From 03426e3ad6230701150880186992e96a80acd8c3 Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Thu, 14 May 2020 18:14:06 -0600 Subject: [PATCH 01/10] fixed broken changelog format Signed-off-by: Andy Miller --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ed8ec38..0ddfc03 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,7 @@ # 3.3.0 ## 04/30/2020 -* [](#new) +1. [](#new) * Rate limiter logic was moved to login events and can be turned on with `['rate_limit' => true]` option * Rate limiter sets `UserLoginEvent::AUTHENTICATION_CANCELLED` and triggers `onUserLoginFailure` event * Login now triggers extra `onUserLoginAuthorized` event if user is authorized From e63d86ae966cc808c0cd8fb3c20975d46dcc991c Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Thu, 14 May 2020 18:14:37 -0600 Subject: [PATCH 02/10] more broken changelog formatting Signed-off-by: Andy Miller --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ddfc03..1e74249 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,7 +23,7 @@ 1. [](#new) * CHANGE: `redirect_to_login` and `redirect_after_logout` are now boolean, with accompanying `route_after_login` and `route_after_logout` options. NOTE: Compatibility is maintained with existing config. -* [](#improved) +1. [](#improved) * Improved configuration layout * Better handling of login route when that page doesn't exist 1. [](#bugfix) @@ -46,7 +46,7 @@ 1. [](#new) * Pass phpstan level 1 tests * Updated 2FA library to v1.7.0 -* [](#improved) +1. [](#improved) * Added some debugging messages (turned off by default) # 3.0.5 From 0c9e863da1c3b5c47606caddb0bdcc1889847313 Mon Sep 17 00:00:00 2001 From: Matias Griese Date: Wed, 27 May 2020 12:31:34 +0300 Subject: [PATCH 03/10] Added error message when user cannot log in because of account has not been activated or it has been disabled --- CHANGELOG.md | 6 ++++++ languages/en.yaml | 3 ++- login.php | 3 +++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1e74249..05f9090 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +# 3.3.2 +## mm/dd/2020 + +1. [](#improved) + * Added error message when user cannot log in because of account has not been activated or it has been disabled + # 3.3.1 ## 05/07/2020 diff --git a/languages/en.yaml b/languages/en.yaml index 692a3f1..f9f77db 100644 --- a/languages/en.yaml +++ b/languages/en.yaml @@ -139,4 +139,5 @@ PLUGIN_LOGIN: MANUALLY_ENABLE: "Manually Enable" MANUALLY_ENABLE_HELP: "When using 'activation email' and 'notification email', you can ensure the user can self activate, but requires manually enabling the user to login" IPV6_SUBNET_SIZE: "IPv6 Subnet Size" - IPV6_SUBNET_SIZE_HELP: "The number of IPv6 addresses typically assigned to a machine" \ No newline at end of file + IPV6_SUBNET_SIZE_HELP: "The number of IPv6 addresses typically assigned to a machine" + USER_ACCOUNT_DISABLED: "Your user account is disabled or it has not yet been activated." \ No newline at end of file diff --git a/login.php b/login.php index dea831b..d375023 100755 --- a/login.php +++ b/login.php @@ -1094,6 +1094,9 @@ public function userLoginAuthorize(UserLoginEvent $event) $user = $event->getUser(); foreach ($event->getAuthorize() as $authorize) { if (!$user->authorize($authorize)) { + if ($user->state !== 'enabled') { + $event->setMessage($this->grav['language']->translate('PLUGIN_LOGIN.USER_ACCOUNT_DISABLED'), 'error'); + } $event->setStatus($event::AUTHORIZATION_DENIED); $event->stopPropagation(); From 8d738a3af9d469bc25578bc9112e15f31d712098 Mon Sep 17 00:00:00 2001 From: Matias Griese Date: Wed, 27 May 2020 13:30:06 +0300 Subject: [PATCH 04/10] Grav 1.7 only: Added `Sync User in Session` feature [#252] --- CHANGELOG.md | 2 ++ blueprints.yaml | 12 ++++++++++++ languages/en.yaml | 4 +++- login.php | 43 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 60 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 05f9090..5751635 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,8 @@ # 3.3.2 ## mm/dd/2020 +1. [](#new) + * Grav 1.7 only: Added `Sync User in Session` feature [#252](https://github.com/getgrav/grav-plugin-login/issues/252) 1. [](#improved) * Added error message when user cannot log in because of account has not been activated or it has been disabled diff --git a/blueprints.yaml b/blueprints.yaml index c3bc550..f76b98d 100644 --- a/blueprints.yaml +++ b/blueprints.yaml @@ -141,6 +141,18 @@ form: validate: type: bool + session_user_sync: + type: toggle + label: PLUGIN_LOGIN.SESSION_USER_SYNC + highlight: 1 + default: 0 + help: PLUGIN_LOGIN.SESSION_USER_SYNC_HELP + options: + 1: PLUGIN_ADMIN.ENABLED + 0: PLUGIN_ADMIN.DISABLED + validate: + type: bool + rememberme: type: section title: PLUGIN_LOGIN.REMEMBER_ME diff --git a/languages/en.yaml b/languages/en.yaml index f9f77db..409ea88 100644 --- a/languages/en.yaml +++ b/languages/en.yaml @@ -140,4 +140,6 @@ PLUGIN_LOGIN: MANUALLY_ENABLE_HELP: "When using 'activation email' and 'notification email', you can ensure the user can self activate, but requires manually enabling the user to login" IPV6_SUBNET_SIZE: "IPv6 Subnet Size" IPV6_SUBNET_SIZE_HELP: "The number of IPv6 addresses typically assigned to a machine" - USER_ACCOUNT_DISABLED: "Your user account is disabled or it has not yet been activated." \ No newline at end of file + USER_ACCOUNT_DISABLED: "Your user account is disabled or it has not yet been activated." + SESSION_USER_SYNC: "Sync User in Session" + SESSION_USER_SYNC_HELP: "If Enabled, user in the session is kept in sync with the stored user file. WARNING: This feature may break some existing plugins which update user object in the session without saving it to the filesystem using `$user->save()` method." \ No newline at end of file diff --git a/login.php b/login.php index d375023..d32afbf 100755 --- a/login.php +++ b/login.php @@ -12,6 +12,7 @@ use Composer\Autoload\ClassLoader; use Grav\Common\Data\Data; use Grav\Common\Debugger; +use Grav\Common\Flex\Types\Users\UserObject; use Grav\Common\Grav; use Grav\Common\Language\Language; use Grav\Common\Page\Interfaces\PageInterface; @@ -23,6 +24,8 @@ use Grav\Common\User\Interfaces\UserInterface; use Grav\Common\Utils; use Grav\Common\Uri; +use Grav\Events\SessionStartEvent; +use Grav\Framework\Flex\Interfaces\FlexCollectionInterface; use Grav\Framework\Flex\Interfaces\FlexObjectInterface; use Grav\Framework\Session\SessionInterface; use Grav\Plugin\Form\Form; @@ -59,6 +62,7 @@ class LoginPlugin extends Plugin public static function getSubscribedEvents() { return [ + SessionStartEvent::class => ['onSessionStart', 0], 'onPluginsInitialized' => [['autoload', 100000], ['initializeSession', 10000], ['initializeLogin', 1000]], 'onTask.login.login' => ['loginController', 0], 'onTask.login.twofa' => ['loginController', 0], @@ -92,6 +96,45 @@ public function autoload() : ClassLoader return require __DIR__ . '/vendor/autoload.php'; } + + public function onSessionStart(SessionStartEvent $event) + { + $session = $event->session; + + $user = $session->user ?? null; + if ($user && $user->exists() && ($this->config()['session_user_sync'] ?? false)) { + // User is stored into the filesystem. + + /** @var UserCollectionInterface $accounts */ + $accounts = $this->grav['accounts']; + + /** @var UserObject $stored */ + if ($accounts instanceof FlexCollectionInterface) { + $stored = $accounts[$user->username]; + } else { + // TODO: remove when removing legacy support. + $stored = $accounts->load($user->username); + } + + if ($stored && $stored->exists()) { + // User still exists, update user object in the session. + $user->update($stored->jsonSerialize()); + } else { + // User doesn't exist anymore, prepare for session invalidation. + $user->state = 'disabled'; + } + + if ($user->state !== 'enabled') { + // If user isn't enabled, clear all session data and display error. + $session->invalidate()->start(); + + /** @var Message $messages */ + $messages = $this->grav['messages']; + $messages->add($this->grav['language']->translate('PLUGIN_LOGIN.USER_ACCOUNT_DISABLED'), 'error'); + } + } + } + /** * [onPluginsInitialized] Initialize login plugin if path matches. * @throws \RuntimeException From c82df1104fe46cfcf9cbe5fa56db2b623fc82d6d Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Wed, 3 Jun 2020 13:33:39 -0600 Subject: [PATCH 05/10] Add default session user sync setting Signed-off-by: Andy Miller --- login.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/login.yaml b/login.yaml index b4d0d8c..6dc5153 100644 --- a/login.yaml +++ b/login.yaml @@ -3,6 +3,7 @@ built_in_css: true # Use built-in CSS redirect_to_login: false # If you try to access a page you don't have access to, should you redirect to login route redirect_after_login: true # Path to redirect to after a successful login redirect_after_logout: true # Path to redirect to after a successful logout +session_user_sync: false # Sync session user with changes in stored user file route: '/login' # Specific route for Login page (default is '/login') route_after_login: # Route to go to after login if enabled From 856d1644b042af9e03a97dfeee394e6a157bf93d Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Wed, 3 Jun 2020 13:33:58 -0600 Subject: [PATCH 06/10] =?UTF-8?q?clean=20up=20=E2=80=98default=E2=80=99=20?= =?UTF-8?q?states=20for=20option=20toggles?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andy Miller --- blueprints.yaml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/blueprints.yaml b/blueprints.yaml index f76b98d..60197f7 100644 --- a/blueprints.yaml +++ b/blueprints.yaml @@ -62,7 +62,8 @@ form: type: toggle label: PLUGIN_LOGIN.REDIRECT_TO_LOGIN help: PLUGIN_LOGIN.REDIRECT_TO_LOGIN_HELP - default: 1 + default: 0 + highlight: 0 options: 1: PLUGIN_ADMIN.ENABLED 0: PLUGIN_ADMIN.DISABLED @@ -75,6 +76,7 @@ form: help: PLUGIN_LOGIN.REDIRECT_AFTER_LOGIN_HELP force_bool: true default: 0 + highlight: 0 options: 1: PLUGIN_ADMIN.ENABLED 0: PLUGIN_ADMIN.DISABLED @@ -86,7 +88,8 @@ form: label: PLUGIN_LOGIN.REDIRECT_AFTER_LOGOUT help: PLUGIN_LOGIN.REDIRECT_AFTER_LOGOUT_HELP force_bool: true - default: 0 + default: 1 + highlight: 1 options: 1: PLUGIN_ADMIN.ENABLED 0: PLUGIN_ADMIN.DISABLED @@ -96,7 +99,7 @@ form: parent_acl: type: toggle label: PLUGIN_LOGIN.USE_PARENT_ACL_LABEL - highlight: 1 + highlight: 0 default: 0 help: PLUGIN_LOGIN.USE_PARENT_ACL_HELP options: @@ -132,7 +135,7 @@ form: protect_protected_page_media: type: toggle label: PLUGIN_LOGIN.PROTECT_PROTECTED_PAGE_MEDIA_LABEL - highlight: 1 + highlight: 0 default: 0 help: PLUGIN_LOGIN.PROTECT_PROTECTED_PAGE_MEDIA_HELP options: @@ -144,7 +147,7 @@ form: session_user_sync: type: toggle label: PLUGIN_LOGIN.SESSION_USER_SYNC - highlight: 1 + highlight: 0 default: 0 help: PLUGIN_LOGIN.SESSION_USER_SYNC_HELP options: From 07366e69913115edb1243030d31d80e8b1197d95 Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Wed, 3 Jun 2020 13:34:10 -0600 Subject: [PATCH 07/10] Set better default states Signed-off-by: Andy Miller --- login.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/login.yaml b/login.yaml index 6dc5153..e316560 100644 --- a/login.yaml +++ b/login.yaml @@ -1,12 +1,12 @@ enabled: true # Enable the plugin built_in_css: true # Use built-in CSS redirect_to_login: false # If you try to access a page you don't have access to, should you redirect to login route -redirect_after_login: true # Path to redirect to after a successful login +redirect_after_login: false # Path to redirect to after a successful login redirect_after_logout: true # Path to redirect to after a successful logout session_user_sync: false # Sync session user with changes in stored user file route: '/login' # Specific route for Login page (default is '/login') -route_after_login: # Route to go to after login if enabled +route_after_login: '/' # Route to go to after login if enabled route_after_logout: '/' # Route to logout to if enabled route_activate: '/activate_user' # Route for the user activation process route_forgot: '/forgot_password' # Route for the forgot password process From 0c18998d9b4196ca94db7f67657e4dd19e576852 Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Wed, 3 Jun 2020 13:34:39 -0600 Subject: [PATCH 08/10] refactor to use helper methods for finding redirect routes Signed-off-by: Andy Miller --- classes/Controller.php | 15 +++------------ login.php | 28 ++++++++++------------------ 2 files changed, 13 insertions(+), 30 deletions(-) diff --git a/classes/Controller.php b/classes/Controller.php index 35c9d2f..54fe930 100644 --- a/classes/Controller.php +++ b/classes/Controller.php @@ -132,10 +132,7 @@ public function taskLogin() $event = $this->login->login($form, ['rate_limit' => true, 'remember_me' => true, 'twofa' => $twofa], ['return_event' => true]); $user = $event->getUser(); - /* Support old string-based $redirect_after_login + new bool approach */ - $redirect_after_login = $this->grav['config']->get('plugins.login.redirect_after_login'); - $route_after_login = $this->grav['config']->get('plugins.login.route_after_login'); - $login_redirect = is_bool($redirect_after_login) && $redirect_after_login == true ? $route_after_login : $redirect_after_login; + $login_redirect = LoginPlugin::defaultRedirectAfterLogin(); if ($user->authenticated) { if ($user->authorized) { @@ -238,10 +235,7 @@ public function taskTwoFa() $user->authorized = !$event->isDelayed(); if (!$event->getRedirect()) { - /* Support old string-based $redirect_after_login + new bool approach */ - $redirect_after_login = $this->grav['config']->get('plugins.login.redirect_after_login'); - $route_after_login = $this->grav['config']->get('plugins.login.route_after_login'); - $login_redirect = is_bool($redirect_after_login) && $redirect_after_login === true ? $route_after_login : $redirect_after_login; + $login_redirect = LoginPlugin::defaultRedirectAfterLogin(); $event->setRedirect( $this->grav['session']->redirect_after_login ?: $login_redirect ?: $this->grav['uri']->referrer('/'), @@ -325,10 +319,7 @@ public function taskLogout() $messages->add($t->translate($message), $event->getMessageType()); } - /* Support old string-based $redirect_after_logout + new bool approach */ - $redirect_after_logout = $this->grav['config']->get('plugins.login.redirect_after_logout'); - $route_after_logout = $this->grav['config']->get('plugins.login.route_after_logout'); - $logout_redirect = is_bool($redirect_after_logout) && $redirect_after_logout == true ? $route_after_logout : $redirect_after_logout; + $logout_redirect = LoginPlugin::defaultRedirectAfterLogout(); $redirect = $event->getRedirect() ?: $logout_redirect ?: $this->getCurrentRedirect(); if ($redirect) { diff --git a/login.php b/login.php index d32afbf..0cf9914 100755 --- a/login.php +++ b/login.php @@ -281,10 +281,7 @@ public function storeReferrerPage() $uri = $this->grav['uri']; $current_route = $uri->route(); - /* Support old string-based $redirect_after_login + new bool approach */ - $redirect_after_login = $this->grav['config']->get('plugins.login.redirect_after_login'); - $route_after_login = $this->grav['config']->get('plugins.login.route_after_login'); - $redirect = is_bool($redirect_after_login) && $redirect_after_login == true ? $route_after_login : $redirect_after_login; + $redirect = static::defaultRedirectAfterLogin(); if (!$redirect && !in_array($current_route, $invalid_redirect_routes, true)) { // No login redirect set in the configuration; can we redirect to the current page? @@ -1219,24 +1216,19 @@ public function userLogout(UserLoginEvent $event) public static function defaultRedirectAfterLogin() { - $legacy_option = Grav::instance()['config']->get('plugins.login.redirect_after_login'); - if (is_bool($legacy_option)) { - $default = Grav::instance()['config']->get('plugins.login.route_after_login'); - } else { - $default = $legacy_option; - } - return $default; + $config = Grav::instance()['config']; + $redirect_after_login = $config->get('plugins.login.redirect_after_login'); + $route_after_login = $config->get('plugins.login.route_after_login'); + return is_bool($redirect_after_login) && $redirect_after_login == true ? $route_after_login : $redirect_after_login; } public static function defaultRedirectAfterLogout() { - $legacy_option = Grav::instance()['config']->get('plugins.login.redirect_after_logout'); - if (is_bool($legacy_option)) { - $default = Grav::instance()['config']->get('plugins.login.route_after_logout'); - } else { - $default = $legacy_option; - } - return $default; + $config = Grav::instance()['config']; + $redirect_after_logout = $config->get('plugins.logout.redirect_after_logout'); + $route_after_logout = $config->get('plugins.logout.route_after_logout'); + + return is_bool($redirect_after_logout) && $redirect_after_logout == true ? $route_after_logout : $redirect_after_logout; } } From 8a1dedb42bd1cf966c66bfa0e624e8586d672c5d Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Wed, 3 Jun 2020 13:36:24 -0600 Subject: [PATCH 09/10] update changelog Signed-off-by: Andy Miller --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5751635..d1f63ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,10 @@ 1. [](#new) * Grav 1.7 only: Added `Sync User in Session` feature [#252](https://github.com/getgrav/grav-plugin-login/issues/252) 1. [](#improved) + * Refactored code to use helper methods to find redirect routes * Added error message when user cannot log in because of account has not been activated or it has been disabled + * Set better defaults for redirects on login and logout + * Fixed proper highlights and default states for admin option toggles # 3.3.1 ## 05/07/2020 From b85117d5ca0a0702dd031f905cd8fcf398a04685 Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Wed, 3 Jun 2020 15:05:37 -0600 Subject: [PATCH 10/10] prepare for release Signed-off-by: Andy Miller --- CHANGELOG.md | 2 +- blueprints.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d1f63ca..77f2d12 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,5 @@ # 3.3.2 -## mm/dd/2020 +## 06/03/2020 1. [](#new) * Grav 1.7 only: Added `Sync User in Session` feature [#252](https://github.com/getgrav/grav-plugin-login/issues/252) diff --git a/blueprints.yaml b/blueprints.yaml index 60197f7..db4c222 100644 --- a/blueprints.yaml +++ b/blueprints.yaml @@ -1,7 +1,7 @@ name: Login slug: login type: plugin -version: 3.3.1 +version: 3.3.2 testing: false description: Enables user authentication and login screen. icon: sign-in