diff --git a/config/lmcuser.global.php.dist b/config/lmcuser.global.php.dist index 0ccc4d6..57af858 100644 --- a/config/lmcuser.global.php.dist +++ b/config/lmcuser.global.php.dist @@ -111,6 +111,22 @@ $settings = array( */ //'use_registration_form_captcha' => false, + /** + * Login Form Captcha + * + * Determines if a captcha should be utilized on the user login form. + * Default value is false. + */ + //'use_login_form_captcha' => false, + + /** + * Login Form CSRF + * + * Determines if a csrf should be utilized on the user login form. + * Default value is true. + */ + //'use_login_form_csrf' => true, + /** * Form Captcha Options * diff --git a/src/LmcUser/Form/Login.php b/src/LmcUser/Form/Login.php index d267bcb..2cdf0a5 100644 --- a/src/LmcUser/Form/Login.php +++ b/src/LmcUser/Form/Login.php @@ -51,14 +51,27 @@ public function __construct($name, AuthenticationOptionsInterface $options) ) ); - // @todo: Fix this - // 1) getValidator() is a protected method - // 2) i don't believe the login form is actually being validated by the login action - // (but keep in mind we don't want to show invalid username vs invalid password or - // anything like that, it should just say "login failed" without any additional info) - //$csrf = new Element\Csrf('csrf'); - //$csrf->getValidator()->setTimeout($options->getLoginFormTimeout()); - //$this->add($csrf); + if ($this->getAuthenticationOptions()->getUseLoginFormCsrf()) { + $this->add([ + 'type' => '\Laminas\Form\Element\Csrf', + 'name' => 'security', + 'options' => [ + 'csrf_options' => [ + 'timeout' => $this->getAuthenticationOptions()->getLoginFormTimeout() + ] + ] + ]); + } + if ($this->getAuthenticationOptions()->getUseLoginFormCaptcha()) { + $this->add(array( + 'name' => 'captcha', + 'type' => 'Laminas\Form\Element\Captcha', + 'options' => array( + 'label' => 'Human check', + 'captcha' => $this->getAuthenticationOptions()->getFormCaptchaOptions(), + ), + )); + } $submitElement = new Element\Button('submit'); $submitElement diff --git a/src/LmcUser/Form/LoginFilter.php b/src/LmcUser/Form/LoginFilter.php index 8b9a0e9..6f72d9a 100644 --- a/src/LmcUser/Form/LoginFilter.php +++ b/src/LmcUser/Form/LoginFilter.php @@ -12,7 +12,10 @@ public function __construct(AuthenticationOptionsInterface $options) $identityParams = array( 'name' => 'identity', 'required' => true, - 'validators' => array() + 'validators' => array(), + 'filters' => array( + array('name' => 'StringTrim'), + ) ); $identityFields = $options->getAuthIdentityFields(); diff --git a/src/LmcUser/Options/AuthenticationOptionsInterface.php b/src/LmcUser/Options/AuthenticationOptionsInterface.php index 7b5589a..285200c 100644 --- a/src/LmcUser/Options/AuthenticationOptionsInterface.php +++ b/src/LmcUser/Options/AuthenticationOptionsInterface.php @@ -33,4 +33,49 @@ public function setAuthIdentityFields($authIdentityFields); * @return array */ public function getAuthIdentityFields(); + + /** + * set use a captcha in login form + * + * @param bool $useRegistrationFormCaptcha + * @return ModuleOptions + */ + public function setUseLoginFormCaptcha($useLoginFormCaptcha); + + /** + * get use a captcha in login form + * + * @return bool + */ + public function getUseLoginFormCaptcha(); + + /** + * set use a csrf in login form + * + * @param bool $useLoginFormCsrf + * @return ModuleOptions + */ + public function setUseLoginFormCsrf($useLoginFormCsrf); + + /** + * get use a csrf in login form + * + * @return bool + */ + public function getUseLoginFormCsrf(); + + /** + * set form CAPTCHA options + * + * @param array $formCaptchaOptions + * @return ModuleOptions + */ + public function setFormCaptchaOptions($formCaptchaOptions); + + /** + * get form CAPTCHA options + * + * @return array + */ + public function getFormCaptchaOptions(); } diff --git a/src/LmcUser/Options/ModuleOptions.php b/src/LmcUser/Options/ModuleOptions.php index 23d5bf7..e39c244 100644 --- a/src/LmcUser/Options/ModuleOptions.php +++ b/src/LmcUser/Options/ModuleOptions.php @@ -97,6 +97,16 @@ class ModuleOptions extends AbstractOptions implements * @var bool */ protected $useRegistrationFormCaptcha = false; + + /** + * @var bool + */ + protected $useLoginFormCaptcha = false; + + /** + * @var bool + */ + protected $useLoginFormCsrf = true; /** * @var int @@ -472,6 +482,50 @@ public function getUseRegistrationFormCaptcha() { return $this->useRegistrationFormCaptcha; } + + /** + * set use a captcha in login form + * + * @param bool $useLoginFormCaptcha + * @return ModuleOptions + */ + public function setUseLoginFormCaptcha($useLoginFormCaptcha) + { + $this->useLoginFormCaptcha = $useLoginFormCaptcha; + return $this; + } + + /** + * get use a captcha in login form + * + * @return bool + */ + public function getUseLoginFormCaptcha() + { + return $this->useLoginFormCaptcha; + } + + /** + * set use a csrf in login form + * + * @param bool $useRegistrationFormCaptcha + * @return ModuleOptions + */ + public function setUseLoginFormCsrf($useLoginFormCsrf) + { + $this->useLoginFormCsrf = $useLoginFormCsrf; + return $this; + } + + /** + * get use a csrf in login form + * + * @return bool + */ + public function getUseLoginFormCsrf() + { + return $this->useLoginFormCsrf; + } /** * set user entity class name