Skip to content
Permalink
Browse files

4.2.3 Release

  • Loading branch information...
lcharette committed Jul 7, 2019
2 parents dee9f89 + 77dfd35 commit 2c50344af0dfc17b39a26da21b4efc17c1b5b0e0
@@ -35,7 +35,8 @@ before_install:
- nvm install 10.12.0
# Install Redis and Memcached
- echo "extension = memcached.so" >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini
- printf "\n" | pecl install -f redis
# Temporary disabled as it's not compatible with PHP 5.6
# - printf "\n" | pecl install -f redis

before_script:
# install deps and UF
@@ -5,6 +5,20 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).

## [v4.2.3]

### Added
- Config to set Domain of RememberMe Cookie ([#990], [#991]; Thanks @xrobau !)
- Config settings for password min/max length ([#993])
- `migrate:clean` bakery command ([#1007])

### Fixed
- [PHPMailer] Turn off opportunistic TLS when disabled ([#986], [#987])
- Migrator now ignore files that don't end in `.php` ([#965], [#998])
- Respects CSRF_ENABLED environment variable ([#976]; Thanks @Poldovico !)
- Checkbox bug on password change form ([#1008])
- On role page, users table action buttons not working ([#1010])

## [v4.2.2]

### Added
@@ -755,10 +769,22 @@ See [http://learn.userfrosting.com/upgrading/40-to-41](Upgrading 4.0.x to 4.1.x
[#953]: https://github.com/userfrosting/UserFrosting/issues/953
[#958]: https://github.com/userfrosting/UserFrosting/issues/958
[#963]: https://github.com/userfrosting/UserFrosting/issues/963
[#965]: https://github.com/userfrosting/UserFrosting/issues/965
[#968]: https://github.com/userfrosting/UserFrosting/issues/968
[#976]: https://github.com/userfrosting/UserFrosting/issues/976
[#981]: https://github.com/userfrosting/UserFrosting/issues/981
[#983]: https://github.com/userfrosting/UserFrosting/issues/983
[#986]: https://github.com/userfrosting/UserFrosting/issues/986
[#987]: https://github.com/userfrosting/UserFrosting/issues/987
[#990]: https://github.com/userfrosting/UserFrosting/issues/990
[#991]: https://github.com/userfrosting/UserFrosting/issues/991
[#993]: https://github.com/userfrosting/UserFrosting/issues/993
[#998]: https://github.com/userfrosting/UserFrosting/issues/998
[#1007]: https://github.com/userfrosting/UserFrosting/issues/1007
[#1008]: https://github.com/userfrosting/UserFrosting/issues/1008
[#1010]: https://github.com/userfrosting/UserFrosting/issues/1010

[v4.2.0]: https://github.com/userfrosting/UserFrosting/compare/v4.1.22...v4.2.0
[v4.2.1]: https://github.com/userfrosting/UserFrosting/compare/v4.2.0...v.4.2.1
[v4.2.2]: https://github.com/userfrosting/UserFrosting/compare/v.4.2.1...v4.2.2
[v4.2.3]: https://github.com/userfrosting/UserFrosting/compare/v4.2.2...v4.2.3
@@ -11,7 +11,7 @@
namespace UserFrosting;
// Some standard defines
define('UserFrosting\VERSION', '4.2.2');
define('UserFrosting\VERSION', '4.2.3');
define('UserFrosting\DS', '/');
define('UserFrosting\PHP_MIN_VERSION', '5.6');
define('UserFrosting\PHP_RECOMMENDED_VERSION', '7.2');
@@ -55,11 +55,37 @@
* RememberMe Package Settings
* ----------------------------------------------------------------------
* See https://github.com/gbirke/rememberme for an explanation of these settings
*
* Note that the 'domain' field can be set to match your top-level-domain if you
* want to send the rememberme to all hosts in your domain. An automatic config
* of this can be done in your config.php with code similar to this:
*
* if (!empty($_SERVER['SERVER_NAME']) && filter_var($_SERVER['SERVER_NAME'], \FILTER_VALIDATE_IP) === false) {
* $darr = explode(".", $_SERVER['SERVER_NAME']);
* array_shift($darr);
* $conf['session']['cookie_parameters'] = [ "lifetime" => 86400, "domain" => ".".join(".", $darr), "path" => "/" ];
* $conf['remember_me'] = [ "domain" => ".".join(".", $darr) ];
* }
*
* (Or, for production, you can hard-code the domain rather than calculating it on each page load)
*
* This is DELIBERATELY NOT TURNED ON BY DEFAULT!
*
* If you enable the 'domain' (on both the session and the remember_me cookies)
* you will be sending your authentication cookies to every machine in the
* domain you are using. This may not be bad if you control the domain, but
* if you are using a VPS and the hostname of the machine you are connecting to
* is, for example, host2.vps.blah.com, and you connect to host20.vps.blah.com,
* your browser will send your (super secret) cookies to host20.vps.blah.com.
*
* You only want to turn this on if you want machine1.foo.com to receive the
* cookies that THIS MACHINE (machine2.foo.com) set.
*/
'remember_me' => [
'cookie' => [
'name' => 'rememberme',
],
'domain' => null,
'expire_time' => 604800,
'session' => [
'path' => '/',
@@ -96,7 +122,8 @@
* Account Site Settings
* ----------------------------------------------------------------------
* "Site" settings that are automatically passed to Twig. Use theses
* settings to control the login and registration process
* settings to control the login, password (re)set and registration
* processes
*/
'site' => [
'login' => [
@@ -115,6 +142,12 @@
],
],
],
'password' => [
'length' => [
'min' => 8,
'max' => 25,
],
],
],
/*
@@ -99,7 +99,7 @@
'PASSWORD' => [
'@TRANSLATION' => 'Contraseña',
'BETWEEN' => 'Entre {{min}} - {{max}} (recomendado 12)',
'BETWEEN' => 'Entre {{min}} - {{max}}',
'CONFIRM' => 'Confirmar contraseña',
'CONFIRM_CURRENT' => 'Por favor, confirma tu contraseña actual',
@@ -118,10 +118,15 @@ public function __construct(ClassMapper $classMapper, Session $session, Config $
$this->rememberMe->getCookie()->setPath($this->config['remember_me.session.path']);
// Set expire time, if specified
if ($this->config->has('remember_me.expire_time') && ($this->config->has('remember_me.expire_time') != null)) {
if ($this->config->has('remember_me.expire_time') && $this->config->has('remember_me.expire_time') != null) {
$this->rememberMe->getCookie()->setExpireTime($this->config['remember_me.expire_time']);
}
// Set domain, if specified
if ($this->config->has('remember_me.domain') && $this->config->has('remember_me.domain') != null) {
$this->rememberMe->getCookie()->setDomain($this->config['remember_me.domain']);
}
$this->user = null;
$this->viaRemember = false;
}
@@ -298,8 +298,11 @@ protected function validateLastName($lastName)
*/
protected function askPassword($password = '', $requireConfirmation = true)
{
$passwordMin = $this->ci->config['site.password.length.min'];
$passwordMax = $this->ci->config['site.password.length.max'];
while (!isset($password) || !$this->validatePassword($password) || !$this->confirmPassword($password, $requireConfirmation)) {
$password = $this->io->askHidden('Enter password (12-255 characters)');
$password = $this->io->askHidden('Enter password (' . $passwordMin . '-' . $passwordMax . ' characters)');
}
return $password;
@@ -314,9 +317,11 @@ protected function askPassword($password = '', $requireConfirmation = true)
*/
protected function validatePassword($password)
{
//TODO Config for this ??
if (strlen($password) < 12 || strlen($password) > 255) {
$this->io->error('Password must be between 12-255 characters');
$passwordMin = $this->ci->config['site.password.length.min'];
$passwordMax = $this->ci->config['site.password.length.max'];
if (strlen($password) < $passwordMin || strlen($password) > $passwordMax) {
$this->io->error('Password must be between ' . $passwordMin . ' and ' . $passwordMax . ' characters');
return false;
}
@@ -519,6 +519,10 @@ public function pageRegister(Request $request, Response $response, $args)
// Load validation rules
$schema = new RequestSchema('schema://requests/register.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
$validatorRegister = new JqueryValidationAdapter($schema, $this->ci->translator);
// Get locale information
@@ -593,11 +597,18 @@ public function pageResendVerification(Request $request, Response $response, $ar
*/
public function pageResetPassword(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;
// Insert the user's secret token from the link into the password reset form
$params = $request->getQueryParams();
// Load validation rules - note this uses the same schema as "set password"
$schema = new RequestSchema('schema://requests/set-password.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
$validator = new JqueryValidationAdapter($schema, $this->ci->translator);
return $this->ci->view->render($response, 'pages/reset-password.html.twig', [
@@ -627,11 +638,18 @@ public function pageResetPassword(Request $request, Response $response, $args)
*/
public function pageSetPassword(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;
// Insert the user's secret token from the link into the password set form
$params = $request->getQueryParams();
// Load validation rules
$schema = new RequestSchema('schema://requests/set-password.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
$validator = new JqueryValidationAdapter($schema, $this->ci->translator);
return $this->ci->view->render($response, 'pages/set-password.html.twig', [
@@ -664,6 +682,9 @@ public function pageSetPassword(Request $request, Response $response, $args)
*/
public function pageSettings(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager */
$authorizer = $this->ci->authorizer;
@@ -677,14 +698,15 @@ public function pageSettings(Request $request, Response $response, $args)
// Load validation rules
$schema = new RequestSchema('schema://requests/account-settings.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
$validatorAccountSettings = new JqueryValidationAdapter($schema, $this->ci->translator);
$schema = new RequestSchema('schema://requests/profile-settings.yaml');
$validatorProfileSettings = new JqueryValidationAdapter($schema, $this->ci->translator);
/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;
// Get a list of all locales
$locales = $config->getDefined('site.locales.available');
@@ -919,6 +941,10 @@ public function register(Request $request, Response $response, $args)
// Load the request schema
$schema = new RequestSchema('schema://requests/register.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
// Whitelist and set parameter defaults
$transformer = new RequestDataTransformer($schema);
@@ -1117,6 +1143,10 @@ public function setPassword(Request $request, Response $response, $args)
// Load the request schema
$schema = new RequestSchema('schema://requests/set-password.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
// Whitelist and set parameter defaults
$transformer = new RequestDataTransformer($schema);
@@ -1210,6 +1240,10 @@ public function settings(Request $request, Response $response, $args)
// Load the request schema
$schema = new RequestSchema('schema://requests/account-settings.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
// Whitelist and set parameter defaults
$transformer = new RequestDataTransformer($schema);
@@ -16,7 +16,7 @@
{% if page.visibility != "disabled" %}
<div class="form-group">
<label for="input-password" class="control-label">{{translate("PASSWORD.NEW")}}</label>
<input type="password" id="input-password" class="form-control" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: 12, max: 100})}} ({{translate("OPTIONAL")}})">
<input type="password" id="input-password" class="form-control" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: site.password.length.min, max: site.password.length.max})}} ({{translate("OPTIONAL")}})">
</div>
<div class="form-group">
<label for="input-passwordc" class="control-label">{{translate("PASSWORD.CONFIRM_NEW")}}</label>
@@ -47,7 +47,7 @@
</div>
<div class="form-group">
<label for="r-form-password">{{translate('PASSWORD')}}</label>
<input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: 12, max: 100})}}" class="form-control" id="r-form-password">
<input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: site.password.length.min, max: site.password.length.max})}}" class="form-control" id="r-form-password">
</div>
<div class="form-group">
<label class="sr-only" for="r-form-passwordc">{{translate('PASSWORD.CONFIRM')}}</label>
@@ -30,7 +30,7 @@

<div class="form-group">
<label class="sr-only" for="form-password">{{translate("PASSWORD.NEW")}}</label>
<input type="password" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: 12, max: 100})}}" class="form-control" id="form-password">
<input type="password" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: site.password.length.min, max: site.password.length.max})}}" class="form-control" id="form-password">
</div>

<div class="form-group">
@@ -30,7 +30,7 @@

<div class="form-group">
<label class="sr-only" for="form-password">{{translate('PASSWORD')}}</label>
<input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: 12, max: 100})}}" class="form-control" id="form-password">
<input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: site.password.length.min, max: site.password.length.max})}}" class="form-control" id="form-password">
</div>
<div class="form-group">
<label class="sr-only" for="form-passwordc">{{translate('PASSWORD.CONFIRM')}}</label>
@@ -957,6 +957,8 @@ public function updateField(Request $request, Response $response, $args)
// Load the request schema
$schema = new RequestSchema('schema://requests/role/edit-field.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
// Whitelist and set parameter defaults
$transformer = new RequestDataTransformer($schema);
@@ -765,6 +765,9 @@ public function getModalEditPassword(Request $request, Response $response, $args
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;
/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;
// Access-controlled resource - check that currentUser has permission to edit "password" field for this user
if (!$authorizer->checkAccess($currentUser, 'update_user_field', [
'user' => $user,
@@ -775,6 +778,10 @@ public function getModalEditPassword(Request $request, Response $response, $args
// Load validation rules
$schema = new RequestSchema('schema://requests/user/edit-password.yaml');
$schema->set('value.validators.length.min', $config['site.password.length.min']);
$schema->set('value.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
$validator = new JqueryValidationAdapter($schema, $this->ci->translator);
return $this->ci->view->render($response, 'modals/user-set-password.html.twig', [
@@ -1307,6 +1314,8 @@ public function updateField(Request $request, Response $response, $args)
// Load the request schema
$schema = new RequestSchema('schema://requests/user/edit-field.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
// Whitelist and set parameter defaults
$transformer = new RequestDataTransformer($schema);

0 comments on commit 2c50344

Please sign in to comment.
You can’t perform that action at this time.