Merge remote-tracking branch 'upstream/develop' into allow-null-group…

…-assignment
amosfolz · Jun 19, 2019 · c189db8 · c189db8
2 parents 13fa23c + 35ec97c
commit c189db8
Show file tree

Hide file tree

Showing 79 changed files with 798 additions and 815 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -9,8 +9,6 @@ services:
   - redis-server
 
 php:
-  - 5.6
-  - 7
   - 7.1
   - 7.2
   - 7.3

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,34 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [v4.3.0]
+
+### Changed Requirements
+- Changed minimum PHP Version to 7.1
+
+### Added
+- Separated `BakeCommand` class into multiple methods to make it easier for sprinkle to add custom command to the `bake` command.
+
+### Fix
+- `bake` command return error if account sprinkle is not included ([#944])
+
+### Changed
+- Account sprinkle now extend the Core `BakeCommand` class to add the `create-admin` to the general bake command. Any sprinkle already extending the Core `BakeCommand` might need adjustments.
+- Updated custom Eloquent relations (`belongsToManyThrough`, `morphToManyUnique`, `belongsToManyUnique`, `morphToManyUnique`, etc.) to support Laravel 5.8. See [The `belongsToMany` Method](https://laravel.com/docs/5.5/upgrade#upgrade-5.5.0).
+
+### Removed
+- Removed `belongsToManyConstrained` (deprecated in 4.1.6)
+
+## [v4.2.3]
+
+### Added
+- Config to set Domain of RememberMe Cookie ([#990]; [#991]; Thanks @xrobau!)
+- Config settings for password min/max length ([#993])
+
+### Fixed
+- [PHPMailer] Turn off opportunistic TLS when disabled ([#986]; [#987])
+- Migrator now ignore files that don't end in `.php` ([#965]; Temporary fix for [#998])
+
 ## [v4.2.2]
 
 ### Added
@@ -755,10 +783,18 @@ See [http://learn.userfrosting.com/upgrading/40-to-41](Upgrading 4.0.x to 4.1.x
 [#953]: https://github.com/userfrosting/UserFrosting/issues/953
 [#958]: https://github.com/userfrosting/UserFrosting/issues/958
 [#963]: https://github.com/userfrosting/UserFrosting/issues/963
+[#965]: https://github.com/userfrosting/UserFrosting/issues/965
 [#968]: https://github.com/userfrosting/UserFrosting/issues/968
 [#981]: https://github.com/userfrosting/UserFrosting/issues/981
 [#983]: https://github.com/userfrosting/UserFrosting/issues/983
+[#986]: https://github.com/userfrosting/UserFrosting/issues/986
+[#987]: https://github.com/userfrosting/UserFrosting/issues/987
+[#990]: https://github.com/userfrosting/UserFrosting/issues/990
+[#991]: https://github.com/userfrosting/UserFrosting/issues/991
+[#993]: https://github.com/userfrosting/UserFrosting/issues/993
+[#998]: https://github.com/userfrosting/UserFrosting/issues/998
 
 [v4.2.0]: https://github.com/userfrosting/UserFrosting/compare/v4.1.22...v4.2.0
 [v4.2.1]: https://github.com/userfrosting/UserFrosting/compare/v4.2.0...v.4.2.1
 [v4.2.2]: https://github.com/userfrosting/UserFrosting/compare/v.4.2.1...v4.2.2
+[v4.2.3]: https://github.com/userfrosting/UserFrosting/compare/v4.2.2...v4.2.3
diff --git a/README.md b/README.md
@@ -33,7 +33,7 @@ If you simply want to show that you like this project, or want to remember it fo
 
 Copyright (c) 2019, free to use in personal and commercial software as per the [license](LICENSE.md).
 
-UserFrosting is a secure, modern user management system written in PHP and built on top of the [Slim Microframework](http://www.slimframework.com/), [Twig](http://twig.sensiolabs.org/) templating engine, and [Eloquent](https://laravel.com/docs/5.4/eloquent#introduction) ORM.
+UserFrosting is a secure, modern user management system written in PHP and built on top of the [Slim Microframework](http://www.slimframework.com/), [Twig](http://twig.sensiolabs.org/) templating engine, and [Eloquent](https://laravel.com/docs/5.8/eloquent#introduction) ORM.
 
 ## Features
 

diff --git a/app/defines.php b/app/defines.php
@@ -11,9 +11,9 @@
 namespace UserFrosting;
 
 // Some standard defines
-define('UserFrosting\VERSION', '4.2.2');
+define('UserFrosting\VERSION', '4.3.0-dev');
 define('UserFrosting\DS', '/');
-define('UserFrosting\PHP_MIN_VERSION', '5.6');
+define('UserFrosting\PHP_MIN_VERSION', '7.1');
 define('UserFrosting\PHP_RECOMMENDED_VERSION', '7.2');
 define('UserFrosting\NODE_MIN_VERSION', 'v10.12.0');
 define('UserFrosting\NPM_MIN_VERSION', '6.0.0');

diff --git a/app/sprinkles/account/composer.json b/app/sprinkles/account/composer.json
@@ -13,8 +13,7 @@
     ],
     "require": {
         "birke/rememberme" : "^2.0",
-        "nikic/php-parser" : "^1",
-        "php": ">=5.6"
+        "nikic/php-parser" : "^1"
     },
     "autoload": {
         "psr-4": {

diff --git a/app/sprinkles/account/config/default.php b/app/sprinkles/account/config/default.php
@@ -55,11 +55,37 @@
     * RememberMe Package Settings
     * ----------------------------------------------------------------------
     * See https://github.com/gbirke/rememberme for an explanation of these settings
+    *
+    * Note that the 'domain' field can be set to match your top-level-domain if you
+    * want to send the rememberme to all hosts in your domain.  An automatic config
+    * of this can be done in your config.php with code similar to this:
+    *
+    * if (!empty($_SERVER['SERVER_NAME']) && filter_var($_SERVER['SERVER_NAME'], \FILTER_VALIDATE_IP) === false) {
+    *    $darr = explode(".", $_SERVER['SERVER_NAME']);
+    *    array_shift($darr);
+    *    $conf['session']['cookie_parameters'] = [ "lifetime" => 86400, "domain" => ".".join(".", $darr), "path" => "/" ];
+    *    $conf['remember_me'] = [ "domain" => ".".join(".", $darr) ];
+    * }
+    *
+    * (Or, for production, you can hard-code the domain rather than calculating it on each page load)
+    *
+    * This is DELIBERATELY NOT TURNED ON BY DEFAULT!
+    *
+    * If you enable the 'domain' (on both the session and the remember_me cookies)
+    * you will be sending your authentication cookies to every machine in the
+    * domain you are using. This may not be bad if you control the domain, but
+    * if you are using a VPS and the hostname of the machine you are connecting to
+    * is, for example, host2.vps.blah.com, and you connect to host20.vps.blah.com,
+    * your browser will send your (super secret) cookies to host20.vps.blah.com.
+    *
+    * You only want to turn this on if you want machine1.foo.com to receive the
+    * cookies that THIS MACHINE (machine2.foo.com) set.
     */
     'remember_me' => [
         'cookie' => [
             'name' => 'rememberme',
         ],
+        'domain'      => null,
         'expire_time' => 604800,
         'session'     => [
             'path' => '/',
@@ -96,7 +122,8 @@
     * Account Site Settings
     * ----------------------------------------------------------------------
     * "Site" settings that are automatically passed to Twig. Use theses
-    * settings to control the login and registration process
+    * settings to control the login, password (re)set and registration
+    * processes
     */
     'site' => [
         'login' => [
@@ -115,6 +142,12 @@
                 ],
             ],
         ],
+        'password' => [
+            'length' => [
+                'min' => 8,
+                'max' => 25,
+            ],
+        ],
     ],
 
     /*

diff --git a/app/sprinkles/account/locale/es_ES/messages.php b/app/sprinkles/account/locale/es_ES/messages.php
@@ -99,7 +99,7 @@
     'PASSWORD' => [
         '@TRANSLATION' => 'Contraseña',
 
-        'BETWEEN' => 'Entre {{min}} - {{max}} (recomendado 12)',
+        'BETWEEN' => 'Entre {{min}} - {{max}}',
 
         'CONFIRM'             => 'Confirmar contraseña',
         'CONFIRM_CURRENT'     => 'Por favor, confirma tu contraseña actual',

diff --git a/app/sprinkles/account/src/Account/Registration.php b/app/sprinkles/account/src/Account/Registration.php
@@ -91,7 +91,7 @@ public function register()
         $this->validate();
 
         // Set default group
-        $defaultGroup = $this->ci->classMapper->staticMethod('group', 'where', 'slug', $this->defaultGroup)->first();
+        $defaultGroup = $this->ci->classMapper->getClassMapping('group')::where('slug', $this->defaultGroup)->first();
 
         if (!$defaultGroup) {
             $e = new HttpException("Account registration is not working because the default group '{$this->defaultGroup}' does not exist.");
@@ -127,7 +127,7 @@ public function register()
             ]);
 
             // Load default roles
-            $defaultRoles = $this->ci->classMapper->staticMethod('role', 'whereIn', 'slug', $this->defaultRoles)->get();
+            $defaultRoles = $this->ci->classMapper->getClassMapping('role')::whereIn('slug', $this->defaultRoles)->get();
             $defaultRoleIds = $defaultRoles->pluck('id')->all();
 
             // Attach default roles
@@ -195,7 +195,7 @@ public function validate()
      */
     public function usernameIsUnique($username)
     {
-        return !($this->ci->classMapper->staticMethod('user', 'findUnique', $username, 'user_name'));
+        return !($this->ci->classMapper->getClassMapping('user')::findUnique($username, 'user_name'));
     }
 
     /**
@@ -208,7 +208,7 @@ public function usernameIsUnique($username)
      */
     public function emailIsUnique($email)
     {
-        return !($this->ci->classMapper->staticMethod('user', 'findUnique', $email, 'email'));
+        return !($this->ci->classMapper->getClassMapping('user')::findUnique($email, 'email'));
     }
 
     /**
@@ -227,7 +227,7 @@ protected function setDefaults()
         $this->verified = $this->ci->config['site.registration.require_email_verification'];
         $this->requireEmailVerification = $this->ci->config['site.registration.require_email_verification'];
         $this->defaultGroup = $this->ci->config['site.registration.user_defaults.group'];
-        $this->defaultRoles = $this->ci->classMapper->staticMethod('role', 'getDefaultSlugs');
+        $this->defaultRoles = $this->ci->classMapper->getClassMapping('role')::getDefaultSlugs();
     }
 
     /**

diff --git a/app/sprinkles/account/src/Authenticate/Authenticator.php b/app/sprinkles/account/src/Authenticate/Authenticator.php
@@ -118,10 +118,15 @@ public function __construct(ClassMapper $classMapper, Session $session, Config $
         $this->rememberMe->getCookie()->setPath($this->config['remember_me.session.path']);
 
         // Set expire time, if specified
-        if ($this->config->has('remember_me.expire_time') && ($this->config->has('remember_me.expire_time') != null)) {
+        if ($this->config->has('remember_me.expire_time') && $this->config->has('remember_me.expire_time') != null) {
             $this->rememberMe->getCookie()->setExpireTime($this->config['remember_me.expire_time']);
         }
 
+        // Set domain, if specified
+        if ($this->config->has('remember_me.domain') && $this->config->has('remember_me.domain') != null) {
+            $this->rememberMe->getCookie()->setDomain($this->config['remember_me.domain']);
+        }
+
         $this->user = null;
         $this->viaRemember = false;
     }
@@ -145,7 +150,7 @@ public function __construct(ClassMapper $classMapper, Session $session, Config $
     public function attempt($identityColumn, $identityValue, $password, $rememberMe = false)
     {
         // Try to load the user, using the specified conditions
-        $user = $this->classMapper->staticMethod('user', 'where', $identityColumn, $identityValue)->first();
+        $user = $this->classMapper->getClassMapping('user')::where($identityColumn, $identityValue)->first();
 
         if (!$user) {
             throw new InvalidCredentialsException();
@@ -257,7 +262,7 @@ public function logout($complete = false)
 
         // User logout actions
         if ($currentUserId) {
-            $currentUser = $this->classMapper->staticMethod('user', 'find', $currentUserId);
+            $currentUser = $this->classMapper->getClassMapping('user')::find($currentUserId);
             if ($currentUser) {
                 $currentUser->onLogout();
             }
@@ -425,7 +430,7 @@ protected function validateUserAccount($userId)
             // Load user from db, cache the result
             $key = $this->config['cache.user.key'] . $userId;
             $user = $this->cache->remember($key, $this->config['cache.user.delay'], function () use ($userId) {
-                return $this->classMapper->staticMethod('user', 'find', (int) $userId);
+                return $this->classMapper->getClassMapping('user')::find((int) $userId);
             });
 
             // If the user doesn't exist any more, throw an exception.

diff --git a/app/sprinkles/account/src/Bakery/BakeCommand.php b/app/sprinkles/account/src/Bakery/BakeCommand.php
@@ -0,0 +1,33 @@
+<?php
+
+/*
+ * UserFrosting (http://www.userfrosting.com)
+ *
+ * @link      https://github.com/userfrosting/UserFrosting
+ * @copyright Copyright (c) 2019 Alexander Weissman
+ * @license   https://github.com/userfrosting/UserFrosting/blob/master/LICENSE.md (MIT License)
+ */
+
+namespace UserFrosting\Sprinkle\Account\Bakery;
+
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use UserFrosting\Sprinkle\Core\Bakery\BakeCommand as CoreBakeCommand;
+
+/**
+ * Bake command extension.
+ * Adding Account provided `create-admin` to the bake command.
+ */
+class BakeCommand extends CoreBakeCommand
+{
+    /**
+     * {@inheritdoc}
+     */
+    protected function executeConfiguration(InputInterface $input, OutputInterface $output)
+    {
+        parent::executeConfiguration($input, $output);
+
+        $command = $this->getApplication()->find('create-admin');
+        $command->run($input, $output);
+    }
+}
diff --git a/app/sprinkles/account/src/Bakery/CreateAdminUser.php b/app/sprinkles/account/src/Bakery/CreateAdminUser.php
@@ -298,8 +298,11 @@ protected function validateLastName($lastName)
      */
     protected function askPassword($password = '', $requireConfirmation = true)
     {
+        $passwordMin = $this->ci->config['site.password.length.min'];
+        $passwordMax = $this->ci->config['site.password.length.max'];
+
         while (!isset($password) || !$this->validatePassword($password) || !$this->confirmPassword($password, $requireConfirmation)) {
-            $password = $this->io->askHidden('Enter password (12-255 characters)');
+            $password = $this->io->askHidden('Enter password (' . $passwordMin . '-' . $passwordMax . ' characters)');
         }
 
         return $password;
@@ -314,9 +317,11 @@ protected function askPassword($password = '', $requireConfirmation = true)
      */
     protected function validatePassword($password)
     {
-        //TODO Config for this ??
-        if (strlen($password) < 12 || strlen($password) > 255) {
-            $this->io->error('Password must be between 12-255 characters');
+        $passwordMin = $this->ci->config['site.password.length.min'];
+        $passwordMax = $this->ci->config['site.password.length.max'];
+
+        if (strlen($password) < $passwordMin || strlen($password) > $passwordMax) {
+            $this->io->error('Password must be between ' . $passwordMin . ' and ' . $passwordMax . ' characters');
 
             return false;
         }
-Original file line number
+Diff line change
@@ Expand Up / @@ -9,8 +9,6 @@ services: @@
       - redis-server
     php:
-      - 5.6
-      - 7
       - 7.1
       - 7.2
       - 7.3
@@ Expand Down @@