Merge branch 'release/1.3.1'

CHANGELOG.md

@@ -1,3 +1,16 @@
+# v1.3.1
+## 02/05/2016
+
+1. [](#new)
+    * Add translations for Username and Password (placeholders are not translated)
+1. [](#improved)
+    * Improve registration, forgot, reset and login forms accessibility by setting the id attribute
+    * Improved french translation
+    * Add the correct message type when raising a form processing error
+1. [](#bugfix)
+    * Show the correct error message when the user is not authorized to view a page
+    * Fix showing the OAuth links in the login form 
+
 # v1.3.0
 ## 01/06/2016
 

README.md

@@ -23,15 +23,21 @@ The simplest way to create a new user is to simply run the `bin/plugin login new
 
 ### Commands
 
-| `bin/plugin login newuser`       | (Supports Interactive Questionnaire)                            |
-|-----------------------------------|-----------------------------------------------------------------|
-| [ -u, --user=USER ]               | The username.                                                   |
-| [ -p, --password=PASSWORD ]       | The password. Ensure the password respects Grav's password policy. **Note that this option is not recommended because the password will be visible by users listing the processes.** |
-| [ -e, --email=EMAIL ]             | The user email address.                                         |
-| [ -P, --permissions=PERMISSIONS ] | The user permissions. It can be either `a` for Admin access only, `s` for Site access only and `b` for both Admin and Site access. |
-| [ -N, --fullname=FULLNAME ]       | The user full name                                              |
-| [ -t, --title=TITLE ]             | The title of the user. Usually used as a subtext. Example: Admin, Collaborator, Developer |
-| [ -s, --state=STATE ]             | The state of the account. Either `enabled` (default) or `disabled` |
+| Command       | Arguments                            | Explination                |
+|---------------|--------------------------------------|----------------------------|
+|`newuser`|Aliases: `add-user`, `new-user`|Creates a new user (creates file in `user/accounts/`)
+|| [ -u, --user=USER ]               | The username.                                                   |
+|| [ -p, --password=PASSWORD ]       | The password. Ensure the password respects Grav's password policy. **Note that this option is not recommended because the password will be visible by users listing the processes.** |
+|| [ -e, --email=EMAIL ]             | The user email address.                                         |
+|| [ -P, --permissions=PERMISSIONS ] | The user permissions. It can be either `a` for Admin access only, `s` for Site access only and `b` for both Admin and Site access. |
+|| [ -N, --fullname=FULLNAME ]       | The user full name                                              |
+|| [ -t, --title=TITLE ]             | The title of the user. Usually used as a subtext. Example: Admin, Collaborator, Developer |
+|| [ -s, --state=STATE ]             | The state of the account. Either `enabled` (default) or `disabled` |
+|||
+|`changepass`|Aliases: `newpass`, `passwd`|Changes password of the specified user (User file must exist)
+|| [ -u, --user=USER ]               | The username.                                                   |
+|| [ -p, --password=PASSWORD ]       | The new password. Ensure the password respects Grav's password policy. **Note that this option is not recommended because the password will be visible by users listing the processes.** |
+
 
 ### CLI Example
 ```
@@ -95,7 +101,7 @@ access:
 Users who have any of the listed ACL roles enabled will have access to the page.
 Others will be forwarded to login screen.
 
-Because the admin user contains an `admin.login: true` reference he will be able to login to the secured page because that is one of the conditions defined in the page header. You are free to create any specific set of ACL rules you like.  Your user account must simply contain those same rules if you wish th user to have access.
+Because the admin user contains an `admin.login: true` reference he will be able to login to the secured page because that is one of the conditions defined in the page header. You are free to create any specific set of ACL rules you like.  Your user account must simply contain those same rules if you wish the user to have access.
 
 ## Create Private Areas
 

blueprints.yaml

@@ -1,5 +1,5 @@
 name: Login
-version: 1.3.0
+version: 1.3.1
 description: Enables user authentication and login screen.
 icon: sign-in
 author:
@@ -33,7 +33,7 @@ form:
 
             enabled:
               type: hidden
-              label: PLUGIN_LOGIN.PLUGIN_STATUS
+              label: PLUGIN_ADMIN.PLUGIN_STATUS
               highlight: 1
               default: 1
               options:
@@ -74,8 +74,8 @@ form:
               default: 0
               help: "Check for parent access rules if no rules are defined"
               options:
-                1: Enabled
-                0: Disabled
+                1: PLUGIN_ADMIN.ENABLED
+                0: PLUGIN_ADMIN.DISABLED
               validate:
                 type: bool
 
@@ -239,7 +239,7 @@ form:
             oauth.enabled:
               type: toggle
               label: PLUGIN_LOGIN.OAUTH_ENABLE
-              highlight: 0
+              highlight: 1
               default: 0
               options:
                 1: PLUGIN_ADMIN.ENABLED
@@ -250,7 +250,7 @@ form:
             oauth.user.autocreate:
               type: toggle
               label: PLUGIN_LOGIN.OAUTH_USER_AUTOCREATE
-              highlight: 0
+              highlight: 1
               default: 0
               options:
                 1: PLUGIN_ADMIN.ENABLED

classes/Controller.php

@@ -80,7 +80,7 @@ public function execute()
         try {
             $success = call_user_func(array($this, $method));
         } catch (\RuntimeException $e) {
-            $this->setMessage($e->getMessage());
+            $this->setMessage($e->getMessage(), 'error');
         }
 
         if (!$this->redirect && isset($redirect)) {
@@ -95,11 +95,10 @@ public function execute()
      */
     public function redirect()
     {
-        $redirect = $this->grav['config']->get('plugins.login.redirect');
-        if ($redirect) {
-            $this->grav->redirect($redirect, $this->redirectCode);
-        } else if ($this->redirect) {
+        if ($this->redirect) {
             $this->grav->redirect($this->redirect, $this->redirectCode);
+        } else if ($redirect = $this->grav['config']->get('plugins.login.redirect')) {
+            $this->grav->redirect($redirect, $this->redirectCode);
         }
     }
 

classes/LoginController.php

@@ -31,9 +31,9 @@ public function taskLogin()
         } else {
             $user = $this->grav['user'];
             if ($user->username) {
-                $this->setMessage($t->translate('PLUGIN_LOGIN.ACCESS_DENIED'));
+                $this->setMessage($t->translate('PLUGIN_LOGIN.ACCESS_DENIED'), 'error');
             } else {
-                $this->setMessage($t->translate('PLUGIN_LOGIN.LOGIN_FAILED'));
+                $this->setMessage($t->translate('PLUGIN_LOGIN.LOGIN_FAILED'), 'error');
             }
         }
 
@@ -212,9 +212,9 @@ protected function authenticate($form)
             if ($user->exists()) {
                 if (!empty($form['username']) && !empty($form['password'])) {
                     // Authenticate user.
-                    $result = $user->authenticate($form['password']);
+                    $user->authenticated = $user->authenticate($form['password']);
 
-                    if ($result) {
+                    if ($user->authenticated) {
                         $this->grav['session']->user = $user;
 
                         unset($this->grav['user']);
@@ -234,7 +234,9 @@ protected function authenticate($form)
         }
 
         // Authorize against user ACL
-        $user->authenticated = $user->authorize('site.login');
+        $user_authorized = $user->authorize('site.login');
+        $user->authenticated = ($user->authenticated && $user_authorized);
+
         return $user->authenticated;
     }
 }

classes/OAuthLoginController.php

@@ -102,7 +102,7 @@ public function execute()
         }
 
         if (!$this->service || empty($config)) {
-            $this->setMessage($t->translate(['PLUGIN_LOGIN.OAUTH_PROVIDER_NOT_SUPPORTED', $this->action]));
+            $this->setMessage($t->translate(['PLUGIN_LOGIN.OAUTH_PROVIDER_NOT_SUPPORTED', $this->action]), 'error');
             return true;
         }
 
@@ -113,14 +113,14 @@ public function execute()
             if ($authenticated) {
                 $this->setMessage($t->translate('PLUGIN_LOGIN.LOGIN_SUCCESSFUL'));
             } else {
-                $this->setMessage($t->translate('PLUGIN_LOGIN.ACCESS_DENIED'));
+                $this->setMessage($t->translate('PLUGIN_LOGIN.ACCESS_DENIED'), 'error');
             }
 
             // Redirect to current URI
             $referrer = $this->grav['uri']->url(true);
             $this->setRedirect($referrer);
         } elseif (!$this->grav['session']->oauth) {
-            $this->setMessage($t->translate(['PLUGIN_LOGIN.OAUTH_PROVIDER_NOT_SUPPORTED', $this->action]));
+            $this->setMessage($t->translate(['PLUGIN_LOGIN.OAUTH_PROVIDER_NOT_SUPPORTED', $this->action]), 'error');
         }
 
         return true;
@@ -363,9 +363,7 @@ protected function createUser($data, $save = false)
         $user->set('lang', $data['lang']);
 
         // Set access rights
-        $user->join('access',
-            $this->grav['config']->get('plugins.login.oauth.user.access', [])
-        );
+        $user->set('access', $this->grav['config']->get('plugins.login.oauth.user.access', []));
 
         // Authorize OAuth user to access page(s)
         $user->authenticated = $user->authorize('site.login');

languages.yaml

@@ -1,5 +1,8 @@
 en:
   PLUGIN_LOGIN:
+    USERNAME: Username
+    PASSWORD: Password
+
     ACCESS_DENIED: Access denied...
     LOGIN_FAILED: Login failed...
     LOGIN_SUCCESSFUL: You have been successfully logged in.
@@ -21,7 +24,6 @@ en:
     OAUTH_PROVIDER_NOT_SUPPORTED: OAuth provider "%s" is not supported
     OR: or
 
-    PLUGIN_STATUS: Plugin status
     BUILTIN_CSS: Use built in CSS
     BUILTIN_CSS_HELP: Include the CSS provided by the admin plugin
     ROUTE: Login path
@@ -105,6 +107,8 @@ en:
 
 fr:
   PLUGIN_LOGIN:
+    USERNAME: "Nom d'utilisateur"
+    PASSWORD: "Mot de passe"
     ACCESS_DENIED: Accès refusé...
     LOGIN_FAILED: Échec de la connexion...
     LOGIN_SUCCESSFUL: Vous vous êtes connecté avec succès.
@@ -126,7 +130,6 @@ fr:
     OAUTH_PROVIDER_NOT_SUPPORTED: Le fournisseur OAuth "%s" n'est pas pris en charge
     OR: ou
 
-    PLUGIN_STATUS: Statut du plugin
     BUILTIN_CSS: Utiliser les CSS intégrés
     BUILTIN_CSS_HELP: Utiliser les CSS fournis dans le plugin d'administration
     ROUTE: Chemin de connexion
@@ -191,18 +194,18 @@ fr:
     SEND_WELCOME_EMAIL_HELP: "Envoyer un e-mail à un nouvel utilisateur enregistré."
 
     DEFAULT_VALUES: "Valeurs par défaut"
-    DEFAULT_VALUES_HELP: "List of field names and values associated, that will be added to the user profile (yaml file) by default, without being configurable by the user. Separate multiple values with a comma, with no spaces between the values"
+    DEFAULT_VALUES_HELP: "Liste des noms et valeurs associés pour les champs. Ils seront ajoutés au profil utilisateur par défaut (fichier yaml), sans pouvoir être configurables par l'utilisateur. Séparez les différentes valeurs par une virgule, sans espaces entre les valeurs."
     ADDITIONAL_PARAM_KEY: "Paramètre"
     ADDITIONAL_PARAM_VALUE: "Valeur"
 
     REGISTRATION_FIELDS: "Champs d'inscription"
-    REGISTRATION_FIELDS_HELP: "Add the fields that will be added to the user yaml file. Fields not listed here will not be added even if present in the registration form"
+    REGISTRATION_FIELDS_HELP: "Ajouter les champs qui seront ajoutés au fichier yaml de l'utilisateur. Les champs non listés ne seront pas ajoutés même s'ils sont présent sur le formulaire d'inscription"
     REGISTRATION_FIELD_KEY: "Nom du champ"
 
     REDIRECT_AFTER_LOGIN: "Redirection après connexion"
-    REDIRECT_AFTER_LOGIN_HELP: "Custom route to redirect after login"
+    REDIRECT_AFTER_LOGIN_HELP: "Chemin personnalisé de redirection après la connexion"
     REDIRECT_AFTER_REGISTRATION: "Redirection après inscription"
-    REDIRECT_AFTER_REGISTRATION_HELP: "Custom route to redirect after the registration"
+    REDIRECT_AFTER_REGISTRATION_HELP: "Chemin personnalisé de redirection après l'inscription"
 
     OPTIONS: Options
     EMAIL_VALIDATION_MESSAGE: "Doit-être une adresse e-mail valide"
@@ -227,7 +230,6 @@ hr:
     OAUTH_PROVIDER_NOT_SUPPORTED: OAuth provider "%s" nije podržan
     OR: ili
 
-    PLUGIN_STATUS: Plugin status
     BUILTIN_CSS: Koristi ugrađeni CSS
     BUILTIN_CSS_HELP: Uključi CSS koji dolazi sa admin pluginom
     ROUTE: Putanja prijave
@@ -297,7 +299,6 @@ hu:
     OAUTH_PROVIDER_NOT_SUPPORTED: A(z) "%s" OAuth szolgáltató nem használható
     OR: vagy
 
-    PLUGIN_STATUS: Plugin állapota
     BUILTIN_CSS: Beépített CSS használata
     BUILTIN_CSS_HELP: Az admin plugin által biztosított CSS beillesztése
     ROUTE: Belépés útvonala

login.php

@@ -480,12 +480,17 @@ public function onTwigSiteVariables()
         /** @var Twig $twig */
         $twig = $this->grav['twig'];
 
+        /** @var User $user */
+        $user = $this->grav['user'];
+
         $extension = $this->grav['uri']->extension();
         $extension = $extension ?: 'html';
 
         if (!$this->authenticated) {
             $twig->template = "login." . $extension . ".twig";
+        }
 
+        if (!$this->authenticated || !$user->authenticated) {
             $providers = [];
             foreach ($this->config->get('plugins.login.oauth.providers') as $provider => $options) {
                 if ($options['enabled'] && isset($options['credentials'])) {

pages/forgot.md

@@ -5,6 +5,7 @@ form:
     fields:
         - name: username
           type: text
+          id: username
           placeholder: Username
           autofocus: true
 ---

pages/login.md

@@ -9,12 +9,16 @@ form:
     fields:
         - name: username
           type: text
+          id: username
           placeholder: Username
+          label: PLUGIN_LOGIN.USERNAME
           autofocus: true
 
         - name: password
           type: password
+          id: password
           placeholder: Password
+          label: PLUGIN_LOGIN.PASSWORD
 ---
 
 # User Login

pages/register.md

@@ -4,6 +4,7 @@ form:
     -
       name: username
       type: text
+      id: username
       placeholder: "Choose a username"
       validate:
         required: true
@@ -13,6 +14,7 @@ form:
     -
       name: email
       type: email
+      id: email
       placeholder: "Enter your email"
       validate:
         required: true
@@ -21,6 +23,7 @@ form:
     -
       name: password1
       type: password
+      id: password1
       label: Enter a password
       validate:
         required: true
@@ -30,6 +33,7 @@ form:
     -
       name: password2
       type: password
+      id: password2
       label: Enter the password again
       validate:
         required: true

pages/reset.md

@@ -5,10 +5,12 @@ form:
     fields:
         - name: username
           type: text
+          id: username
           placeholder: Username
           readonly: true
         - name: password
           type: password
+          id: password
           placeholder: Password
           autofocus: true
         - name: token