AVSDev/sprinkle-uf-tweaks
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: AVSDev:v1.0.8
Branches Tags
AVSDev:main AVSDev:devel
AVSDev:v1.1.1 AVSDev:v1.1.0 AVSDev:v1.0.9 AVSDev:v1.0.8 AVSDev:v1.0.7 AVSDev:v1.0.6 AVSDev:v1.0.5 AVSDev:v1.0.4a AVSDev:v1.0.4 AVSDev:v1.0.3 AVSDev:v1.0.2 AVSDev:v1.0.1 AVSDev:v1.0
..
compare: AVSDev:v1.0.4a
Branches Tags
AVSDev:devel AVSDev:main
AVSDev:v1.1.1 AVSDev:v1.1.0 AVSDev:v1.0.9 AVSDev:v1.0.8 AVSDev:v1.0.7 AVSDev:v1.0.6 AVSDev:v1.0.5 AVSDev:v1.0.4a AVSDev:v1.0.4 AVSDev:v1.0.3 AVSDev:v1.0.2 AVSDev:v1.0.1 AVSDev:v1.0

1 Commits
v1.0.8 ... v1.0.4a

Author SHA1 Message Date
Craig Williams
6a2e59a7e1 Added a new authorizer method for checking a user has a permission (for use in sprinkle level access checks) 
(cherry picked from commit 97ded0eb08)
 2024-11-14 11:01:12 +00:00
11 changed files with 1 additions and 512 deletions
Expand all files Collapse all files

3
composer.json
View File

@@ -6,8 +6,5 @@
"psr-4": {
"UserFrosting\\Sprinkle\\UFTweaks\\": "src/"
}
},
"require": {
"mobiledetect/mobiledetectlib": "^3.74"
}
}

10
config/default.php
View File

@@ -61,14 +61,4 @@ return [
'php' => [
'timezone' => 'Europe/London',
],
/*
* ----------------------------------------------------------------------
* Retry Mailer settings
* ----------------------------------------------------------------------
*/
'retry_mailer' => [
'enabled' => true,
'max_retries' => 5,
],
];

2
routes/routes.php
View File

@@ -16,6 +16,4 @@ $app->group('/account', function () {
$this->get('/register', 'UserFrosting\Sprinkle\UFTweaks\Controller\AccountController:pageRegister')
->add('checkEnvironment')
->setName('register');
$this->post('/forgot-password', 'UserFrosting\Sprinkle\UFTweaks\Controller\AccountController:forgotPassword');
})->add(new NoCache());

105
src/Controller/AccountController.php
View File

@@ -29,111 +29,6 @@ use UserFrosting\Support\Exception\NotFoundException;
*/
class AccountController extends UFAccountController
{
/**
* Processes a request to email a forgotten password reset link to the user.
*
* Processes the request from the form on the "forgot password" page, checking that:
* 1. The rate limit for this type of request is being observed.
* 2. The provided email address belongs to a registered account;
* 3. The submitted data is valid.
* Note that we have removed the requirement that a password reset request not already be in progress.
* This is because we need to allow users to re-request a reset, even if they lose the first reset email.
* This route is "public access".
*
* @todo require additional user information
* @todo prevent password reset requests for root account?
*
* AuthGuard: false
* Route: /account/forgot-password
* Route Name: {none}
* Request type: POST
*
* @param Request $request
* @param Response $response
* @param array $args
*/
public function forgotPassword(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Sprinkle\Core\Alert\AlertStream $ms */
$ms = $this->ci->alerts;
/** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
$classMapper = $this->ci->classMapper;
/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;
// Get POST parameters
$params = $request->getParsedBody();
// Load the request schema
$schema = new RequestSchema('schema://requests/forgot-password.yaml');
// Whitelist and set parameter defaults
$transformer = new RequestDataTransformer($schema);
$data = $transformer->transform($params);
// Validate, and halt on validation errors. Failed validation attempts do not count towards throttling limit.
$validator = new ServerSideValidator($schema, $this->ci->translator);
if (!$validator->validate($data)) {
$ms->addValidationErrors($validator);
return $response->withJson([], 400);
}
// Throttle requests
/** @var \UserFrosting\Sprinkle\Core\Throttle\Throttler $throttler */
$throttler = $this->ci->throttler;
$throttleData = [
'email' => $data['email'],
];
$delay = $throttler->getDelay('password_reset_request', $throttleData);
if ($delay > 0) {
$ms->addMessageTranslated('danger', 'RATE_LIMIT_EXCEEDED', ['delay' => $delay]);
return $response->withJson([], 429);
}
// Load the user, by email address
$user = $classMapper->getClassMapping('user')::where('email', $data['email'])->first();
if ($user) {
if (!$user->flag_verified) {
$ms->addMessageTranslated('danger', 'ACCOUNT.UNVERIFIED');
return $response->withJson([], 400);
}
}
// All checks passed! log events/activities, update user, and send email
// Begin transaction - DB will be rolled back if an exception occurs
Capsule::transaction(function () use ($classMapper, $data, $throttler, $throttleData, $config, $user) {
// Log throttleable event
$throttler->logEvent('password_reset_request', $throttleData);
// Check that the email exists.
// If there is no user with that email address, we should still pretend like we succeeded, to prevent account enumeration
if ($user) {
// Try to generate a new password reset request.
// Use timeout for "reset password"
$passwordReset = $this->ci->repoPasswordReset->create($user, $config['password_reset.timeouts.reset']);
// Create and send email
$message = new TwigMailMessage($this->ci->view, 'mail/password-reset.html.twig');
$message->from($config['address_book.admin'])
->addEmailRecipient(new EmailRecipient($user->email, $user->full_name))
->addParams([
'user' => $user,
'token' => $passwordReset->getToken(),
'request_date' => Carbon::now()->format('Y-m-d H:i:s'),
]);
$this->ci->mailer->send($message);
}
});
}
/**
* Account settings page.
*

133
src/Jobs/RetryEmail.php
View File

@@ -1,133 +0,0 @@
<?php
/*
* AVSDev UF Tweaks (https://avsdev.uk)
*
* @link https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks
* @license https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks/blob/master/LICENSE.md (LGPL-3.0 License)
*/
namespace UserFrosting\Sprinkle\UFTweaks\Jobs;
use Psr\Container\ContainerInterface;
use UserFrosting\Sprinkle\Worker\Jobs\JobBase;
use UserFrosting\Sprinkle\Core\Mail\StaticMailMessage;
use UserFrosting\Sprinkle\Core\Mail\EmailRecipient;
/**
* Retry email job class
*
* @author Craig Williams (https://avsdev.uk)
*/
class RetryEmail extends JobBase
{
protected $message = null;
protected $retries = 0;
/**
* Constructor.
*
* @param StaticMailMessage $mailMessage
*/
public function __construct(StaticMailMessage $mailMessage = null)
{
if ($mailMessage) {
$this->message = $mailMessage;
}
}
/**
* {@inheritdoc}
*/
public function setParams(array $params)
{
$mailMessage = new StaticMailMessage();
$mailMessage->setFromEmail($params['from_email']);
$mailMessage->setFromName($params['from_name']);
$mailMessage->setReplyEmail($params['reply_email']);
$mailMessage->setReplyName($params['reply_name']);
foreach ($params['recipients'] as $recipient) {
$mailRecipient = new EmailRecipient(
$recipient['email'],
$recipient['name'],
$recipient['params']
);
foreach ($recipient['ccs'] as $cc) {
$mailRecipient->cc($cc['email'], $cc['name']);
}
foreach ($recipient['bccs'] as $bcc) {
$mailRecipient->bcc($bcc['email'], $bcc['name']);
}
$mailMessage->addEmailRecipient($mailRecipient);
}
$mailMessage->setSubject($params['subject']);
$mailMessage->setBody($params['body']);
$this->message = $mailMessage;
$this->retries = $params['retries'];
}
/**
* {@inheritdoc}
*/
public function getParams()
{
$recipients = [];
foreach ($this->message->getRecipients() as $recipient) {
$recipients[] = [
'email' => $recipient->getEmail(),
'name' => $recipient->getName(),
'params' => $recipient->getParams(),
'ccs' => $recipient->getCCs(),
'bccs' => $recipient->getBCCs(),
];
}
return [
'from_email' => $this->message->getFromEmail(),
'from_name' => $this->message->getFromName(),
'reply_email' => $this->message->getReplyEmail(),
'reply_name' => $this->message->getReplyName(),
'recipients' => $recipients,
'subject' => $this->message->renderSubject(),
'body' => $this->message->renderBody(),
'retries' => $this->retries,
];
}
/**
* Attempt to re-send the email up to a maximum number of times specified in the config
*/
public function run() {
try {
static::$ci->mailer->send($this->message, false, true);
} catch (\PHPMailer\PHPMailer\Exception $e) {
$this->retries = $this->retries + 1;
if ($this->retries < static::$ci->config['retry_mailer.max_retries']) {
$this->queue();
} else {
$allParams = $this->getParams();
$allParams['body'] = null;
static::$ci->errorLogger->error(
"Maximum retries exceeded when attempting to send email:",
$allParams
);
}
}
return true;
}
/**
* Terminate the current job
*/
public function terminate() {
// Nothing to do
}
}

122
src/Mail/RetryMailer.php
View File

@@ -1,122 +0,0 @@
<?php
/*
* AVSDev UF Tweaks (https://avsdev.uk)
*
* @link https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks
* @license https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks/blob/master/LICENSE.md (LGPL-3.0 License)
*/
namespace UserFrosting\Sprinkle\UFTweaks\Mail;
use UserFrosting\Sprinkle\Core\Mail\EmailRecipient;
use UserFrosting\Sprinkle\Core\Mail\Mailer;
use UserFrosting\Sprinkle\Core\Mail\MailMessage;
use UserFrosting\Sprinkle\Core\Mail\StaticMailMessage;
use UserFrosting\Sprinkle\UFTweaks\Jobs\RetryEmail;
/**
* Extends UF Mailer class to add retry function to sending mail via scheduler.
*
* This class should *only* be used in production once it is confirmed that email configuration works.
*
* @author Craig Williams (craig@avsdev.uk)
*/
class RetryMailer extends Mailer
{
protected function queueRetry(MailMessage $message, EmailRecipient $recipient = null) {
// Queue for resending
$retryMailMessage = new StaticMailMessage();
$retryMailMessage->setFromEmail($message->getFromEmail());
$retryMailMessage->setFromName($message->getFromName());
$retryMailMessage->setReplyEmail($message->getReplyEmail());
$retryMailMessage->setReplyName($message->getReplyName());
if ($recipient) {
$retryMailMessage->addEmailRecipient($recipient);
$retryMailMessage->setSubject($message->renderSubject($recipient->getParams()));
$retryMailMessage->setBody($message->renderBody($recipient->getParams()));
} else {
foreach ($message->getRecipients() as $recipientLoop) {
$retryMailMessage->addEmailRecipient($recipientLoop);
}
$retryMailMessage->setSubject($message->renderSubject());
$retryMailMessage->setBody($message->renderBody());
}
$retry = new RetryEmail($retryMailMessage);
$retry->queue();
}
/**
* Send a MailMessage message.
*
* Sends a single email to all recipients, as well as their CCs and BCCs.
* Since it is a single-header message, recipient-specific template data will not be included.
*
* @param MailMessage $message
* @param bool $clearRecipients Set to true to clear the list of recipients in the message after calling send(). This helps avoid accidentally sending a message multiple times.
*
* @throws phpmailerException The message could not be sent.
*/
public function send(MailMessage $message, $clearRecipients = true, $disableRetry = false)
{
try {
return parent::send($message, $clearRecipients);
} catch(\PHPMailer\PHPMailer\Exception $e) {
if (!$disableRetry) {
$this->queueRetry($message);
} else {
throw $e;
}
} finally {
// Clear recipients from the PHPMailer object for this iteration,
// so that we can send a separate email to the next recipient.
$this->phpMailer->clearAllRecipients();
}
// Clear out the MailMessage's internal recipient list if requested
if ($clearRecipients) {
$message->clearRecipients();
}
}
/**
* Send a MailMessage message, sending a separate email to each recipient.
*
* If the message object supports message templates, this will render the template with the corresponding placeholder values for each recipient.
*
* @param MailMessage $message
* @param bool $clearRecipients Set to true to clear the list of recipients in the message after calling send(). This helps avoid accidentally sending a message multiple times.
*
* @throws phpmailerException The message could not be sent.
*/
public function sendDistinct(MailMessage $message, $clearRecipients = true, $disableRetry = false)
{
$allRecipients = $message->getRecipients();
$message->clearRecipients();
foreach ($allRecipients as $recipient) {
$message->addEmailRecipient($recipient);
try {
return parent::sendDistinct($message, $clearRecipients);
} catch (\PHPMailer\PHPMailer\Exception $e) {
if (!$disableRetry) {
$this->queueRetry($message, $recipient);
} else {
throw $e;
}
} finally {
// Clear recipients from the PHPMailer object for this iteration,
// so that we can send a separate email to the next recipient.
$this->phpMailer->clearAllRecipients();
}
$message->clearRecipients();
}
if (!$clearRecipients) {
foreach ($allRecipients as $recipient) {
$message->addEmailRecipient($recipient);
}
}
}
}

43
src/Scheduler/Tasks/CleanupSessions.php
View File

@@ -1,43 +0,0 @@
<?php
/*
* AVSDev UF Tweaks (https://avsdev.uk)
*
* @link https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks
* @license https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks/blob/master/LICENSE.md (LGPL-3.0 License)
*/
namespace UserFrosting\Sprinkle\UFTweaks\Scheduler\Tasks;
use Carbon\Carbon;
use Illuminate\Database\Capsule\Manager as Capsule;
use UserFrosting\Sprinkle\Scheduler\Scheduler\BaseTask;
use UserFrosting\Sprinkle\Core\Database\Models\Session;
/**
* Daily task to clean expired sessions from the database
*
* @author Craig Williams (https://avsdev.uk)
*/
class CleanupSessions extends BaseTask
{
/**
* Function used to specify the schedule for the task.
*/
public function schedule()
{
$this->daily()->at("23:00");
}
/**
* Function used to specify what the task does.
*/
public function run()
{
// Remove sessions over 2 days old
Session::where('last_activity', '<', time()-(60*60*48))->delete();
return true;
}
}

24
src/ServicesProvider/ServicesProvider.php
View File

@@ -18,8 +18,6 @@ use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use UserFrosting\Sprinkle\Core\Log\MixedFormatter;
use UserFrosting\Sprinkle\UFTweaks\Twig\HasRoleExtension;
use UserFrosting\Sprinkle\UFTweaks\Twig\MobileDetectExtension;
use UserFrosting\Sprinkle\UFTweaks\Mail\RetryMailer;
/**
@@ -184,7 +182,6 @@ class ServicesProvider
$twig = $view->getEnvironment();
$twig->addExtension(new HasRoleExtension($c));
$twig->addExtension(new MobileDetectExtension($c));
return $view;
});
@@ -210,26 +207,5 @@ class ServicesProvider
return $logger;
};
/*
* Mail service.
*
* @return \UserFrosting\Sprinkle\Core\Mail\Mailer
* @return \UserFrosting\Sprinkle\UFTweaks\Mail\RetryMailer
*/
$container->extend('mailer', function ($mailer, $c) {
if (!$c->config['retry_mailer.enabled']) {
return $mailer;
}
$retryMailer = new RetryMailer($c->mailLogger, $c->config['mail']);
// Use UF debug settings to override any service-specific log settings.
if (!$c->config['debug.smtp']) {
$retryMailer->getPhpMailer()->SMTPDebug = 0;
}
return $retryMailer;
});
}
}

60
src/Twig/MobileDetectExtension.php
View File

@@ -1,60 +0,0 @@
<?php
/*
* AVSDev UF Tweaks (https://avsdev.uk)
*
* @link https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks
* @license https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks/blob/master/LICENSE.md (LGPL-3.0 License)
*/
namespace UserFrosting\Sprinkle\UFTweaks\Twig;
use Detection\MobileDetect;
use Psr\Container\ContainerInterface;
use Twig\Extension\AbstractExtension;
use Twig\Extension\GlobalsInterface;
use Twig\TwigFunction;
/**
* Extends Twig functionality for mobile detection.
*
* @author Craig Williams (https://avsdev.uk)
*/
class MobileDetectExtension extends AbstractExtension implements GlobalsInterface
{
/**
* @param ContainerInterface $services
*/
public function __construct(ContainerInterface $services)
{
}
public function getName()
{
return 'avsdev/uf-tweaks-mobileDetect';
}
public function getFunctions()
{
return [
// Add Twig function for checking permissions during dynamic menu rendering
new TwigFunction('isMobile', function () {
$detect = new MobileDetect();
return $detect->isMobile();
}),
new TwigFunction('isTablet', function () {
$detect = new MobileDetect();
return $detect->isTablet();
}),
new TwigFunction('isDesktop', function () {
$detect = new MobileDetect();
return !$detect->isTablet() && !$detect->isMobile();
}),
];
}
public function getGlobals()
{
return [];
}
}

4
templates/forms/inputs/abstract/slug.html.twig
View File

@@ -1,4 +1,4 @@
{% if 'slug' not in form.fields.hidden %}
{% if 'description' not in form.fields.hidden %}
{% if col_width %}<div class="{{col_width}}">{% endif %}
<div class="form-group">
<label for="input-{{type}}-slug" class="control-label">{{field_name | default(translate('SLUG'))}}</label>
@@ -15,6 +15,4 @@
</div>
</div>
{% if col_width %}</div>{% endif %}
{% else %}
<input type="hidden" id="input-{{type}}-slug" name="slug" value="{{current_value}}">
{% endif %}

7
templates/tables/columns/abstract/generic-text.html.twig
View File

@@ -1,7 +0,0 @@
<script id="{{table.id}}-column-{{column.name}}" type="text/x-handlebars-template">
{% verbatim %}
<td data-text="{{row.{% endverbatim %}{{column.field}}{% verbatim %}}}">
{{row.{% endverbatim %}{{column.field}}{% verbatim %}}}
</td>
{% endverbatim %}
</script>