Skip to content

Commit

Permalink
Merge pull request #7006 from wallabag/release/2.6.7
Browse files Browse the repository at this point in the history 
Prepare 2.6.7 release
  • Loading branch information
@j0k3r
j0k3r committed Oct 2, 2023
2 parents 0cfdddc + fa10711 commit 6062324
Show file tree
Hide file tree
Showing 8 changed files with 80 additions and 70 deletions.
11 changes: 11 additions & 0 deletions CHANGELOG.md
View file
@@ -1,5 +1,16 @@
# Changelog

## [2.6.7](https://github.com/wallabag/wallabag/tree/2.6.7)
[Full Changelog](https://github.com/wallabag/wallabag/compare/2.6.6...2.6.7)

### Security fix
* A user can disable her 2FA unintentionally by @kdecherf in https://github.com/wallabag/wallabag/commit/0cfdddc2eb0aee5ffb69bf499d377d75655ba157

### Fixes
* Fix deprecated null tag parameter by @Simounet in https://github.com/wallabag/wallabag/pull/6985
* Full clickable card on mass action by @Simounet in https://github.com/wallabag/wallabag/pull/6991
* Add tag form submit button always displayed by @Simounet in https://github.com/wallabag/wallabag/pull/6986

## [2.6.6](https://github.com/wallabag/wallabag/tree/2.6.6)
[Full Changelog](https://github.com/wallabag/wallabag/compare/2.6.5...2.6.6)

Expand Down
2 changes: 1 addition & 1 deletion app/config/wallabag.yml
View file
@@ -1,5 +1,5 @@
wallabag_core:
version: 2.6.6
version: 2.6.7
paypal_url: "https://liberapay.com/wallabag/donate"
languages:
en: 'English'
Expand Down
12 changes: 6 additions & 6 deletions composer.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion phpstan-baseline.neon
View file
Expand Up @@ -62,5 +62,5 @@ parameters:

-
message: "#^Method FOS\\\\UserBundle\\\\Model\\\\UserManagerInterface\\:\\:updateUser()#"
count: 7
count: 6
path: src/Wallabag/CoreBundle/Controller/ConfigController.php
2 changes: 1 addition & 1 deletion src/Wallabag/CoreBundle/Controller/ConfigController.php
View file
Expand Up @@ -373,7 +373,7 @@ function ($backupCode) {
* Cancelling 2FA using OTP app.
*
* @Route("/config/otp/app/cancel", name="config_otp_app_cancel")
*
*
* XXX: commented until we rewrite 2fa with a real two-steps activation
*/
/*public function otpAppCancelAction()
Expand Down
1 change: 0 additions & 1 deletion src/Wallabag/CoreBundle/Form/Type/UserInformationType.php
View file
Expand Up @@ -4,7 +4,6 @@

use FOS\UserBundle\Form\Type\RegistrationFormType;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\Extension\Core\Type\CheckboxType;
use Symfony\Component\Form\Extension\Core\Type\EmailType;
use Symfony\Component\Form\Extension\Core\Type\SubmitType;
use Symfony\Component\Form\Extension\Core\Type\TextType;
Expand Down
114 changes: 57 additions & 57 deletions src/Wallabag/CoreBundle/Resources/views/Config/index.html.twig
View file
Expand Up @@ -210,65 +210,65 @@
{{ form_widget(form.user.save, {'attr': {'class': 'btn waves-effect waves-light'}}) }}

{{ form_widget(form.user._token) }}

{{ form_end(form.user) }}

<br/>
<br/>
<div class="row">
<h5>{{ 'config.otp.page_title'|trans }}</h5>

<p>{{ 'config.form_user.two_factor_description'|trans }}</p>

<table>
<thead>
<tr>
<th>{{ 'config.form_user.two_factor.table_method'|trans }}</th>
<th>{{ 'config.form_user.two_factor.table_state'|trans }}</th>
<th>{{ 'config.form_user.two_factor.table_action'|trans }}</th>
</tr>
</thead>
{{ form_end(form.user) }}

<tbody>
<tr>
<td>{{ 'config.form_user.two_factor.emailTwoFactor_label'|trans }}</td>
<td>{% if app.user.isEmailTwoFactor %}<b>{{ 'config.form_user.two_factor.state_enabled'|trans }}</b>{% else %}{{ 'config.form_user.two_factor.state_disabled'|trans }}{% endif %}</td>
<td>
<form action="{{ path('config_otp_email') }}" method="post" name="config_otp_email">
<input type="hidden" name="token" value="{{ csrf_token('otp') }}" />

<button class="waves-effect waves-light btn{% if app.user.isEmailTwoFactor %} disabled{% endif %}" type="submit">{{ 'config.form_user.two_factor.action_email'|trans }}</button>
</form>
{% if app.user.isEmailTwoFactor %}
<form action="{{ path('disable_otp_email') }}" method="post" name="disable_otp_email">
<input type="hidden" name="token" value="{{ csrf_token('otp') }}" />

<button class="waves-effect waves-light btn red" type="submit">Disable</button>
</form>
{% endif %}
</td>
</tr>
<tr>
<td>{{ 'config.form_user.two_factor.googleTwoFactor_label'|trans }}</td>
<td>{% if app.user.isGoogleTwoFactor %}<b>{{ 'config.form_user.two_factor.state_enabled'|trans }}</b>{% else %}{{ 'config.form_user.two_factor.state_disabled'|trans }}{% endif %}</td>
<td>
<form action="{{ path('config_otp_app') }}" method="post" name="config_otp_app">
<input type="hidden" name="token" value="{{ csrf_token('otp') }}" />

<button class="waves-effect waves-light btn{% if app.user.isGoogleTwoFactor %} disabled{% endif %}" type="submit">{{ 'config.form_user.two_factor.action_app'|trans }}</button>
</form>
{% if app.user.isGoogleTwoFactor %}
<form action="{{ path('disable_otp_app') }}" method="post" name="disable_otp_app">
<input type="hidden" name="token" value="{{ csrf_token('otp') }}" />

<button class="waves-effect waves-light btn red" type="submit">Disable</button>
</form>
{% endif %}
</td>
</tr>
</tbody>
</table>
</div>
<br/>
<br/>
<div class="row">
<h5>{{ 'config.otp.page_title'|trans }}</h5>

<p>{{ 'config.form_user.two_factor_description'|trans }}</p>

<table>
<thead>
<tr>
<th>{{ 'config.form_user.two_factor.table_method'|trans }}</th>
<th>{{ 'config.form_user.two_factor.table_state'|trans }}</th>
<th>{{ 'config.form_user.two_factor.table_action'|trans }}</th>
</tr>
</thead>

<tbody>
<tr>
<td>{{ 'config.form_user.two_factor.emailTwoFactor_label'|trans }}</td>
<td>{% if app.user.isEmailTwoFactor %}<b>{{ 'config.form_user.two_factor.state_enabled'|trans }}</b>{% else %}{{ 'config.form_user.two_factor.state_disabled'|trans }}{% endif %}</td>
<td>
<form action="{{ path('config_otp_email') }}" method="post" name="config_otp_email">
<input type="hidden" name="token" value="{{ csrf_token('otp') }}" />

<button class="waves-effect waves-light btn{% if app.user.isEmailTwoFactor %} disabled{% endif %}" type="submit">{{ 'config.form_user.two_factor.action_email'|trans }}</button>
</form>
{% if app.user.isEmailTwoFactor %}
<form action="{{ path('disable_otp_email') }}" method="post" name="disable_otp_email">
<input type="hidden" name="token" value="{{ csrf_token('otp') }}" />

<button class="waves-effect waves-light btn red" type="submit">Disable</button>
</form>
{% endif %}
</td>
</tr>
<tr>
<td>{{ 'config.form_user.two_factor.googleTwoFactor_label'|trans }}</td>
<td>{% if app.user.isGoogleTwoFactor %}<b>{{ 'config.form_user.two_factor.state_enabled'|trans }}</b>{% else %}{{ 'config.form_user.two_factor.state_disabled'|trans }}{% endif %}</td>
<td>
<form action="{{ path('config_otp_app') }}" method="post" name="config_otp_app">
<input type="hidden" name="token" value="{{ csrf_token('otp') }}" />

<button class="waves-effect waves-light btn{% if app.user.isGoogleTwoFactor %} disabled{% endif %}" type="submit">{{ 'config.form_user.two_factor.action_app'|trans }}</button>
</form>
{% if app.user.isGoogleTwoFactor %}
<form action="{{ path('disable_otp_app') }}" method="post" name="disable_otp_app">
<input type="hidden" name="token" value="{{ csrf_token('otp') }}" />

<button class="waves-effect waves-light btn red" type="submit">Disable</button>
</form>
{% endif %}
</td>
</tr>
</tbody>
</table>
</div>
</div>

<div id="set4" class="col s12">
Expand Down
6 changes: 3 additions & 3 deletions tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php
View file
Expand Up @@ -1215,7 +1215,7 @@ public function testUserDisable2faEmail()
$client->submit($form);

$this->assertSame(302, $client->getResponse()->getStatusCode());

$this->assertStringContainsString('flashes.config.notice.otp_disabled', $client->getContainer()->get(SessionInterface::class)->getFlashBag()->get('notice')[0]);

// restore user
Expand Down Expand Up @@ -1264,7 +1264,7 @@ public function testUserDisable2faGoogle()
->getRepository(User::class)
->findOneByUsername('admin');

$user->setGoogleAuthenticatorSecret("Google2FA");
$user->setGoogleAuthenticatorSecret('Google2FA');
$em->persist($user);
$em->flush();

Expand All @@ -1274,7 +1274,7 @@ public function testUserDisable2faGoogle()
$client->submit($form);

$this->assertSame(302, $client->getResponse()->getStatusCode());

$this->assertStringContainsString('flashes.config.notice.otp_disabled', $client->getContainer()->get(SessionInterface::class)->getFlashBag()->get('notice')[0]);

// restore user
Expand Down

0 comments on commit 6062324

Please sign in to comment.