Merge pull request #351 from BillHeaton/ReCaptcha-Updates

#347 Only pass fields that are known to be in the User Model

CHANGELOG.md

@@ -1,4 +1,7 @@
 # CHANGELOG
+ - Fix #347: Only pass fields known to User model in registrationControl->actionRegister() (BillHeaton)
+ - Fix #346: Update ReCaptcha guide to not use AJAX  (BillHeaton)
+ - Fix #345: Update ReCaptcha guide to add scenarios() in recoveryForm  (BillHeaton)
  - Fix #307: Fix French translation (arollmann)
  - Fix #316: Fix new response from Google OAuth Api (Julian-B90)
  - Fix #321: Fix new response from LinkedIn OAuth Api (tonydspaniard) 

docs/helpful-guides/how-to-use-recaptcha-widget.md

@@ -30,12 +30,16 @@ Once you have the API site key you will also be displayed a secret key. You have
 Override the Form 
 -----------------
 
-For the sake of the example, we are going to override the `Da\User\Form\RecoveryForm` class: 
+For the sake of the example, we are going to override the `Da\User\Form\RecoveryForm` class. Create a new file `RecoveryForm`
+add it to @app/models/Forms/ and put the following in it:
 
-```php 
-namespace app\forms;
+```
+<?php 
+namespace app\models\Forms;
 
-class RecoveryForm extends Da\User\Form\RecoveryForm {
+use Da\User\Form\RecoveryForm as BaseForm;
+
+class RecoveryForm extends BaseForm {
 
     public $captcha;
 
@@ -48,16 +52,25 @@ class RecoveryForm extends Da\User\Form\RecoveryForm {
 
         return $rules;
     }
+    
+    public function scenarios()
+    {
+        return [
+            self::SCENARIO_REQUEST => ['email', 'captcha'],
+            self::SCENARIO_RESET => ['password'],
+        ];
+    }
 }
 
 ```
 
+
 Overriding the View
 -------------------
 
 Create a new file and name it `request.php` and add it in `@app/views/user/recovery`. Add the captcha widget to it: 
 
-```php 
+``` 
 <?php
 
 use yii\helpers\Html;
@@ -83,14 +96,14 @@ $this->params['breadcrumbs'][] = $this->title;
                 <?php $form = ActiveForm::begin(
                     [
                         'id' => $model->formName(),
-                        'enableAjaxValidation' => true,
+                        'enableAjaxValidation' => false,
                         'enableClientValidation' => false,
                     ]
                 ); ?>
 
                 <?= $form->field($model, 'email')->textInput(['autofocus' => true]) ?>
                 
-                <?= $form->field($model, 'captcha')->widget(ReCaptchaWidget::className(), ['theme' => 'dark']) ?>
+                <?= $form->field($model, 'captcha')->widget(ReCaptchaWidget::className(), ['theme' => 'light']) ?>
 
                 <?= Html::submitButton(Yii::t('usuario', 'Continue'), ['class' => 'btn btn-primary btn-block']) ?><br>
 
@@ -115,13 +128,8 @@ Finally, we have to configure the module and the application to ensure is using
     'user' => [
         'class' => Da\User\Module::class,
         'classMap' => [
-            'RecoveryForm' => 'app\forms\RecoveryForm'
+             'RecoveryForm' => 'app\models\Forms\RecoveryForm'
         ], 
-        'controllerMap' => [
-            'recovery' => [
-                 'class' => '\app\controllers\RecoveryController' 
-             ]
-        ]
     ]
 ], 
 
@@ -136,7 +144,15 @@ Finally, we have to configure the module and the application to ensure is using
         ]
     ]
 ]
-
 ```
 
+Notes For Other Forms
+---------------------
+
+The outward facing forms (i.e. forms that you don't need to login to use) also include `registrationForm`, `resendForm`. 
+
+- All three forms need `'enableAjaxValidation' => false` in the view override.
+- `registrationForm` & `resendForm` do not need `scenarios()` in the form override.
+- `registrationForm` needs fix #347 to work.
+
 © [2amigos](http://www.2amigos.us/) 2013-2019

src/User/Controller/RegistrationController.php

@@ -88,6 +88,9 @@ class RegistrationController extends Controller
         ];
     }
 
+    /**
+     * {@inheritdoc}
+     */
     public function actionRegister()
     {
         if (!$this->module->enableRegistration) {
@@ -102,8 +105,19 @@ class RegistrationController extends Controller
 
         if ($form->load(Yii::$app->request->post()) && $form->validate()) {
             $this->trigger(FormEvent::EVENT_BEFORE_REGISTER, $event);
+
             /** @var User $user */
-            $user = $this->make(User::class, [], $form->attributes);
+
+            // Create a temporay $user so we can get the attributes, then get
+            // the intersection between the $form fields  and the $user fields.
+            $user = $this->make(User::class, [] );
+            $fields = array_intersect_key($form->attributes, $user->attributes);
+
+             // Becomes password_hash
+            $fields['password'] = $form['password'];
+
+            $user = $this->make(User::class, [], $fields );
+
             $user->setScenario('register');
             $mailService = MailFactory::makeWelcomeMailerService($user);
 
@@ -133,6 +147,9 @@ class RegistrationController extends Controller
         return $this->render('register', ['model' => $form, 'module' => $this->module]);
     }
 
+    /**
+     * {@inheritdoc}
+     */
     public function actionConnect($code)
     {
         /** @var SocialNetworkAccount $account */
@@ -174,6 +191,9 @@ class RegistrationController extends Controller
         );
     }
 
+    /**
+     * {@inheritdoc}
+     */
     public function actionConfirm($id, $code)
     {
         /** @var User $user */
@@ -210,6 +230,9 @@ class RegistrationController extends Controller
         );
     }
 
+    /**
+     * {@inheritdoc}
+     */
     public function actionResend()
     {
         if ($this->module->enableEmailConfirmation === false) {