Merge branch 'release/3.3.6'

CHANGELOG.md

@@ -1,14 +1,21 @@
+# v3.3.6
+## 09/24/2020
+
+1. [](#bugfix)
+    * Fixed typos causing invalid config for logout
+    * Fixed cache issues with user login pages [#264](https://github.com/getgrav/grav-plugin-login/issues/264) 
+
 # v3.3.5
 ## 06/10/2020
 
 1. [](#bugfix)
-    * Fixed broken lang strings [#258](https://github.com/getgrav/grav-plugin-login/pulls/258)
+    * Fixed broken lang strings [#258](https://github.com/getgrav/grav-plugin-login/pull/258)
 
 # v3.3.4
 ## 06/08/2020
 
 1. [](#improved)
-    * Missing language strings [#254](https://github.com/getgrav/grav-plugin-login/pulls/254)
+    * Missing language strings [#254](https://github.com/getgrav/grav-plugin-login/pull/254)
 
 # v3.3.3
 ## 06/05/2020
@@ -85,8 +92,8 @@
 
 1. [](#bugfix)
     * Fixed bug in `Login::isUserAuthorizedForPage()` where rules is a list of permissions
-    * Fixed password reset link [#233](https://github.com/getgrav/grav-plugin-login/pulls/233)
-    * Fixed Typo [#236](https://github.com/getgrav/grav-plugin-login/pulls/236)
+    * Fixed password reset link [#233](https://github.com/getgrav/grav-plugin-login/pull/233)
+    * Fixed Typo [#236](https://github.com/getgrav/grav-plugin-login/pull/236)
 
 # v3.0.4
 ## 10/03/2019
@@ -107,7 +114,7 @@
 ## 05/09/2019
 
 1. [](#new)
-  * Added `ru` and `uk` translations [#208](https://github.com/getgrav/grav-plugin-login/pulls/208)
+  * Added `ru` and `uk` translations [#208](https://github.com/getgrav/grav-plugin-login/pull/208)
 1. [](#improved)
   * Fixed typo in README.md
   * Added support for IPv6 addresses for login rate limiting @Vivalldi [#204](https://github.com/getgrav/grav-plugin-login/issues/204)
@@ -140,11 +147,11 @@
 ## 03/20/2019
 
 1. [](#improved)  
-  * Enable "brute force" protection by default [#195](https://github.com/getgrav/grav-plugin-login/pulls/195)
+  * Enable "brute force" protection by default [#195](https://github.com/getgrav/grav-plugin-login/pull/195)
   * UPdated various language translations
 1. [](#bugfix)
   * Set security timeouts in blueprints to use `minutes` rather than `seconds` [#194](https://github.com/getgrav/grav-plugin-login/issues/194)
-  * Send "notification" email to `to` address rather than `from` [#188](https://github.com/getgrav/grav-plugin-login/pulls/188)
+  * Send "notification" email to `to` address rather than `from` [#188](https://github.com/getgrav/grav-plugin-login/pull/188)
 
 # v2.8.3
 ## 01/25/2019

blueprints.yaml

@@ -1,7 +1,7 @@
 name: Login
 slug: login
 type: plugin
-version: 3.3.5
+version: 3.3.6
 testing: false
 description: Enables user authentication and login screen.
 icon: sign-in

login.php

@@ -136,7 +136,7 @@ public function onSessionStart(SessionStartEvent $event)
     }
 
     /**
-     * [onPluginsInitialized] Initialize login plugin if path matches.
+     * [onPluginsInitialized:10000] Initialize login plugin if path matches.
      * @throws \RuntimeException
      */
     public function initializeSession()
@@ -168,7 +168,7 @@ public function initializeSession()
     }
 
     /**
-     * [onPluginsInitialized] Initialize login plugin if path matches.
+     * [onPluginsInitialized:1000] Initialize login plugin if path matches.
      * @throws \RuntimeException
      */
     public function initializeLogin()
@@ -252,6 +252,7 @@ public function pageVisibility(Event $e)
             $pages = $e['pages'];
             $user = $this->grav['user'];
 
+            // TODO: This is super slow especially with Flex Pages. Better solution is required (on indexing / on load?).
             foreach ($pages->instances() as $page) {
                 if ($page) {
                     $header = $page->header();
@@ -333,6 +334,9 @@ public function addLoginPage()
 
             $pages->addPage($page, $this->route);
         }
+
+        // Login page may not have the correct Cache-Control header set, force no-store for the proxies.
+        $page->expires(0);
     }
 
     /**
@@ -354,6 +358,9 @@ public function addForgotPage()
 
             $pages->addPage($page, $route);
         }
+
+        // Forgot page may not have the correct Cache-Control header set, force no-store for the proxies.
+        $page->expires(0);
     }
 
     /**
@@ -384,6 +391,9 @@ public function addResetPage()
 
             $pages->addPage($page, $route);
         }
+
+        // Reset page may not have the correct Cache-Control header set, force no-store for the proxies.
+        $page->expires(0);
     }
 
     /**
@@ -405,6 +415,9 @@ public function addRegisterPage()
 
             $pages->addPage($page, $route);
         }
+
+        // Register page may not have the correct Cache-Control header set, force no-store for the proxies.
+        $page->expires(0);
     }
 
     /**
@@ -503,6 +516,9 @@ public function addProfilePage()
             $pages->addPage($page, $route);
         }
 
+        // Profile page may not have the correct Cache-Control header set, force no-store for the proxies.
+        $page->expires(0);
+
         $this->storeReferrerPage();
     }
 
@@ -526,6 +542,9 @@ public function setUnauthorizedPage()
             $pages->addPage($page, $route);
         }
 
+        // Unauthorized page may not have the correct Cache-Control header set, force no-store for the proxies.
+        $page->expires(0);
+
         unset($this->grav['page']);
         $this->grav['page'] = $page;
     }
@@ -624,9 +643,7 @@ public function authorizePage()
                 $login_page = $this->grav['pages']->dispatch($this->route);
             }
 
-
             if (!$login_page) {
-
                 $login_page = new Page();
 
                 // Get the admin Login page is needed, else the default
@@ -644,6 +661,9 @@ public function authorizePage()
                 $pages->addPage($login_page, $this->route);
             }
 
+            // Login page may not have the correct Cache-Control header set, force no-store for the proxies.
+            $login_page->expires(0);
+
             $this->authenticated = false;
             unset($this->grav['page']);
             $this->grav['page'] = $login_page;
@@ -1229,8 +1249,8 @@ public static function defaultRedirectAfterLogin()
     public static function defaultRedirectAfterLogout()
     {
         $config = Grav::instance()['config'];
-        $redirect_after_logout = $config->get('plugins.logout.redirect_after_logout');
-        $route_after_logout = $config->get('plugins.logout.route_after_logout');
+        $redirect_after_logout = $config->get('plugins.login.redirect_after_logout');
+        $route_after_logout = $config->get('plugins.login.route_after_logout');
 
         return is_bool($redirect_after_logout) && $redirect_after_logout == true ? $route_after_logout : $redirect_after_logout;
     }

pages/forgot.md

@@ -1,5 +1,6 @@
 ---
 title: Forgot password
+expires: 0
 
 login_redirect_here: false
 

pages/login.md

@@ -1,5 +1,6 @@
 ---
 title: Login
+expires: 0
 
 login_redirect_here: false
 

pages/profile.md

@@ -1,5 +1,6 @@
 ---
 title: Profile
+expires: 0
 access:
     site.login: true
 

pages/register.md

@@ -1,5 +1,6 @@
 ---
 login_redirect_here: false
+expires: 0
 
 form:
 

pages/reset.md

@@ -1,5 +1,6 @@
 ---
 title: Reset password
+expires: 0
 
 login_redirect_here: false
 

pages/unauthorized.md

@@ -1,5 +1,6 @@
 ---
 title: Unauthorized
+expires: 0
 ---
 
 # You don't have access to this page...