Merge branch 'master' into use-asset-packegist

This commit is contained in:
Antonio Ramirez
2018-09-27 19:17:22 +02:00
committed by GitHub
14 changed files with 64 additions and 26 deletions

View File

@ -18,6 +18,8 @@
- Enh: Replace the deprecated InvalidParamException in ClassMapHelper (TonisOrmisson) - Enh: Replace the deprecated InvalidParamException in ClassMapHelper (TonisOrmisson)
- Fix #242: Add POST filter for `admin/force-password-change` action (bscheshirwork) - Fix #242: Add POST filter for `admin/force-password-change` action (bscheshirwork)
- Enh #251: Use `asset-packagist` instead of `fxp-asset` if you run it as a module without having a project around (bscheshirwork) - Enh #251: Use `asset-packagist` instead of `fxp-asset` if you run it as a module without having a project around (bscheshirwork)
- Fix #252: Delete check for unexpected property `allowPasswordRecovery` for resend email by admin (bscheshirwork)
- Fix #254: Rename `GDPR` properties to `lowerCamelCase` style (bscheshirwork)
## 1.1.4 - February 19, 2018 ## 1.1.4 - February 19, 2018
- Enh: Check enableEmailConfirmation on registration (faenir) - Enh: Check enableEmailConfirmation on registration (faenir)

View File

@ -5,7 +5,39 @@ Maybe you need to override the default's functionality of the module's controlle
Yii2 Modules have an attribute named `controllerMap` that you can configure with your very own controllers. Yii2 Modules have an attribute named `controllerMap` that you can configure with your very own controllers.
Please, before you override a controller's action, make sure that it won't be enough with using the Please, before you override a controller's action, make sure that it won't be enough with using the
(controller's events)[../events/controller-events.md]. [events](../events). For example you can use event for redirect after finish confirmation or recovery:
```php
'modules' => [
'user' => [
'controllerMap' => [
'recovery' => [
'class' => \Da\User\Controller\RecoveryController::class,
'on ' . \Da\User\Event\FormEvent::EVENT_AFTER_REQUEST => function (\Da\User\Event\FormEvent $event) {
\Yii::$app->controller->redirect(['/user/security/login']);
\Yii::$app->end();
},
'on ' . \Da\User\Event\ResetPasswordEvent::EVENT_AFTER_RESET => function (\Da\User\Event\ResetPasswordEvent $event) {
if ($event->token->user ?? false) {
\Yii::$app->user->login($event->token->user);
}
\Yii::$app->controller->redirect(\Yii::$app->getUser()->getReturnUrl());
\Yii::$app->end();
},
],
'registration' => [
'class' => \Da\User\Controller\RegistrationController::class,
'on ' . \Da\User\Event\FormEvent::EVENT_AFTER_REGISTER => function (\Da\User\Event\FormEvent $event) {
\Yii::$app->controller->redirect(['/user/security/login']);
\Yii::$app->end();
},
'on ' . \Da\User\Event\FormEvent::EVENT_AFTER_RESEND => function (\Da\User\Event\FormEvent $event) {
\Yii::$app->controller->redirect(['/user/security/login']);
\Yii::$app->end();
},
],
...
```
> See more about this attribute on > See more about this attribute on
> [ The Definitive Guide to Yii 2.0](http://www.yiiframework.com/doc-2.0/guide-structure-controllers.html#controller-map) > [ The Definitive Guide to Yii 2.0](http://www.yiiframework.com/doc-2.0/guide-structure-controllers.html#controller-map)

View File

@ -5,8 +5,8 @@ The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in E
## Enable GDPR ## Enable GDPR
To enable support in yii2-usuario set `enableGDPRcompliance` to `true` and set To enable support in yii2-usuario set `enableGdprCompliance` to `true` and set
`GDPRprivacyPolicyUrl` with an url pointing to your privacy policy. `gdprPrivacyPolicyUrl` with an url pointing to your privacy policy.
### At this moment a few measures apply to your app: ### At this moment a few measures apply to your app:
@ -27,7 +27,7 @@ GDPR says: [Article 20](https://gdpr.algolia.com/gdpr-article-20)
Users now have a privacy page in their account settings where they can export his/her personal data Users now have a privacy page in their account settings where they can export his/her personal data
in a csv file. in a csv file.
If you collect additional personal information you can to export by adding to If you collect additional personal information you can to export by adding to
`GDPRexportProperties`. `gdprExportProperties`.
> Export use `ArrayHelper::getValue()` to extract information, so you can use links to relations. > Export use `ArrayHelper::getValue()` to extract information, so you can use links to relations.
@ -41,7 +41,7 @@ The behavior differs depending module configuration.
If `$allowAccountDelete` is set to `true` the account will be fully deleted when clicking *Delete* button, If `$allowAccountDelete` is set to `true` the account will be fully deleted when clicking *Delete* button,
while when if that setting is set to `false` the module will remove social network connections and while when if that setting is set to `false` the module will remove social network connections and
replace the personal data with a custom alias defined in `$GDPRanonymPrefix`. replace the personal data with a custom alias defined in `$gdprAnonymizePrefix`.
The account will be blocked and marked as `gdpr_deleted`. The account will be blocked and marked as `gdpr_deleted`.

View File

@ -12,14 +12,14 @@ Setting this attribute will allow users to configure their login process with tw
By default, Google Authenticator App for two-factor authentication cycles in periods of 30 seconds. In order to allow By default, Google Authenticator App for two-factor authentication cycles in periods of 30 seconds. In order to allow
a bigger period so to avoid out of sync issues. a bigger period so to avoid out of sync issues.
#### enableGDPRcompliance (type: `boolean`, default: `false`) #### enableGdprCompliance (type: `boolean`, default: `false`)
Setting this attribute enables a serie of measures to comply with EU GDPR regulation, like data consent, right to be forgotten and data portability. Setting this attribute enables a serie of measures to comply with EU GDPR regulation, like data consent, right to be forgotten and data portability.
#### GDPRprivacyPolicyUrl (type: `array`, default: null) #### gdprPrivacyPolicyUrl (type: `array`, default: null)
The link to privacy policy. This will be used on registration form as "read our pivacy policy". It must follow the same format as `yii\helpers\Url::to` The link to privacy policy. This will be used on registration form as "read our pivacy policy". It must follow the same format as `yii\helpers\Url::to`
#### GDPRexportProperties (type: `array`) #### gdprExportProperties (type: `array`)
An array with the name of the user identity properties to be included when user request download of his data. An array with the name of the user identity properties to be included when user request download of his data.
Names can include relations like `profile.name`. Names can include relations like `profile.name`.
@ -39,7 +39,7 @@ Defaults to:
``` ```
#### GDPRanonymPrefix (type: `string`, default: `GDPR`) #### gdprAnonymizePrefix (type: `string`, default: `GDPR`)
Prefix to be used as a replacement when user requeste deletion of his data Prefix to be used as a replacement when user requeste deletion of his data

View File

@ -65,6 +65,10 @@ to
$module = Yii::$app->getModule('user'); $module = Yii::$app->getModule('user');
if(Yii::$app->session->has($module->switchIdentitySessionKey)) if(Yii::$app->session->has($module->switchIdentitySessionKey))
``` ```
* If you use event of Controllers see [events](../events) chapter of this docs. **All** of relative controller constant has been move to events class:
from `\dektrium\user\controllers\RecoveryController::EVENT_AFTER_REQUEST` to `\Da\User\Event\FormEvent::EVENT_AFTER_REQUEST`,
from `\dektrium\user\controllers\RecoveryController::EVENT_AFTER_RESET` to `\Da\User\Event\ResetPasswordEvent::EVENT_AFTER_RESET`, etc.
Map of constants can be find in [events](../events) chapter of this docs.
## Rbac migrations ## Rbac migrations

View File

@ -159,7 +159,7 @@ class SettingsController extends Controller
public function actionPrivacy() public function actionPrivacy()
{ {
if (!$this->module->enableGDPRcompliance) if (!$this->module->enableGdprCompliance)
throw new NotFoundHttpException(); throw new NotFoundHttpException();
return $this->render('privacy', [ return $this->render('privacy', [
@ -169,7 +169,7 @@ class SettingsController extends Controller
public function actionGdprdelete() public function actionGdprdelete()
{ {
if (!$this->module->enableGDPRcompliance) if (!$this->module->enableGdprCompliance)
throw new NotFoundHttpException(); throw new NotFoundHttpException();
/** @var GdprDeleteForm $form */ /** @var GdprDeleteForm $form */
@ -192,7 +192,7 @@ class SettingsController extends Controller
/* @var $security SecurityHelper */ /* @var $security SecurityHelper */
$security = $this->make(SecurityHelper::class); $security = $this->make(SecurityHelper::class);
$anonymReplacement = $this->module->GDPRanonymPrefix . $user->id; $anonymReplacement = $this->module->gdprAnonymizePrefix . $user->id;
$user->updateAttributes([ $user->updateAttributes([
'email' => $anonymReplacement . "@example.com", 'email' => $anonymReplacement . "@example.com",
@ -260,11 +260,11 @@ class SettingsController extends Controller
*/ */
public function actionExport() public function actionExport()
{ {
if (!$this->module->enableGDPRcompliance) if (!$this->module->enableGdprCompliance)
throw new NotFoundHttpException(); throw new NotFoundHttpException();
try { try {
$properties = $this->module->GDPRexportProperties; $properties = $this->module->gdprExportProperties;
$user = Yii::$app->user->identity; $user = Yii::$app->user->identity;
$data = [$properties, []]; $data = [$properties, []];

View File

@ -82,7 +82,7 @@ class RegistrationForm extends Model
'compareValue' => true, 'compareValue' => true,
'message' => Yii::t('usuario', 'Your consent is required to register'), 'message' => Yii::t('usuario', 'Your consent is required to register'),
'when' => function () { 'when' => function () {
return $this->module->enableGDPRcompliance; return $this->module->enableGdprCompliance;
}] }]
]; ];
} }
@ -106,7 +106,7 @@ class RegistrationForm extends Model
'gdpr_consent' => Yii::t('usuario', 'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}', 'gdpr_consent' => Yii::t('usuario', 'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}',
[ [
'privacyPolicy' => Html::a(Yii::t('usuario', 'privacy policy'), 'privacyPolicy' => Html::a(Yii::t('usuario', 'privacy policy'),
$this->module->GDPRprivacyPolicyUrl, $this->module->gdprPrivacyPolicyUrl,
['target' => '_blank'] ['target' => '_blank']
) )
]) ])

View File

@ -164,7 +164,7 @@ class User extends ActiveRecord implements IdentityInterface
TimestampBehavior::class, TimestampBehavior::class,
]; ];
if ($this->module->enableGDPRcompliance) { if ($this->module->enableGdprCompliance) {
$behaviors['GDPR'] = [ $behaviors['GDPR'] = [
'class' => TimestampBehavior::class, 'class' => TimestampBehavior::class,
'createdAtAttribute' => 'gdpr_consent_date', 'createdAtAttribute' => 'gdpr_consent_date',

View File

@ -29,12 +29,12 @@ class Module extends BaseModule
* - Forgot me button in profile view. * - Forgot me button in profile view.
* - Download my data button in profile * - Download my data button in profile
*/ */
public $enableGDPRcompliance = false; public $enableGdprCompliance = false;
/** /**
* @var null|array|string with the url to privacy policy. * @var null|array|string with the url to privacy policy.
* Must be in the same format as yii/helpers/Url::to requires. * Must be in the same format as yii/helpers/Url::to requires.
*/ */
public $GDPRprivacyPolicyUrl = null; public $gdprPrivacyPolicyUrl = null;
/** /**
* @var array with the name of the user identity properties to be included when user request download of his data. * @var array with the name of the user identity properties to be included when user request download of his data.
* Names can include relations like `profile.name`. * Names can include relations like `profile.name`.
@ -42,7 +42,7 @@ class Module extends BaseModule
* > The data subject shall have the right to receive the personal data concerning him or her, which he * > The data subject shall have the right to receive the personal data concerning him or her, which he
* > or she has provided to a controller, in a structured, commonly used and machine-readable format * > or she has provided to a controller, in a structured, commonly used and machine-readable format
*/ */
public $GDPRexportProperties = [ public $gdprExportProperties = [
'email', 'email',
'username', 'username',
'profile.public_email', 'profile.public_email',
@ -55,7 +55,7 @@ class Module extends BaseModule
/** /**
* @var string prefix to be used as a replacement when user requests deletion of his data. * @var string prefix to be used as a replacement when user requests deletion of his data.
*/ */
public $GDPRanonymPrefix = 'GDPR'; public $gdprAnonymizePrefix = 'GDPR';
/** /**
* @var bool whether to enable two factor authentication or not * @var bool whether to enable two factor authentication or not
*/ */

View File

@ -152,7 +152,7 @@ $module = Yii::$app->getModule('user');
return null; return null;
}, },
'reset' => function ($url, $model) use ($module) { 'reset' => function ($url, $model) use ($module) {
if(!$module->allowPasswordRecovery && $module->allowAdminPasswordRecovery) { if($module->allowAdminPasswordRecovery) {
return Html::a( return Html::a(
'<span class="glyphicon glyphicon-flash"></span>', '<span class="glyphicon glyphicon-flash"></span>',
['/user/admin/password-reset', 'id' => $model->id], ['/user/admin/password-reset', 'id' => $model->id],

View File

@ -45,7 +45,7 @@ $this->params['breadcrumbs'][] = $this->title;
<?= $form->field($model, 'password')->passwordInput() ?> <?= $form->field($model, 'password')->passwordInput() ?>
<?php endif ?> <?php endif ?>
<?php if ($module->enableGDPRcompliance): ?> <?php if ($module->enableGdprCompliance): ?>
<?= $form->field($model, 'gdpr_consent')->checkbox(['value' => 1]) ?> <?= $form->field($model, 'gdpr_consent')->checkbox(['value' => 1]) ?>
<?php endif ?> <?php endif ?>

View File

@ -43,7 +43,7 @@ $networksVisible = count(Yii::$app->authClientCollection->clients) > 0;
['label' => Yii::t('usuario', 'Account'), 'url' => ['/user/settings/account']], ['label' => Yii::t('usuario', 'Account'), 'url' => ['/user/settings/account']],
['label' => Yii::t('usuario', 'Privacy'), ['label' => Yii::t('usuario', 'Privacy'),
'url' => ['/user/settings/privacy'], 'url' => ['/user/settings/privacy'],
'visible' => $module->enableGDPRcompliance 'visible' => $module->enableGdprCompliance
], ],
[ [
'label' => Yii::t('usuario', 'Networks'), 'label' => Yii::t('usuario', 'Networks'),

View File

@ -28,7 +28,7 @@ $this->params['breadcrumbs'][] = $this->title;
<div class="row"> <div class="row">
<div class="col-md-3"> <div class="col-md-3">
<?= $this->render('/networks/_menu') ?> <?= $this->render('/settings/_menu') ?>
</div> </div>
<div class="col-md-9"> <div class="col-md-9">
<div class="panel panel-default"> <div class="panel panel-default">

View File

@ -68,7 +68,7 @@ class GdprCest
$module = Yii::$app->getModule('user'); $module = Yii::$app->getModule('user');
$module->enableEmailConfirmation = $emailConfirmation; $module->enableEmailConfirmation = $emailConfirmation;
$module->generatePasswords = $generatePasswords; $module->generatePasswords = $generatePasswords;
$module->enableGDPRcompliance = $enableGdpr; $module->enableGdprCompliance = $enableGdpr;
} }
protected function register(FunctionalTester $I, $email, $username = null, $password = null, $gdpr_consent = true) protected function register(FunctionalTester $I, $email, $username = null, $password = null, $gdpr_consent = true)