From e6dd91f6981c2af6a53a06d2275681bf21107f0c Mon Sep 17 00:00:00 2001 From: Matias Griese Date: Thu, 10 May 2018 19:56:56 +0300 Subject: [PATCH 1/4] Added authorized support (2FA) (cherry picked from commit 2c82e15) --- system/src/Grav/Common/Twig/TwigExtension.php | 8 ++++++-- system/src/Grav/Common/User/User.php | 4 ++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/system/src/Grav/Common/Twig/TwigExtension.php b/system/src/Grav/Common/Twig/TwigExtension.php index fb27ec8231..fced9158b8 100644 --- a/system/src/Grav/Common/Twig/TwigExtension.php +++ b/system/src/Grav/Common/Twig/TwigExtension.php @@ -16,6 +16,7 @@ use Grav\Common\Twig\TokenParser\TwigTokenParserSwitch; use Grav\Common\Twig\TokenParser\TwigTokenParserTryCatch; use Grav\Common\Twig\TokenParser\TwigTokenParserMarkdown; +use Grav\Common\User\User; use Grav\Common\Utils; use Grav\Common\Markdown\Parsedown; use Grav\Common\Markdown\ParsedownExtra; @@ -875,7 +876,10 @@ public function translateFunc() */ public function authorize($action) { - if (!$this->grav['user']->authenticated) { + /** @var User $user */ + $user = $this->grav['user']; + + if (!$user->authenticated || (isset($user->authorized) && !$user->authorized)) { return false; } @@ -884,7 +888,7 @@ public function authorize($action) $prefix = is_int($key) ? '' : $key . '.'; $perms = $prefix ? (array) $perms : [$perms => true]; foreach ($perms as $action2 => $authenticated) { - if ($this->grav['user']->authorize($prefix . $action2)) { + if ($user->authorize($prefix . $action2)) { return $authenticated; } } diff --git a/system/src/Grav/Common/User/User.php b/system/src/Grav/Common/User/User.php index c1c23464dd..c1e628d507 100644 --- a/system/src/Grav/Common/User/User.php +++ b/system/src/Grav/Common/User/User.php @@ -62,9 +62,9 @@ public static function find($query, $fields = ['username', 'email']) $files = $account_dir ? array_diff(scandir($account_dir), ['.', '..']) : []; // Try with username first, you never know! - if (in_array('username', $fields)) { + if (in_array('username', $fields, true)) { $user = User::load($query); - unset($fields[array_search('username', $fields)]); + unset($fields[array_search('username', $fields, true)]); } else { $user = User::load(''); } From 3948ed56180a740cc6cc48c895c7f3d602868b80 Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Fri, 11 May 2018 16:06:54 -0600 Subject: [PATCH 2/4] updated changelog --- CHANGELOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3341a44caf..d6504836f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,12 +1,19 @@ # v1.4.4 -## 04/12/2018 +## 05/11/2018 1. [](#new) + * Added support for `Uri::post()` and `Uri::getConentType()` * Added a new `Medium:thumbnailExists()` function [#1966](https://github.com/getgrav/grav/issues/1966) + * Added `authorized` support for 2FA +1. [](#improved) + * Added default configuration for images [#1979](https://github.com/getgrav/grav/pull/1979) + * Added dedicated PHPUnit assertions [#1990](https://github.com/getgrav/grav/pull/1990) 1. [](#bugfix) + * Use `array_key_exists` instead of `in_array + array_keys` [#1991](https://github.com/getgrav/grav/pull/1991) * Fixed an issue with `custom_base_url` always causing 404 errors * Improve support for regex redirects with query and params [#1983](https://github.com/getgrav/grav/issues/1983) * Changed collection-based date sorting to `SORT_REGULAR` for better server compatibility [#1910](https://github.com/getgrav/grav/issues/1910) + * Fix hardcoded string in modular blueprint [#1933](https://github.com/getgrav/grav/pull/1993) # v1.4.3 ## 04/12/2018 From 18f46d902d84210b597faab6e3d8a1c163287b14 Mon Sep 17 00:00:00 2001 From: Andy Miller Date: Fri, 11 May 2018 16:07:27 -0600 Subject: [PATCH 3/4] Prepare for release --- system/defines.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/defines.php b/system/defines.php index 329265a05a..28fe502469 100644 --- a/system/defines.php +++ b/system/defines.php @@ -8,7 +8,7 @@ // Some standard defines define('GRAV', true); -define('GRAV_VERSION', '1.4.3'); +define('GRAV_VERSION', '1.4.4'); define('GRAV_TESTING', false); define('DS', '/'); From 8e0e3e871849a14cbaef6254fed34e49534e9625 Mon Sep 17 00:00:00 2001 From: Matias Griese Date: Mon, 14 May 2018 21:23:56 +0300 Subject: [PATCH 4/4] Add special handling for User authenticated and authorized properties --- system/src/Grav/Common/User/User.php | 52 ++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/system/src/Grav/Common/User/User.php b/system/src/Grav/Common/User/User.php index c1e628d507..8baec6333d 100644 --- a/system/src/Grav/Common/User/User.php +++ b/system/src/Grav/Common/User/User.php @@ -17,6 +17,9 @@ class User extends Data { + protected $authenticated; + protected $authorized; + /** * Load user account. * @@ -102,6 +105,55 @@ public static function remove($username) return false; } + + public function offsetExists($offset) + { + if ($offset === 'authenticated') { + return null !== $this->authenticated; + } + if ($offset === 'authorized') { + return null !== $this->authorized; + } + + return parent::offsetExists($offset); + } + + public function offsetGet($offset) + { + if ($offset === 'authenticated') { + return null !== $this->authenticated ? $this->authenticated : false; + } + if ($offset === 'authorized') { + return null !== $this->authorized ? $this->authorized : $this->authenticated; + } + + return parent::offsetGet($offset); + } + + public function offsetSet($offset, $value) + { + if ($offset === 'authenticated') { + $this->authenticated = (bool)$value; + } + if ($offset === 'authorized') { + $this->authorized = (bool)$value; + } + + parent::offsetSet($offset, $value); + } + + public function offsetUnset($offset) + { + if ($offset === 'authenticated') { + $this->authenticated = null; + } + if ($offset === 'authorized') { + $this->authorized = null; + } + + parent::offsetUnset($offset); + } + /** * Authenticate user. *