From 9ea754d877a2ba2d2a3a5622478a00958aa10da0 Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Thu, 16 Apr 2020 14:32:37 -0600 Subject: [PATCH 01/13] check to ensure $page is valid --- login.php | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/login.php b/login.php index c159e5c..4b04442 100755 --- a/login.php +++ b/login.php @@ -206,14 +206,16 @@ public function pageVisibility(Event $e) $user = $this->grav['user']; foreach ($pages->instances() as $page) { - $header = $page->header(); - if ($header && isset($header->access) && isset($header->login['visibility_requires_access']) && $header->login['visibility_requires_access'] === true) { - $config = $this->mergeConfig($page); - $access = $this->login->isUserAuthorizedForPage($user, $page, $config); - if ($access === false) { - $page->visible(false); + if ($page) { + $header = $page->header(); + if ($header && isset($header->access) && isset($header->login['visibility_requires_access']) && $header->login['visibility_requires_access'] === true) { + $config = $this->mergeConfig($page); + $access = $this->login->isUserAuthorizedForPage($user, $page, $config); + if ($access === false) { + $page->visible(false); + } } - } + } } } } From 853fb07e19a564dccff27ed8ec145280bf364218 Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Sun, 19 Apr 2020 16:24:06 -0600 Subject: [PATCH 02/13] various route improvements --- blueprints.yaml | 195 +++++++++++++--------- classes/Controller.php | 33 +++- languages/en.yaml | 12 +- login.php | 7 +- login.yaml | 11 +- templates/partials/login-status.html.twig | 2 +- 6 files changed, 164 insertions(+), 96 deletions(-) diff --git a/blueprints.yaml b/blueprints.yaml index b8362e2..7ca290c 100644 --- a/blueprints.yaml +++ b/blueprints.yaml @@ -27,9 +27,9 @@ form: class: subtle fields: - login: + options: type: tab - title: PLUGIN_LOGIN.BTN_LOGIN + title: PLUGIN_LOGIN.OPTIONS fields: @@ -56,42 +56,38 @@ form: validate: type: bool - route: - type: text - size: medium - label: PLUGIN_LOGIN.ROUTE - help: PLUGIN_LOGIN.ROUTE_HELP - placeholder: "/my-custom-login" + redirect_to_login: + type: toggle + label: PLUGIN_LOGIN.REDIRECT_TO_LOGIN + help: PLUGIN_LOGIN.REDIRECT_TO_LOGIN_HELP + default: 1 + options: + 1: PLUGIN_ADMIN.ENABLED + 0: PLUGIN_ADMIN.DISABLED + validate: + type: bool redirect_after_login: - type: text + type: toggle label: PLUGIN_LOGIN.REDIRECT_AFTER_LOGIN help: PLUGIN_LOGIN.REDIRECT_AFTER_LOGIN_HELP - placeholder: "/my-page" + default: 0 + options: + 1: PLUGIN_ADMIN.ENABLED + 0: PLUGIN_ADMIN.DISABLED + validate: + type: bool redirect_after_logout: - type: text + type: toggle label: PLUGIN_LOGIN.REDIRECT_AFTER_LOGOUT help: PLUGIN_LOGIN.REDIRECT_AFTER_LOGOUT_HELP - placeholder: "/" - - route_forgot: - type: text - size: medium - label: PLUGIN_LOGIN.ROUTE_FORGOT - placeholder: "/forgot_password" - - route_reset: - type: text - size: medium - label: PLUGIN_LOGIN.ROUTE_RESET - placeholder: "/reset_password" - - route_profile: - type: text - size: medium - label: PLUGIN_LOGIN.ROUTE_PROFILE - placeholder: "/user_profile" + default: 0 + options: + 1: PLUGIN_ADMIN.ENABLED + 0: PLUGIN_ADMIN.DISABLED + validate: + type: bool parent_acl: type: toggle @@ -141,55 +137,6 @@ form: validate: type: bool - routes: - type: section - title: PLUGIN_LOGIN.ROUTES - - fields: - - route_activate: - type: text - size: medium - label: PLUGIN_LOGIN.ROUTE_ACTIVATE - placeholder: '/activate_user' - - route_forgot: - type: text - size: medium - label: PLUGIN_LOGIN.ROUTE_FORGOT - placeholder: '/forgot_password' - - route_reset: - type: text - size: medium - label: PLUGIN_LOGIN.ROUTE_RESET - placeholder: '/reset_password' - - route_profile: - type: text - size: medium - label: PLUGIN_LOGIN.ROUTE_PROFILE - placeholder: '/user_profile' - - route_register: - type: text - size: medium - label: PLUGIN_LOGIN.ROUTE_REGISTER - help: PLUGIN_LOGIN.ROUTE_REGISTER_HELP - placeholder: "/register" - - user_registration.redirect_after_registration: - type: text - label: PLUGIN_LOGIN.REDIRECT_AFTER_REGISTRATION - help: PLUGIN_LOGIN.REDIRECT_AFTER_REGISTRATION_HELP - placeholder: "/page-to-show-after-registration" - - user_registration.redirect_after_activation: - type: text - label: PLUGIN_LOGIN.REDIRECT_AFTER_ACTIVATION - help: PLUGIN_LOGIN.REDIRECT_AFTER_ACTIVATION_HELP - placeholder: "/page-to-show-after-activation" - rememberme: type: section title: PLUGIN_LOGIN.REMEMBER_ME @@ -222,6 +169,96 @@ form: label: PLUGIN_ADMIN.NAME help: PLUGIN_ADMIN.SESSION_NAME_HELP + routes: + type: tab + title: PLUGIN_LOGIN.ROUTES + + fields: + + route: + type: text + size: medium + label: PLUGIN_LOGIN.ROUTE + help: PLUGIN_LOGIN.ROUTE_HELP + placeholder: "/login" + + route_after_login: + type: text + size: medium + label: PLUGIN_LOGIN.ROUTE_AFTER_LOGIN + help: PLUGIN_LOGIN.ROUTE_AFTER_LOGIN_HELP + placeholder: "/user_profile" + + route_after_logout: + type: text + size: medium + label: PLUGIN_LOGIN.ROUTE_AFTER_LOGOUT + help: PLUGIN_LOGIN.ROUTE_AFTER_LOGOUT_HELP + placeholder: "/" + + route_forgot: + type: text + size: medium + label: PLUGIN_LOGIN.ROUTE_FORGOT + placeholder: "/forgot_password" + + route_reset: + type: text + size: medium + label: PLUGIN_LOGIN.ROUTE_RESET + placeholder: "/reset_password" + + route_profile: + type: text + size: medium + label: PLUGIN_LOGIN.ROUTE_PROFILE + placeholder: "/user_profile" + + route_activate: + type: text + size: medium + label: PLUGIN_LOGIN.ROUTE_ACTIVATE + placeholder: '/activate_user' + + route_forgot: + type: text + size: medium + label: PLUGIN_LOGIN.ROUTE_FORGOT + placeholder: '/forgot_password' + + route_reset: + type: text + size: medium + label: PLUGIN_LOGIN.ROUTE_RESET + placeholder: '/reset_password' + + route_profile: + type: text + size: medium + label: PLUGIN_LOGIN.ROUTE_PROFILE + placeholder: '/user_profile' + + route_register: + type: text + size: medium + label: PLUGIN_LOGIN.ROUTE_REGISTER + help: PLUGIN_LOGIN.ROUTE_REGISTER_HELP + placeholder: "/register" + + user_registration.redirect_after_registration: + type: text + size: medium + label: PLUGIN_LOGIN.REDIRECT_AFTER_REGISTRATION + help: PLUGIN_LOGIN.REDIRECT_AFTER_REGISTRATION_HELP + placeholder: "/page-to-show-after-registration" + + user_registration.redirect_after_activation: + type: text + size: medium + label: PLUGIN_LOGIN.REDIRECT_AFTER_ACTIVATION + help: PLUGIN_LOGIN.REDIRECT_AFTER_ACTIVATION_HELP + placeholder: "/page-to-show-after-activation" + registration: type: tab title: PLUGIN_LOGIN.USER_REGISTRATION diff --git a/classes/Controller.php b/classes/Controller.php index 8824f4f..c5697df 100644 --- a/classes/Controller.php +++ b/classes/Controller.php @@ -153,6 +153,12 @@ public function taskLogin() $event = $this->login->login($form, ['remember_me' => true, 'twofa' => $twofa], ['return_event' => true]); $user = $event->getUser(); + /* Support old string-based $redirect_after_login + new bool approach */ + $redirect_after_login = $this->grav['config']->get('plugins.login.redirect_after_login'); + $route_after_login = $this->grav['config']->get('plugins.login.route_after_login'); + $login_redirect = is_bool($redirect_after_login) && $redirect_after_login == true ? $route_after_login : $redirect_after_login; + + if ($user->authenticated) { $rateLimiter->resetRateLimit($ipKey, 'ip')->resetRateLimit($userKey); if ($user->authorized) { @@ -160,12 +166,13 @@ public function taskLogin() $event->defRedirect( $this->grav['session']->redirect_after_login ?: - $this->grav['config']->get('plugins.login.redirect_after_login') ?: - $this->grav['uri']->referrer('/') + $login_redirect ?: $this->grav['uri']->referrer('/') ); } else { + $redirect_to_login = $this->grav['config']->get('plugins.login.route_to_login'); $login_route = $this->grav['config']->get('plugins.login.route'); - $event->defRedirect($login_route ?: $this->grav['uri']->referrer('/')); + $redirect_route = $redirect_to_login && $login_route ? $login_route : false; + $event->defRedirect($redirect_route ?: $this->grav['uri']->referrer('/')); } } else { if ($user->authorized) { @@ -210,9 +217,11 @@ public function taskTwoFa() $user->authenticated = false; + $redirect_to_login = $this->grav['config']->get('plugins.login.route_to_login'); $login_route = $this->grav['config']->get('plugins.login.route'); - if ($login_route) { - $this->setRedirect($login_route, 303); + $redirect_route = $redirect_to_login && $login_route ? $login_route : false; + if ($redirect_route) { + $this->setRedirect($redirect_route, 303); } return true; @@ -222,9 +231,14 @@ public function taskTwoFa() $user->authorized = true; + /* Support old string-based $redirect_after_login + new bool approach */ + $redirect_after_login = $this->grav['config']->get('plugins.login.redirect_after_login'); + $route_after_login = $this->grav['config']->get('plugins.login.route_after_login'); + $login_redirect = is_bool($redirect_after_login) && $redirect_after_login == true ? $route_after_login : $redirect_after_login; + $this->setRedirect( $this->grav['session']->redirect_after_login - ?: $this->grav['config']->get('plugins.login.redirect_after_login') + ?: $login_redirect ?: $this->grav['uri']->referrer('/') ); @@ -249,7 +263,12 @@ public function taskLogout() $messages->add($t->translate($message), $event->getMessageType()); } - $redirect = $event->getRedirect() ?: $this->grav['config']->get('plugins.login.redirect_after_logout'); + /* Support old string-based $redirect_after_logout + new bool approach */ + $redirect_after_logout = $this->grav['config']->get('plugins.login.redirect_after_logout'); + $route_after_logout = $this->grav['config']->get('plugins.login.route_after_logout'); + $logout_redirect = is_bool($redirect_after_logout) && $redirect_after_logout == true ? $route_after_logout : $redirect_after_logout; + + $redirect = $event->getRedirect() ?: $logout_redirect; if ($redirect) { $this->setRedirect($redirect, $event->getRedirectCode()); } diff --git a/languages/en.yaml b/languages/en.yaml index 95bfa31..093d6d7 100644 --- a/languages/en.yaml +++ b/languages/en.yaml @@ -29,7 +29,7 @@ PLUGIN_LOGIN: REMEMBER_ME_STOLEN_COOKIE: "Someone else has used your login information to access this page! All sessions were logged out. Please log in with your credentials and check your data." BUILTIN_CSS: "Use built in CSS" BUILTIN_CSS_HELP: "Include the CSS provided by the admin plugin" - ROUTE: "Login path" + ROUTE: "Login route" ROUTE_HELP: "Custom route to a custom login page that your theme provides" ROUTE_REGISTER: "Registration path" ROUTE_REGISTER_HELP: "Route to the registration page. Set this if you want to use the built-in registration page. Leave it empty if you have your own registration form" @@ -74,10 +74,16 @@ PLUGIN_LOGIN: REGISTRATION_FIELDS: "Registration fields" REGISTRATION_FIELDS_HELP: "Add the fields that will be added to the user Yaml file. Fields not listed here will not be added even if present in the registration form" REGISTRATION_FIELD_KEY: "Field name" + REDIRECT_TO_LOGIN: "Redirect to login" + REDIRECT_TO_LOGIN_HELP: "Should user be redirected to a login page, or display the login at the current route?" REDIRECT_AFTER_LOGIN: "Redirect after login" - REDIRECT_AFTER_LOGIN_HELP: "Custom route to redirect after login" + REDIRECT_AFTER_LOGIN_HELP: "Should the user be redirect to a specific route after login?" + ROUTE_AFTER_LOGIN: "After login route" + ROUTE_AFTER_LOGIN_HELP: "Custom route to redirect after login" REDIRECT_AFTER_LOGOUT: "Redirect after logout" - REDIRECT_AFTER_LOGOUT_HELP: "Custom route to redirect after logout" + REDIRECT_AFTER_LOGOUT_HELP: "Should the user be redirected to a specific route after logout?" + ROUTE_AFTER_LOGOUT: "After logout route" + ROUTE_AFTER_LOGOUT_HELP: "Custom route to redirect after logout" REDIRECT_AFTER_REGISTRATION: "Redirect after registration" REDIRECT_AFTER_REGISTRATION_HELP: "Custom route to redirect after the registration" OPTIONS: "Options" diff --git a/login.php b/login.php index 4b04442..c4435d5 100755 --- a/login.php +++ b/login.php @@ -236,7 +236,11 @@ public function storeReferrerPage() /** @var Uri $uri */ $uri = $this->grav['uri']; $current_route = $uri->route(); - $redirect = $this->grav['config']->get('plugins.login.redirect_after_login'); + + /* Support old string-based $redirect_after_login + new bool approach */ + $redirect_after_login = $this->grav['config']->get('plugins.login.redirect_after_login'); + $route_after_login = $this->grav['config']->get('plugins.login.route_after_login'); + $redirect = is_bool($redirect_after_login) && $redirect_after_login == true ? $route_after_login : $redirect_after_login; if (!$redirect && !in_array($current_route, $invalid_redirect_routes, true)) { // No login redirect set in the configuration; can we redirect to the current page? @@ -571,7 +575,6 @@ public function authorizePage() } else { $page = new Page(); - // $this->grav['session']->redirect_after_login = $this->grav['uri']->path() . ($this->grav['uri']->params() ?: ''); // Get the admin Login page is needed, else teh default if ($this->isAdmin()) { diff --git a/login.yaml b/login.yaml index c3d6d42..90138b9 100644 --- a/login.yaml +++ b/login.yaml @@ -1,9 +1,12 @@ enabled: true # Enable the plugin built_in_css: true # Use built-in CSS -route: # Specific route for Login page (default is '/login') -redirect_to_login: true # If you try to access a page you don't have access to, should you redirect to login route -redirect_after_login: # Path to redirect to after a successful login (eg '/user_profile') -redirect_after_logout: '/' # Path to redirect to after a successful logout (eg '/') +redirect_to_login: false # If you try to access a page you don't have access to, should you redirect to login route +redirect_after_login: false # Path to redirect to after a successful login +redirect_after_logout: false # Path to redirect to after a successful logout + +route: '/login' # Specific route for Login page (default is '/login') +route_after_login: '/user_profile' # Route to go to after login if enabled +route_after_logout: '/' # Route to logout to if enabled route_activate: '/activate_user' # Route for the user activation process route_forgot: '/forgot_password' # Route for the forgot password process route_reset: '/reset_password' # Route for the reset password process diff --git a/templates/partials/login-status.html.twig b/templates/partials/login-status.html.twig index 7c06016..6680349 100755 --- a/templates/partials/login-status.html.twig +++ b/templates/partials/login-status.html.twig @@ -1,5 +1,5 @@ From db94e9e21c80cc3e667da9c8b791026f192468c8 Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Sun, 19 Apr 2020 16:29:41 -0600 Subject: [PATCH 03/13] slight re-order --- blueprints.yaml | 14 ++++++++------ languages/en.yaml | 6 +++--- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/blueprints.yaml b/blueprints.yaml index 7ca290c..bf4c2b1 100644 --- a/blueprints.yaml +++ b/blueprints.yaml @@ -220,6 +220,13 @@ form: label: PLUGIN_LOGIN.ROUTE_ACTIVATE placeholder: '/activate_user' + user_registration.redirect_after_activation: + type: text + size: medium + label: PLUGIN_LOGIN.REDIRECT_AFTER_ACTIVATION + help: PLUGIN_LOGIN.REDIRECT_AFTER_ACTIVATION_HELP + placeholder: "/page-to-show-after-activation" + route_forgot: type: text size: medium @@ -252,12 +259,7 @@ form: help: PLUGIN_LOGIN.REDIRECT_AFTER_REGISTRATION_HELP placeholder: "/page-to-show-after-registration" - user_registration.redirect_after_activation: - type: text - size: medium - label: PLUGIN_LOGIN.REDIRECT_AFTER_ACTIVATION - help: PLUGIN_LOGIN.REDIRECT_AFTER_ACTIVATION_HELP - placeholder: "/page-to-show-after-activation" + registration: type: tab diff --git a/languages/en.yaml b/languages/en.yaml index 093d6d7..692a3f1 100644 --- a/languages/en.yaml +++ b/languages/en.yaml @@ -31,7 +31,7 @@ PLUGIN_LOGIN: BUILTIN_CSS_HELP: "Include the CSS provided by the admin plugin" ROUTE: "Login route" ROUTE_HELP: "Custom route to a custom login page that your theme provides" - ROUTE_REGISTER: "Registration path" + ROUTE_REGISTER: "Registration route" ROUTE_REGISTER_HELP: "Route to the registration page. Set this if you want to use the built-in registration page. Leave it empty if you have your own registration form" USERNAME_NOT_VALID: "Username should be between 3 and 16 characters, including lowercase letters, numbers, underscores, and hyphens. Uppercase letters, spaces, and special characters are not allowed" USERNAME_NOT_AVAILABLE: "Username %s already exists, please pick another username" @@ -84,7 +84,7 @@ PLUGIN_LOGIN: REDIRECT_AFTER_LOGOUT_HELP: "Should the user be redirected to a specific route after logout?" ROUTE_AFTER_LOGOUT: "After logout route" ROUTE_AFTER_LOGOUT_HELP: "Custom route to redirect after logout" - REDIRECT_AFTER_REGISTRATION: "Redirect after registration" + REDIRECT_AFTER_REGISTRATION: "After registration route" REDIRECT_AFTER_REGISTRATION_HELP: "Custom route to redirect after the registration" OPTIONS: "Options" EMAIL_VALIDATION_MESSAGE: "Must be a valid email address" @@ -93,7 +93,7 @@ PLUGIN_LOGIN: GROUPS_HELP: "List of groups the new registered user will be part of, if any" SITE_ACCESS_HELP: "List of site access levels the new registered user will have. Example: `login` -> `true` " WELCOME: "Welcome" - REDIRECT_AFTER_ACTIVATION: "Redirect after the user activation" + REDIRECT_AFTER_ACTIVATION: "After user activation route" REDIRECT_AFTER_ACTIVATION_HELP: "Used if the user is required to activate the account via email. Once activated, this route will be shown" REGISTRATION_DISABLED: "Registration disabled" USE_PARENT_ACL_LABEL: "Use parent access rules" From 10f15f522b03f49cbc4b66acb26304ebf7aaea96 Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Mon, 20 Apr 2020 09:25:21 -0600 Subject: [PATCH 04/13] better bc compatibility in admin --- blueprints.yaml | 2 ++ login.php | 11 +++++++++++ login.yaml | 8 ++++---- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/blueprints.yaml b/blueprints.yaml index bf4c2b1..5c0a044 100644 --- a/blueprints.yaml +++ b/blueprints.yaml @@ -187,6 +187,7 @@ form: size: medium label: PLUGIN_LOGIN.ROUTE_AFTER_LOGIN help: PLUGIN_LOGIN.ROUTE_AFTER_LOGIN_HELP + data-default@: '\Grav\Plugin\LoginPlugin::defaultRedirectAfterLogin' placeholder: "/user_profile" route_after_logout: @@ -194,6 +195,7 @@ form: size: medium label: PLUGIN_LOGIN.ROUTE_AFTER_LOGOUT help: PLUGIN_LOGIN.ROUTE_AFTER_LOGOUT_HELP + data-default@: '\Grav\Plugin\LoginPlugin::defaultRedirectAfterLogout' placeholder: "/" route_forgot: diff --git a/login.php b/login.php index c4435d5..d98b772 100755 --- a/login.php +++ b/login.php @@ -1122,4 +1122,15 @@ public function userLogout(UserLoginEvent $event) // Clear all session data. $session->invalidate()->start(); } + + public static function defaultRedirectAfterLogin() + { + return Grav::instance()['config']->get('plugins.login.redirect_after_login'); + + } + + public static function defaultRedirectAfterLogout() + { + return Grav::instance()['config']->get('plugins.login.redirect_after_logout'); + } } diff --git a/login.yaml b/login.yaml index 90138b9..600e1e0 100644 --- a/login.yaml +++ b/login.yaml @@ -1,12 +1,12 @@ enabled: true # Enable the plugin built_in_css: true # Use built-in CSS redirect_to_login: false # If you try to access a page you don't have access to, should you redirect to login route -redirect_after_login: false # Path to redirect to after a successful login -redirect_after_logout: false # Path to redirect to after a successful logout +redirect_after_login: true # Path to redirect to after a successful login +redirect_after_logout: true # Path to redirect to after a successful logout route: '/login' # Specific route for Login page (default is '/login') -route_after_login: '/user_profile' # Route to go to after login if enabled -route_after_logout: '/' # Route to logout to if enabled +route_after_login: # Route to go to after login if enabled +route_after_logout: # Route to logout to if enabled route_activate: '/activate_user' # Route for the user activation process route_forgot: '/forgot_password' # Route for the forgot password process route_reset: '/reset_password' # Route for the reset password process From 9ffa329e1888b9eeeae5a4958e67a7ccc990b273 Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Mon, 20 Apr 2020 09:43:55 -0600 Subject: [PATCH 05/13] use new toggle `force_bool: true` for better BC --- blueprints.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/blueprints.yaml b/blueprints.yaml index 5c0a044..c22545e 100644 --- a/blueprints.yaml +++ b/blueprints.yaml @@ -71,6 +71,7 @@ form: type: toggle label: PLUGIN_LOGIN.REDIRECT_AFTER_LOGIN help: PLUGIN_LOGIN.REDIRECT_AFTER_LOGIN_HELP + force_bool: true default: 0 options: 1: PLUGIN_ADMIN.ENABLED @@ -82,6 +83,7 @@ form: type: toggle label: PLUGIN_LOGIN.REDIRECT_AFTER_LOGOUT help: PLUGIN_LOGIN.REDIRECT_AFTER_LOGOUT_HELP + force_bool: true default: 0 options: 1: PLUGIN_ADMIN.ENABLED From b1582da9c095d58c1f6820e9411b2c227f8f08be Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Mon, 20 Apr 2020 10:45:34 -0600 Subject: [PATCH 06/13] fix for logout twig --- templates/partials/login-status.html.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/partials/login-status.html.twig b/templates/partials/login-status.html.twig index 6680349..ce7bf52 100755 --- a/templates/partials/login-status.html.twig +++ b/templates/partials/login-status.html.twig @@ -1,5 +1,5 @@ From ac6c0836e8a77fc5855febb64f71a410155cb80a Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Mon, 20 Apr 2020 11:15:16 -0600 Subject: [PATCH 07/13] typo --- classes/Controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/Controller.php b/classes/Controller.php index c5697df..a1ea585 100644 --- a/classes/Controller.php +++ b/classes/Controller.php @@ -169,7 +169,7 @@ public function taskLogin() $login_redirect ?: $this->grav['uri']->referrer('/') ); } else { - $redirect_to_login = $this->grav['config']->get('plugins.login.route_to_login'); + $redirect_to_login = $this->grav['config']->get('plugins.login.redirect_to_login'); $login_route = $this->grav['config']->get('plugins.login.route'); $redirect_route = $redirect_to_login && $login_route ? $login_route : false; $event->defRedirect($redirect_route ?: $this->grav['uri']->referrer('/')); From 8db745c210300a0c7d43cdac5fe409abca5f6d1b Mon Sep 17 00:00:00 2001 From: Matias Griese Date: Mon, 20 Apr 2020 20:38:36 +0300 Subject: [PATCH 08/13] Fixed guest only pages requiring login --- CHANGELOG.md | 6 ++++++ classes/Login.php | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa2fc87..0c3e972 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +# 3.1.1 +## mm/dd/2020 + +1. [](#bugfix) + * Fixed guest only pages requiring login + # 3.1.0 ## 03/05/2020 diff --git a/classes/Login.php b/classes/Login.php index 402f4a7..b29abd7 100755 --- a/classes/Login.php +++ b/classes/Login.php @@ -578,7 +578,8 @@ public function isUserAuthorizedForPage(UserInterface $user, PageInterface $page return true; } - if (!$user->authorized) { + // Deny access if user has not completed 2FA challenge. + if ($user->authenticated && !$user->authorized) { return false; } From 351ba6608e7bac3f52fe9a53db8cf3ccea7b3529 Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Mon, 20 Apr 2020 11:43:38 -0600 Subject: [PATCH 09/13] handle missing login route better --- login.php | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/login.php b/login.php index d98b772..87ad07a 100755 --- a/login.php +++ b/login.php @@ -567,35 +567,39 @@ public function authorizePage() /** @var Twig $twig */ $twig = $this->grav['twig']; + $login_page = null; // Reset page with login page. if (!$authorized) { if ($this->route) { - $page = $this->grav['pages']->dispatch($this->route); - } else { + $login_page = $this->grav['pages']->dispatch($this->route); + } + - $page = new Page(); + if (!$login_page) { + + $login_page = new Page(); // Get the admin Login page is needed, else teh default if ($this->isAdmin()) { $login_file = $this->grav['locator']->findResource('plugins://admin/pages/admin/login.md'); - $page->init(new \SplFileInfo($login_file)); + $login_page->init(new \SplFileInfo($login_file)); } else { - $page->init(new \SplFileInfo(__DIR__ . '/pages/login.md')); + $login_page->init(new \SplFileInfo(__DIR__ . '/pages/login.md')); } - $page->slug(basename($this->route)); + $login_page->slug(basename($this->route)); /** @var Pages $pages */ $pages = $this->grav['pages']; - $pages->addPage($page, $this->route); + $pages->addPage($login_page, $this->route); } $this->authenticated = false; unset($this->grav['page']); - $this->grav['page'] = $page; + $this->grav['page'] = $login_page; - $twig->twig_vars['form'] = new Form($page); + $twig->twig_vars['form'] = new Form($login_page); } else { /** @var Language $l */ $l = $this->grav['language']; From 249368c06afc688d48f120c27cccfc37518b6041 Mon Sep 17 00:00:00 2001 From: Matias Griese Date: Mon, 20 Apr 2020 21:38:52 +0300 Subject: [PATCH 10/13] Fixed login without redirect logging out right away --- login.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/login.php b/login.php index 87ad07a..b01baca 100755 --- a/login.php +++ b/login.php @@ -256,7 +256,12 @@ public function storeReferrerPage() } if ($allowed && $page->routable()) { - $redirect = $page->route() . ($uri->params() ?: ''); + $redirect = $page->route(); + foreach ($uri->params(null, true) as $key => $value) { + if (!in_array($key, ['task', 'nonce', 'login-nonce', 'logout-nonce'], true)) { + $redirect .= $uri->params($key); + } + } } } } else { @@ -488,7 +493,7 @@ public function loginController() { /** @var Uri $uri */ $uri = $this->grav['uri']; - $task = !empty($_POST['task']) ? $_POST['task'] : $uri->param('task'); + $task = $_POST['task'] ?? $uri->param('task'); $task = substr($task, \strlen('login.')); $post = !empty($_POST) ? $_POST : []; From 85b26d1cb653300b407b21797e20ce60c694ef64 Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Tue, 21 Apr 2020 17:22:42 -0600 Subject: [PATCH 11/13] updated changelog + readme --- CHANGELOG.md | 8 +++++++- README.md | 15 +++++++++++---- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c3e972..4975599 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,14 @@ -# 3.1.1 +# 3.2.0 ## mm/dd/2020 +1. [](#new) + * CHANGE: `redirect_to_login` and `redirect_after_logout` are now boolean, with accompanying `route_after_login` and `route_after_logout` options. NOTE: Compatibility is maintained with existing config. +* [](#improved) + * Improved configuration layout + * Better handling of login route when that page doesn't exist 1. [](#bugfix) * Fixed guest only pages requiring login + * Fixed issue when logging out, not redirecting, and attempting to log right back in # 3.1.0 ## 03/05/2020 diff --git a/README.md b/README.md index d044a75..102f1dc 100644 --- a/README.md +++ b/README.md @@ -145,10 +145,13 @@ access: ```yaml enabled: true # Enable the plugin built_in_css: true # Use built-in CSS -route: # Specific route for Login page (default is '/login') -redirect_to_login: true # If you try to access a page you don't have access to, should you redirect to login route -redirect_after_login: # Path to redirect to after a successful login (eg '/user_profile') -redirect_after_logout: '/' # Path to redirect to after a successful logout (eg '/') +redirect_to_login: false # If you try to access a page you don't have access to, should you redirect to login route +redirect_after_login: true # Path to redirect to after a successful login +redirect_after_logout: true # Path to redirect to after a successful logout + +route: '/login' # Specific route for Login page (default is '/login') +route_after_login: # Route to go to after login if enabled +route_after_logout: # Route to logout to if enabled route_activate: '/activate_user' # Route for the user activation process route_forgot: '/forgot_password' # Route for the forgot password process route_reset: '/reset_password' # Route for the reset password process @@ -156,6 +159,7 @@ route_profile: '/user_profile' # Route for the user profile page route_register: '/user_register' # Route for the user registration page route_unauthorized: '/user_unauthorized' # Route for a page to display if user is unauthorized +twofa_enabled: false # Two factor authentication enabled dynamic_page_visibility: false # Integrate access into page visibility so things can be shown or hidden in the menu parent_acl: false # Look to parent `access` rules for access requirements protect_protected_page_media: false # Take `access` rules into account when directly accessing a page's media @@ -169,6 +173,7 @@ max_pw_resets_count: 2 # Number of password resets in a spe max_pw_resets_interval: 60 # Time in minutes to track password resets max_login_count: 5 # Number of failed login attempts in a specific time frame (0 = unlimited) max_login_interval: 10 # Time in minutes to track login attempts +ipv6_subnet_size: 64 # Size of IPv6 block to track login attempts user_registration: enabled: false # Enable User Registration Process @@ -180,6 +185,7 @@ user_registration: - 'fullname' - 'title' - 'level' + - 'twofa_enabled' default_values: # Any default values for fields you would like to set level: Newbie # Here the 'level' field will be pre-populated with 'Newbie' text @@ -189,6 +195,7 @@ user_registration: login: 'true' redirect_after_registration: '' # Route to redirect to after registration + redirect_after_activation: '' # Route to redirect to after activation options: validate_password1_and_password2: true # Ensure that password1 and password2 match during registration (allows you to have just 1 pw field or 2) From 8f7bc5686af37e32fec4ae5216489935395fc87b Mon Sep 17 00:00:00 2001 From: Pierre Grimaud Date: Sun, 26 Apr 2020 00:47:19 +0200 Subject: [PATCH 12/13] Fix typos (#249) --- README.md | 2 +- login.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 102f1dc..fcdf0a8 100644 --- a/README.md +++ b/README.md @@ -232,7 +232,7 @@ Enabling the setting "Use parent access rules" (`parent_acl` in login.yaml) allo The login plugin can **automatically generate** a login page for you when you try to access a page that your user (or guest account) does not have access to. -Alternatively, you can also provide a specific login route if you wish to forward users to a specific login page. To do this you need to create a copy of the `login.yaml` from the plugin in your `user/config/plugins` folder and provide a specific route (or just edit the plugin setttings in the admin plugin). +Alternatively, you can also provide a specific login route if you wish to forward users to a specific login page. To do this you need to create a copy of the `login.yaml` from the plugin in your `user/config/plugins` folder and provide a specific route (or just edit the plugin settings in the admin plugin). ``` route: /user-login diff --git a/login.php b/login.php index b01baca..cea7641 100755 --- a/login.php +++ b/login.php @@ -585,7 +585,7 @@ public function authorizePage() $login_page = new Page(); - // Get the admin Login page is needed, else teh default + // Get the admin Login page is needed, else the default if ($this->isAdmin()) { $login_file = $this->grav['locator']->findResource('plugins://admin/pages/admin/login.md'); $login_page->init(new \SplFileInfo($login_file)); From 73da6f27558ecb71d025843dd2ebc86c5bc34db0 Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Mon, 27 Apr 2020 15:00:19 -0600 Subject: [PATCH 13/13] prepare for release --- CHANGELOG.md | 2 +- blueprints.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4975599..216bac5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,5 @@ # 3.2.0 -## mm/dd/2020 +## 04/27/2020 1. [](#new) * CHANGE: `redirect_to_login` and `redirect_after_logout` are now boolean, with accompanying `route_after_login` and `route_after_logout` options. NOTE: Compatibility is maintained with existing config. diff --git a/blueprints.yaml b/blueprints.yaml index c22545e..a1ea225 100644 --- a/blueprints.yaml +++ b/blueprints.yaml @@ -1,5 +1,5 @@ name: Login -version: 3.1.0 +version: 3.2.0 testing: false description: Enables user authentication and login screen. icon: sign-in