With CakePHP 4.0 and CakeDc\Auth 6.0, I tried to setup a RBAC-based permissions app using middleware implementation (instead of Components).
Everything works okay, besides actions which should be accessible without authentication (like /login, /logout, /recover).
Following Authentication docs, I included that actions in my UsersController::beforeFilter, but I get exception from: ROOT/vendor/cakephp/authorization/src/Middleware/RequestAuthorizationMiddleware.php
$identity = $request->getAttribute($this->getConfig('identityAttribute'));
$result = $service->canResult($identity, $this->getConfig('method'), $request);
if (!$result->getStatus()) {
throw new ForbiddenException($result); <---- That line
}
return $handler->handle($request);
}
My Application.php basic setup is here: https://gist.github.com/CauanCabral/27bdb295f7854116e875e4b0c4471289
What I'm missing?