Skip to content

Commit

Permalink
Merge branch 'master' into Add-UserBlockService-in-Bootstrap-class-map
Browse files Browse the repository at this point in the history
  • Loading branch information
AndreScara11 authored Jul 16, 2024
2 parents 8559d51 + 7ce63ae commit 063af34
Show file tree
Hide file tree
Showing 31 changed files with 212 additions and 148 deletions.
9 changes: 9 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,20 @@

## dev

- Enh: Changed exception thrown in PasswordRecoveryService from `RuntimeException` to `NotFoundException`. (eseperio)
- Ehh: Added SecurityHelper to the Bootstrap classMap

## 1.6.3 Mar 18th, 2024

- Fix: Update last_login_at and last_login_ip on social networt authenticate (e.luhr)
- Enh: Keycloak auth client (e.luhr)
- Fix: Social Network Auth (eluhr)
- Enh #532: /user/registration/register now shows form validation errors
- Enh: Allow/suggest new v3 releases of 2amigos 2fa dependencies: 2fa-library, qrcode-library (TonisOrmisson)
- Ehh: Added UserBlockService to Bootstrap classMap
- Enh: Added option to disable viewing any other user's profile for non-admin users (TonisOrmisson)
- Ehn: updated Estonian (et) translation by (TonisOrmisson)
- Ehn: use recaptcha.net instead of google.com (Eseperio)

## 1.6.2 Jan 4th, 2024

Expand Down
5 changes: 5 additions & 0 deletions docs/install/configuration-options.md
Original file line number Diff line number Diff line change
Expand Up @@ -313,6 +313,11 @@ Set to `true` to restrict user assignments to roles only.

If `true` registration and last login IPs are not logged into users table, instead a dummy 127.0.0.1 is used


#### disableProfileViewsForRegularUsers (type: `boolean`, default: `false`)

If `true` only admin users have access to view any other user's profile. By default any user can see any other users public profile page.

#### minPasswordRequirements (type: `array`, default: `['lower' => 1, 'digit' => 1, 'upper' => 1]`)

Minimum requirements when a new password is automatically generated.
Expand Down
3 changes: 3 additions & 0 deletions src/User/Bootstrap.php
Original file line number Diff line number Diff line change
Expand Up @@ -418,6 +418,9 @@ protected function buildClassMap(array $userClassMap)
'MailService',
'UserBlockService',
],
'Da\User\Helper' => [
'SecurityHelper',
]
];

$mapping = array_merge($defaults, $userClassMap);
Expand Down
12 changes: 12 additions & 0 deletions src/User/Controller/ProfileController.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,20 @@

namespace Da\User\Controller;

use Da\User\Model\User;
use Da\User\Query\ProfileQuery;
use Da\User\Traits\ModuleAwareTrait;
use Yii;
use yii\base\Module;
use yii\filters\AccessControl;
use yii\web\Controller;
use yii\web\ForbiddenHttpException;
use yii\web\NotFoundHttpException;

class ProfileController extends Controller
{
use ModuleAwareTrait;

protected $profileQuery;

/**
Expand Down Expand Up @@ -67,6 +72,13 @@ public function actionIndex()

public function actionShow($id)
{
$user = Yii::$app->user;
/** @var User $identity */
$identity = $user->getIdentity();
if($user->getId() != $id && $this->module->disableProfileViewsForRegularUsers && !$identity->getIsAdmin()) {
throw new ForbiddenHttpException();
}

$profile = $this->profileQuery->whereUserId($id)->one();

if ($profile === null) {
Expand Down
4 changes: 4 additions & 0 deletions src/User/Module.php
Original file line number Diff line number Diff line change
Expand Up @@ -241,6 +241,10 @@ class Module extends BaseModule
* @var boolean whether to disable IP logging into user table
*/
public $disableIpLogging = false;
/**
* @var boolean whether to disable viewing any user's profile for non-admin users
*/
public $disableProfileViewsForRegularUsers = false;
/**
* @var array Minimum requirements when a new password is automatically generated.
* Array structure: `requirement => minimum number characters`.
Expand Down
3 changes: 2 additions & 1 deletion src/User/Service/PasswordRecoveryService.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
use Da\User\Traits\ModuleAwareTrait;
use Exception;
use Yii;
use yii\web\NotFoundHttpException;

class PasswordRecoveryService implements ServiceInterface
{
Expand Down Expand Up @@ -50,7 +51,7 @@ public function run()
$user = $this->query->whereEmail($this->email)->one();

if ($user === null) {
throw new \RuntimeException('User not found.');
throw new NotFoundHttpException(Yii::t('usuario', 'User not found'));
}

$token = TokenFactory::makeRecoveryToken($user->id);
Expand Down
20 changes: 14 additions & 6 deletions src/User/Service/SocialNetworkAuthenticateService.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,15 @@
use Da\User\Model\User;
use Da\User\Query\SocialNetworkAccountQuery;
use Da\User\Query\UserQuery;
use Da\User\Traits\ModuleAwareTrait;
use Yii;
use yii\authclient\AuthAction;
use yii\helpers\Url;

class SocialNetworkAuthenticateService implements ServiceInterface
{
use ModuleAwareTrait;

protected $controller;
protected $authAction;
protected $client;
Expand All @@ -50,15 +53,15 @@ public function run()
$account = $this->socialNetworkAccountQuery->whereClient($this->client)->one();
if (!$this->controller->module->enableSocialNetworkRegistration && ($account === null || $account->user === null)) {
Yii::$app->session->setFlash('danger', Yii::t('usuario', 'Registration on this website is disabled'));
$this->authAction->setSuccessUrl(Url::to(['/user/security/login']));
$this->authAction->setSuccessUrl(Url::to(['/' . $this->getModule()->id . '/security/login']));

return false;
}
if ($account === null) {
$account = $this->createAccount();
if (!$account) {
Yii::$app->session->setFlash('danger', Yii::t('usuario', 'Unable to create an account.'));
$this->authAction->setSuccessUrl(Url::to(['/user/security/login']));
$this->authAction->setSuccessUrl(Url::to(['/' . $this->getModule()->id . '/security/login']));

return false;
}
Expand All @@ -72,11 +75,16 @@ public function run()
if ($account->user instanceof User) {
if ($account->user->getIsBlocked()) {
Yii::$app->session->setFlash('danger', Yii::t('usuario', 'Your account has been blocked.'));
$this->authAction->setSuccessUrl(Url::to(['/user/security/login']));
$this->authAction->setSuccessUrl(Url::to(['/' . $this->getModule()->id . '/security/login']));
} else {
Yii::$app->user->login($account->user, $this->controller->module->rememberLoginLifespan);
$this->authAction->setSuccessUrl(Yii::$app->getUser()->getReturnUrl());
$result = true;
$result = Yii::$app->user->login($account->user, $this->controller->module->rememberLoginLifespan);
if ($result) {
$account->user->updateAttributes([
'last_login_at' => time(),
'last_login_ip' => $this->controller->module->disableIpLogging ? '127.0.0.1' : Yii::$app->request->getUserIP(),
]);
$this->authAction->setSuccessUrl(Yii::$app->getUser()->getReturnUrl());
}
}
} else {
$this->authAction->setSuccessUrl($account->getConnectionUrl());
Expand Down
2 changes: 1 addition & 1 deletion src/User/Widget/ReCaptchaWidget.php
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ protected function registerClientScript()
$view = $this->getView();

$view->registerJsFile(
'//www.google.com/recaptcha/api.js?hl=' . $this->getLanguageCode(),
'//www.recaptcha.net/recaptcha/api.js?hl=' . $this->getLanguageCode(),
[
'position' => View::POS_HEAD,
'async' => true,
Expand Down
1 change: 1 addition & 0 deletions src/User/resources/i18n/ca/usuario.php
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@
'Block' => '',
'Block status' => '',
'Blocked at {0, date, MMMM dd, YYYY HH:mm}' => '',
'Can\'t scan? Copy the code instead.' => '',
'Cancel' => '',
'Cannot assign role "{0}" as the AuthManager is not configured on your console application.' => '',
'Change your avatar at Gravatar.com' => '',
Expand Down
1 change: 1 addition & 0 deletions src/User/resources/i18n/da/usuario.php
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@
'Block' => '',
'Block status' => '',
'Blocked at {0, date, MMMM dd, YYYY HH:mm}' => '',
'Can\'t scan? Copy the code instead.' => '',
'Cancel' => '',
'Cannot assign role "{0}" as the AuthManager is not configured on your console application.' => '',
'Change your avatar at Gravatar.com' => '',
Expand Down
1 change: 1 addition & 0 deletions src/User/resources/i18n/de-DU/usuario.php
Original file line number Diff line number Diff line change
Expand Up @@ -276,6 +276,7 @@
'According to the European General Data Protection Regulation (GDPR) we need your consent to work with your personal data.' => '',
'Active' => '',
'Application not configured for two factor authentication.' => '',
'Can\'t scan? Copy the code instead.' => '',
'Code for two factor authentication on {0}' => '',
'Current' => '',
'Data privacy' => '',
Expand Down
1 change: 1 addition & 0 deletions src/User/resources/i18n/de/usuario.php
Original file line number Diff line number Diff line change
Expand Up @@ -279,6 +279,7 @@
'{0} cannot be blank.' => '{0} darf nicht leer sein.',
'Active' => '',
'Application not configured for two factor authentication.' => '',
'Can\'t scan? Copy the code instead.' => '',
'Code for two factor authentication on {0}' => '',
'Current' => '',
'Error while enabling SMS two factor authentication. Please reload the page.' => '',
Expand Down
31 changes: 16 additions & 15 deletions src/User/resources/i18n/et/usuario.php
Original file line number Diff line number Diff line change
Expand Up @@ -22,14 +22,17 @@
'A message has been sent to your email address. It contains a confirmation link that you must click to complete registration.' => 'Saatsime sulle kinnituseks e-kirja. Registreerumise kinnitamiseks pead klikkma saadetud kirjas olevale lingile.',
'A new confirmation link has been sent' => 'Uus kinnituslink on saadetud',
'A password will be generated automatically if not provided' => 'Parool genereeritakse automaatselt, kui ei ole seatud',
'According to the European General Data Protection Regulation (GDPR) we need your consent to work with your personal data.' => 'Vastavalt Euroopa Isikuandmete kaitse üldmäärusele (GDPR) vajame sinu isikuandmete töötlemiseks sinu nõusolekut.',
'Account' => 'Konto',
'Account confirmation' => 'Konto kinnitamine',
'Account details' => 'Konto andmed',
'Account details have been updated' => 'Konto andmed on uuendatud',
'Account settings' => 'Konto seaded',
'Active' => 'Aktiivne',
'Already registered? Sign in!' => 'Oled registreerunud? Logi sisse!',
'An email with instructions to create a new password has been sent to {email} if it is associated with an {appName} account. Your existing password has not been changed.' => 'Saatsime aadressile {email} juhendi, kuidas saad oma parooli uuendada, kui see aadress on seotud mõne {appName} kontoga. Me ei muutnud sinu praegust parooli.',
'An error occurred processing your request' => 'Päringu protsessimisel tekkis viga',
'Application not configured for two factor authentication.' => 'Rakendus ei ole seadistatud kaheastmelise autentimise kasutamiseks.',
'Are you sure you want to block this user?' => 'Oled kindel, et tahad selle kasutaja blokeerid?',
'Are you sure you want to confirm this user?' => 'Oled kindel, et tahad selle kasutaja kinnitada?',
'Are you sure you want to delete this user?' => 'Oled kindel, et tahad selle kasutaja kustutada?',
Expand Down Expand Up @@ -79,8 +82,10 @@
'Create new rule' => 'Loo uus reegel',
'Created at' => 'Loodud',
'Credentials will be sent to the user by email' => 'Konto andmed saadetakse kasutajale e-mailiga',
'Current' => 'Praegune',
'Current password' => 'Praegune parool',
'Current password is not valid' => 'Praegune parool ei ole õige',
'Data privacy' => 'Andmete privaatsus',
'Data processing consent' => 'Nõusolek andmete töötlemiseks',
'Delete' => 'Kustuta',
'Delete account' => 'Kustuta konto',
Expand Down Expand Up @@ -117,7 +122,9 @@
'In order to complete your registration, please click the link below' => 'Kliki alloleval lingil, et registreerimine kinnitada',
'In order to complete your request, please click the link below' => 'Kliki alloleval lingil, et oma päring kinnitada',
'In order to finish your registration, we need you to enter following fields' => 'Pead täitma järgnevad väljad, et registreerimine lõpule viia',
'Inactive' => 'Mitteaktiivne',
'Information' => 'Informatsioon',
'Insert' => 'Sisesta',
'Invalid login or password' => 'Vale kasutajanimi või parool',
'Invalid or expired link' => 'Vale või aegunud link',
'Invalid password' => 'Vale parool',
Expand All @@ -126,13 +133,15 @@
'It will be deleted forever' => 'See kustutatakse alatiseks',
'Items' => 'Õigused',
'Joined on {0, date}' => 'Liitunud: {0, date}',
'Last activity' => 'Viimane tegevus',
'Last login IP' => 'Viimane sisselogimise IP',
'Last login time' => 'Viimase sisselogimise aeg',
'Last password change' => 'Viimane parooli muutmine',
'Location' => 'Asukoht',
'Login' => 'Sisene',
'Logout' => 'Logi välja',
'Manage users' => 'Halda kasutajaid',
'Mobile phone number' => 'Mobiiltelefoni number',
'Name' => 'Nimi',
'Networks' => 'Võrgustikud',
'Never' => 'Mitte kunagi',
Expand Down Expand Up @@ -186,6 +195,8 @@
'Sign in' => 'Logi sisse',
'Sign up' => 'Liitu',
'Something went wrong' => 'Midagi läks valesti',
'Status' => 'Staatus',
'Submit' => 'Saada',
'Switch identities is disabled.' => 'Identiteedi vahetamine on keelatud',
'Thank you for signing up on {0}' => 'Aitäh, et liitusid lehega {0}',
'Thank you, registration is now complete.' => 'Aitäh, oled nüüd registreeritud',
Expand Down Expand Up @@ -220,6 +231,7 @@
'Unable to update block status.' => 'Blokkimise staatuse muutmine ebaõnnestus.',
'Unblock' => 'Eemalda blokk',
'Unconfirmed' => 'Kinnitamata',
'Unfortunately, you can not work with this site without giving us consent to process your data.' => 'Kahjuks ei ole selle lehe kasutamine võimalik ilma, et annaksid meile nõusoleku sinu andmeid töödelda.',
'Update' => 'Muuda',
'Update assignments' => 'Muuda omistamisi',
'Update permission' => 'Muud õigus',
Expand All @@ -230,6 +242,7 @@
'User account could not be created.' => 'Kasutajakonto loomine ebaõnnestus.',
'User block status has been updated.' => 'Kasutaja blokeering on muudetud.',
'User could not be registered.' => 'Kasutaja registreerimine ebaõnnestus.',
'User does not have sufficient permissions.' => 'Kasutajal ei ole piisavalt õigusi.',
'User has been confirmed' => 'Kasutaja on kinnitatud',
'User has been created' => 'Kasutaja on loodud',
'User has been deleted' => 'Kasutaja on kustutatud',
Expand All @@ -251,6 +264,7 @@
'You can connect multiple accounts to be able to log in using them' => 'Võid ühendada mitu sotsiaalmeedia kontot, mida saad kasutada kontole sisse logimiseks',
'You cannot remove your own account' => 'Sa ei saa kustutada iseenda kontot',
'You need to confirm your email address' => 'Sa pead oma e-posti aadressi kinnitama',
'You received this email because someone, possibly you or someone on your behalf, have created an account at {app_name}' => 'Said selle kirja, sest keegi, tõenäoliselt sa ise või keegi sinu nimel, on loonud konto rakenduses {app_name}',
'Your account details have been updated' => 'Sinu konto andmed on uuendatud',
'Your account has been blocked' => 'Sinu konto on blokeeritud',
'Your account has been blocked.' => 'Sinu konto on blokeeritud.',
Expand All @@ -261,38 +275,29 @@
'Your account on {0} has been created' => 'Sinu {0} konto on loodud',
'Your confirmation token is invalid or expired' => 'Kinnituse kood on vale või aegunud',
'Your consent is required to register' => 'Registreerumiseks on vaja sinu nõusolekut',
'Your consent is required to work with this site' => 'Selle lehe kasutamiseks on vaja sinu nõusolekut',
'Your email address has been changed' => 'Sinu e-mail on muudetud',
'Your password has expired, you must change it now' => 'Sinu parool on aegunud, pead seda uuendama.',
'Your personal information has been removed' => 'Sinu isiklikud andmed on kustutatud',
'Your profile has been updated' => 'Sinu profiil on uuendatud',
'privacy policy' => 'privaatsuspoliitika',
'{0} cannot be blank.' => '{0} ei või olla tühi.',
'According to the European General Data Protection Regulation (GDPR) we need your consent to work with your personal data.' => '',
'Active' => '',
'Application not configured for two factor authentication.' => '',
'Authentication rule class {0} can not be instantiated' => '',
'Can\'t scan? Copy the code instead.' => '',
'Code for two factor authentication on {0}' => '',
'Current' => '',
'Data privacy' => '',
'Error while enabling SMS two factor authentication. Please reload the page.' => '',
'Google Authenticator' => '',
'IP' => '',
'If you haven\'t received a password, you can reset it at' => '',
'Inactive' => '',
'Insert' => '',
'Insert the code you received by SMS.' => '',
'Insert the code you received by email.' => '',
'Insert the mobile phone number where you want to receive text message in international format' => '',
'Last activity' => '',
'Mobile phone number' => '',
'Mobile phone number successfully enabled.' => '',
'Please, enter the right code. The code is valid for {0} seconds. If you want to get a new code, please click on \'Cancel\' and repeat the login request.' => '',
'Please, enter the right code. The code is valid for {0} seconds. If you want to get a new code, please close this window and repeat the enabling request.' => '',
'Rule class must extend "yii\\rbac\\Rule".' => '',
'Session ID' => '',
'Session history' => '',
'Status' => '',
'Submit' => '',
'Terminate all sessions' => '',
'Text message' => '',
'The email address set is: "{0}".' => '',
Expand All @@ -303,16 +308,12 @@
'This is the code to insert to enable two factor authentication' => '',
'Two factor authentication code by SMS' => '',
'Two factor authentication code by email' => '',
'Unfortunately, you can not work with this site without giving us consent to process your data.' => '',
'User ID' => '',
'User agent' => '',
'User does not have sufficient permissions.' => '',
'VKontakte' => '',
'Yandex' => '',
'You cannot block your own account.' => '',
'You cannot remove your own account.' => '',
'You received this email because someone, possibly you or someone on your behalf, have created an account at {app_name}' => '',
'Your consent is required to work with this site' => '',
'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
'Your two factor authentication method is based on "{0}".' => '',
'{0, date, MMM dd, YYYY HH:mm}' => '',
Expand Down
1 change: 1 addition & 0 deletions src/User/resources/i18n/fa-IR/usuario.php
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,7 @@
'Awesome, almost there. Now you need to click the confirmation link sent to your new email address.' => '',
'Awesome, almost there. Now you need to click the confirmation link sent to your old email address.' => '',
'Back to privacy settings' => '',
'Can\'t scan? Copy the code instead.' => '',
'Cancel' => '',
'Cannot assign role "{0}" as the AuthManager is not configured on your console application.' => '',
'Children' => '',
Expand Down
1 change: 1 addition & 0 deletions src/User/resources/i18n/fi/usuario.php
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@
'Block' => '',
'Block status' => '',
'Blocked at {0, date, MMMM dd, YYYY HH:mm}' => '',
'Can\'t scan? Copy the code instead.' => '',
'Cancel' => '',
'Cannot assign role "{0}" as the AuthManager is not configured on your console application.' => '',
'Change your avatar at Gravatar.com' => '',
Expand Down
Loading

0 comments on commit 063af34

Please sign in to comment.