leonardo/yii2-usuario
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Markdown fixes for configuration-options

Browse Source
This commit is contained in:
Lorenzo Milesi
2022-09-15 16:17:25 +02:00
parent a9967f294d
commit 66ba1e18bb
1 changed files with 52 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
docs/install/configuration-options.md
View File

@ -1,7 +1,7 @@
Configuration Options Configuration Options
===================== =====================
The module comes with a set of attributes to configure. The following is the list of all available options: The module comes with a set of attributes to configure. The following is the list of all available options:
#### enableSessionHistory (Type: `boolean, integer`, Default value: `false`) #### enableSessionHistory (Type: `boolean, integer`, Default value: `false`)
@ -10,22 +10,24 @@ If this option is to `true`, session history will be kept, [more](../guides/how-
#### numberSessionHistory (Type: `boolean, integer`, Default value: `false`) #### numberSessionHistory (Type: `boolean, integer`, Default value: `false`)
Number of expired storing records `session history`, values: Number of expired storing records `session history`, values:
- `false` Store all records without deleting - `false` Store all records without deleting
- `integer` Count of records for storing - `integer` Count of records for storing
#### timeoutSessionHistory (Type: `boolean, integer`, Default value: `false`) #### timeoutSessionHistory (Type: `boolean, integer`, Default value: `false`)
How long store `session history` after expiring, values: How long store `session history` after expiring, values:
- `false` Store all records without deleting - `false` Store all records without deleting
- `integer` Time for storing after expiring in seconds - `integer` Time for storing after expiring in seconds
#### enableTwoFactorAuthentication (type: `boolean`, default: `false`) #### enableTwoFactorAuthentication (type: `boolean`, default: `false`)
Setting this attribute will allow users to configure their login process with two-factor authentication. Setting this attribute will allow users to configure their login process with two-factor authentication.
#### twoFactorAuthenticationCycles (type: `integer`, default: `1`) #### twoFactorAuthenticationCycles (type: `integer`, default: `1`)
By default, Google Authenticator App for two-factor authentication cycles in periods of 30 seconds. In order to allow By default, Google Authenticator App for two-factor authentication cycles in periods of 30 seconds. In order to allow
a bigger period so to avoid out of sync issues. a bigger period so to avoid out of sync issues.
#### twoFactorAuthenticationValidators (type: `array`) #### twoFactorAuthenticationValidators (type: `array`)
@ -40,6 +42,7 @@ enabled: true if you want to enable the channel, false otherwise.
The following is the default configuration: The following is the default configuration:
```php
'google-authenticator'=>[ 'google-authenticator'=>[
'class'=>\Da\User\Validator\TwoFactorCodeValidator::class, 'class'=>\Da\User\Validator\TwoFactorCodeValidator::class,
'description'=>Yii::t('usuario', 'Google Authenticator'), 'description'=>Yii::t('usuario', 'Google Authenticator'),
@ -60,14 +63,17 @@ The following is the default configuration:
'codeDurationTime'=>300, 'codeDurationTime'=>300,
'smsSender'=>'smsSender', 'smsSender'=>'smsSender',
'enabled'=>true 'enabled'=>true
] ],
```
For instructions about implementation of SMS sending see at the following link: https://www.yiiframework.com/extension/yetopen/yii2-sms-aruba For instructions about implementation of SMS sending see at the following link: <https://www.yiiframework.com/extension/yetopen/yii2-sms-aruba>
#### twoFactorAuthenticationForcedPermissions (type: `array`, default: `[]`) #### twoFactorAuthenticationForcedPermissions (type: `array`, default: `[]`)
The list of permissions for which two factor authentication is mandatory. In order to perform the check in every action you must configure a filter into your config file like this: The list of permissions for which two factor authentication is mandatory. In order to perform the check in every action,
you must configure a filter into your config file like this:
```php
use Da\User\Filter\TwoFactorAuthenticationEnforceFilter; use Da\User\Filter\TwoFactorAuthenticationEnforceFilter;
... ...
'on beforeAction' => function() { 'on beforeAction' => function() {
@ -78,14 +84,18 @@ use Da\User\Filter\TwoFactorAuthenticationEnforceFilter;
] ]
); );
}, },
... ...
```
This will redirect the user to their account page until the two factor authentication is enabled. This will redirect the user to their account page until the two factor authentication is enabled.
Otherwise you can set the filter on each controller you need.
#### enableGdprCompliance (type: `boolean`, default: `false`) #### enableGdprCompliance (type: `boolean`, default: `false`)
Setting this attribute enables a serie of measures to comply with EU GDPR regulation, like data consent, right to be forgotten and data portability. Setting this attribute enables a serie of measures to comply with EU GDPR regulation, like data consent, right to be forgotten and data portability.
#### gdprPrivacyPolicyUrl (type: `array`, default: null) #### gdprPrivacyPolicyUrl (type: `array`, default: null)
The link to privacy policy. This will be used on registration form as "read our pivacy policy". It must follow the same format as `yii\helpers\Url::to` The link to privacy policy. This will be used on registration form as "read our pivacy policy". It must follow the same format as `yii\helpers\Url::to`
#### gdprExportProperties (type: `array`) #### gdprExportProperties (type: `array`)
@ -94,6 +104,7 @@ An array with the name of the user identity properties to be included when user
Names can include relations like `profile.name`. Names can include relations like `profile.name`.
Defaults to: Defaults to:
```php ```php
[ [
'email', 'email',
@ -107,31 +118,34 @@ Defaults to:
] ]
``` ```
#### gdprAnonymizePrefix (type: `string`, default: `GDPR`) #### gdprAnonymizePrefix (type: `string`, default: `GDPR`)
Prefix to be used as a replacement when user requeste deletion of his data Prefix to be used as a replacement when user requeste deletion of his data
#### gdprConsentMessage (type: `string`) #### gdprConsentMessage (type: `string`)
Use this to customize the message that will appear as hint in the give consent checkbox. Use this to customize the message that will appear as hint in the give consent checkbox.
If you leave it empty the next message will be used: If you leave it empty the next message will be used:
>I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our privacy policy >I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our privacy policy
#### GdprRequireConsentToAll (type `boolean`, default `false`) #### GdprRequireConsentToAll (type `boolean`, default `false`)
Whether require to already registered user give consent to process their data. According to GDPR this is mandatory. Whether require to already registered user give consent to process their data. According to GDPR this is mandatory.
To forbid user access to any function, until it gives consent, use the AccessRuleFilter included with this module. To forbid user access to any function, until it gives consent, use the AccessRuleFilter included with this module.
#### GdprConsentExcludedUrls (type `array`, default `['user/settings/*']`) #### GdprConsentExcludedUrls (type `array`, default `['user/settings/*']`)
List of urls that does not require explicit data processing consent to be accessed, like own profile, account... You can use wildcards like `route/to/*` . List of urls that does not require explicit data processing consent to be accessed, like own profile, account... You can use wildcards like `route/to/*` .
#### enableRegistration (type: `boolean`, default: `true`) #### enableRegistration (type: `boolean`, default: `true`)
Setting this attribute allows the registration process. If you set it to `false`, the module won't allow users to Setting this attribute allows the registration process. If you set it to `false`, the module won't allow users to
register by throwing a `NotFoundHttpException` if the `RegistrationController::actionRegister()` is accessed. register by throwing a `NotFoundHttpException` if the `RegistrationController::actionRegister()` is accessed.
#### enableEmailConfirmation (type: `boolean`, default: `true`) #### enableEmailConfirmation (type: `boolean`, default: `true`)
If `true`, the module will send an email with a confirmation link that user needs to click through to complete its If `true`, the module will send an email with a confirmation link that user needs to click through to complete its
registration process. registration process.
#### enableFlashMessages (type: `boolean`, default: `true`) #### enableFlashMessages (type: `boolean`, default: `true`)
@ -139,12 +153,12 @@ registration process.
If `true` views will display flash messages. Disable this if you want to handle messages display in your views. If `true` views will display flash messages. Disable this if you want to handle messages display in your views.
#### enableSwitchIdentities (type: `boolean`, default: `true`) #### enableSwitchIdentities (type: `boolean`, default: `true`)
If `true` allows switching identities for the admin user. If `true` allows switching identities for the admin user.
#### generatePasswords (type: `boolean`, default: `true`) #### generatePasswords (type: `boolean`, default: `true`)
If `true` the password field will be hidden on the registration page and passwords will be generated automatically and If `true` the password field will be hidden on the registration page and passwords will be generated automatically and
sent to the user via email. sent to the user via email.
#### allowUnconfirmedEmailLogin (type: `boolean`, default: `false`) #### allowUnconfirmedEmailLogin (type: `boolean`, default: `false`)
@ -164,6 +178,7 @@ If `true` it will enable administrator to send a password recovery email to a us
If set to an integer value it will check user password age. If the days since last password change are greater than this configuration value If set to an integer value it will check user password age. If the days since last password change are greater than this configuration value
user will be forced to change it. This enforcement is done only at login stage. In order to perform the check in every action you must configure user will be forced to change it. This enforcement is done only at login stage. In order to perform the check in every action you must configure
a filter into your controller like this: a filter into your controller like this:
``` ```
use Da\User\Filter\PasswordAgeEnforceFilter; use Da\User\Filter\PasswordAgeEnforceFilter;
class SiteController extends Controller class SiteController extends Controller
@ -176,26 +191,27 @@ class SiteController extends Controller
'class' => PasswordAgeEnforceFilter::className(), 'class' => PasswordAgeEnforceFilter::className(),
], ],
``` ```
This will redirect the user to their account page until the password has been updated. This will redirect the user to their account page until the password has been updated.
#### allowAccountDelete (type: `boolean`, default: `false`) #### allowAccountDelete (type: `boolean`, default: `false`)
If `true` users will be able to remove their own accounts. If `true` users will be able to remove their own accounts.
#### emailChangeStrategy (type: `integer`, default: `MailChangeStrategyInterface::TYPE_DEFAULT`) #### emailChangeStrategy (type: `integer`, default: `MailChangeStrategyInterface::TYPE_DEFAULT`)
Configures one of the three ways available to change user's password: Configures one of the three ways available to change user's password:
- **MailChangeStrategyInterface::TYPE_DEFAULT**: A confirmation message will be sent to the new user's email with a link - **MailChangeStrategyInterface::TYPE_DEFAULT**: A confirmation message will be sent to the new user's email with a link
that needs to be click through to confirm it. that needs to be click through to confirm it.
- **MailChangeStrategyInterface::TYPE_INSECURE**: Email will be changed without any confirmation message. - **MailChangeStrategyInterface::TYPE_INSECURE**: Email will be changed without any confirmation message.
- **MailChangeStrategyInterface::TYPE_SECURE**: A confirmation message will be sent to the previous and new user's email - **MailChangeStrategyInterface::TYPE_SECURE**: A confirmation message will be sent to the previous and new user's email
with a link that would require both to be click through to confirm the change. with a link that would require both to be click through to confirm the change.
#### rememberLoginLifespan (type: `integer`, default: `1209600`) #### rememberLoginLifespan (type: `integer`, default: `1209600`)
Configures the time length in seconds a user will be remembered without the need to login again. The default time is 2 Configures the time length in seconds a user will be remembered without the need to login again. The default time is 2
weeks. weeks.
#### tokenConfirmationLifespan (type: `integer`, default: `86400`) #### tokenConfirmationLifespan (type: `integer`, default: `86400`)
@ -207,23 +223,22 @@ Configures the time length in seconds a recovery token is valid. The default tim
#### administrators (type: `array`, default: `[]`) #### administrators (type: `array`, default: `[]`)
Configures the usernames of those users who are considered `admininistrators`. The administrators can be Configures the usernames of those users who are considered `admininistrators`. The administrators can be
configured here or throughout RBAC with a special permission name. The recommended way is throughout configured here or throughout RBAC with a special permission name. The recommended way is throughout
`administratorPermissionName` as they can be set dynamically throughout the RBAC interface, but use this attribute for `administratorPermissionName` as they can be set dynamically throughout the RBAC interface, but use this attribute for
simple backends with static administrators that won't change throughout time. simple backends with static administrators that won't change throughout time.
#### administratorPermissionName (type: `string`, default: `null`) #### administratorPermissionName (type: `string`, default: `null`)
Configures the permission name for `administrators`. See [AuthHelper](../../src/User/Helper/AuthHelper.php). Configures the permission name for `administrators`. See [AuthHelper](../../src/User/Helper/AuthHelper.php).
#### prefix (type: `string`, default: `user`)
Configures the URL prefix for the module. #### prefix (type: `string`, default: `user`)
Configures the URL prefix for the module.
#### mailParams (type: `array`, default: `[]`) #### mailParams (type: `array`, default: `[]`)
Configures the parameter values used on [MailFactory](../../src/User/Factory/MailFactory.php). The default values are: Configures the parameter values used on [MailFactory](../../src/User/Factory/MailFactory.php). The default values are:
```php ```php
[ [
@ -238,12 +253,11 @@ Configures the parameter values used on [MailFactory](../../src/User/Factory/Mai
#### blowfishCost (type: `integer`, default: `10`) #### blowfishCost (type: `integer`, default: `10`)
Is the cost parameter used by the Blowfish hash algorithm. The higher the value of cost, the longer it takes to generate Is the cost parameter used by the Blowfish hash algorithm. The higher the value of cost, the longer it takes to generate
the hash and to verify a password against it. Higher cost therefore slows down a brute-force attack. For the best the hash and to verify a password against it. Higher cost therefore slows down a brute-force attack. For the best
protected against brute-force attacks, set it to the highest value that is tolerable on production servers. The time protected against brute-force attacks, set it to the highest value that is tolerable on production servers. The time
taken to compute the hash doubles for every increment by one of `$blowfishCost`. taken to compute the hash doubles for every increment by one of `$blowfishCost`.
#### consoleControllerNamespace (type: `string`, default: `Da\User\Command`) #### consoleControllerNamespace (type: `string`, default: `Da\User\Command`)
Allows customization of the console application controller namespace for the module. Allows customization of the console application controller namespace for the module.
@ -254,14 +268,14 @@ Allows customization of the web application controller namespace for the module.
#### classMap (type: `array`, default: `[]`) #### classMap (type: `array`, default: `[]`)
Configures the definitions of the classes as they have to be override. For more information see Configures the definitions of the classes as they have to be override. For more information see
[Overriding Classes](../customizing/overriding-classes.md). [Overriding Classes](../customizing/overriding-classes.md).
#### routes (type: `array`, default: `[]` ) #### routes (type: `array`, default: `[]` )
The routes (url rules) of the module for the URL management. The default values are: The routes (url rules) of the module for the URL management. The default values are:
```php ```php
[ [
'<id:\d+>' => 'profile/show', '<id:\d+>' => 'profile/show',
'<action:(login|logout)>' => 'security/<action>', '<action:(login|logout)>' => 'security/<action>',
@ -277,7 +291,7 @@ The routes (url rules) of the module for the URL management. The default values
Configures the root directory of the view files. See [overriding views](../customizing/overriding-views.md). Configures the root directory of the view files. See [overriding views](../customizing/overriding-views.md).
#### switchIdentitySessionKey (type: `string`, default: `yuik_usuario`) #### switchIdentitySessionKey (type: `string`, default: `yuik_usuario`)
Configures the name of the session key that will be used to hold the original admin identifier. Configures the name of the session key that will be used to hold the original admin identifier.
@ -296,11 +310,11 @@ Minimum requirements when a new password is automatically generated.
Array structure: `"requirement" => minimum_number_characters`. Array structure: `"requirement" => minimum_number_characters`.
Possible array keys: Possible array keys:
- lower: minimum number of lowercase characters; - lower: minimum number of lowercase characters;
- upper: minimum number of uppercase characters; - upper: minimum number of uppercase characters;
- digit: minimum number of digits; - digit: minimum number of digits;
- special: minimum number of special characters; - special: minimum number of special characters;
- min: minimum number of characters (= minimum length). - min: minimum number of characters (= minimum length).
© [2amigos](http://www.2amigos.us/) 2013-2019 © [2amigos](http://www.2amigos.us/) 2013-2019