Merge pull request #363 from CakeDC/develop

Develop
CakeDC · Apr 18, 2016 · 5565ac3 · 5565ac3
2 parents a80ed8b + 259a850
commit 5565ac3
Show file tree

Hide file tree

Showing 31 changed files with 888 additions and 115 deletions.
diff --git a/.semver b/.semver
@@ -1,5 +1,5 @@
 ---
 :major: 3
-:minor: 1
-:patch: 5
+:minor: 2
+:patch: 0
 :special: ''
diff --git a/Docs/Documentation/Configuration.md b/Docs/Documentation/Configuration.md
@@ -38,6 +38,16 @@ Configure::write('OAuth.providers.twitter.options.clientSecret', 'YOUR APP SECRE
 
 Or use the config override option when loading the plugin (see above)
 
+Configuration for reCaptcha
+---------------------
+```
+Configure::write('Users.reCaptcha.key', 'YOUR RECAPTCHA KEY');
+Configure::write('Users.reCaptcha.secret', 'YOUR RECAPTCHA SECRET');
+Configure::write('Users.reCaptcha.registration', true); //enable on registration
+Configure::write('Users.reCaptcha.login', true); //enable on login
+```
+
+
 Configuration options
 ---------------------
 

diff --git a/Docs/Documentation/Installation.md b/Docs/Documentation/Installation.md
@@ -8,7 +8,7 @@ Composer
 composer require cakedc/users
 ```
 
-if you want to use social login features...
+If you want to use social login features...
 
 ```
 composer require league/oauth2-facebook:@stable
@@ -25,6 +25,15 @@ login is disabled by default. Check the [Configuration](Configuration.md) page f
 Configure::write('Users.Social.login', true); //to enable social login
 ```
 
+If you want to use reCaptcha features...
+
+```
+composer require google/recaptcha:@stable
+```
+
+NOTE: you'll need to configure the reCaptcha key and secret, check the [Configuration](Configuration.md)
+page for more details.
+
 Creating Required Tables
 ------------------------
 If you want to use the Users tables to store your users and social accounts:

diff --git a/Docs/Documentation/Overview.md b/Docs/Documentation/Overview.md
@@ -14,5 +14,5 @@ The plugin itself is already capable of:
 * Simple roles management
 * Simple Rbac and SuperUser Authorize
 * RememberMe using cookie feature
-* reCaptcha for user registration
+* reCaptcha for user registration and login
 
diff --git a/Docs/Documentation/UserHelper.md b/Docs/Documentation/UserHelper.md
@@ -57,17 +57,15 @@ It displays a welcome message for the user including the name and a link to the
 $this->User->welcome();
 ```
 
-reCAPTCHA
+reCaptcha
 -----------------
 
-If you have configured reCAPTCHA for registration and have the proper key/secret configured then you will see the reCAPTCHA in registration page automatically.
-
-You could also use it in another templates with the following methods:
+Handles the reCaptcha input display:
 
 ```php
 $this->User->addReCaptchaScript();
 
 $this->User->addReCaptcha();
 ```
 
-Note that the script is added automatically if the feature is enabled in config.
+Note reCaptcha script is added to script block when `addReCaptcha` method is called.
diff --git a/config/routes.php b/config/routes.php
@@ -15,9 +15,6 @@
         $routes->fallbacks('DashedRoute');
     });
 
-//if (!Configure::check('OAuth.path')) {
-//    Configure::load('CakeDC/Users.users');
-//}
 Router::connect('/auth/twitter', [
         'plugin' => 'CakeDC/Users',
         'controller' => 'Users',

diff --git a/config/users.php b/config/users.php
@@ -34,6 +34,16 @@
             //determines if the reCaptcha is enabled for registration
             'reCaptcha' => true,
         ],
+        'reCaptcha' => [
+            //reCaptcha key goes here
+            'key' => null,
+            //reCaptcha secret
+            'secret' => null,
+            //use reCaptcha in registration
+            'registration' => false,
+            //use reCaptcha in login, valid values are false, true
+            'login' => false,
+        ],
         'Tos' => [
             //determines if the user should include tos accepted
             'required' => true,
@@ -109,26 +119,31 @@
                 'className' => 'League\OAuth2\Client\Provider\Facebook',
                 'options' => [
                     'graphApiVersion' => 'v2.5',
-                    'redirectUri' =>  Router::url('/auth/facebook', true)
+                    'redirectUri' => Router::fullBaseUrl() . '/auth/facebook',
+                ]
+            ],
+            'twitter' => [
+                'options' => [
+                    'redirectUri' => Router::fullBaseUrl() . '/auth/twitter',
                 ]
             ],
             'linkedIn' => [
                 'className' => 'League\OAuth2\Client\Provider\LinkedIn',
                 'options' => [
-                    'redirectUri' => Router::url('/auth/linkedIn', true)
+                    'redirectUri' => Router::fullBaseUrl() . '/auth/linkedIn',
                 ]
             ],
             'instagram' => [
                 'className' => 'League\OAuth2\Client\Provider\Instagram',
                 'options' => [
-                    'redirectUri' => Router::url('/auth/instagram', true)
+                    'redirectUri' => Router::fullBaseUrl() . '/auth/instagram',
                 ]
             ],
             'google' => [
                 'className' => 'League\OAuth2\Client\Provider\Google',
                 'options' => [
                     'userFields' => ['url', 'aboutMe'],
-                    'redirectUri' => Router::url('/auth/google', true)
+                    'redirectUri' => Router::fullBaseUrl() . '/auth/google',
                 ]
             ],
         ],

diff --git a/src/Auth/Social/Mapper/Facebook.php b/src/Auth/Social/Mapper/Facebook.php
@@ -39,6 +39,6 @@ class Facebook extends AbstractMapper
      */
     protected function _avatar()
     {
-        return self::FB_GRAPH_BASE_URL . Hash::get($this->_rawData, 'id') . '/picture?type=normal';
+        return self::FB_GRAPH_BASE_URL . Hash::get($this->_rawData, 'id') . '/picture?type=large';
     }
 }
diff --git a/src/Auth/SocialAuthenticate.php b/src/Auth/SocialAuthenticate.php
@@ -354,7 +354,12 @@ public function getUser(Request $request)
             }
 
             $provider = $this->_getProviderName($request);
-            $user = $this->_mapUser($provider, $rawData);
+            try {
+                $user = $this->_mapUser($provider, $rawData);
+            } catch (MissingProviderException $ex) {
+                $request->session()->delete(Configure::read('Users.Key.Session.social'));
+                throw $ex;
+            }
             if ($user['provider'] === SocialAccountsTable::PROVIDER_TWITTER) {
                 $request->session()->write(Configure::read('Users.Key.Session.social'), $user);
             }

diff --git a/src/Controller/Traits/LoginTrait.php b/src/Controller/Traits/LoginTrait.php
@@ -70,10 +70,11 @@ public function twitterLogin()
         } else {
             $temporaryCredentials = $server->getTemporaryCredentials();
             $this->request->session()->write('temporary_credentials', $temporaryCredentials);
-            $server->authorize($temporaryCredentials);
-            return $this->response;
+            $url = $server->getAuthorizationUrl($temporaryCredentials);
+            return $this->redirect($url);
         }
     }
+
     /**
      * @param Event $event event
      * @return void
@@ -151,18 +152,39 @@ public function login()
 
         $socialLogin = $this->_isSocialLogin();
 
+        if ($this->request->is('post')) {
+            if (!$this->_checkReCaptcha()) {
+                $this->Flash->error(__d('Users', 'Invalid reCaptcha'));
+                return;
+            }
+            $user = $this->Auth->identify();
+            return $this->_afterIdentifyUser($user, $socialLogin);
+        }
         if (!$this->request->is('post') && !$socialLogin) {
             if ($this->Auth->user()) {
                 $msg = __d('Users', 'You are already logged in');
                 $this->Flash->error($msg);
-                return $this->redirect($this->referer());
+                $url = $this->Auth->redirectUrl();
+                return $this->redirect($url);
             }
-            return;
         }
-        if ($this->request->is('post')) {
-            $user = $this->Auth->identify();
-            return $this->_afterIdentifyUser($user, $socialLogin);
+    }
+
+    /**
+     * Check reCaptcha if enabled for login
+     *
+     * @return bool
+     */
+    protected function _checkReCaptcha()
+    {
+        if (!Configure::read('Users.reCaptcha.login')) {
+            return true;
         }
+
+        return $this->validateReCaptcha(
+            $this->request->data('g-recaptcha-response'),
+            $this->request->clientIp()
+        );
     }
 
     /**

diff --git a/src/Controller/Traits/PasswordManagementTrait.php b/src/Controller/Traits/PasswordManagementTrait.php
@@ -11,6 +11,7 @@
 
 namespace CakeDC\Users\Controller\Traits;
 
+use CakeDC\Users\Exception\UserNotActiveException;
 use CakeDC\Users\Exception\UserNotFoundException;
 use CakeDC\Users\Exception\WrongPasswordException;
 use Cake\Core\Configure;
@@ -101,6 +102,7 @@ public function requestResetPassword()
                 'expiration' => Configure::read('Users.Token.expiration'),
                 'checkActive' => false,
                 'sendEmail' => true,
+                'ensureActive' => true
             ]);
             if ($resetUser) {
                 $msg = __d('Users', 'Please check your email to continue with password reset process');
@@ -112,6 +114,8 @@ public function requestResetPassword()
             return $this->redirect(['action' => 'login']);
         } catch (UserNotFoundException $exception) {
             $this->Flash->error(__d('Users', 'User {0} was not found', $reference));
+        } catch (UserNotActiveException $exception) {
+            $this->Flash->error(__d('Users', 'The user is not active'));
         } catch (Exception $exception) {
             $this->Flash->error(__d('Users', 'Token could not be reset'));
         }

diff --git a/src/Controller/Traits/ReCaptchaTrait.php b/src/Controller/Traits/ReCaptchaTrait.php
@@ -12,7 +12,6 @@
 namespace CakeDC\Users\Controller\Traits;
 
 use Cake\Core\Configure;
-use ReCaptcha\ReCaptcha;
 
 /**
  * Covers registration features and email token validation
@@ -30,13 +29,12 @@ trait ReCaptchaTrait
      */
     public function validateReCaptcha($recaptchaResponse, $clientIp)
     {
-        $validReCaptcha = true;
         $recaptcha = $this->_getReCaptchaInstance();
         if (!empty($recaptcha)) {
             $response = $recaptcha->verify($recaptchaResponse, $clientIp);
-            $validReCaptcha = $response->isSuccess();
+            return $response->isSuccess();
         }
-        return $validReCaptcha;
+        return false;
     }
 
     /**
@@ -46,10 +44,9 @@ public function validateReCaptcha($recaptchaResponse, $clientIp)
      */
     protected function _getReCaptchaInstance()
     {
-        $useReCaptcha = (bool)Configure::read('Users.Registration.reCaptcha');
-        $reCaptchaSecret = Configure::read('reCaptcha.secret');
-        if ($useReCaptcha && !empty($reCaptchaSecret)) {
-            return new ReCaptcha($reCaptchaSecret);
+        $reCaptchaSecret = Configure::read('Users.reCaptcha.secret');
+        if (!empty($reCaptchaSecret)) {
+            return new \ReCaptcha\ReCaptcha($reCaptchaSecret);
         }
         return null;
     }

diff --git a/src/Controller/Traits/RegisterTrait.php b/src/Controller/Traits/RegisterTrait.php
@@ -24,7 +24,6 @@
 trait RegisterTrait
 {
     use PasswordManagementTrait;
-    use ReCaptchaTrait;
 
     /**
      * Register a new user
@@ -70,9 +69,8 @@ public function register()
             return;
         }
 
-        $validPost = $this->_validateRegisterPost();
-        if (!$validPost) {
-            $this->Flash->error(__d('Users', 'The reCaptcha could not be validated'));
+        if (!$this->_validateRegisterPost()) {
+            $this->Flash->error(__d('Users', 'Invalid reCaptcha'));
             return;
         }
 
@@ -92,14 +90,13 @@ public function register()
      */
     protected function _validateRegisterPost()
     {
-        if (!Configure::read('Users.Registration.reCaptcha')) {
+        if (!Configure::read('Users.reCaptcha.registration')) {
             return true;
         }
-        $validReCaptcha = $this->validateReCaptcha(
+        return $this->validateReCaptcha(
             $this->request->data('g-recaptcha-response'),
             $this->request->clientIp()
         );
-        return $validReCaptcha;
     }
 
     /**

diff --git a/src/Controller/UsersController.php b/src/Controller/UsersController.php
@@ -15,6 +15,7 @@
 use CakeDC\Users\Controller\Component\UsersAuthComponent;
 use CakeDC\Users\Controller\Traits\LoginTrait;
 use CakeDC\Users\Controller\Traits\ProfileTrait;
+use CakeDC\Users\Controller\Traits\ReCaptchaTrait;
 use CakeDC\Users\Controller\Traits\RegisterTrait;
 use CakeDC\Users\Controller\Traits\SimpleCrudTrait;
 use CakeDC\Users\Controller\Traits\SocialTrait;
@@ -31,6 +32,7 @@ class UsersController extends AppController
 {
     use LoginTrait;
     use ProfileTrait;
+    use ReCaptchaTrait;
     use RegisterTrait;
     use SimpleCrudTrait;
     use SocialTrait;

diff --git a/src/Locale/Users.pot b/src/Locale/Users.pot
@@ -243,7 +243,7 @@ msgid "Email not present"
 msgstr ""
 
 #: Model/Table/UsersTable.php:541
-msgid "{0}Your account validation link"
+msgid "Your account validation link"
 msgstr ""
 
 #: Model/Table/UsersTable.php:561

diff --git a/src/Locale/es/Users.mo b/src/Locale/es/Users.mo