From 5c0d050d2489b0f760c88365ef80a0181e0a1ca5 Mon Sep 17 00:00:00 2001 From: tonis Date: Fri, 8 Mar 2024 13:40:14 +0200 Subject: [PATCH 01/14] fixed profile page being globally open by anyone by default --- docs/install/configuration-options.md | 9 ++ src/User/Controller/ProfileController.php | 37 +++++++- src/User/Module.php | 7 ++ tests/_fixtures/data/profile.php | 4 + tests/_fixtures/data/user.php | 28 +++++- tests/functional/ProfileCept.php | 110 ++++++++++++++++++++++ 6 files changed, 191 insertions(+), 4 deletions(-) create mode 100644 tests/functional/ProfileCept.php diff --git a/docs/install/configuration-options.md b/docs/install/configuration-options.md index ed86a61..0af4834 100755 --- a/docs/install/configuration-options.md +++ b/docs/install/configuration-options.md @@ -241,6 +241,15 @@ simple backends with static administrators that won't change throughout time. Configures the permission name for `administrators`. See [AuthHelper](../../src/User/Helper/AuthHelper.php). +#### profileVisibility (type: `integer`, default:`0` (ProfileController::PROFILE_VISIBILITY_OWNER)) + +Configures to whom users 'profile/show' (public profile) page is shown. Constant values are defined in +[ProfileController](../../src/User/Controller/ProfileController.php) as constants. The visibility levels are: +- `0` (ProfileController::PROFILE_VISIBILITY_OWNER): The users profile page is shown ONLY to user itself, the owner of the profile. +- `1` (ProfileController::PROFILE_VISIBILITY_ADMIN): The users profile is shown ONLY to user itself (owner) AND users defined by module as admins. +- `2` (ProfileController::PROFILE_VISIBILITY_USERS): Any users profile page is shown to any other non-guest user. +- `3` (ProfileController::PROFILE_VISIBILITY_PUBLIC): Any user profile views are globally public and visible to anyone (including guests). + #### prefix (type: `string`, default: `user`) Configures the URL prefix for the module. diff --git a/src/User/Controller/ProfileController.php b/src/User/Controller/ProfileController.php index 2a9e66b..e714324 100644 --- a/src/User/Controller/ProfileController.php +++ b/src/User/Controller/ProfileController.php @@ -25,6 +25,15 @@ class ProfileController extends Controller { use ModuleAwareTrait; + /** @var int will allow only profile owner */ + const PROFILE_VISIBILITY_OWNER = 0; + /** @var int will allow profile owner and admin users */ + const PROFILE_VISIBILITY_ADMIN = 1; + /** @var int will allow any logged-in user */ + const PROFILE_VISIBILITY_USERS = 2; + /** @var int will allow anyone, including gusets */ + public const PROFILE_VISIBILITY_PUBLIC = 3; + protected $profileQuery; /** @@ -73,10 +82,32 @@ class ProfileController extends Controller public function actionShow($id) { $user = Yii::$app->user; - /** @var User $identity */ + $id = (int) $id; + + /** @var ?User $identity */ $identity = $user->getIdentity(); - if($user->getId() != $id && $this->module->disableProfileViewsForRegularUsers && !$identity->getIsAdmin()) { - throw new ForbiddenHttpException(); + + switch($this->module->profileVisibility) { + case static::PROFILE_VISIBILITY_OWNER: + if($identity === null || $id !== $user->getId()) { + throw new ForbiddenHttpException("1"); + } + break; + case static::PROFILE_VISIBILITY_ADMIN: + if($id === $user->getId() || ($identity !== null && $identity->getIsAdmin())) { + break; + } + throw new ForbiddenHttpException(); + case static::PROFILE_VISIBILITY_USERS: + if((!$user->getIsGuest())) { + break; + } + throw new ForbiddenHttpException(); + case static::PROFILE_VISIBILITY_PUBLIC: + break; + default: + throw new ForbiddenHttpException(); + } $profile = $this->profileQuery->whereUserId($id)->one(); diff --git a/src/User/Module.php b/src/User/Module.php index a27360b..307f1b5 100755 --- a/src/User/Module.php +++ b/src/User/Module.php @@ -12,6 +12,7 @@ namespace Da\User; use Da\User\Contracts\MailChangeStrategyInterface; +use Da\User\Controller\ProfileController; use Da\User\Filter\AccessRuleFilter; use Yii; use yii\base\Module as BaseModule; @@ -181,6 +182,12 @@ class Module extends BaseModule * @var string the administrator permission name */ public $administratorPermissionName; + /** + * @var int $profileVisibility Defines the level of user's profile page visibility. + * Defaults to ProfileController::PROFILE_VISIBILITY_OWNER meaning no-one except the user itself can view + * the profile. @see ProfileController constants for prssible options + */ + public $profileVisibility = ProfileController::PROFILE_VISIBILITY_OWNER; /** * @var string the route prefix */ diff --git a/tests/_fixtures/data/profile.php b/tests/_fixtures/data/profile.php index 7b2a40f..f1b7234 100644 --- a/tests/_fixtures/data/profile.php +++ b/tests/_fixtures/data/profile.php @@ -7,4 +7,8 @@ return [ 'user_id' => 1, 'name' => 'John Doe', ], + 'seconduser' => [ + 'user_id' => 9, + 'name' => 'John Doe 2', + ], ]; diff --git a/tests/_fixtures/data/user.php b/tests/_fixtures/data/user.php index 2f59661..e255df1 100644 --- a/tests/_fixtures/data/user.php +++ b/tests/_fixtures/data/user.php @@ -78,7 +78,7 @@ return [ 'username' => 'user2fa', 'email' => 'user2faenabled@example.com', 'password_hash' => '$2y$13$qY.ImaYBppt66qez6B31QO92jc5DYVRzo5NxM1ivItkW74WsSG6Ui', - 'auth_key' => '39HU0m5lpjWtqstFVGFjj6lFb7UZDeRq', + 'auth_key' => '08aff8636535eb934ae7aa205254ac6b', 'auth_tf_key' => '', 'auth_tf_enabled' => true, 'auth_tf_type' => 'google-authenticator', @@ -87,4 +87,30 @@ return [ 'confirmed_at' => $time, 'gdpr_consent' => false, ], + 'admin' => [ + 'id' => 8, + 'username' => 'admin', + 'email' => 'admin@example.com', + 'password_hash' => '$2y$13$qY.ImaYBppt66qez6B31QO92jc5DYVRzo5NxM1ivItkW74WsSG6Ui', + 'auth_key' => '39HU0m5lpjWtqstFVGFjj6lFb7UZDeRq', + 'auth_tf_key' => '', + 'auth_tf_enabled' => false, + 'created_at' => $time, + 'updated_at' => $time, + 'confirmed_at' => $time, + 'gdpr_consent' => false, + ], + 'seconduser' => [ + 'id' => 9, + 'username' => 'seconduser', + 'email' => 'seconduser@example.com', + 'password_hash' => '$2y$13$qY.ImaYBppt66qez6B31QO92jc5DYVRzo5NxM1ivItkW74WsSG6Ui', + 'auth_key' => '776960890cec5ac53525f0e910716f5a', + 'auth_tf_key' => '', + 'auth_tf_enabled' => false, + 'created_at' => $time, + 'updated_at' => $time, + 'confirmed_at' => $time, + 'gdpr_consent' => false, + ], ]; diff --git a/tests/functional/ProfileCept.php b/tests/functional/ProfileCept.php new file mode 100644 index 0000000..2933098 --- /dev/null +++ b/tests/functional/ProfileCept.php @@ -0,0 +1,110 @@ +haveFixtures([ + 'user' => UserFixture::class, + 'profile' => ProfileFixture::class +]); +$user = $I->grabFixture('user', 'user'); +$secondUser = $I->grabFixture('user', 'seconduser'); +$adminUser = $I->grabFixture('user', 'admin'); +$I->wantTo('Ensure that profile profile pages are shown only to when user has correct permissions and else forbidden'); + +Yii::$app->getModule('user')->profileVisibility = \Da\User\Controller\ProfileController::PROFILE_VISIBILITY_OWNER; +Yii::$app->getModule('user')->administrators = ['admin']; + +$I->amLoggedInAs($user); +$I->amGoingTo('try to open users own profile page'); +$I->amOnRoute('/user/profile/show', ['id' => $user->id]); +$I->expectTo('See the profile page'); +$I->dontSee('Forbidden'); +$I->see('Joined on'); + +$I->amGoingTo('Profile visibility::OWNER: try to open another users profile page'); +$I->amOnRoute('/user/profile/show', ['id' => $secondUser->id]); +$I->expectTo('See the profile page'); +$I->see('Forbidden'); +$I->dontSee('Joined on'); + +Yii::$app->user->logout(); +$I->amGoingTo('Profile visibility::OWNER: try to open users profile page as guest'); +$I->amOnRoute('/user/profile/show', ['id' => $user->id]); +$I->expectTo('See the profile page'); +$I->see('Forbidden'); +$I->dontSee('Joined on'); + + +Yii::$app->getModule('user')->profileVisibility = \Da\User\Controller\ProfileController::PROFILE_VISIBILITY_ADMIN; +$I->amLoggedInAs($user); +$I->amGoingTo('Profile visibility::PROFILE_VISIBILITY_ADMIN: try to open users own profile page'); +$I->amOnRoute('/user/profile/show', ['id' => $user->id]); +$I->expectTo('See the profile page'); +$I->dontSee('Forbidden'); +$I->see('Joined on'); + +$I->amGoingTo('Profile visibility::PROFILE_VISIBILITY_ADMIN: try to open another users profile page as regular user'); +$I->amOnRoute('/user/profile/show', ['id' => $secondUser->id]); +$I->expectTo('See the profile page'); +$I->see('Forbidden'); +$I->dontSee('Joined on'); + +$I->amLoggedInAs($adminUser); +$I->amGoingTo('Profile visibility::PROFILE_VISIBILITY_ADMIN: try to open another users profile page as admin'); +$I->amOnRoute('/user/profile/show', ['id' => $user->id]); +$I->expectTo('See the profile page'); +$I->dontSee('Forbidden'); +$I->see('Joined on'); + +Yii::$app->user->logout(); +$I->amGoingTo('Profile visibility::PROFILE_VISIBILITY_ADMIN: try to open users profile page as guest'); +$I->amOnRoute('/user/profile/show', ['id' => $user->id]); +$I->expectTo('See the profile page'); +$I->see('Forbidden'); +$I->dontSee('Joined on'); + + +Yii::$app->getModule('user')->profileVisibility = \Da\User\Controller\ProfileController::PROFILE_VISIBILITY_USERS; +$I->amLoggedInAs($user); +$I->amGoingTo('Profile visibility::PROFILE_VISIBILITY_USERS: try to open users own profile page'); +$I->amOnRoute('/user/profile/show', ['id' => $user->id]); +$I->expectTo('See the profile page'); +$I->dontSee('Forbidden'); +$I->see('Joined on'); + +$I->amGoingTo('Profile visibility::PROFILE_VISIBILITY_USERS: try to open another users profile page as regular user'); +$I->amOnRoute('/user/profile/show', ['id' => $secondUser->id]); +$I->expectTo('See the profile page'); +$I->dontSee('Forbidden'); +$I->see('Joined on'); + +$I->amLoggedInAs($adminUser); +$I->amGoingTo('Profile visibility::PROFILE_VISIBILITY_USERS: try to open another users profile page as admin'); +$I->amOnRoute('/user/profile/show', ['id' => $user->id]); +$I->expectTo('See the profile page'); +$I->dontSee('Forbidden'); +$I->see('Joined on'); + +Yii::$app->user->logout(); +$I->amGoingTo('Profile visibility::PROFILE_VISIBILITY_USERS: try to open users profile page as guest'); +$I->amOnRoute('/user/profile/show', ['id' => $user->id]); +$I->expectTo('See the profile page'); +$I->see('Forbidden'); +$I->dontSee('Joined on'); + +Yii::$app->getModule('user')->profileVisibility = \Da\User\Controller\ProfileController::PROFILE_VISIBILITY_PUBLIC; + +Yii::$app->user->logout(); +$I->amGoingTo('Profile visibility::PROFILE_VISIBILITY_PUBLIC: try to open users profile page as guest'); +$I->amOnRoute('/user/profile/show', ['id' => $user->id]); +$I->expectTo('See the profile page'); +$I->dontSee('Forbidden'); +$I->see('Joined on'); + From d5d211a9e9a611fd9b4f989ee956aae720b5a93e Mon Sep 17 00:00:00 2001 From: tonis Date: Fri, 8 Mar 2024 14:11:45 +0200 Subject: [PATCH 02/14] typos --- src/User/Controller/ProfileController.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/User/Controller/ProfileController.php b/src/User/Controller/ProfileController.php index e714324..4ed53d4 100644 --- a/src/User/Controller/ProfileController.php +++ b/src/User/Controller/ProfileController.php @@ -29,9 +29,9 @@ class ProfileController extends Controller const PROFILE_VISIBILITY_OWNER = 0; /** @var int will allow profile owner and admin users */ const PROFILE_VISIBILITY_ADMIN = 1; - /** @var int will allow any logged-in user */ + /** @var int will allow any logged-in users */ const PROFILE_VISIBILITY_USERS = 2; - /** @var int will allow anyone, including gusets */ + /** @var int will allow anyone, including guests */ public const PROFILE_VISIBILITY_PUBLIC = 3; protected $profileQuery; From f319bf70e217aab99503641284a29e6385af95b0 Mon Sep 17 00:00:00 2001 From: tonis Date: Fri, 8 Mar 2024 14:15:30 +0200 Subject: [PATCH 03/14] typos, remove disableProfileViewsForRegularUsers --- src/User/Controller/ProfileController.php | 2 +- src/User/Module.php | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/src/User/Controller/ProfileController.php b/src/User/Controller/ProfileController.php index 4ed53d4..da779b8 100644 --- a/src/User/Controller/ProfileController.php +++ b/src/User/Controller/ProfileController.php @@ -90,7 +90,7 @@ class ProfileController extends Controller switch($this->module->profileVisibility) { case static::PROFILE_VISIBILITY_OWNER: if($identity === null || $id !== $user->getId()) { - throw new ForbiddenHttpException("1"); + throw new ForbiddenHttpException(); } break; case static::PROFILE_VISIBILITY_ADMIN: diff --git a/src/User/Module.php b/src/User/Module.php index 307f1b5..85c76df 100755 --- a/src/User/Module.php +++ b/src/User/Module.php @@ -248,10 +248,6 @@ class Module extends BaseModule * @var boolean whether to disable IP logging into user table */ public $disableIpLogging = false; - /** - * @var boolean whether to disable viewing any user's profile for non-admin users - */ - public $disableProfileViewsForRegularUsers = false; /** * @var array Minimum requirements when a new password is automatically generated. * Array structure: `requirement => minimum number characters`. From f4c71b06c1eff7d823d24f7e449d3f9bc00050ce Mon Sep 17 00:00:00 2001 From: tonis Date: Fri, 8 Mar 2024 14:18:15 +0200 Subject: [PATCH 04/14] remove disableProfileViewsForRegularUsers from docs --- docs/install/configuration-options.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/docs/install/configuration-options.md b/docs/install/configuration-options.md index 0af4834..f1ffd67 100755 --- a/docs/install/configuration-options.md +++ b/docs/install/configuration-options.md @@ -322,11 +322,6 @@ Set to `true` to restrict user assignments to roles only. If `true` registration and last login IPs are not logged into users table, instead a dummy 127.0.0.1 is used - -#### disableProfileViewsForRegularUsers (type: `boolean`, default: `false`) - -If `true` only admin users have access to view any other user's profile. By default any user can see any other users public profile page. - #### minPasswordRequirements (type: `array`, default: `['lower' => 1, 'digit' => 1, 'upper' => 1]`) Minimum requirements when a new password is automatically generated. From 208dd29d7106cf907d1d964239f138e4ef536bf2 Mon Sep 17 00:00:00 2001 From: tonis Date: Fri, 8 Mar 2024 14:21:11 +0200 Subject: [PATCH 05/14] typo --- src/User/Module.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/User/Module.php b/src/User/Module.php index 85c76df..35eb7f1 100755 --- a/src/User/Module.php +++ b/src/User/Module.php @@ -185,7 +185,7 @@ class Module extends BaseModule /** * @var int $profileVisibility Defines the level of user's profile page visibility. * Defaults to ProfileController::PROFILE_VISIBILITY_OWNER meaning no-one except the user itself can view - * the profile. @see ProfileController constants for prssible options + * the profile. @see ProfileController constants for possible options */ public $profileVisibility = ProfileController::PROFILE_VISIBILITY_OWNER; /** From 420e4e0af1c64adfdf14ac77023614726fbfe183 Mon Sep 17 00:00:00 2001 From: tonis Date: Fri, 8 Mar 2024 14:23:45 +0200 Subject: [PATCH 06/14] typo --- tests/_fixtures/data/user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/_fixtures/data/user.php b/tests/_fixtures/data/user.php index e255df1..01fba29 100644 --- a/tests/_fixtures/data/user.php +++ b/tests/_fixtures/data/user.php @@ -78,7 +78,7 @@ return [ 'username' => 'user2fa', 'email' => 'user2faenabled@example.com', 'password_hash' => '$2y$13$qY.ImaYBppt66qez6B31QO92jc5DYVRzo5NxM1ivItkW74WsSG6Ui', - 'auth_key' => '08aff8636535eb934ae7aa205254ac6b', + 'auth_key' => '39HU0m5lpjWtqstFVGFjj6lFb7UZDeRq', 'auth_tf_key' => '', 'auth_tf_enabled' => true, 'auth_tf_type' => 'google-authenticator', From cf6f9db74f1a3f86d9fb36578e5ac26cddf40498 Mon Sep 17 00:00:00 2001 From: tonis Date: Fri, 8 Mar 2024 14:43:25 +0200 Subject: [PATCH 07/14] added Chengelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4d6415a..b3e119a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ - Enh #532: /user/registration/register now shows form validation errors - Enh: Allow/suggest new v3 releases of 2amigos 2fa dependencies: 2fa-library, qrcode-library (TonisOrmisson) - Enh: Added option to disable viewing any other user's profile for non-admin users (TonisOrmisson) +- Fix #546: The profile/show page must not be visible by default, implement configurable policy (TonisOrmisson) ## 1.6.2 Jan 4th, 2024 From 6618539096295196eb9a16d13ed99981fb9ef835 Mon Sep 17 00:00:00 2001 From: "andrea.scaramucci" Date: Tue, 16 Jul 2024 14:09:05 +0200 Subject: [PATCH 08/14] Added UserBlockService to Bootstrap.php buildClassMap() --- src/User/Bootstrap.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/User/Bootstrap.php b/src/User/Bootstrap.php index 1b92e44..1c6b928 100755 --- a/src/User/Bootstrap.php +++ b/src/User/Bootstrap.php @@ -416,6 +416,7 @@ class Bootstrap implements BootstrapInterface ], 'Da\User\Service' => [ 'MailService', + 'UserBlockService', ], ]; From 8559d5113570157eec88b66aa074ec1d02dadbc7 Mon Sep 17 00:00:00 2001 From: "andrea.scaramucci" Date: Tue, 16 Jul 2024 14:13:39 +0200 Subject: [PATCH 09/14] Updated changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f922f62..1e21ee9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ - Fix: Social Network Auth (eluhr) - Enh #532: /user/registration/register now shows form validation errors - Enh: Allow/suggest new v3 releases of 2amigos 2fa dependencies: 2fa-library, qrcode-library (TonisOrmisson) +- Ehh: Added UserBlockService to Bootstrap classMap ## 1.6.2 Jan 4th, 2024 From 940080851db8bb423e272b05f34ab890f019d124 Mon Sep 17 00:00:00 2001 From: "enrico.degaudenzi@connectorly.io" Date: Wed, 14 Aug 2024 16:14:28 +0100 Subject: [PATCH 10/14] #397 No more fatal Exceptions when connecting to already taken Social Network --- CHANGELOG.md | 1 + src/User/Service/SocialNetworkAccountConnectService.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65b687a..d9f23ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ - Enh: Changed exception thrown in PasswordRecoveryService from `RuntimeException` to `NotFoundException`. (eseperio) - New #553: created Da\User\AuthClient\Microsoft365 auth client (edegaudenzi) - Ehh: Added SecurityHelper to the Bootstrap classMap +- Fix #397: No more fatal Exceptions when connecting to already taken Social Network (edegaudenzi) ## 1.6.3 Mar 18th, 2024 diff --git a/src/User/Service/SocialNetworkAccountConnectService.php b/src/User/Service/SocialNetworkAccountConnectService.php index 366c5f8..2c903ff 100644 --- a/src/User/Service/SocialNetworkAccountConnectService.php +++ b/src/User/Service/SocialNetworkAccountConnectService.php @@ -93,6 +93,6 @@ class SocialNetworkAccountConnectService implements ServiceInterface } } - return false; + return $account; } } From a3c5145d7a1957e9f5d37dc00898231eb39f55d7 Mon Sep 17 00:00:00 2001 From: "andrea.scaramucci" Date: Tue, 27 Aug 2024 14:31:52 +0200 Subject: [PATCH 11/14] Added more classes to the Bootstrap.php classMap --- CHANGELOG.md | 2 +- src/User/Bootstrap.php | 29 ++++++++++++++++++++++++++++- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3fa506c..8abb578 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,7 +12,7 @@ - Fix: Social Network Auth (eluhr) - Enh #532: /user/registration/register now shows form validation errors - Enh: Allow/suggest new v3 releases of 2amigos 2fa dependencies: 2fa-library, qrcode-library (TonisOrmisson) -- Ehh: Added UserBlockService to Bootstrap classMap +- Ehh: Added all the classes to the Bootstrap.php classMap - Enh: Added option to disable viewing any other user's profile for non-admin users (TonisOrmisson) - Ehn: updated Estonian (et) translation by (TonisOrmisson) - Ehn: use recaptcha.net instead of google.com (Eseperio) diff --git a/src/User/Bootstrap.php b/src/User/Bootstrap.php index fd7053d..0f5ad66 100755 --- a/src/User/Bootstrap.php +++ b/src/User/Bootstrap.php @@ -399,13 +399,17 @@ class Bootstrap implements BootstrapInterface 'Assignment', 'Permission', 'Role', - 'SessionHistory' + 'SessionHistory', + 'AbstractAuthItem', + 'Rule', ], 'Da\User\Search' => [ 'UserSearch', 'PermissionSearch', 'RoleSearch', 'SessionHistorySearch', + 'RuleSearch', + 'AbstractAuthItemSearch', ], 'Da\User\Form' => [ 'RegistrationForm', @@ -413,13 +417,36 @@ class Bootstrap implements BootstrapInterface 'LoginForm', 'SettingsForm', 'RecoveryForm', + 'GdprDeleteForm', ], 'Da\User\Service' => [ + 'AccountConfirmationService', + 'AuthItemEditionService', + 'AuthRuleEditionService', + 'EmailChangeService', 'MailService', + 'PasswordExpireService', + 'PasswordRecoveryService', + 'ResendConfirmationService', + 'ResetPasswordService', + 'SocialNetworkAccountConnectService', + 'SocialNetworkAuthenticateService', + 'SwitchIdentityService', + 'TwoFactorEmailCodeGeneratorService', + 'TwoFactorQrCodeUriGeneratorService', + 'TwoFactorSmsCodeGeneratorService', + 'UpdateAuthAssignmentsService', 'UserBlockService', + 'UserConfirmationService', + 'UserCreateService', + 'UserRegisterService', ], 'Da\User\Helper' => [ + 'AuthHelper', + 'ClassMapHelper', + 'MigrationHelper', 'SecurityHelper', + 'TimezoneHelper', ] ]; From 66aeeff584691bca9ed39c56e6ce4dae5d55fb40 Mon Sep 17 00:00:00 2001 From: tonis Date: Wed, 18 Sep 2024 17:19:57 +0300 Subject: [PATCH 12/14] Ehh: Added option to pre-fill recovery email via url parameter --- .github/workflows/php.yml | 2 +- CHANGELOG.md | 1 + src/User/Controller/RecoveryController.php | 8 ++++++-- src/User/Module.php | 1 + 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml index d467648..d622ea9 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/php.yml @@ -76,7 +76,7 @@ jobs: run: vendor/bin/phpstan analyse - name: Archive failed tests artifacts - test output & log - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 if: failure() with: name: test-outputs-php-${{ matrix.php-versions }} diff --git a/CHANGELOG.md b/CHANGELOG.md index d9f23ab..7372a8a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ - New #553: created Da\User\AuthClient\Microsoft365 auth client (edegaudenzi) - Ehh: Added SecurityHelper to the Bootstrap classMap - Fix #397: No more fatal Exceptions when connecting to already taken Social Network (edegaudenzi) +- Ehh: Added option to pre-fill recovery email via url parameter (TonisOrmisson) ## 1.6.3 Mar 18th, 2024 diff --git a/src/User/Controller/RecoveryController.php b/src/User/Controller/RecoveryController.php index 9925c87..2367ef2 100644 --- a/src/User/Controller/RecoveryController.php +++ b/src/User/Controller/RecoveryController.php @@ -89,14 +89,18 @@ class RecoveryController extends Controller throw new NotFoundHttpException(); } + $request = Yii::$app->request; + /** @var RecoveryForm $form */ $form = $this->make(RecoveryForm::class, [], ['scenario' => RecoveryForm::SCENARIO_REQUEST]); - + if(!$request->getIsPost() && !empty($request->get('email'))) { + $form->email = $request->get('email'); + } $event = $this->make(FormEvent::class, [$form]); $this->make(AjaxRequestModelValidator::class, [$form])->validate(); - if ($form->load(Yii::$app->request->post()) && $form->validate()) { + if ($form->load($request->post()) && $form->validate()) { $this->trigger(FormEvent::EVENT_BEFORE_REQUEST, $event); $mailService = MailFactory::makeRecoveryMailerService($form->email); diff --git a/src/User/Module.php b/src/User/Module.php index a27360b..8749715 100755 --- a/src/User/Module.php +++ b/src/User/Module.php @@ -219,6 +219,7 @@ class Module extends BaseModule '' => 'registration/', 'confirm//' => 'registration/confirm', 'forgot' => 'recovery/request', + 'forgot/' => 'recovery/request', 'recover//' => 'recovery/reset' ]; /** From 1c939d5cad5d87582a8bc8698f67ac003664d2dc Mon Sep 17 00:00:00 2001 From: tonis Date: Tue, 8 Oct 2024 17:38:13 +0300 Subject: [PATCH 13/14] fixed pretty-urls not working from console apps --- src/User/Bootstrap.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/User/Bootstrap.php b/src/User/Bootstrap.php index 0f5ad66..82eab2c 100755 --- a/src/User/Bootstrap.php +++ b/src/User/Bootstrap.php @@ -30,6 +30,7 @@ use yii\console\Application as ConsoleApplication; use yii\helpers\ArrayHelper; use yii\i18n\PhpMessageSource; use yii\web\Application as WebApplication; +use yii\web\UrlManager; /** * Bootstrap class of the yii2-usuario extension. Configures container services, initializes translations, @@ -49,10 +50,10 @@ class Bootstrap implements BootstrapInterface $this->initTranslations($app); $this->initContainer($app, $map); $this->initMailServiceConfiguration($app, $app->getModule('user')); + $this->initUrlRoutes($app); if ($app instanceof WebApplication) { $this->initControllerNamespace($app); - $this->initUrlRoutes($app); $this->initUrlRestRoutes($app); $this->initAuthCollection($app); $this->initAuthManager($app); @@ -256,11 +257,11 @@ class Bootstrap implements BootstrapInterface /** * Initializes web url routes (rules in Yii2). * - * @param WebApplication $app + * @param Application $app * * @throws InvalidConfigException */ - protected function initUrlRoutes(WebApplication $app) + protected function initUrlRoutes(Application $app) { /** @var $module Module */ $module = $app->getModule('user'); @@ -274,8 +275,13 @@ class Bootstrap implements BootstrapInterface $config['routePrefix'] = 'user'; } + $urlManager = $app->getUrlManager(); + if(!($urlManager instanceof UrlManager)) { + return; + } + $rule = Yii::createObject($config); - $app->getUrlManager()->addRules([$rule], false); + $urlManager->addRules([$rule], false); } /** From 117056310b9d3f71eb9abddbcc0e3089f006e35f Mon Sep 17 00:00:00 2001 From: tonis Date: Tue, 8 Oct 2024 18:15:55 +0300 Subject: [PATCH 14/14] added changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5733c2e..38c256a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ - Fix #546: The profile/show page must not be visible by default, implement configurable policy (TonisOrmisson) - Fix #397: No more fatal Exceptions when connecting to already taken Social Network (edegaudenzi) - Ehh: Added option to pre-fill recovery email via url parameter (TonisOrmisson) +- Ehh: Fixed pretty-url rules not initialized for console apps (TonisOrmisson) ## 1.6.3 Mar 18th, 2024