4.2.3 Release

Author: lcharette

.travis.yml

@@ -35,7 +35,8 @@ before_install:
   - nvm install 10.12.0
   # Install Redis and Memcached
   - echo "extension = memcached.so" >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini
-  - printf "\n" | pecl install -f redis
+  # Temporary disabled as it's not compatible with PHP 5.6
+  # - printf "\n" | pecl install -f redis
 
 before_script:
   # install deps and UF

CHANGELOG.md

@@ -5,6 +5,20 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [v4.2.3]
+
+### Added
+- Config to set Domain of RememberMe Cookie ([#990], [#991]; Thanks @xrobau !)
+- Config settings for password min/max length ([#993])
+- `migrate:clean` bakery command ([#1007])
+
+### Fixed
+- [PHPMailer] Turn off opportunistic TLS when disabled ([#986], [#987])
+- Migrator now ignore files that don't end in `.php` ([#965], [#998])
+- Respects CSRF_ENABLED environment variable ([#976]; Thanks @Poldovico !)
+- Checkbox bug on password change form ([#1008])
+- On role page, users table action buttons not working ([#1010])
+
 ## [v4.2.2]
 
 ### Added
@@ -755,10 +769,22 @@ See [http://learn.userfrosting.com/upgrading/40-to-41](Upgrading 4.0.x to 4.1.x
 [#953]: https://github.com/userfrosting/UserFrosting/issues/953
 [#958]: https://github.com/userfrosting/UserFrosting/issues/958
 [#963]: https://github.com/userfrosting/UserFrosting/issues/963
+[#965]: https://github.com/userfrosting/UserFrosting/issues/965
 [#968]: https://github.com/userfrosting/UserFrosting/issues/968
+[#976]: https://github.com/userfrosting/UserFrosting/issues/976
 [#981]: https://github.com/userfrosting/UserFrosting/issues/981
 [#983]: https://github.com/userfrosting/UserFrosting/issues/983
+[#986]: https://github.com/userfrosting/UserFrosting/issues/986
+[#987]: https://github.com/userfrosting/UserFrosting/issues/987
+[#990]: https://github.com/userfrosting/UserFrosting/issues/990
+[#991]: https://github.com/userfrosting/UserFrosting/issues/991
+[#993]: https://github.com/userfrosting/UserFrosting/issues/993
+[#998]: https://github.com/userfrosting/UserFrosting/issues/998
+[#1007]: https://github.com/userfrosting/UserFrosting/issues/1007
+[#1008]: https://github.com/userfrosting/UserFrosting/issues/1008
+[#1010]: https://github.com/userfrosting/UserFrosting/issues/1010
 
 [v4.2.0]: https://github.com/userfrosting/UserFrosting/compare/v4.1.22...v4.2.0
 [v4.2.1]: https://github.com/userfrosting/UserFrosting/compare/v4.2.0...v.4.2.1
 [v4.2.2]: https://github.com/userfrosting/UserFrosting/compare/v.4.2.1...v4.2.2
+[v4.2.3]: https://github.com/userfrosting/UserFrosting/compare/v4.2.2...v4.2.3

app/defines.php

@@ -11,7 +11,7 @@
 namespace UserFrosting;
 
 // Some standard defines
-define('UserFrosting\VERSION', '4.2.2');
+define('UserFrosting\VERSION', '4.2.3');
 define('UserFrosting\DS', '/');
 define('UserFrosting\PHP_MIN_VERSION', '5.6');
 define('UserFrosting\PHP_RECOMMENDED_VERSION', '7.2');

app/sprinkles/account/config/default.php

@@ -55,11 +55,37 @@
     * RememberMe Package Settings
     * ----------------------------------------------------------------------
     * See https://github.com/gbirke/rememberme for an explanation of these settings
+    *
+    * Note that the 'domain' field can be set to match your top-level-domain if you
+    * want to send the rememberme to all hosts in your domain.  An automatic config
+    * of this can be done in your config.php with code similar to this:
+    *
+    * if (!empty($_SERVER['SERVER_NAME']) && filter_var($_SERVER['SERVER_NAME'], \FILTER_VALIDATE_IP) === false) {
+    *    $darr = explode(".", $_SERVER['SERVER_NAME']);
+    *    array_shift($darr);
+    *    $conf['session']['cookie_parameters'] = [ "lifetime" => 86400, "domain" => ".".join(".", $darr), "path" => "/" ];
+    *    $conf['remember_me'] = [ "domain" => ".".join(".", $darr) ];
+    * }
+    *
+    * (Or, for production, you can hard-code the domain rather than calculating it on each page load)
+    *
+    * This is DELIBERATELY NOT TURNED ON BY DEFAULT!
+    *
+    * If you enable the 'domain' (on both the session and the remember_me cookies)
+    * you will be sending your authentication cookies to every machine in the
+    * domain you are using. This may not be bad if you control the domain, but
+    * if you are using a VPS and the hostname of the machine you are connecting to
+    * is, for example, host2.vps.blah.com, and you connect to host20.vps.blah.com,
+    * your browser will send your (super secret) cookies to host20.vps.blah.com.
+    *
+    * You only want to turn this on if you want machine1.foo.com to receive the
+    * cookies that THIS MACHINE (machine2.foo.com) set.
     */
     'remember_me' => [
         'cookie' => [
             'name' => 'rememberme',
         ],
+        'domain'      => null,
         'expire_time' => 604800,
         'session'     => [
             'path' => '/',
@@ -96,7 +122,8 @@
     * Account Site Settings
     * ----------------------------------------------------------------------
     * "Site" settings that are automatically passed to Twig. Use theses
-    * settings to control the login and registration process
+    * settings to control the login, password (re)set and registration
+    * processes
     */
     'site' => [
         'login' => [
@@ -115,6 +142,12 @@
                 ],
             ],
         ],
+        'password' => [
+            'length' => [
+                'min' => 8,
+                'max' => 25,
+            ],
+        ],
     ],
 
     /*

app/sprinkles/account/locale/es_ES/messages.php

@@ -99,7 +99,7 @@
     'PASSWORD' => [
         '@TRANSLATION' => 'Contraseña',
 
-        'BETWEEN' => 'Entre {{min}} - {{max}} (recomendado 12)',
+        'BETWEEN' => 'Entre {{min}} - {{max}}',
 
         'CONFIRM'             => 'Confirmar contraseña',
         'CONFIRM_CURRENT'     => 'Por favor, confirma tu contraseña actual',

app/sprinkles/account/src/Authenticate/Authenticator.php

@@ -118,10 +118,15 @@ public function __construct(ClassMapper $classMapper, Session $session, Config $
         $this->rememberMe->getCookie()->setPath($this->config['remember_me.session.path']);
 
         // Set expire time, if specified
-        if ($this->config->has('remember_me.expire_time') && ($this->config->has('remember_me.expire_time') != null)) {
+        if ($this->config->has('remember_me.expire_time') && $this->config->has('remember_me.expire_time') != null) {
             $this->rememberMe->getCookie()->setExpireTime($this->config['remember_me.expire_time']);
         }
 
+        // Set domain, if specified
+        if ($this->config->has('remember_me.domain') && $this->config->has('remember_me.domain') != null) {
+            $this->rememberMe->getCookie()->setDomain($this->config['remember_me.domain']);
+        }
+
         $this->user = null;
         $this->viaRemember = false;
     }

app/sprinkles/account/src/Bakery/CreateAdminUser.php

@@ -298,8 +298,11 @@ protected function validateLastName($lastName)
      */
     protected function askPassword($password = '', $requireConfirmation = true)
     {
+        $passwordMin = $this->ci->config['site.password.length.min'];
+        $passwordMax = $this->ci->config['site.password.length.max'];
+
         while (!isset($password) || !$this->validatePassword($password) || !$this->confirmPassword($password, $requireConfirmation)) {
-            $password = $this->io->askHidden('Enter password (12-255 characters)');
+            $password = $this->io->askHidden('Enter password (' . $passwordMin . '-' . $passwordMax . ' characters)');
         }
 
         return $password;
@@ -314,9 +317,11 @@ protected function askPassword($password = '', $requireConfirmation = true)
      */
     protected function validatePassword($password)
     {
-        //TODO Config for this ??
-        if (strlen($password) < 12 || strlen($password) > 255) {
-            $this->io->error('Password must be between 12-255 characters');
+        $passwordMin = $this->ci->config['site.password.length.min'];
+        $passwordMax = $this->ci->config['site.password.length.max'];
+
+        if (strlen($password) < $passwordMin || strlen($password) > $passwordMax) {
+            $this->io->error('Password must be between ' . $passwordMin . ' and ' . $passwordMax . ' characters');
 
             return false;
         }

app/sprinkles/account/src/Controller/AccountController.php

@@ -519,6 +519,10 @@ public function pageRegister(Request $request, Response $response, $args)
 
         // Load validation rules
         $schema = new RequestSchema('schema://requests/register.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
+        $schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
+        $schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
         $validatorRegister = new JqueryValidationAdapter($schema, $this->ci->translator);
 
         // Get locale information
@@ -593,11 +597,18 @@ public function pageResendVerification(Request $request, Response $response, $ar
      */
     public function pageResetPassword(Request $request, Response $response, $args)
     {
+        /** @var \UserFrosting\Support\Repository\Repository $config */
+        $config = $this->ci->config;
+
         // Insert the user's secret token from the link into the password reset form
         $params = $request->getQueryParams();
 
         // Load validation rules - note this uses the same schema as "set password"
         $schema = new RequestSchema('schema://requests/set-password.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
+        $schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
+        $schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
         $validator = new JqueryValidationAdapter($schema, $this->ci->translator);
 
         return $this->ci->view->render($response, 'pages/reset-password.html.twig', [
@@ -627,11 +638,18 @@ public function pageResetPassword(Request $request, Response $response, $args)
      */
     public function pageSetPassword(Request $request, Response $response, $args)
     {
+        /** @var \UserFrosting\Support\Repository\Repository $config */
+        $config = $this->ci->config;
+
         // Insert the user's secret token from the link into the password set form
         $params = $request->getQueryParams();
 
         // Load validation rules
         $schema = new RequestSchema('schema://requests/set-password.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
+        $schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
+        $schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
         $validator = new JqueryValidationAdapter($schema, $this->ci->translator);
 
         return $this->ci->view->render($response, 'pages/set-password.html.twig', [
@@ -664,6 +682,9 @@ public function pageSetPassword(Request $request, Response $response, $args)
      */
     public function pageSettings(Request $request, Response $response, $args)
     {
+        /** @var \UserFrosting\Support\Repository\Repository $config */
+        $config = $this->ci->config;
+
         /** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager */
         $authorizer = $this->ci->authorizer;
 
@@ -677,14 +698,15 @@ public function pageSettings(Request $request, Response $response, $args)
 
         // Load validation rules
         $schema = new RequestSchema('schema://requests/account-settings.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
+        $schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
+        $schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
         $validatorAccountSettings = new JqueryValidationAdapter($schema, $this->ci->translator);
 
         $schema = new RequestSchema('schema://requests/profile-settings.yaml');
         $validatorProfileSettings = new JqueryValidationAdapter($schema, $this->ci->translator);
 
-        /** @var \UserFrosting\Support\Repository\Repository $config */
-        $config = $this->ci->config;
-
         // Get a list of all locales
         $locales = $config->getDefined('site.locales.available');
 
@@ -919,6 +941,10 @@ public function register(Request $request, Response $response, $args)
 
         // Load the request schema
         $schema = new RequestSchema('schema://requests/register.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
+        $schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
+        $schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
 
         // Whitelist and set parameter defaults
         $transformer = new RequestDataTransformer($schema);
@@ -1117,6 +1143,10 @@ public function setPassword(Request $request, Response $response, $args)
 
         // Load the request schema
         $schema = new RequestSchema('schema://requests/set-password.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
+        $schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
+        $schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
 
         // Whitelist and set parameter defaults
         $transformer = new RequestDataTransformer($schema);
@@ -1210,6 +1240,10 @@ public function settings(Request $request, Response $response, $args)
 
         // Load the request schema
         $schema = new RequestSchema('schema://requests/account-settings.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
+        $schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
+        $schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
 
         // Whitelist and set parameter defaults
         $transformer = new RequestDataTransformer($schema);

app/sprinkles/account/templates/forms/settings-account.html.twig

@@ -16,7 +16,7 @@
             {% if page.visibility != "disabled" %}
                 <div class="form-group">
                     <label for="input-password" class="control-label">{{translate("PASSWORD.NEW")}}</label>
-                    <input type="password" id="input-password" class="form-control" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: 12, max: 100})}} ({{translate("OPTIONAL")}})">
+                    <input type="password" id="input-password" class="form-control" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: site.password.length.min, max: site.password.length.max})}} ({{translate("OPTIONAL")}})">
                 </div>
                 <div class="form-group">
                     <label for="input-passwordc" class="control-label">{{translate("PASSWORD.CONFIRM_NEW")}}</label>

app/sprinkles/account/templates/pages/register.html.twig

@@ -47,7 +47,7 @@
             </div>
             <div class="form-group">
                 <label for="r-form-password">{{translate('PASSWORD')}}</label>
-                <input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: 12, max: 100})}}" class="form-control" id="r-form-password">
+                <input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: site.password.length.min, max: site.password.length.max})}}" class="form-control" id="r-form-password">
             </div>
             <div class="form-group">
                 <label class="sr-only" for="r-form-passwordc">{{translate('PASSWORD.CONFIRM')}}</label>

app/sprinkles/account/templates/pages/reset-password.html.twig

@@ -30,7 +30,7 @@
 
             <div class="form-group">
                 <label class="sr-only" for="form-password">{{translate("PASSWORD.NEW")}}</label>
-                <input type="password" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: 12, max: 100})}}" class="form-control" id="form-password">
+                <input type="password" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: site.password.length.min, max: site.password.length.max})}}" class="form-control" id="form-password">
             </div>
 
             <div class="form-group">

app/sprinkles/account/templates/pages/set-password.html.twig

@@ -30,7 +30,7 @@
 
             <div class="form-group">
                 <label class="sr-only" for="form-password">{{translate('PASSWORD')}}</label>
-                <input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: 12, max: 100})}}" class="form-control" id="form-password">
+                <input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: site.password.length.min, max: site.password.length.max})}}" class="form-control" id="form-password">
             </div>
             <div class="form-group">
                 <label class="sr-only" for="form-passwordc">{{translate('PASSWORD.CONFIRM')}}</label>

app/sprinkles/admin/src/Controller/RoleController.php

@@ -957,6 +957,8 @@ public function updateField(Request $request, Response $response, $args)
 
         // Load the request schema
         $schema = new RequestSchema('schema://requests/role/edit-field.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
 
         // Whitelist and set parameter defaults
         $transformer = new RequestDataTransformer($schema);

app/sprinkles/admin/src/Controller/UserController.php

@@ -765,6 +765,9 @@ public function getModalEditPassword(Request $request, Response $response, $args
         /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
         $currentUser = $this->ci->currentUser;
 
+        /** @var \UserFrosting\Support\Repository\Repository $config */
+        $config = $this->ci->config;
+
         // Access-controlled resource - check that currentUser has permission to edit "password" field for this user
         if (!$authorizer->checkAccess($currentUser, 'update_user_field', [
             'user' => $user,
@@ -775,6 +778,10 @@ public function getModalEditPassword(Request $request, Response $response, $args
 
         // Load validation rules
         $schema = new RequestSchema('schema://requests/user/edit-password.yaml');
+        $schema->set('value.validators.length.min', $config['site.password.length.min']);
+        $schema->set('value.validators.length.max', $config['site.password.length.max']);
+        $schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
+        $schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
         $validator = new JqueryValidationAdapter($schema, $this->ci->translator);
 
         return $this->ci->view->render($response, 'modals/user-set-password.html.twig', [
@@ -1307,6 +1314,8 @@ public function updateField(Request $request, Response $response, $args)
 
         // Load the request schema
         $schema = new RequestSchema('schema://requests/user/edit-field.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
 
         // Whitelist and set parameter defaults
         $transformer = new RequestDataTransformer($schema);