U2F
+    * Migrated old UserShell into command classes
+    * Added documentation about commands
+
 Releases for CakePHP 4.3
 -------------
 
@@ -35,7 +44,7 @@ Releases for CakePHP 4
   * Ukrainian (uk) by @yarkm13
   * Docs improvements
   * Fix DebugKit permissions issues
-  
+
 * 9.0.2
   * Added a custom Unauthorized Handler
     * If logged user access unauthorized url he is redirected to referer url or '/' if no referer url

Docs/Documentation/Extending-the-Plugin.md

@@ -136,7 +136,13 @@ class MyUsersController extends AppController
         if ($this->components()->has('Security')) {
             $this->Security->setConfig(
                 'unlockedActions',
-                ['login', 'u2fRegister', 'u2fRegisterFinish', 'u2fAuthenticate', 'u2fAuthenticateFinish']
+                [
+                    'login',
+                    'webauthn2faRegister',
+                    'webauthn2faRegisterOptions',
+                    'webauthn2faAuthenticate',
+                    'webauthn2faAuthenticateOptions',
+                ]
             );
         }
     }

Docs/Documentation/Migration/11.x-12.0.md

@@ -13,11 +13,12 @@ Requirements
 Overview
 --------
 - Removed the deprecated config key `'Auth.authenticate.all.contain'` you should use `'Auth.Profile.contain'` instead.
+- Removed deprecated U2F code. U2F is no longer supported by chrome, we suggest using Webauthn as a replacement.
 - UsersShell logic was migrated into commands classes.
 - Security component was removed from CakePHP core, the usages in the plugin
 were updated with FormProtection component, for more information about the component,
 go to https://book.cakephp.org/5/en/controllers/components/form-protection.html
--
+
 Webauthn Two-Factor Authentication
 ----------------------------------
 It's required the version 4.4 of web-auth/webauthn-lib to use webauthn

Docs/Home.md

@@ -19,8 +19,7 @@ Documentation
 * [Intercept Login Action](Documentation/InterceptLoginAction.md)
 * [Social Authentication](Documentation/SocialAuthentication.md)
 * [Google Authenticator](Documentation/Two-Factor-Authenticator.md)
-* [Webauthn Two-Factor Authentication](Documentation/WebauthnTwoFactorAuthenticator.md)
-* [Yubico U2F](Documentation/Yubico-U2F.md)
+* [Webauthn Two-Factor Authentication (Yubico Key compatible)](Documentation/WebauthnTwoFactorAuthenticator.md)
 * [UserHelper](Documentation/UserHelper.md)
 * [AuthLinkHelper](Documentation/AuthLinkHelper.md)
 * [Events](Documentation/Events.md)
@@ -101,7 +100,6 @@ I want to
   * [social login](./Documentation/SocialAuthentication.md#setup)
   * [OTP Two-factor authenticator](./Documentation/Two-Factor-Authenticator.md)
   * [Webauthn Two-Factor Authentication](Documentation/WebauthnTwoFactorAuthenticator.md)
-  * [Yubico Key U2F Two-factor authenticator](./Documentation/Yubico-U2F.md)
   * <details>
       <summary>Authentication component</summary>
 

README.md

@@ -32,9 +32,8 @@ The  **Users** plugin covers the following features:
 * Remember me (Cookie) via https://github.com/CakeDC/auth
 * Manage user's profile
 * Admin management
-* Yubico U2F for Two-Factor Authentication
 * One-Time Password for Two-Factor Authentication
-* Webauthn for Two-Factor Authentication
+* Webauthn for Two-Factor Authentication (Yubico Key compatible)
 
 The plugin is here to provide users related features following 2 approaches:
 

composer.json

@@ -44,7 +44,6 @@
         "luchianenco/oauth2-amazon": "^1.1",
         "google/recaptcha": "@stable",
         "robthree/twofactorauth": "^2.0",
-        "yubico/u2flib-server": "^1.0",
         "league/oauth1-client": "^1.7",
         "cakephp/cakephp-codesniffer": "^5.0",
         "web-auth/webauthn-lib": "^4.4",

config/permissions.php

@@ -73,12 +73,7 @@
                 // UserValidationTrait used in PasswordManagementTrait
                 'resendTokenValidation',
                 'linkSocial',
-                //U2F actions
-                'u2f',
-                'u2fRegister',
-                'u2fRegisterFinish',
-                'u2fAuthenticate',
-                'u2fAuthenticateFinish',
+                //Webauthn2fa actions
                 'webauthn2fa',
                 'webauthn2faRegister',
                 'webauthn2faRegisterOptions',

config/users.php

@@ -136,10 +136,6 @@
         // Random Number Generator provider (more on this later)
         'rngprovider' => null,
     ],
-    'U2f' => [
-        'enabled' => false,
-        'checker' => \CakeDC\Auth\Authentication\DefaultU2fAuthenticationChecker::class,
-    ],
     'Webauthn2fa' => [
         'enabled' => false,
         'appName' => null,//App must set a valid name here

phpstan-baseline.neon

@@ -20,11 +20,6 @@ parameters:
 			count: 3
 			path: src/Controller/UsersController.php
 
-		-
-			message: "#^Access to an undefined property Cake\\\\Datasource\\\\EntityInterface\\:\\:\\$u2f_registration\\.$#"
-			count: 1
-			path: src/Controller/UsersController.php
-
 		-
 			message: "#^Call to an undefined method Cake\\\\Controller\\\\Component\\:\\:handleLogin\\(\\)\\.$#"
 			count: 3