diff --git a/CHANGELOG.md b/CHANGELOG.md index 4fbd66c..818a1ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,14 @@ # CHANGELOG -## 1.1.1 - Work in progress +## 1.1.2 - Work in progress +- Bug #133: Fix user search returning no results in admin page (phiurs) +- Bug #125: Fix validation in non-ajax requests (faenir) +- Bug #122: Fix wrong email message for email address change (liviuk2) + +## 1.1.1 - November 27, 2017 +- Bug #115: Convert client_id to string because pgsql fail with type convertion (Dezinger) +- Bug #119: Security fix: add AccessControl to RuleController (Dezinger) +- Enh #120: 2FA i18n russian translation (Dezinger) - Bug #111: Fix migration for PostgreSQL DBMS (MKiselev) - Bug #106: Correct exception value returned in `MailEvent::getException` (kartik-v) - Enh #99: Added German translation (jkmssoft) diff --git a/docs/helpful-guides/social-network-authentication.md b/docs/helpful-guides/social-network-authentication.md index 8c50641..8a9552a 100644 --- a/docs/helpful-guides/social-network-authentication.md +++ b/docs/helpful-guides/social-network-authentication.md @@ -31,7 +31,7 @@ After you need to configure the `authClientCollection::clients` on your Applicat 'facebook' => [ 'class' => 'Da\User\AuthClient\Facebook', 'clientId' => 'facebook_client_id', - 'clientScret' => 'facebook_client_secret' + 'clientSecret' => 'facebook_client_secret' ] ] ] diff --git a/src/User/Controller/AdminController.php b/src/User/Controller/AdminController.php index 63ded04..7875629 100644 --- a/src/User/Controller/AdminController.php +++ b/src/User/Controller/AdminController.php @@ -130,7 +130,7 @@ class AdminController extends Controller $this->make(AjaxRequestModelValidator::class, [$user])->validate(); - if ($user->load(Yii::$app->request->post())) { + if ($user->load(Yii::$app->request->post()) && $user->validate()) { $this->trigger(UserEvent::EVENT_BEFORE_CREATE, $event); $mailService = MailFactory::makeWelcomeMailerService($user); diff --git a/src/User/Controller/RecoveryController.php b/src/User/Controller/RecoveryController.php index dee824b..cd2f621 100644 --- a/src/User/Controller/RecoveryController.php +++ b/src/User/Controller/RecoveryController.php @@ -94,7 +94,7 @@ class RecoveryController extends Controller $this->make(AjaxRequestModelValidator::class, [$form])->validate(); - if ($form->load(Yii::$app->request->post())) { + if ($form->load(Yii::$app->request->post()) && $form->validate()) { $this->trigger(FormEvent::EVENT_BEFORE_REQUEST, $event); $mailService = MailFactory::makeRecoveryMailerService($form->email); diff --git a/src/User/Controller/RegistrationController.php b/src/User/Controller/RegistrationController.php index f668387..2834f9d 100644 --- a/src/User/Controller/RegistrationController.php +++ b/src/User/Controller/RegistrationController.php @@ -145,7 +145,7 @@ class RegistrationController extends Controller $this->make(AjaxRequestModelValidator::class, [$user])->validate(); - if ($user->load(Yii::$app->request->post())) { + if ($user->load(Yii::$app->request->post()) && $user->validate()) { $this->trigger(SocialNetworkConnectEvent::EVENT_BEFORE_CONNECT, $event); $mailService = MailFactory::makeWelcomeMailerService($user); diff --git a/src/User/Controller/RuleController.php b/src/User/Controller/RuleController.php index dbce6c2..ccd6134 100644 --- a/src/User/Controller/RuleController.php +++ b/src/User/Controller/RuleController.php @@ -17,10 +17,12 @@ use Da\User\Service\AuthRuleEditionService; use Da\User\Traits\AuthManagerAwareTrait; use Da\User\Traits\ContainerAwareTrait; use Da\User\Validator\AjaxRequestModelValidator; +use Da\User\Filter\AccessRuleFilter; use Yii; use yii\filters\VerbFilter; use yii\web\Controller; use yii\web\NotFoundHttpException; +use yii\filters\AccessControl; class RuleController extends Controller { @@ -33,12 +35,24 @@ class RuleController extends Controller public function behaviors() { return [ - [ + 'verbs' => [ 'class' => VerbFilter::className(), 'actions' => [ 'delete' => ['POST'], ], - ] + ], + 'access' => [ + 'class' => AccessControl::className(), + 'ruleConfig' => [ + 'class' => AccessRuleFilter::className(), + ], + 'rules' => [ + [ + 'allow' => true, + 'roles' => ['admin'], + ], + ], + ], ]; } diff --git a/src/User/Factory/MailFactory.php b/src/User/Factory/MailFactory.php index 0ba80df..13fd3e5 100644 --- a/src/User/Factory/MailFactory.php +++ b/src/User/Factory/MailFactory.php @@ -111,7 +111,7 @@ class MailFactory 'token' => $token, ]; - return static::makeMailerService(MailEvent::TYPE_RECONFIRM, $from, $to, $subject, 'recovery', $params); + return static::makeMailerService(MailEvent::TYPE_RECONFIRM, $from, $to, $subject, 'reconfirmation', $params); } /** diff --git a/src/User/Query/SocialNetworkAccountQuery.php b/src/User/Query/SocialNetworkAccountQuery.php index 8ca2843..eee6d34 100644 --- a/src/User/Query/SocialNetworkAccountQuery.php +++ b/src/User/Query/SocialNetworkAccountQuery.php @@ -26,7 +26,7 @@ class SocialNetworkAccountQuery extends ActiveQuery return $this->andWhere( [ 'provider' => $client->getId(), - 'client_id' => $client->getUserAttributes()['id'], + 'client_id' => (string)$client->getUserAttributes()['id'], ] ); } diff --git a/src/User/Search/UserSearch.php b/src/User/Search/UserSearch.php index 17653e3..ea31688 100644 --- a/src/User/Search/UserSearch.php +++ b/src/User/Search/UserSearch.php @@ -63,7 +63,7 @@ class UserSearch extends Model { return [ 'safeFields' => [['username', 'email', 'registration_ip', 'created_at', 'last_login_at'], 'safe'], - 'createdDefault' => ['created_at', 'default', 'value' => null], + 'createdDefault' => [['created_at', 'last_login_at'], 'default', 'value' => null], ]; } diff --git a/src/User/Service/PasswordRecoveryService.php b/src/User/Service/PasswordRecoveryService.php index 265d9ce..5f319b0 100644 --- a/src/User/Service/PasswordRecoveryService.php +++ b/src/User/Service/PasswordRecoveryService.php @@ -42,6 +42,10 @@ class PasswordRecoveryService implements ServiceInterface /** @var User $user */ $user = $this->query->whereEmail($this->email)->one(); + if ($user === null) { + throw new \RuntimeException('User not found.'); + } + $token = TokenFactory::makeRecoveryToken($user->id); if (!$token) { diff --git a/src/User/resources/i18n/es/usuario.php b/src/User/resources/i18n/es/usuario.php index dd8fc68..3aebcb9 100644 --- a/src/User/resources/i18n/es/usuario.php +++ b/src/User/resources/i18n/es/usuario.php @@ -120,9 +120,9 @@ return [ 'Forgot password?' => '¿Olvidaste la contraseña?', 'Gravatar email' => 'Correo electrónico Gravatar', 'Hello' => 'Hola', - 'If you already registered, sign in and connect this account on settings page' => 'Si ya está registrados, inicie sesión y conecta esta cuenta en la página de configuración', - 'If you cannot click the link, please try pasting the text into your browser' => 'Si tienes problemas, por favor, pegua la siguiente dirección URL en su navegador web', - 'If you did not make this request you can ignore this email' => 'PD: Si ha recibido este correo electrónico por error, simplemente elimínelo', + 'If you already registered, sign in and connect this account on settings page' => 'Si ya estas registrado, inicia sesión y conecta esta cuenta en la página de configuración', + 'If you cannot click the link, please try pasting the text into your browser' => 'Si tienes problemas, por favor, pega la siguiente dirección URL en tu navegador web', + 'If you did not make this request you can ignore this email' => 'PD: Si has recibido este correo electrónico por error, simplemente elimínalo', 'Impersonate this user' => 'Personificar este usuario', 'In order to complete your registration, please click the link below' => 'Para completar el registro, por favor haz clic en el siguiente enlance', 'In order to complete your request, please click the link below' => 'Para completar tu petición, haz clic en el siguiente enlace', diff --git a/src/User/resources/i18n/it/usuario.php b/src/User/resources/i18n/it/usuario.php index 5206c44..6fd7758 100644 --- a/src/User/resources/i18n/it/usuario.php +++ b/src/User/resources/i18n/it/usuario.php @@ -17,59 +17,43 @@ * NOTE: this file must be saved in UTF-8 encoding. */ return [ - 'A message has been sent to your email address. It contains a confirmation link that you must click to complete registration.' => '', - 'Are you sure you wish to send a password recovery email to this user?' => '', - 'Awesome, almost there. Now you need to click the confirmation link sent to your new email address.' => '', - 'Awesome, almost there. Now you need to click the confirmation link sent to your old email address.' => '', - 'Cancel' => '', - 'Cannot assign role "{0}" as the AuthManager is not configured on your console application.' => '', - 'Close' => '', - 'Disable two factor authentication' => '', - 'Enable' => '', - 'Enable two factor authentication' => '', - 'Error sending registration message to "{email}". Please try again later.' => '', - 'Error sending welcome message to "{email}". Please try again later.' => '', - 'Invalid two factor authentication code' => '', - 'Last login' => '', - 'Never' => '', - 'Required "key" cannot be empty.' => '', - 'Required "secret" cannot be empty.' => '', - 'Role "{0}" not found. Creating it.' => '', - 'Scan the QrCode with Google Authenticator App, then insert its temporary code on the box and submit.' => '', - 'Send password recovery email' => '', - 'The "recaptcha" component must be configured.' => '', - 'The verification code is incorrect.' => '', - 'This will disable two factor authentication. Are you sure?' => '', - 'Two Factor Authentication (2FA)' => '', - 'Two factor authentication code' => '', - 'Two factor authentication has been disabled.' => '', - 'Two factor authentication protects you against stolen credentials' => '', - 'Two factor authentication successfully enabled.' => '', - 'Unable to disable Two factor authentication.' => '', - 'Unable to send recovery message to the user' => '', - 'User account could not be created.' => '', - 'User could not be registered.' => '', - 'User not found.' => '', - 'Verification failed. Please, enter new code.' => '', - 'We couldn\'t re-send the mail to confirm your address. Please, verify is the correct email or if it has been confirmed already.' => '', - 'We have sent confirmation links to both old and new email addresses. You must click both links to complete your request.' => '', - '{0} cannot be blank.' => '', - 'A message has been sent to your email address. ' => '@@È stato inviato un messaggio al tuo indirizzo email@@', - 'Awesome, almost there. ' => '@@Fantastico, ci siamo quasi. @@', - 'Disable Two-Factor Auth' => '@@@@', - 'Enable Two-factor auth' => '@@@@', - 'Invalid two-factor code' => '@@@@', - 'This will disable two-factor auth. Are you sure?' => '@@@@', - 'Two Factor Authentication' => '@@@@', - 'Two factor successfully enabled.' => '@@@@', - 'Two-Factor Authentication' => '@@@@', - 'Two-factor auth protects you against stolen credentials' => '@@@@', - 'Two-factor authentication code' => '@@@@', - 'Two-factor authorization has been disabled.' => '@@@@', - 'Two-factor code' => '@@@@', - 'Unable to disable two-factor authorization.' => '@@@@', - 'We couldn\'t re-send the mail to confirm your address. ' => '@@Non è stato possibile reinviare l\'email per confermare il tuo indirizzo. @@', - 'We have sent confirmation links to both old and new email addresses. ' => '@@Abbiamo inviato un link di conferma sia al nuovo che al vecchio indirizzo email. @@', + 'A message has been sent to your email address. It contains a confirmation link that you must click to complete registration.' => 'È stato inviato un messaggio al tuo indirizzo email. Contiene un collegamento di verifica che devi aprire per completare la registrazione.', + 'Are you sure you wish to send a password recovery email to this user?' => 'Sicuro di voler inviare un email di recupero password a questo utente?', + 'Awesome, almost there. Now you need to click the confirmation link sent to your new email address.' => 'Fantastico, ci siamo quasi. Ora devi solo visitare il collegamento di conferma che è stato inviato al tuo nuovo indirizzo email.', + 'Awesome, almost there. Now you need to click the confirmation link sent to your old email address.' => 'Fantastico, ci siamo quasi. Ora devi solo visitare il collegamento di conferma che è stato inviato al tuo vecchio indirizzo email.', + 'Cancel' => 'Annulla', + 'Cannot assign role "{0}" as the AuthManager is not configured on your console application.' => 'Impossibile assegnare il ruolo "{0}" perché l\'AuthManager non è configurato nella applicazione da console.', + 'Close' => 'Chiudi', + 'Disable two factor authentication' => 'Disabilita autenticazione a due fattori', + 'Enable' => 'Abilita', + 'Enable two factor authentication' => 'Abilita l\'autenticazione a due fattori', + 'Error sending registration message to "{email}". Please try again later.' => 'C\'è stato un errore nell\'invio del messaggio di registrazione all\'indirizzo "{email}". Per favore ritenta più tardi.', + 'Error sending welcome message to "{email}". Please try again later.' => 'C\'è stato un errore nell\'invio del messaggio di benvenuto all\'indirizzo "{email}". Per favore ritenta più tardi.', + 'Invalid two factor authentication code' => 'Il codice dell\'autenticazione a due fattori non è valido', + 'Last login' => 'Ultimo accesso', + 'Never' => 'Mai', + 'Required "key" cannot be empty.' => 'Il campo "chiave" è richiesto, non può essere vuoto.', + 'Required "secret" cannot be empty.' => 'Il campo "segreto" è richiesto, non può essere vuoto.', + 'Role "{0}" not found. Creating it.' => 'Ruolo "{0}" non trovato. È stato creato.', + 'Scan the QrCode with Google Authenticator App, then insert its temporary code on the box and submit.' => 'Scansiona il codice QR con l\'applicazione Google Authenticator, poi inserisci il codice temporaneo nel riquadro ed invia.', + 'Send password recovery email' => 'Invia email di recupero password', + 'The "recaptcha" component must be configured.' => 'Occorre configurare il componente "recaptcha".', + 'The verification code is incorrect.' => 'Il codice di verifica non è corretto.', + 'This will disable two factor authentication. Are you sure?' => 'Stai per disabilitare l\'autenticazione a due fattori. Sei sicuro?', + 'Two Factor Authentication (2FA)' => 'Autenticazione a due fattori (2FA)', + 'Two factor authentication code' => 'Codice di autenticazione a due fattori', + 'Two factor authentication has been disabled.' => 'Autenticazione a due fattori disabilitata.', + 'Two factor authentication protects you against stolen credentials' => 'L\'autenticazione a due fattori può proteggerti dal furto di credenziali', + 'Two factor authentication successfully enabled.' => 'Autenticazione a due fattori abilitata con successo.', + 'Unable to disable Two factor authentication.' => 'Impossibile disabilitare l\'autenticazione a due fattori.', + 'Unable to send recovery message to the user' => 'Impossibile inviare il messaggio di recupero password all\'utente', + 'User account could not be created.' => 'Impossibile creare il nuovo utente.', + 'User could not be registered.' => 'Impossibile registrare l\'utente.', + 'User not found.' => 'Utente non trovato.', + 'Verification failed. Please, enter new code.' => 'Verifica fallita. Per favore inserisci un nuovo codice.', + 'We couldn\'t re-send the mail to confirm your address. Please, verify is the correct email or if it has been confirmed already.' => 'Non siamo riusciti ad inviare una email di conferma al tuo indirizzo. Per favore verifica che sia corretto e che non sia già stato confermato.', + 'We have sent confirmation links to both old and new email addresses. You must click both links to complete your request.' => 'Abbiamo inviato un link di conferma sia al vecchio che al nuovo indirizzo email. Devi visitare entrambi i link per completare la richiesta.', + '{0} cannot be blank.' => '{0} non può essere vuoto.', '(not set)' => '(non impostato)', 'A confirmation message has been sent to your new email address' => 'È stato inviato un messaggio di conferma al tuo nuovo indirizzo email', 'A new confirmation link has been sent' => 'È stato inviato un nuovo link di conferma', @@ -208,7 +192,7 @@ return [ 'There is neither role nor permission with name "{0}"' => 'Non esiste un ruolo o permesso di nome "{0}', 'This account has already been connected to another user' => 'Questo account è già stato associato ad un altro utente', 'This email address has already been taken' => 'Questo indirizzo email è già stato registrato', - 'This username has already been taken' => 'Questo nome utente è già stato registraot', + 'This username has already been taken' => 'Questo nome utente è già stato registrato', 'Time zone' => 'Fuso orario', 'Time zone is not valid' => 'Il fuso orario non è valido', 'Unable to confirm user. Please, try again.' => 'Impossibile confermare l\'utente, per favore ritenta.', diff --git a/src/User/resources/i18n/ru/usuario.php b/src/User/resources/i18n/ru/usuario.php index 5fa7e97..35a2535 100644 --- a/src/User/resources/i18n/ru/usuario.php +++ b/src/User/resources/i18n/ru/usuario.php @@ -17,16 +17,16 @@ * NOTE: this file must be saved in UTF-8 encoding. */ return [ - 'Disable two factor authentication' => '', - 'Enable two factor authentication' => '', - 'Invalid two factor authentication code' => '', - 'This will disable two factor authentication. Are you sure?' => '', - 'Two Factor Authentication (2FA)' => '', - 'Two factor authentication code' => '', - 'Two factor authentication has been disabled.' => '', - 'Two factor authentication protects you against stolen credentials' => '', - 'Two factor authentication successfully enabled.' => '', - 'Unable to disable Two factor authentication.' => '', + 'Disable two factor authentication' => 'Выключить двухфакторную авторизацию', + 'Enable two factor authentication' => 'Включить двухфакторную авторизацию', + 'Invalid two factor authentication code' => 'Неверный код двухфакторной авторизации', + 'This will disable two factor authentication. Are you sure?' => 'Двухфакторная авторизация будет отключена. Вы уверены?', + 'Two Factor Authentication (2FA)' => 'Двухфакторная авторизация (2FA)', + 'Two factor authentication code' => 'Код двухфакторной авторизации', + 'Two factor authentication has been disabled.' => 'Двухфакторная авторизация отключена.', + 'Two factor authentication protects you against stolen credentials' => 'Двухфакторная авторизация защитит вас от кражи параметров доступа', + 'Two factor authentication successfully enabled.' => 'Двухфакторная авторизация успешно включена.', + 'Unable to disable Two factor authentication.' => 'Не удалось отключить двухфакторную авторизацию.', 'A message has been sent to your email address. ' => '@@Сообщение было отправлено на вашу электронную почту@@', 'Awesome, almost there. ' => '@@Замечательно, почти готово!@@', 'Class "{0}" does not exist' => '@@Класс "{0}" не найден@@',