Merge branch 'release/2.8.4'

getgrav · Mar 20, 2019 · e2a77a8 · e2a77a8
2 parents 5c916dd + f0bf714
commit e2a77a8
Show file tree

Hide file tree

Showing 8 changed files with 159 additions and 13 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,15 @@
+# v2.8.4
+## 03/20/2019
+
+1. [](#improved)  
+  * Enable "brute force" protection by default [#195](https://github.com/getgrav/grav-plugin-login/pulls/195)
+  * UPdated various language translations
+1. [](#bugfix)
+  * Set security timeouts in blueprints to use `minutes` rather than `seconds` [#194](https://github.com/getgrav/grav-plugin-login/issues/194)
+  * Send "notification" email to `to` address rather than `from` [#188](https://github.com/getgrav/grav-plugin-login/pulls/188)
+
 # v2.8.3
-## 01/25/2018
+## 01/25/2019
 
 1. [](#new)
   * Wrap data in `onUserLoginRegisterData` event in object to allow reference  

diff --git a/README.md b/README.md
@@ -161,10 +161,10 @@ rememberme:
   timeout: 604800                           # Timeout in seconds. Defaults to 1 week
   name: grav-rememberme                     # Name prefix of the session cookie
 
-max_pw_resets_count: 0                      # Number of password resets in a specific time frame (0 = unlimited)
+max_pw_resets_count: 2                      # Number of password resets in a specific time frame (0 = unlimited)
 max_pw_resets_interval: 60                  # Time in minutes to track password resets
-max_login_count: 0                          # Number of failed login attempts in a specific time frame (0 = unlimited)
-max_login_interval: 2                       # Time in minutes to track login attempts
+max_login_count: 5                          # Number of failed login attempts in a specific time frame (0 = unlimited)
+max_login_interval: 10                      # Time in minutes to track login attempts
 
 user_registration:
   enabled: false                            # Enable User Registration Process

diff --git a/blueprints.yaml b/blueprints.yaml
@@ -1,5 +1,5 @@
 name: Login
-version: 2.8.3
+version: 2.8.4
 description: Enables user authentication and login screen.
 icon: sign-in
 author:
@@ -372,7 +372,7 @@ form:
               size: x-small
               label: PLUGIN_LOGIN.MAX_RESETS_INTERVAL
               help: PLUGIN_LOGIN.MAX_RESETS_INTERVAL_HELP
-              append: PLUGIN_LOGIN.SECONDS
+              append: PLUGIN_LOGIN.MINUTES
               validate:
                 type: number
                 min: 1
@@ -392,7 +392,7 @@ form:
               size: x-small
               label: PLUGIN_LOGIN.MAX_LOGINS_INTERVAL
               help: PLUGIN_LOGIN.MAX_LOGINS_INTERVAL_HELP
-              append: PLUGIN_LOGIN.SECONDS
+              append: PLUGIN_LOGIN.MINUTES
               validate:
                 type: number
                 min: 1
diff --git a/classes/Login.php b/classes/Login.php
@@ -338,7 +338,7 @@ public function sendNotificationEmail(User $user)
             $user->email,
             $this->grav['base_url_absolute'],
         ]);
-        $to = $this->config->get('plugins.email.from');
+        $to = $this->config->get('plugins.email.to');
 
         if (empty($to)) {
             throw new \RuntimeException($this->language->translate('PLUGIN_LOGIN.EMAIL_NOT_CONFIGURED'));
@@ -508,8 +508,8 @@ public function getRateLimiter($context, $maxCount = null, $interval = null)
                     $interval = $this->grav['config']->get('plugins.login.max_login_interval', 10);
                     break;
                 case 'pw_resets':
-                    $maxCount = $this->grav['config']->get('plugins.login.max_pw_resets_count', 0);
-                    $interval = $this->grav['config']->get('plugins.login.max_pw_resets_interval', 2);
+                    $maxCount = $this->grav['config']->get('plugins.login.max_pw_resets_count', 2);
+                    $interval = $this->grav['config']->get('plugins.login.max_pw_resets_interval', 60);
                     break;
             }
             $this->rateLimiters[$context] = new RateLimiter($context, $maxCount, $interval);

diff --git a/languages/en.yaml b/languages/en.yaml
@@ -106,6 +106,7 @@ PLUGIN_LOGIN:
   MAX_LOGINS_INTERVAL_HELP: "The time interval for the login count value"
   TOO_MANY_LOGIN_ATTEMPTS: "Too many failed login attempted in the configured time (%s minutes)"
   SECONDS: "seconds"
+  MINUTES: "minutes"
   RESETS: "resets"
   ATTEMPTS: "attempts"
   ROUTES: "Routes"

diff --git a/languages/ru.yaml b/languages/ru.yaml
@@ -51,6 +51,7 @@ PLUGIN_LOGIN:
   EMAIL_FOOTER: "GetGrav.org"
   ACTIVATION_LINK_EXPIRED: "Время ссылки для активации истекло"
   USER_ACTIVATED_SUCCESSFULLY: "Пользователь успешно активирован"
+  USER_ACTIVATED_SUCCESSFULLY_NOT_ENABLED: "Аккаунт пользователя активирован, но учетная запись просматривается"
   INVALID_REQUEST: "Неверный запрос"
   USER_REGISTRATION: "Регистрация пользователя"
   USER_REGISTRATION_ENABLED_HELP: "Включить регистрацию пользователя"
@@ -127,3 +128,5 @@ PLUGIN_LOGIN:
   2FA_SECRET_HELP: "Сканируйте этот QR-код в свое [Приложение аутентификации](https://learn.getgrav.org/admin-panel/2fa#apps). Также рекомендуется сохранить секрет в безопасном месте, если вам прийдется переустановить приложение. Проверьте [Grav docs](https://learn.getgrav.org/admin-panel/2fa) для дополнительной информации "
   2FA_REGENERATE: "Сгенерировать повторно"
   BTN_CANCEL: "Отмена"
+  MANUALLY_ENABLE: "Вручную включить"
+  MANUALLY_ENABLE_HELP: "При использовании «активации по электронной почте» и «уведомление по электронной почте» вы можете убедиться, что пользователь может самостоятельно активироваться, но пользователь требует ручного включения для входа в систему"