Merge branch 'release/3.5.2'

CHANGELOG.md

@@ -1,3 +1,16 @@
+# v3.5.2
+## 09/14/2021
+
+1. [](#bugfix)
+   * Fixed broken CLI [#280](https://github.com/getgrav/grav-plugin-login/issues/280)
+   * Remove dynamic defaults in `route_after_login` and `route_after_login` settings as they have no effect
+1. [](#new)
+    * Require **Grav 1.7.21**
+    * Added support for `{% throw 401 'Unauthorized' %}` and `{% throw 403 'Forbidden' %}` from twig template to show appropriate login pages
+2. [](#improved)
+    * Unauthorized page uses now `HTTP 403` code
+    * Remove notification on unauthorized page
+
 # v3.5.1
 ## 08/31/2021
 

blueprints.yaml

@@ -1,7 +1,7 @@
 name: Login
 slug: login
 type: plugin
-version: 3.5.1
+version: 3.5.2
 testing: false
 description: Enables user authentication and login screen.
 icon: sign-in
@@ -15,7 +15,7 @@ bugs: https://github.com/getgrav/grav-plugin-login/issues
 license: MIT
 
 dependencies:
-  - { name: grav, version: '>=1.7.19' }
+  - { name: grav, version: '>=1.7.21' }
   - { name: form, version: '>=5.1.0' }
   - { name: email, version: '>=3.1.0' }
 
@@ -206,15 +206,13 @@ form:
               size: medium
               label: PLUGIN_LOGIN.ROUTE_AFTER_LOGIN
               help: PLUGIN_LOGIN.ROUTE_AFTER_LOGIN_HELP
-              data-default@: '\Grav\Plugin\LoginPlugin::defaultRedirectAfterLogin'
               placeholder: "/user_profile"
 
             route_after_logout:
               type: text
               size: medium
               label: PLUGIN_LOGIN.ROUTE_AFTER_LOGOUT
               help: PLUGIN_LOGIN.ROUTE_AFTER_LOGOUT_HELP
-              data-default@: '\Grav\Plugin\LoginPlugin::defaultRedirectAfterLogout'
               placeholder: "/"
 
             route_forgot:

classes/Login.php

@@ -646,7 +646,6 @@ public function addPage(string $type, string $route = null, PageInterface $page
         $pages = $this->grav['pages'];
 
         if ($page) {
-            $route = $route ?? '/login';
             $page->route($route);
             $page->slug(basename($route));
         } else {

login.php

@@ -23,6 +23,7 @@
 use Grav\Common\User\Interfaces\UserInterface;
 use Grav\Common\Utils;
 use Grav\Common\Uri;
+use Grav\Events\PluginsLoadedEvent;
 use Grav\Events\SessionStartEvent;
 use Grav\Framework\Flex\Interfaces\FlexCollectionInterface;
 use Grav\Framework\Flex\Interfaces\FlexObjectInterface;
@@ -59,8 +60,9 @@ class LoginPlugin extends Plugin
     public static function getSubscribedEvents(): array
     {
         return [
+            PluginsLoadedEvent::class   => [['onPluginsLoaded', 10]],
             SessionStartEvent::class    => ['onSessionStart', 0],
-            'onPluginsInitialized'      => [['autoload', 100000], ['initializeSession', 10000], ['initializeLogin', 1000]],
+            'onPluginsInitialized'      => [['initializeSession', 10000], ['initializeLogin', 1000]],
             'onTask.login.login'        => ['loginController', 0],
             'onTask.login.twofa'        => ['loginController', 0],
             'onTask.login.twofa_cancel' => ['loginController', 0],
@@ -69,6 +71,8 @@ public static function getSubscribedEvents(): array
             'onTask.login.reset'        => ['loginController', 0],
             'onTask.login.regenerate2FASecret' => ['loginController', 0],
             'onPagesInitialized'        => ['storeReferrerPage', 0],
+            'onDisplayErrorPage.401'    => ['onDisplayErrorPage401', -1],
+            'onDisplayErrorPage.403'    => ['onDisplayErrorPage403', -1],
             'onPageInitialized'         => [['authorizeLoginPage', 10], ['authorizePage', 0]],
             'onPageFallBackUrl'         => ['authorizeFallBackUrl', 0],
             'onTwigTemplatePaths'       => ['onTwigTemplatePaths', 0],
@@ -84,7 +88,7 @@ public static function getSubscribedEvents(): array
     }
 
     /**
-     * [onPluginsInitialized:100000] Composer autoload.
+     * Composer autoload.
      *
      * @return ClassLoader
      */
@@ -93,6 +97,23 @@ public function autoload(): ClassLoader
         return require __DIR__ . '/vendor/autoload.php';
     }
 
+    /**
+     * [onPluginsLoaded:10] Initialize login service.
+     * @throws \RuntimeException
+     */
+    public function onPluginsLoaded(): void
+    {
+        // Check to ensure sessions are enabled.
+        if (!$this->config->get('system.session.enabled') && !\constant('GRAV_CLI')) {
+            throw new \RuntimeException('The Login plugin requires "system.session" to be enabled');
+        }
+
+        // Define login service.
+        $this->grav['login'] = static function (Grav $c) {
+            return new Login($c);
+        };
+    }
+
     public function onSessionStart(SessionStartEvent $event): void
     {
         $session = $event->session;
@@ -147,11 +168,6 @@ public function initializeSession(): void
             throw new \RuntimeException('The Login plugin requires "system.session" to be enabled');
         }
 
-        // Define login service.
-        $this->grav['login'] = static function (Grav $c) {
-            return new Login($c);
-        };
-
         // Define current user service.
         $this->grav['user'] = static function (Grav $c) {
             $session = $c['session'];
@@ -490,6 +506,32 @@ public function authorizeFallBackUrl(): void
         }
     }
 
+    /**
+     * @param Event $event
+     */
+    public function onDisplayErrorPage401(Event $event): void
+    {
+        if ($this->isAdmin()) {
+            return;
+        }
+
+        $event['page'] = $this->login->addPage('login');
+        $event->stopPropagation();
+    }
+
+    /**
+     * @param Event $event
+     */
+    public function onDisplayErrorPage403(Event $event): void
+    {
+        if ($this->isAdmin()) {
+            return;
+        }
+
+        $event['page'] = $this->login->addPage('unauthorized');
+        $event->stopPropagation();
+    }
+
     /**
      * [onPageInitialized]
      */
@@ -568,9 +610,6 @@ public function authorizePage(): void
 
             $twig->twig_vars['form'] = new Form($login_page);
         } else {
-            /** @var Language $l */
-            $l = $this->grav['language'];
-            $this->grav['messages']->add($l->translate('PLUGIN_LOGIN.ACCESS_DENIED'), 'error');
             $twig->twig_vars['notAuthorized'] = true;
 
             $this->setUnauthorizedPage();
@@ -1141,7 +1180,10 @@ public function userLogout(UserLoginEvent $event): void
     public static function defaultRedirectAfterLogin()
     {
         /** @var Login $login */
-        $login = Grav::instance()['login'];
+        $login = Grav::instance()['login'] ?? null;
+        if (null === $login) {
+            return '/';
+        }
 
         return $login->getRoute('after_login') ?? false;
     }
@@ -1153,7 +1195,10 @@ public static function defaultRedirectAfterLogin()
     public static function defaultRedirectAfterLogout()
     {
         /** @var Login $login */
-        $login = Grav::instance()['login'];
+        $login = Grav::instance()['login'] ?? null;
+        if (null === $login) {
+            return '/';
+        }
 
         return $login->getRoute('after_logout') ?? false;
     }

pages/unauthorized.md

@@ -1,5 +1,6 @@
 ---
 title: Unauthorized
+http_response_code: 403
 cache_control: private, no-cache, must-revalidate
 ---