From 1bfc576dcc5d8a9cb8e79c1f1eec7e993e6be42f Mon Sep 17 00:00:00 2001 From: Bill Heaton Date: Fri, 13 Sep 2019 22:13:23 -0700 Subject: [PATCH 1/2] #347 Only pass fields that are known to be in the User Model --- src/User/Controller/RegistrationController.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/User/Controller/RegistrationController.php b/src/User/Controller/RegistrationController.php index 452476e..82fcb11 100644 --- a/src/User/Controller/RegistrationController.php +++ b/src/User/Controller/RegistrationController.php @@ -102,9 +102,14 @@ class RegistrationController extends Controller if ($form->load(Yii::$app->request->post()) && $form->validate()) { $this->trigger(FormEvent::EVENT_BEFORE_REGISTER, $event); + /** @var User $user */ - $user = $this->make(User::class, [], $form->attributes); - $user->setScenario('register'); + $user = $this->make(User::class, [], + [ 'email' => $form->attributes['email'], + 'username' => $form->attributes['username'], + 'password' => $form->attributes['password'] + ]); $user->setScenario('register'); + $mailService = MailFactory::makeWelcomeMailerService($user); if ($this->make(UserRegisterService::class, [$user, $mailService])->run()) { From 2d71ff95f9facb5382a01bff7f7b7fbff0b191bc Mon Sep 17 00:00:00 2001 From: Bill Heaton Date: Fri, 20 Sep 2019 12:44:40 -0700 Subject: [PATCH 2/2] #345, #346, #347 ReCaptcha fixes --- CHANGELOG.md | 3 ++ .../how-to-use-recaptcha-widget.md | 54 ++++++++++++------- .../Controller/RegistrationController.php | 28 ++++++++-- 3 files changed, 61 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9739a7e..1a182f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,7 @@ # CHANGELOG + - Fix #347: Only pass fields known to User model in registrationControl->actionRegister() (BillHeaton) + - Fix #346: Update ReCaptcha guide to not use AJAX (BillHeaton) + - Fix #345: Update ReCaptcha guide to add scenarios() in recoveryForm (BillHeaton) - Fix #307: Fix French translation (arollmann) - Fix #316: Fix new response from Google OAuth Api (Julian-B90) - Fix #321: Fix new response from LinkedIn OAuth Api (tonydspaniard) diff --git a/docs/helpful-guides/how-to-use-recaptcha-widget.md b/docs/helpful-guides/how-to-use-recaptcha-widget.md index 4003d45..9565aec 100644 --- a/docs/helpful-guides/how-to-use-recaptcha-widget.md +++ b/docs/helpful-guides/how-to-use-recaptcha-widget.md @@ -30,34 +30,47 @@ Once you have the API site key you will also be displayed a secret key. You have Override the Form ----------------- -For the sake of the example, we are going to override the `Da\User\Form\RecoveryForm` class: +For the sake of the example, we are going to override the `Da\User\Form\RecoveryForm` class. Create a new file `RecoveryForm` +add it to @app/models/Forms/ and put the following in it: -```php -namespace app\forms; +``` + ['email', 'captcha'], + self::SCENARIO_RESET => ['password'], + ]; + } } ``` + Overriding the View ------------------- Create a new file and name it `request.php` and add it in `@app/views/user/recovery`. Add the captcha widget to it: -```php +``` params['breadcrumbs'][] = $this->title; $model->formName(), - 'enableAjaxValidation' => true, + 'enableAjaxValidation' => false, 'enableClientValidation' => false, ] ); ?> field($model, 'email')->textInput(['autofocus' => true]) ?> - field($model, 'captcha')->widget(ReCaptchaWidget::className(), ['theme' => 'dark']) ?> + field($model, 'captcha')->widget(ReCaptchaWidget::className(), ['theme' => 'light']) ?> 'btn btn-primary btn-block']) ?>
@@ -115,13 +128,8 @@ Finally, we have to configure the module and the application to ensure is using 'user' => [ 'class' => Da\User\Module::class, 'classMap' => [ - 'RecoveryForm' => 'app\forms\RecoveryForm' + 'RecoveryForm' => 'app\models\Forms\RecoveryForm' ], - 'controllerMap' => [ - 'recovery' => [ -                 'class' => '\app\controllers\RecoveryController' - ] - ] ] ], @@ -136,7 +144,15 @@ Finally, we have to configure the module and the application to ensure is using ] ] ] - ``` +Notes For Other Forms +--------------------- + +The outward facing forms (i.e. forms that you don't need to login to use) also include `registrationForm`, `resendForm`. + +- All three forms need `'enableAjaxValidation' => false` in the view override. +- `registrationForm` & `resendForm` do not need `scenarios()` in the form override. +- `registrationForm` needs fix #347 to work. + © [2amigos](http://www.2amigos.us/) 2013-2019 diff --git a/src/User/Controller/RegistrationController.php b/src/User/Controller/RegistrationController.php index 82fcb11..bad49ab 100644 --- a/src/User/Controller/RegistrationController.php +++ b/src/User/Controller/RegistrationController.php @@ -88,6 +88,9 @@ class RegistrationController extends Controller ]; } + /** + * {@inheritdoc} + */ public function actionRegister() { if (!$this->module->enableRegistration) { @@ -104,12 +107,18 @@ class RegistrationController extends Controller $this->trigger(FormEvent::EVENT_BEFORE_REGISTER, $event); /** @var User $user */ - $user = $this->make(User::class, [], - [ 'email' => $form->attributes['email'], - 'username' => $form->attributes['username'], - 'password' => $form->attributes['password'] - ]); $user->setScenario('register'); + // Create a temporay $user so we can get the attributes, then get + // the intersection between the $form fields and the $user fields. + $user = $this->make(User::class, [] ); + $fields = array_intersect_key($form->attributes, $user->attributes); + + // Becomes password_hash + $fields['password'] = $form['password']; + + $user = $this->make(User::class, [], $fields ); + + $user->setScenario('register'); $mailService = MailFactory::makeWelcomeMailerService($user); if ($this->make(UserRegisterService::class, [$user, $mailService])->run()) { @@ -138,6 +147,9 @@ class RegistrationController extends Controller return $this->render('register', ['model' => $form, 'module' => $this->module]); } + /** + * {@inheritdoc} + */ public function actionConnect($code) { /** @var SocialNetworkAccount $account */ @@ -179,6 +191,9 @@ class RegistrationController extends Controller ); } + /** + * {@inheritdoc} + */ public function actionConfirm($id, $code) { /** @var User $user */ @@ -215,6 +230,9 @@ class RegistrationController extends Controller ); } + /** + * {@inheritdoc} + */ public function actionResend() { if ($this->module->enableEmailConfirmation === false) {