leonardo/yii2-usuario
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into the-admin-can-be-reset-password

Browse Source
This commit is contained in:
Antonio Ramirez
2018-09-27 19:16:31 +02:00
committed by GitHub
parent 81ccbf3c83 95b802a98d
commit d0e0b8c4ed
13 changed files with 62 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -18,6 +18,7 @@
- Enh: Replace the deprecated InvalidParamException in ClassMapHelper (TonisOrmisson)
- Fix #242: Add POST filter for `admin/force-password-change` action (bscheshirwork)
- Fix #252: Delete check for unexpected property `allowPasswordRecovery` for resend email by admin (bscheshirwork)
- Fix #254: Rename `GDPR` properties to `lowerCamelCase` style (bscheshirwork)
## 1.1.4 - February 19, 2018
- Enh: Check enableEmailConfirmation on registration (faenir)

34
docs/enhancing-and-overriding/overriding-controllers.md
View File

@ -5,7 +5,39 @@ Maybe you need to override the default's functionality of the module's controlle
Yii2 Modules have an attribute named `controllerMap` that you can configure with your very own controllers.
Please, before you override a controller's action, make sure that it won't be enough with using the
(controller's events)[../events/controller-events.md].
[events](../events). For example you can use event for redirect after finish confirmation or recovery:
```php
'modules' => [
'user' => [
'controllerMap' => [
'recovery' => [
'class' => \Da\User\Controller\RecoveryController::class,
'on ' . \Da\User\Event\FormEvent::EVENT_AFTER_REQUEST => function (\Da\User\Event\FormEvent $event) {
\Yii::$app->controller->redirect(['/user/security/login']);
\Yii::$app->end();
},
'on ' . \Da\User\Event\ResetPasswordEvent::EVENT_AFTER_RESET => function (\Da\User\Event\ResetPasswordEvent $event) {
if ($event->token->user ?? false) {
\Yii::$app->user->login($event->token->user);
}
\Yii::$app->controller->redirect(\Yii::$app->getUser()->getReturnUrl());
\Yii::$app->end();
},
],
'registration' => [
'class' => \Da\User\Controller\RegistrationController::class,
'on ' . \Da\User\Event\FormEvent::EVENT_AFTER_REGISTER => function (\Da\User\Event\FormEvent $event) {
\Yii::$app->controller->redirect(['/user/security/login']);
\Yii::$app->end();
},
'on ' . \Da\User\Event\FormEvent::EVENT_AFTER_RESEND => function (\Da\User\Event\FormEvent $event) {
\Yii::$app->controller->redirect(['/user/security/login']);
\Yii::$app->end();
},
],
...
```
> See more about this attribute on
> [ The Definitive Guide to Yii 2.0](http://www.yiiframework.com/doc-2.0/guide-structure-controllers.html#controller-map)

8
docs/helpful-guides/gdpr.md
View File

@ -5,8 +5,8 @@ The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in E
## Enable GDPR
To enable support in yii2-usuario set `enableGDPRcompliance` to `true` and set
`GDPRprivacyPolicyUrl` with an url pointing to your privacy policy.
To enable support in yii2-usuario set `enableGdprCompliance` to `true` and set
`gdprPrivacyPolicyUrl` with an url pointing to your privacy policy.
### At this moment a few measures apply to your app:
@ -27,7 +27,7 @@ GDPR says: [Article 20](https://gdpr.algolia.com/gdpr-article-20)
Users now have a privacy page in their account settings where they can export his/her personal data
in a csv file.
If you collect additional personal information you can to export by adding to
`GDPRexportProperties`.
`gdprExportProperties`.
> Export use `ArrayHelper::getValue()` to extract information, so you can use links to relations.
@ -41,7 +41,7 @@ The behavior differs depending module configuration.
If `$allowAccountDelete` is set to `true` the account will be fully deleted when clicking *Delete* button,
while when if that setting is set to `false` the module will remove social network connections and
replace the personal data with a custom alias defined in `$GDPRanonymPrefix`.
replace the personal data with a custom alias defined in `$gdprAnonymizePrefix`.
The account will be blocked and marked as `gdpr_deleted`.

8
docs/installation/configuration-options.md
View File

@ -12,14 +12,14 @@ Setting this attribute will allow users to configure their login process with tw
By default, Google Authenticator App for two-factor authentication cycles in periods of 30 seconds. In order to allow
a bigger period so to avoid out of sync issues.
#### enableGDPRcompliance (type: `boolean`, default: `false`)
#### enableGdprCompliance (type: `boolean`, default: `false`)
Setting this attribute enables a serie of measures to comply with EU GDPR regulation, like data consent, right to be forgotten and data portability.
#### GDPRprivacyPolicyUrl (type: `array`, default: null)
#### gdprPrivacyPolicyUrl (type: `array`, default: null)
The link to privacy policy. This will be used on registration form as "read our pivacy policy". It must follow the same format as `yii\helpers\Url::to`
#### GDPRexportProperties (type: `array`)
#### gdprExportProperties (type: `array`)
An array with the name of the user identity properties to be included when user request download of his data.
Names can include relations like `profile.name`.
@ -39,7 +39,7 @@ Defaults to:
```
#### GDPRanonymPrefix (type: `string`, default: `GDPR`)
#### gdprAnonymizePrefix (type: `string`, default: `GDPR`)
Prefix to be used as a replacement when user requeste deletion of his data

4
docs/installation/migration-guide-from-dektrium-tools.md
View File

@ -65,6 +65,10 @@ to
$module = Yii::$app->getModule('user');
if(Yii::$app->session->has($module->switchIdentitySessionKey))
```
* If you use event of Controllers see [events](../events) chapter of this docs. **All** of relative controller constant has been move to events class:
from `\dektrium\user\controllers\RecoveryController::EVENT_AFTER_REQUEST` to `\Da\User\Event\FormEvent::EVENT_AFTER_REQUEST`,
from `\dektrium\user\controllers\RecoveryController::EVENT_AFTER_RESET` to `\Da\User\Event\ResetPasswordEvent::EVENT_AFTER_RESET`, etc.
Map of constants can be find in [events](../events) chapter of this docs.
## Rbac migrations

10
src/User/Controller/SettingsController.php
View File

@ -159,7 +159,7 @@ class SettingsController extends Controller
public function actionPrivacy()
{
if (!$this->module->enableGDPRcompliance)
if (!$this->module->enableGdprCompliance)
throw new NotFoundHttpException();
return $this->render('privacy', [
@ -169,7 +169,7 @@ class SettingsController extends Controller
public function actionGdprdelete()
{
if (!$this->module->enableGDPRcompliance)
if (!$this->module->enableGdprCompliance)
throw new NotFoundHttpException();
/** @var GdprDeleteForm $form */
@ -192,7 +192,7 @@ class SettingsController extends Controller
/* @var $security SecurityHelper */
$security = $this->make(SecurityHelper::class);
$anonymReplacement = $this->module->GDPRanonymPrefix . $user->id;
$anonymReplacement = $this->module->gdprAnonymizePrefix . $user->id;
$user->updateAttributes([
'email' => $anonymReplacement . "@example.com",
@ -260,11 +260,11 @@ class SettingsController extends Controller
*/
public function actionExport()
{
if (!$this->module->enableGDPRcompliance)
if (!$this->module->enableGdprCompliance)
throw new NotFoundHttpException();
try {
$properties = $this->module->GDPRexportProperties;
$properties = $this->module->gdprExportProperties;
$user = Yii::$app->user->identity;
$data = [$properties, []];

4
src/User/Form/RegistrationForm.php
View File

@ -82,7 +82,7 @@ class RegistrationForm extends Model
'compareValue' => true,
'message' => Yii::t('usuario', 'Your consent is required to register'),
'when' => function () {
return $this->module->enableGDPRcompliance;
return $this->module->enableGdprCompliance;
}]
];
}
@ -106,7 +106,7 @@ class RegistrationForm extends Model
'gdpr_consent' => Yii::t('usuario', 'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}',
[
'privacyPolicy' => Html::a(Yii::t('usuario', 'privacy policy'),
$this->module->GDPRprivacyPolicyUrl,
$this->module->gdprPrivacyPolicyUrl,
['target' => '_blank']
)
])

2
src/User/Model/User.php
View File

@ -164,7 +164,7 @@ class User extends ActiveRecord implements IdentityInterface
TimestampBehavior::class,
];
if ($this->module->enableGDPRcompliance) {
if ($this->module->enableGdprCompliance) {
$behaviors['GDPR'] = [
'class' => TimestampBehavior::class,
'createdAtAttribute' => 'gdpr_consent_date',

8
src/User/Module.php
View File

@ -29,12 +29,12 @@ class Module extends BaseModule
* - Forgot me button in profile view.
* - Download my data button in profile
*/
public $enableGDPRcompliance = false;
public $enableGdprCompliance = false;
/**
* @var null|array|string with the url to privacy policy.
* Must be in the same format as yii/helpers/Url::to requires.
*/
public $GDPRprivacyPolicyUrl = null;
public $gdprPrivacyPolicyUrl = null;
/**
* @var array with the name of the user identity properties to be included when user request download of his data.
* Names can include relations like `profile.name`.
@ -42,7 +42,7 @@ class Module extends BaseModule
* > The data subject shall have the right to receive the personal data concerning him or her, which he
* > or she has provided to a controller, in a structured, commonly used and machine-readable format
*/
public $GDPRexportProperties = [
public $gdprExportProperties = [
'email',
'username',
'profile.public_email',
@ -55,7 +55,7 @@ class Module extends BaseModule
/**
* @var string prefix to be used as a replacement when user requests deletion of his data.
*/
public $GDPRanonymPrefix = 'GDPR';
public $gdprAnonymizePrefix = 'GDPR';
/**
* @var bool whether to enable two factor authentication or not
*/

2
src/User/resources/views/registration/register.php
View File

@ -45,7 +45,7 @@ $this->params['breadcrumbs'][] = $this->title;
<?= $form->field($model, 'password')->passwordInput() ?>
<?php endif ?>
<?php if ($module->enableGDPRcompliance): ?>
<?php if ($module->enableGdprCompliance): ?>
<?= $form->field($model, 'gdpr_consent')->checkbox(['value' => 1]) ?>
<?php endif ?>

2
src/User/resources/views/settings/_menu.php
View File

@ -43,7 +43,7 @@ $networksVisible = count(Yii::$app->authClientCollection->clients) > 0;
['label' => Yii::t('usuario', 'Account'), 'url' => ['/user/settings/account']],
['label' => Yii::t('usuario', 'Privacy'),
'url' => ['/user/settings/privacy'],
'visible' => $module->enableGDPRcompliance
'visible' => $module->enableGdprCompliance
],
[
'label' => Yii::t('usuario', 'Networks'),

2
src/User/resources/views/settings/networks.php
View File

@ -28,7 +28,7 @@ $this->params['breadcrumbs'][] = $this->title;
<div class="row">
<div class="col-md-3">
<?= $this->render('/networks/_menu') ?>
<?= $this->render('/settings/_menu') ?>
</div>
<div class="col-md-9">
<div class="panel panel-default">

2
tests/functional/GdprCest.php
View File

@ -68,7 +68,7 @@ class GdprCest
$module = Yii::$app->getModule('user');
$module->enableEmailConfirmation = $emailConfirmation;
$module->generatePasswords = $generatePasswords;
$module->enableGDPRcompliance = $enableGdpr;
$module->enableGdprCompliance = $enableGdpr;
}
protected function register(FunctionalTester $I, $email, $username = null, $password = null, $gdpr_consent = true)