diff --git a/CHANGELOG.md b/CHANGELOG.md index 890c1c2..630e1cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,7 +17,9 @@ - Enh: Add controller module class reference (TonisOrmisson) - Enh: Replace the deprecated InvalidParamException in ClassMapHelper (TonisOrmisson) - Fix #242: Add POST filter for `admin/force-password-change` action (bscheshirwork) + - Fix #252: Delete check for unexpected property `allowPasswordRecovery` for resend email by admin (bscheshirwork) - Enh #253: Add PHPDoc for events class (bscheshirwork) + - Fix #254: Rename `GDPR` properties to `lowerCamelCase` style (bscheshirwork) ## 1.1.4 - February 19, 2018 - Enh: Check enableEmailConfirmation on registration (faenir) diff --git a/docs/enhancing-and-overriding/overriding-controllers.md b/docs/enhancing-and-overriding/overriding-controllers.md index 031d5ad..186c7c2 100644 --- a/docs/enhancing-and-overriding/overriding-controllers.md +++ b/docs/enhancing-and-overriding/overriding-controllers.md @@ -5,7 +5,39 @@ Maybe you need to override the default's functionality of the module's controlle Yii2 Modules have an attribute named `controllerMap` that you can configure with your very own controllers. Please, before you override a controller's action, make sure that it won't be enough with using the -(controller's events)[../events/controller-events.md]. +[events](../events). For example you can use event for redirect after finish confirmation or recovery: + +```php + 'modules' => [ + 'user' => [ + 'controllerMap' => [ + 'recovery' => [ + 'class' => \Da\User\Controller\RecoveryController::class, + 'on ' . \Da\User\Event\FormEvent::EVENT_AFTER_REQUEST => function (\Da\User\Event\FormEvent $event) { + \Yii::$app->controller->redirect(['/user/security/login']); + \Yii::$app->end(); + }, + 'on ' . \Da\User\Event\ResetPasswordEvent::EVENT_AFTER_RESET => function (\Da\User\Event\ResetPasswordEvent $event) { + if ($event->token->user ?? false) { + \Yii::$app->user->login($event->token->user); + } + \Yii::$app->controller->redirect(\Yii::$app->getUser()->getReturnUrl()); + \Yii::$app->end(); + }, + ], + 'registration' => [ + 'class' => \Da\User\Controller\RegistrationController::class, + 'on ' . \Da\User\Event\FormEvent::EVENT_AFTER_REGISTER => function (\Da\User\Event\FormEvent $event) { + \Yii::$app->controller->redirect(['/user/security/login']); + \Yii::$app->end(); + }, + 'on ' . \Da\User\Event\FormEvent::EVENT_AFTER_RESEND => function (\Da\User\Event\FormEvent $event) { + \Yii::$app->controller->redirect(['/user/security/login']); + \Yii::$app->end(); + }, + ], +... +``` > See more about this attribute on > [ The Definitive Guide to Yii 2.0](http://www.yiiframework.com/doc-2.0/guide-structure-controllers.html#controller-map) diff --git a/docs/helpful-guides/gdpr.md b/docs/helpful-guides/gdpr.md index 9012eb9..59dea98 100644 --- a/docs/helpful-guides/gdpr.md +++ b/docs/helpful-guides/gdpr.md @@ -5,8 +5,8 @@ The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in E ## Enable GDPR -To enable support in yii2-usuario set `enableGDPRcompliance` to `true` and set - `GDPRprivacyPolicyUrl` with an url pointing to your privacy policy. +To enable support in yii2-usuario set `enableGdprCompliance` to `true` and set + `gdprPrivacyPolicyUrl` with an url pointing to your privacy policy. ### At this moment a few measures apply to your app: @@ -27,7 +27,7 @@ GDPR says: [Article 20](https://gdpr.algolia.com/gdpr-article-20) Users now have a privacy page in their account settings where they can export his/her personal data in a csv file. If you collect additional personal information you can to export by adding to -`GDPRexportProperties`. +`gdprExportProperties`. > Export use `ArrayHelper::getValue()` to extract information, so you can use links to relations. @@ -41,7 +41,7 @@ The behavior differs depending module configuration. If `$allowAccountDelete` is set to `true` the account will be fully deleted when clicking *Delete* button, while when if that setting is set to `false` the module will remove social network connections and -replace the personal data with a custom alias defined in `$GDPRanonymPrefix`. +replace the personal data with a custom alias defined in `$gdprAnonymizePrefix`. The account will be blocked and marked as `gdpr_deleted`. diff --git a/docs/installation/configuration-options.md b/docs/installation/configuration-options.md index e7399c1..ba43f70 100644 --- a/docs/installation/configuration-options.md +++ b/docs/installation/configuration-options.md @@ -12,14 +12,14 @@ Setting this attribute will allow users to configure their login process with tw By default, Google Authenticator App for two-factor authentication cycles in periods of 30 seconds. In order to allow a bigger period so to avoid out of sync issues. -#### enableGDPRcompliance (type: `boolean`, default: `false`) +#### enableGdprCompliance (type: `boolean`, default: `false`) Setting this attribute enables a serie of measures to comply with EU GDPR regulation, like data consent, right to be forgotten and data portability. -#### GDPRprivacyPolicyUrl (type: `array`, default: null) +#### gdprPrivacyPolicyUrl (type: `array`, default: null) The link to privacy policy. This will be used on registration form as "read our pivacy policy". It must follow the same format as `yii\helpers\Url::to` -#### GDPRexportProperties (type: `array`) +#### gdprExportProperties (type: `array`) An array with the name of the user identity properties to be included when user request download of his data. Names can include relations like `profile.name`. @@ -39,7 +39,7 @@ Defaults to: ``` -#### GDPRanonymPrefix (type: `string`, default: `GDPR`) +#### gdprAnonymizePrefix (type: `string`, default: `GDPR`) Prefix to be used as a replacement when user requeste deletion of his data diff --git a/docs/installation/migration-guide-from-dektrium-tools.md b/docs/installation/migration-guide-from-dektrium-tools.md index fc026b3..64746fc 100644 --- a/docs/installation/migration-guide-from-dektrium-tools.md +++ b/docs/installation/migration-guide-from-dektrium-tools.md @@ -65,6 +65,10 @@ to $module = Yii::$app->getModule('user'); if(Yii::$app->session->has($module->switchIdentitySessionKey)) ``` +* If you use event of Controllers see [events](../events) chapter of this docs. **All** of relative controller constant has been move to events class: +from `\dektrium\user\controllers\RecoveryController::EVENT_AFTER_REQUEST` to `\Da\User\Event\FormEvent::EVENT_AFTER_REQUEST`, +from `\dektrium\user\controllers\RecoveryController::EVENT_AFTER_RESET` to `\Da\User\Event\ResetPasswordEvent::EVENT_AFTER_RESET`, etc. +Map of constants can be find in [events](../events) chapter of this docs. ## Rbac migrations diff --git a/src/User/Controller/SettingsController.php b/src/User/Controller/SettingsController.php index a4f891f..d28af88 100644 --- a/src/User/Controller/SettingsController.php +++ b/src/User/Controller/SettingsController.php @@ -159,7 +159,7 @@ class SettingsController extends Controller public function actionPrivacy() { - if (!$this->module->enableGDPRcompliance) + if (!$this->module->enableGdprCompliance) throw new NotFoundHttpException(); return $this->render('privacy', [ @@ -169,7 +169,7 @@ class SettingsController extends Controller public function actionGdprdelete() { - if (!$this->module->enableGDPRcompliance) + if (!$this->module->enableGdprCompliance) throw new NotFoundHttpException(); /** @var GdprDeleteForm $form */ @@ -192,7 +192,7 @@ class SettingsController extends Controller /* @var $security SecurityHelper */ $security = $this->make(SecurityHelper::class); - $anonymReplacement = $this->module->GDPRanonymPrefix . $user->id; + $anonymReplacement = $this->module->gdprAnonymizePrefix . $user->id; $user->updateAttributes([ 'email' => $anonymReplacement . "@example.com", @@ -260,11 +260,11 @@ class SettingsController extends Controller */ public function actionExport() { - if (!$this->module->enableGDPRcompliance) + if (!$this->module->enableGdprCompliance) throw new NotFoundHttpException(); try { - $properties = $this->module->GDPRexportProperties; + $properties = $this->module->gdprExportProperties; $user = Yii::$app->user->identity; $data = [$properties, []]; diff --git a/src/User/Form/RegistrationForm.php b/src/User/Form/RegistrationForm.php index 305877d..79156b4 100644 --- a/src/User/Form/RegistrationForm.php +++ b/src/User/Form/RegistrationForm.php @@ -82,7 +82,7 @@ class RegistrationForm extends Model 'compareValue' => true, 'message' => Yii::t('usuario', 'Your consent is required to register'), 'when' => function () { - return $this->module->enableGDPRcompliance; + return $this->module->enableGdprCompliance; }] ]; } @@ -106,7 +106,7 @@ class RegistrationForm extends Model 'gdpr_consent' => Yii::t('usuario', 'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}', [ 'privacyPolicy' => Html::a(Yii::t('usuario', 'privacy policy'), - $this->module->GDPRprivacyPolicyUrl, + $this->module->gdprPrivacyPolicyUrl, ['target' => '_blank'] ) ]) diff --git a/src/User/Model/User.php b/src/User/Model/User.php index c4fc048..c029708 100644 --- a/src/User/Model/User.php +++ b/src/User/Model/User.php @@ -164,7 +164,7 @@ class User extends ActiveRecord implements IdentityInterface TimestampBehavior::class, ]; - if ($this->module->enableGDPRcompliance) { + if ($this->module->enableGdprCompliance) { $behaviors['GDPR'] = [ 'class' => TimestampBehavior::class, 'createdAtAttribute' => 'gdpr_consent_date', diff --git a/src/User/Module.php b/src/User/Module.php index 44a3a6a..3c2ab48 100644 --- a/src/User/Module.php +++ b/src/User/Module.php @@ -29,12 +29,12 @@ class Module extends BaseModule * - Forgot me button in profile view. * - Download my data button in profile */ - public $enableGDPRcompliance = false; + public $enableGdprCompliance = false; /** * @var null|array|string with the url to privacy policy. * Must be in the same format as yii/helpers/Url::to requires. */ - public $GDPRprivacyPolicyUrl = null; + public $gdprPrivacyPolicyUrl = null; /** * @var array with the name of the user identity properties to be included when user request download of his data. * Names can include relations like `profile.name`. @@ -42,7 +42,7 @@ class Module extends BaseModule * > The data subject shall have the right to receive the personal data concerning him or her, which he * > or she has provided to a controller, in a structured, commonly used and machine-readable format */ - public $GDPRexportProperties = [ + public $gdprExportProperties = [ 'email', 'username', 'profile.public_email', @@ -55,7 +55,7 @@ class Module extends BaseModule /** * @var string prefix to be used as a replacement when user requests deletion of his data. */ - public $GDPRanonymPrefix = 'GDPR'; + public $gdprAnonymizePrefix = 'GDPR'; /** * @var bool whether to enable two factor authentication or not */ diff --git a/src/User/resources/views/admin/index.php b/src/User/resources/views/admin/index.php index e4f8b71..ed87cd9 100644 --- a/src/User/resources/views/admin/index.php +++ b/src/User/resources/views/admin/index.php @@ -152,7 +152,7 @@ $module = Yii::$app->getModule('user'); return null; }, 'reset' => function ($url, $model) use ($module) { - if(!$module->allowPasswordRecovery && $module->allowAdminPasswordRecovery) { + if($module->allowAdminPasswordRecovery) { return Html::a( '', ['/user/admin/password-reset', 'id' => $model->id], diff --git a/src/User/resources/views/registration/register.php b/src/User/resources/views/registration/register.php index 243977a..9e5dab1 100644 --- a/src/User/resources/views/registration/register.php +++ b/src/User/resources/views/registration/register.php @@ -45,7 +45,7 @@ $this->params['breadcrumbs'][] = $this->title; field($model, 'password')->passwordInput() ?> - enableGDPRcompliance): ?> + enableGdprCompliance): ?> field($model, 'gdpr_consent')->checkbox(['value' => 1]) ?> diff --git a/src/User/resources/views/settings/_menu.php b/src/User/resources/views/settings/_menu.php index 732d366..9c58638 100644 --- a/src/User/resources/views/settings/_menu.php +++ b/src/User/resources/views/settings/_menu.php @@ -43,7 +43,7 @@ $networksVisible = count(Yii::$app->authClientCollection->clients) > 0; ['label' => Yii::t('usuario', 'Account'), 'url' => ['/user/settings/account']], ['label' => Yii::t('usuario', 'Privacy'), 'url' => ['/user/settings/privacy'], - 'visible' => $module->enableGDPRcompliance + 'visible' => $module->enableGdprCompliance ], [ 'label' => Yii::t('usuario', 'Networks'), diff --git a/src/User/resources/views/settings/networks.php b/src/User/resources/views/settings/networks.php index 3c62583..6d7a74d 100644 --- a/src/User/resources/views/settings/networks.php +++ b/src/User/resources/views/settings/networks.php @@ -28,7 +28,7 @@ $this->params['breadcrumbs'][] = $this->title;
- render('/networks/_menu') ?> + render('/settings/_menu') ?>
diff --git a/tests/functional/GdprCest.php b/tests/functional/GdprCest.php index 1ae2e91..230dc13 100644 --- a/tests/functional/GdprCest.php +++ b/tests/functional/GdprCest.php @@ -68,7 +68,7 @@ class GdprCest $module = Yii::$app->getModule('user'); $module->enableEmailConfirmation = $emailConfirmation; $module->generatePasswords = $generatePasswords; - $module->enableGDPRcompliance = $enableGdpr; + $module->enableGdprCompliance = $enableGdpr; } protected function register(FunctionalTester $I, $email, $username = null, $password = null, $gdpr_consent = true)