Merge branch 'master' into Add-UserBlockService-in-Bootstrap-class-map

CHANGELOG.md

@@ -2,11 +2,20 @@
 
 ## dev
 
+- Enh: Changed exception thrown in PasswordRecoveryService from `RuntimeException` to `NotFoundException`. (eseperio) 
+- Ehh: Added SecurityHelper to the Bootstrap classMap
+
+## 1.6.3 Mar 18th, 2024
+
+- Fix: Update last_login_at and last_login_ip on social networt authenticate (e.luhr)
 - Enh: Keycloak auth client (e.luhr)
 - Fix: Social Network Auth (eluhr)
 - Enh #532: /user/registration/register now shows form validation errors
 - Enh: Allow/suggest new v3 releases of 2amigos 2fa dependencies: 2fa-library, qrcode-library (TonisOrmisson) 
 - Ehh: Added UserBlockService to Bootstrap classMap
+- Enh: Added option to disable viewing any other user's profile for non-admin users (TonisOrmisson)
+- Ehn: updated Estonian (et) translation by (TonisOrmisson)
+- Ehn: use recaptcha.net instead of google.com (Eseperio)
 
 ## 1.6.2 Jan 4th, 2024
 

docs/install/configuration-options.md

@@ -313,6 +313,11 @@ Set to `true` to restrict user assignments to roles only.
 
 If `true` registration and last login IPs are not logged into users table, instead a dummy 127.0.0.1 is used
 
+
+#### disableProfileViewsForRegularUsers (type: `boolean`, default: `false`)
+
+If `true` only admin users have access to view any other user's profile. By default any user can see any other users public profile page.
+
 #### minPasswordRequirements (type: `array`, default: `['lower' => 1, 'digit' => 1, 'upper' => 1]`)
 
 Minimum requirements when a new password is automatically generated.

src/User/Bootstrap.php

@@ -418,6 +418,9 @@ protected function buildClassMap(array $userClassMap)
                 'MailService',
                 'UserBlockService',
             ],
+            'Da\User\Helper' => [
+                'SecurityHelper',
+            ]
         ];
 
         $mapping = array_merge($defaults, $userClassMap);

src/User/Controller/ProfileController.php

@@ -11,15 +11,20 @@
 
 namespace Da\User\Controller;
 
+use Da\User\Model\User;
 use Da\User\Query\ProfileQuery;
+use Da\User\Traits\ModuleAwareTrait;
 use Yii;
 use yii\base\Module;
 use yii\filters\AccessControl;
 use yii\web\Controller;
+use yii\web\ForbiddenHttpException;
 use yii\web\NotFoundHttpException;
 
 class ProfileController extends Controller
 {
+    use ModuleAwareTrait;
+
     protected $profileQuery;
 
     /**
@@ -67,6 +72,13 @@ public function actionIndex()
 
     public function actionShow($id)
     {
+        $user = Yii::$app->user;
+        /** @var User $identity */
+        $identity = $user->getIdentity();
+        if($user->getId() != $id && $this->module->disableProfileViewsForRegularUsers && !$identity->getIsAdmin()) {
+            throw new ForbiddenHttpException();
+        }
+
         $profile = $this->profileQuery->whereUserId($id)->one();
 
         if ($profile === null) {

src/User/Module.php

@@ -241,6 +241,10 @@ class Module extends BaseModule
      * @var boolean whether to disable IP logging into user table
      */
     public $disableIpLogging = false;
+    /**
+     * @var boolean whether to disable viewing any user's profile for non-admin users
+     */
+    public $disableProfileViewsForRegularUsers = false;
     /**
      * @var array Minimum requirements when a new password is automatically generated.
      *            Array structure: `requirement => minimum number characters`.

src/User/Service/PasswordRecoveryService.php

@@ -19,6 +19,7 @@
 use Da\User\Traits\ModuleAwareTrait;
 use Exception;
 use Yii;
+use yii\web\NotFoundHttpException;
 
 class PasswordRecoveryService implements ServiceInterface
 {
@@ -50,7 +51,7 @@ public function run()
             $user = $this->query->whereEmail($this->email)->one();
 
             if ($user === null) {
-                throw new \RuntimeException('User not found.');
+                throw new NotFoundHttpException(Yii::t('usuario', 'User not found'));
             }
 
             $token = TokenFactory::makeRecoveryToken($user->id);

src/User/Service/SocialNetworkAuthenticateService.php

@@ -19,12 +19,15 @@
 use Da\User\Model\User;
 use Da\User\Query\SocialNetworkAccountQuery;
 use Da\User\Query\UserQuery;
+use Da\User\Traits\ModuleAwareTrait;
 use Yii;
 use yii\authclient\AuthAction;
 use yii\helpers\Url;
 
 class SocialNetworkAuthenticateService implements ServiceInterface
 {
+    use ModuleAwareTrait;
+
     protected $controller;
     protected $authAction;
     protected $client;
@@ -50,15 +53,15 @@ public function run()
         $account = $this->socialNetworkAccountQuery->whereClient($this->client)->one();
         if (!$this->controller->module->enableSocialNetworkRegistration && ($account === null || $account->user === null)) {
             Yii::$app->session->setFlash('danger', Yii::t('usuario', 'Registration on this website is disabled'));
-            $this->authAction->setSuccessUrl(Url::to(['/user/security/login']));
+            $this->authAction->setSuccessUrl(Url::to(['/' . $this->getModule()->id . '/security/login']));
 
             return false;
         }
         if ($account === null) {
             $account = $this->createAccount();
             if (!$account) {
                 Yii::$app->session->setFlash('danger', Yii::t('usuario', 'Unable to create an account.'));
-                $this->authAction->setSuccessUrl(Url::to(['/user/security/login']));
+                $this->authAction->setSuccessUrl(Url::to(['/' . $this->getModule()->id . '/security/login']));
 
                 return false;
             }
@@ -72,11 +75,16 @@ public function run()
         if ($account->user instanceof User) {
             if ($account->user->getIsBlocked()) {
                 Yii::$app->session->setFlash('danger', Yii::t('usuario', 'Your account has been blocked.'));
-                $this->authAction->setSuccessUrl(Url::to(['/user/security/login']));
+                $this->authAction->setSuccessUrl(Url::to(['/' . $this->getModule()->id . '/security/login']));
             } else {
-                Yii::$app->user->login($account->user, $this->controller->module->rememberLoginLifespan);
-                $this->authAction->setSuccessUrl(Yii::$app->getUser()->getReturnUrl());
-                $result = true;
+                $result = Yii::$app->user->login($account->user, $this->controller->module->rememberLoginLifespan);
+                if ($result) {
+                    $account->user->updateAttributes([
+                        'last_login_at' => time(),
+                        'last_login_ip' => $this->controller->module->disableIpLogging ? '127.0.0.1' : Yii::$app->request->getUserIP(),
+                    ]);
+                    $this->authAction->setSuccessUrl(Yii::$app->getUser()->getReturnUrl());
+                }
             }
         } else {
             $this->authAction->setSuccessUrl($account->getConnectionUrl());

src/User/Widget/ReCaptchaWidget.php

@@ -113,7 +113,7 @@ protected function registerClientScript()
         $view = $this->getView();
 
         $view->registerJsFile(
-            '//www.google.com/recaptcha/api.js?hl=' . $this->getLanguageCode(),
+            '//www.recaptcha.net/recaptcha/api.js?hl=' . $this->getLanguageCode(),
             [
                 'position' => View::POS_HEAD,
                 'async' => true,

src/User/resources/i18n/ca/usuario.php

@@ -59,6 +59,7 @@
     'Block' => '',
     'Block status' => '',
     'Blocked at {0, date, MMMM dd, YYYY HH:mm}' => '',
+    'Can\'t scan? Copy the code instead.' => '',
     'Cancel' => '',
     'Cannot assign role "{0}" as the AuthManager is not configured on your console application.' => '',
     'Change your avatar at Gravatar.com' => '',

src/User/resources/i18n/da/usuario.php

@@ -59,6 +59,7 @@
     'Block' => '',
     'Block status' => '',
     'Blocked at {0, date, MMMM dd, YYYY HH:mm}' => '',
+    'Can\'t scan? Copy the code instead.' => '',
     'Cancel' => '',
     'Cannot assign role "{0}" as the AuthManager is not configured on your console application.' => '',
     'Change your avatar at Gravatar.com' => '',

src/User/resources/i18n/de-DU/usuario.php

@@ -276,6 +276,7 @@
     'According to the European General Data Protection Regulation (GDPR) we need your consent to work with your personal data.' => '',
     'Active' => '',
     'Application not configured for two factor authentication.' => '',
+    'Can\'t scan? Copy the code instead.' => '',
     'Code for two factor authentication on {0}' => '',
     'Current' => '',
     'Data privacy' => '',

src/User/resources/i18n/de/usuario.php

@@ -279,6 +279,7 @@
     '{0} cannot be blank.' => '{0} darf nicht leer sein.',
     'Active' => '',
     'Application not configured for two factor authentication.' => '',
+    'Can\'t scan? Copy the code instead.' => '',
     'Code for two factor authentication on {0}' => '',
     'Current' => '',
     'Error while enabling SMS two factor authentication. Please reload the page.' => '',

src/User/resources/i18n/et/usuario.php

@@ -22,14 +22,17 @@
     'A message has been sent to your email address. It contains a confirmation link that you must click to complete registration.' => 'Saatsime sulle kinnituseks e-kirja. Registreerumise kinnitamiseks pead klikkma saadetud kirjas olevale lingile.',
     'A new confirmation link has been sent' => 'Uus kinnituslink on saadetud',
     'A password will be generated automatically if not provided' => 'Parool genereeritakse automaatselt, kui ei ole seatud',
+    'According to the European General Data Protection Regulation (GDPR) we need your consent to work with your personal data.' => 'Vastavalt Euroopa Isikuandmete kaitse üldmäärusele (GDPR) vajame sinu isikuandmete töötlemiseks sinu nõusolekut.',
     'Account' => 'Konto',
     'Account confirmation' => 'Konto kinnitamine',
     'Account details' => 'Konto andmed',
     'Account details have been updated' => 'Konto andmed on uuendatud',
     'Account settings' => 'Konto seaded',
+    'Active' => 'Aktiivne',
     'Already registered? Sign in!' => 'Oled registreerunud? Logi sisse!',
     'An email with instructions to create a new password has been sent to {email} if it is associated with an {appName} account. Your existing password has not been changed.' => 'Saatsime aadressile {email} juhendi, kuidas saad oma parooli uuendada, kui see aadress on seotud mõne {appName} kontoga. Me ei muutnud sinu praegust parooli.',
     'An error occurred processing your request' => 'Päringu protsessimisel tekkis viga',
+    'Application not configured for two factor authentication.' => 'Rakendus ei ole seadistatud kaheastmelise autentimise kasutamiseks.',
     'Are you sure you want to block this user?' => 'Oled kindel, et tahad selle kasutaja blokeerid?',
     'Are you sure you want to confirm this user?' => 'Oled kindel, et tahad selle kasutaja kinnitada?',
     'Are you sure you want to delete this user?' => 'Oled kindel, et tahad selle kasutaja kustutada?',
@@ -79,8 +82,10 @@
     'Create new rule' => 'Loo uus reegel',
     'Created at' => 'Loodud',
     'Credentials will be sent to the user by email' => 'Konto andmed saadetakse kasutajale e-mailiga',
+    'Current' => 'Praegune',
     'Current password' => 'Praegune parool',
     'Current password is not valid' => 'Praegune parool ei ole õige',
+    'Data privacy' => 'Andmete privaatsus',
     'Data processing consent' => 'Nõusolek andmete töötlemiseks',
     'Delete' => 'Kustuta',
     'Delete account' => 'Kustuta konto',
@@ -117,7 +122,9 @@
     'In order to complete your registration, please click the link below' => 'Kliki alloleval lingil, et registreerimine kinnitada',
     'In order to complete your request, please click the link below' => 'Kliki alloleval lingil, et oma päring kinnitada',
     'In order to finish your registration, we need you to enter following fields' => 'Pead täitma järgnevad väljad, et registreerimine lõpule viia',
+    'Inactive' => 'Mitteaktiivne',
     'Information' => 'Informatsioon',
+    'Insert' => 'Sisesta',
     'Invalid login or password' => 'Vale kasutajanimi või parool',
     'Invalid or expired link' => 'Vale või aegunud link',
     'Invalid password' => 'Vale parool',
@@ -126,13 +133,15 @@
     'It will be deleted forever' => 'See kustutatakse alatiseks',
     'Items' => 'Õigused',
     'Joined on {0, date}' => 'Liitunud: {0, date}',
+    'Last activity' => 'Viimane tegevus',
     'Last login IP' => 'Viimane sisselogimise IP',
     'Last login time' => 'Viimase sisselogimise aeg',
     'Last password change' => 'Viimane parooli muutmine',
     'Location' => 'Asukoht',
     'Login' => 'Sisene',
     'Logout' => 'Logi välja',
     'Manage users' => 'Halda kasutajaid',
+    'Mobile phone number' => 'Mobiiltelefoni number',
     'Name' => 'Nimi',
     'Networks' => 'Võrgustikud',
     'Never' => 'Mitte kunagi',
@@ -186,6 +195,8 @@
     'Sign in' => 'Logi sisse',
     'Sign up' => 'Liitu',
     'Something went wrong' => 'Midagi läks valesti',
+    'Status' => 'Staatus',
+    'Submit' => 'Saada',
     'Switch identities is disabled.' => 'Identiteedi vahetamine on keelatud',
     'Thank you for signing up on {0}' => 'Aitäh, et liitusid lehega {0}',
     'Thank you, registration is now complete.' => 'Aitäh, oled nüüd registreeritud',
@@ -220,6 +231,7 @@
     'Unable to update block status.' => 'Blokkimise staatuse muutmine ebaõnnestus.',
     'Unblock' => 'Eemalda blokk',
     'Unconfirmed' => 'Kinnitamata',
+    'Unfortunately, you can not work with this site without giving us consent to process your data.' => 'Kahjuks ei ole selle lehe kasutamine võimalik ilma, et annaksid meile nõusoleku sinu andmeid töödelda.',
     'Update' => 'Muuda',
     'Update assignments' => 'Muuda omistamisi',
     'Update permission' => 'Muud õigus',
@@ -230,6 +242,7 @@
     'User account could not be created.' => 'Kasutajakonto loomine ebaõnnestus.',
     'User block status has been updated.' => 'Kasutaja blokeering on muudetud.',
     'User could not be registered.' => 'Kasutaja registreerimine ebaõnnestus.',
+    'User does not have sufficient permissions.' => 'Kasutajal ei ole piisavalt õigusi.',
     'User has been confirmed' => 'Kasutaja on kinnitatud',
     'User has been created' => 'Kasutaja on loodud',
     'User has been deleted' => 'Kasutaja on kustutatud',
@@ -251,6 +264,7 @@
     'You can connect multiple accounts to be able to log in using them' => 'Võid ühendada mitu sotsiaalmeedia kontot, mida saad kasutada kontole sisse logimiseks',
     'You cannot remove your own account' => 'Sa ei saa kustutada iseenda kontot',
     'You need to confirm your email address' => 'Sa pead oma e-posti aadressi kinnitama',
+    'You received this email because someone, possibly you or someone on your behalf, have created an account at {app_name}' => 'Said selle kirja, sest keegi, tõenäoliselt sa ise või keegi sinu nimel, on loonud konto rakenduses  {app_name}',
     'Your account details have been updated' => 'Sinu konto andmed on uuendatud',
     'Your account has been blocked' => 'Sinu konto on blokeeritud',
     'Your account has been blocked.' => 'Sinu konto on blokeeritud.',
@@ -261,38 +275,29 @@
     'Your account on {0} has been created' => 'Sinu {0} konto on loodud',
     'Your confirmation token is invalid or expired' => 'Kinnituse kood on vale või aegunud',
     'Your consent is required to register' => 'Registreerumiseks on vaja sinu nõusolekut',
+    'Your consent is required to work with this site' => 'Selle lehe kasutamiseks on vaja sinu nõusolekut',
     'Your email address has been changed' => 'Sinu e-mail on muudetud',
     'Your password has expired, you must change it now' => 'Sinu parool on aegunud, pead seda uuendama.',
     'Your personal information has been removed' => 'Sinu isiklikud andmed on kustutatud',
     'Your profile has been updated' => 'Sinu profiil on uuendatud',
     'privacy policy' => 'privaatsuspoliitika',
     '{0} cannot be blank.' => '{0} ei või olla tühi.',
-    'According to the European General Data Protection Regulation (GDPR) we need your consent to work with your personal data.' => '',
-    'Active' => '',
-    'Application not configured for two factor authentication.' => '',
     'Authentication rule class {0} can not be instantiated' => '',
+    'Can\'t scan? Copy the code instead.' => '',
     'Code for two factor authentication on {0}' => '',
-    'Current' => '',
-    'Data privacy' => '',
     'Error while enabling SMS two factor authentication. Please reload the page.' => '',
     'Google Authenticator' => '',
     'IP' => '',
     'If you haven\'t received a password, you can reset it at' => '',
-    'Inactive' => '',
-    'Insert' => '',
     'Insert the code you received by SMS.' => '',
     'Insert the code you received by email.' => '',
     'Insert the mobile phone number where you want to receive text message in international format' => '',
-    'Last activity' => '',
-    'Mobile phone number' => '',
     'Mobile phone number successfully enabled.' => '',
     'Please, enter the right code. The code is valid for {0} seconds. If you want to get a new code, please click on \'Cancel\' and repeat the login request.' => '',
     'Please, enter the right code. The code is valid for {0} seconds. If you want to get a new code, please close this window and repeat the enabling request.' => '',
     'Rule class must extend "yii\\rbac\\Rule".' => '',
     'Session ID' => '',
     'Session history' => '',
-    'Status' => '',
-    'Submit' => '',
     'Terminate all sessions' => '',
     'Text message' => '',
     'The email address set is: "{0}".' => '',
@@ -303,16 +308,12 @@
     'This is the code to insert to enable two factor authentication' => '',
     'Two factor authentication code by SMS' => '',
     'Two factor authentication code by email' => '',
-    'Unfortunately, you can not work with this site without giving us consent to process your data.' => '',
     'User ID' => '',
     'User agent' => '',
-    'User does not have sufficient permissions.' => '',
     'VKontakte' => '',
     'Yandex' => '',
     'You cannot block your own account.' => '',
     'You cannot remove your own account.' => '',
-    'You received this email because someone, possibly you or someone on your behalf, have created an account at {app_name}' => '',
-    'Your consent is required to work with this site' => '',
     'Your role requires 2FA, you won\'t be able to use the application until you enable it' => '',
     'Your two factor authentication method is based on "{0}".' => '',
     '{0, date, MMM dd, YYYY HH:mm}' => '',

src/User/resources/i18n/fa-IR/usuario.php

@@ -170,6 +170,7 @@
     'Awesome, almost there. Now you need to click the confirmation link sent to your new email address.' => '',
     'Awesome, almost there. Now you need to click the confirmation link sent to your old email address.' => '',
     'Back to privacy settings' => '',
+    'Can\'t scan? Copy the code instead.' => '',
     'Cancel' => '',
     'Cannot assign role "{0}" as the AuthManager is not configured on your console application.' => '',
     'Children' => '',

src/User/resources/i18n/fi/usuario.php

@@ -59,6 +59,7 @@
     'Block' => '',
     'Block status' => '',
     'Blocked at {0, date, MMMM dd, YYYY HH:mm}' => '',
+    'Can\'t scan? Copy the code instead.' => '',
     'Cancel' => '',
     'Cannot assign role "{0}" as the AuthManager is not configured on your console application.' => '',
     'Change your avatar at Gravatar.com' => '',