From 40a76b1edab648481e32773c42db68ec3f982b1c Mon Sep 17 00:00:00 2001
From: Wenceslaus Dsilva <wenceslausdsilva@gmail.com>
Date: Thu, 25 May 2023 21:01:42 +0530
Subject: [PATCH 1/4] =?UTF-8?q?=F0=9F=90=9B=20fix(2FA):=20Two=20Factor=20A?=
 =?UTF-8?q?uthentication=20-=20Filter=20-=20Blocks=20even=20when=20two=20f?=
 =?UTF-8?q?actor=20authentication=20is=20enabled=20=F0=9F=90=9B=20fix(emai?=
 =?UTF-8?q?l):=20add=20error=20logging=20when=20email=20sending=20fails=20?=
 =?UTF-8?q?=F0=9F=94=92=20chore(2FA):=20fix=20TwoFactorEmailValidator=20to?=
 =?UTF-8?q?=20pass=20user=20as=20an=20array=20The=20TwoFactorAuthenticatio?=
 =?UTF-8?q?nEnforceFilter=20was=20blocking=20users=20even=20when=20two=20f?=
 =?UTF-8?q?actor=20authentication=20was=20enabled.=20The=20filter=20now=20?=
 =?UTF-8?q?checks=20if=20the=20user=20has=20two=20factor=20authentication?=
 =?UTF-8?q?=20enabled=20before=20blocking=20them.=20The=20MailService=20no?=
 =?UTF-8?q?w=20logs=20an=20error=20when=20email=20sending=20fails.=20The?=
 =?UTF-8?q?=20TwoFactorEmailValidator=20now=20passes=20the=20user=20as=20a?=
 =?UTF-8?q?n=20array=20to=20the=20TwoFactorEmailCodeGeneratorService.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md                                             | 1 +
 src/User/Filter/TwoFactorAuthenticationEnforceFilter.php | 4 +++-
 src/User/Service/MailService.php                         | 8 +++++++-
 src/User/Validator/TwoFactorEmailValidator.php           | 2 +-
 4 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5716b64..7833d50 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ## dev
 
+- Fix: Two Factor Authentication - Filter - Blocks even when two factor authentication is enabled
 - Fix: update Dutch (nl) translations (squio)
 - Enh: possibility to limit the depth of the recursion when getting user ids from roles (mp1509)
 
diff --git a/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php b/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php
index bcb09dc..537e1c4 100644
--- a/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php
+++ b/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php
@@ -38,8 +38,10 @@ class TwoFactorAuthenticationEnforceFilter extends ActionFilter
         }
 
         $permissions = $module->twoFactorAuthenticationForcedPermissions;
+
+        $user = Yii::$app->user->identity;
         $itemsByUser = array_keys($this->getAuthManager()->getItemsByUser(Yii::$app->user->identity->id));
-        if (!empty(array_intersect($permissions, $itemsByUser))) {
+        if (!empty(array_intersect($permissions, $itemsByUser)) && !$user->auth_tf_enabled) {
             Yii::$app->session->setFlash('warning', Yii::t('usuario', 'Your role requires 2FA, you won\'t be able to use the application until you enable it'));
             return Yii::$app->response->redirect(['/user/settings/account'])->send();
         }
diff --git a/src/User/Service/MailService.php b/src/User/Service/MailService.php
index 39b52ee..0e9ac49 100644
--- a/src/User/Service/MailService.php
+++ b/src/User/Service/MailService.php
@@ -83,11 +83,17 @@ class MailService implements ServiceInterface
      */
     public function run()
     {
-        return $this->mailer
+
+        $result =  $this->mailer
             ->compose(['html' => $this->view, 'text' => "text/{$this->view}"], $this->params)
             ->setFrom($this->from)
             ->setTo($this->to)
             ->setSubject($this->subject)
             ->send();
+
+        if (!$result) {
+            Yii::error("Email sending failed to '{$this->to}'.", 'mailer');
+        }
+        return $result;
     }
 }
diff --git a/src/User/Validator/TwoFactorEmailValidator.php b/src/User/Validator/TwoFactorEmailValidator.php
index 37bedce..9466a05 100644
--- a/src/User/Validator/TwoFactorEmailValidator.php
+++ b/src/User/Validator/TwoFactorEmailValidator.php
@@ -111,6 +111,6 @@ class TwoFactorEmailValidator extends TwoFactorCodeValidator
     */
     public function generateCode()
     {
-        return $this->make(TwoFactorEmailCodeGeneratorService::class, $this->user)->run();
+        return $this->make(TwoFactorEmailCodeGeneratorService::class, [$this->user])->run();
     }
 }

From 4b1536f9348cf0bdf0a549f4da4cc008d04c5396 Mon Sep 17 00:00:00 2001
From: Wenceslaus Dsilva <wenceslausdsilva@gmail.com>
Date: Sun, 24 Sep 2023 16:10:44 +0530
Subject: [PATCH 2/4] fix(TwoFactorAuthenticationEnforceFilter.php): use $user
 variable instead of accessing Yii::$app->user->identity multiple times for
 better readability and performance fix(MailService.php): remove unnecessary
 whitespace before $this->mailer to improve code formatting

---
 src/User/Filter/TwoFactorAuthenticationEnforceFilter.php | 2 +-
 src/User/Service/MailService.php                         | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php b/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php
index 537e1c4..f0d0709 100644
--- a/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php
+++ b/src/User/Filter/TwoFactorAuthenticationEnforceFilter.php
@@ -40,7 +40,7 @@ class TwoFactorAuthenticationEnforceFilter extends ActionFilter
         $permissions = $module->twoFactorAuthenticationForcedPermissions;
 
         $user = Yii::$app->user->identity;
-        $itemsByUser = array_keys($this->getAuthManager()->getItemsByUser(Yii::$app->user->identity->id));
+        $itemsByUser = array_keys($this->getAuthManager()->getItemsByUser($user->id));
         if (!empty(array_intersect($permissions, $itemsByUser)) && !$user->auth_tf_enabled) {
             Yii::$app->session->setFlash('warning', Yii::t('usuario', 'Your role requires 2FA, you won\'t be able to use the application until you enable it'));
             return Yii::$app->response->redirect(['/user/settings/account'])->send();
diff --git a/src/User/Service/MailService.php b/src/User/Service/MailService.php
index 0e9ac49..4e99d44 100644
--- a/src/User/Service/MailService.php
+++ b/src/User/Service/MailService.php
@@ -83,8 +83,7 @@ class MailService implements ServiceInterface
      */
     public function run()
     {
-
-        $result =  $this->mailer
+        $result = $this->mailer
             ->compose(['html' => $this->view, 'text' => "text/{$this->view}"], $this->params)
             ->setFrom($this->from)
             ->setTo($this->to)

From cd7d74d9a1bdd8f3ba4c97160b667b91fef8fb28 Mon Sep 17 00:00:00 2001
From: liviuk2 <liviu.r.calin@gmail.com>
Date: Mon, 16 Oct 2023 11:03:28 +0200
Subject: [PATCH 3/4] UserSearch avoid fields name conflict if joined with
 other tables

---
 src/User/Search/UserSearch.php | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/User/Search/UserSearch.php b/src/User/Search/UserSearch.php
index ae462d9..b936766 100644
--- a/src/User/Search/UserSearch.php
+++ b/src/User/Search/UserSearch.php
@@ -11,7 +11,9 @@
 
 namespace Da\User\Search;
 
+use Da\User\Model\User;
 use Da\User\Query\UserQuery;
+use Da\User\Traits\ContainerAwareTrait;
 use Yii;
 use yii\base\InvalidParamException;
 use yii\base\Model;
@@ -19,6 +21,8 @@ use yii\data\ActiveDataProvider;
 
 class UserSearch extends Model
 {
+    use ContainerAwareTrait;
+
     /**
      * @var string
      */
@@ -106,21 +110,23 @@ class UserSearch extends Model
             return $dataProvider;
         }
 
+        $userClass = $this->getClassMap()->get(User::class);
+
         if ($this->created_at !== null) {
             $date = strtotime($this->created_at);
-            $query->andFilterWhere(['between', 'created_at', $date, $date + 3600 * 24]);
+            $query->andFilterWhere(['between', $userClass::tableName().'.created_at', $date, $date + 3600 * 24]);
         }
 
         if ($this->last_login_at !== null) {
             $date = strtotime($this->last_login_at);
-            $query->andFilterWhere(['between', 'last_login_at', $date, $date + 3600 * 24]);
+            $query->andFilterWhere(['between', $userClass::tableName().'.last_login_at', $date, $date + 3600 * 24]);
         }
 
         $query
-            ->andFilterWhere(['like', 'username', $this->username])
-            ->andFilterWhere(['like', 'email', $this->email])
-            ->andFilterWhere(['registration_ip' => $this->registration_ip])
-            ->andFilterWhere(['last_login_ip' => $this->last_login_ip]);
+            ->andFilterWhere(['like', $userClass::tableName().'.username', $this->username])
+            ->andFilterWhere(['like', $userClass::tableName().'.email', $this->email])
+            ->andFilterWhere([$userClass::tableName().'.registration_ip' => $this->registration_ip])
+            ->andFilterWhere([$userClass::tableName().'.last_login_ip' => $this->last_login_ip]);
 
         return $dataProvider;
     }

From 214eef6f16502fa77b36f94efc75b911d2279696 Mon Sep 17 00:00:00 2001
From: liviuk2 <liviu.r.calin@gmail.com>
Date: Mon, 16 Oct 2023 11:03:57 +0200
Subject: [PATCH 4/4] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5716b64..79d39d9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@
 
 - Fix: update Dutch (nl) translations (squio)
 - Enh: possibility to limit the depth of the recursion when getting user ids from roles (mp1509)
+- Fix: UserSearch avoid fields name conflict if joined with other tables (liviuk2)
 
 ## 1.6.1 March 4th, 2023