mirror of
https://github.com/flarum/core.git
synced 2025-08-27 10:05:47 +02:00
Compare commits
8 Commits
ds/discuss
...
v1.0.3
| Author | SHA1 | Date | |
|---|---|---|---|
|
f959a69530 | ||
|
|
4e246779f4 | ||
|
|
5b0f5aeaa0 | ||
|
|
6e92af8b00 | ||
|
1cf9491fe6 | ||
|
3fcc7bd3b9 | ||
|
|
4acff91f80 | ||
|
a0152ffb18 |
14
CHANGELOG.md
14
CHANGELOG.md
@@ -1,5 +1,19 @@
|
||||
# Changelog
|
||||
|
||||
## [1.0.3](https://github.com/flarum/core/compare/v1.0.2...v1.0.3)
|
||||
|
||||
### Changed
|
||||
|
||||
- Removed [forum] prefix from Request Password and Email Confirmation emails ([a4a81c0](https://github.com/flarum/core/commit/a4a81c0ec237476cd6e7ca00c1ed9465493af476))
|
||||
- Adopt huntr.dev for handling our security vulnerability reports (https://github.com/flarum/core/pull/2918)
|
||||
- Maintenance handler can now be replaced through the service container (ioc) ([4acff91](https://github.com/flarum/core/commit/4acff91f8063fcced9bf8c9a76fbb510d06823c0))
|
||||
- The colors on the auto generated avatars are now based on the Display Name of the user (https://github.com/flarum/core/pull/2873)
|
||||
|
||||
### Fixed
|
||||
|
||||
- Avatar in notifications list are incorrectly aligned (https://github.com/flarum/core/pull/2906)
|
||||
- FilesystemManager is not compatible with upstream Laravel implementation (https://github.com/flarum/core/pull/2936)
|
||||
|
||||
## [1.0.2](https://github.com/flarum/core/compare/v1.0.1...v1.0.2)
|
||||
|
||||
### Fixed
|
||||
|
||||
2
js/dist/admin.js
generated
vendored
2
js/dist/admin.js
generated
vendored
File diff suppressed because one or more lines are too long
2
js/dist/admin.js.map
generated
vendored
2
js/dist/admin.js.map
generated
vendored
File diff suppressed because one or more lines are too long
2
js/dist/forum.js
generated
vendored
2
js/dist/forum.js
generated
vendored
File diff suppressed because one or more lines are too long
2
js/dist/forum.js.map
generated
vendored
2
js/dist/forum.js.map
generated
vendored
File diff suppressed because one or more lines are too long
@@ -35,11 +35,11 @@ Object.assign(User.prototype, {
|
||||
canDelete: Model.attribute('canDelete'),
|
||||
|
||||
avatarColor: null,
|
||||
color: computed('username', 'avatarUrl', 'avatarColor', function (username, avatarUrl, avatarColor) {
|
||||
color: computed('displayName', 'avatarUrl', 'avatarColor', function (displayName, avatarUrl, avatarColor) {
|
||||
// If we've already calculated and cached the dominant color of the user's
|
||||
// avatar, then we can return that in RGB format. If we haven't, we'll want
|
||||
// to calculate it. Unless the user doesn't have an avatar, in which case
|
||||
// we generate a color from their username.
|
||||
// we generate a color from their display name.
|
||||
if (avatarColor) {
|
||||
return 'rgb(' + avatarColor.join(', ') + ')';
|
||||
} else if (avatarUrl) {
|
||||
@@ -47,7 +47,7 @@ Object.assign(User.prototype, {
|
||||
return '';
|
||||
}
|
||||
|
||||
return '#' + stringToColor(username);
|
||||
return '#' + stringToColor(displayName);
|
||||
}),
|
||||
|
||||
/**
|
||||
|
||||
@@ -35,16 +35,16 @@ class FilesystemManager extends LaravelFilesystemManager
|
||||
/**
|
||||
* @inheritDoc
|
||||
*/
|
||||
protected function resolve($name): Filesystem
|
||||
protected function resolve($name, $config = null): Filesystem
|
||||
{
|
||||
$driver = $this->getDriver($name);
|
||||
|
||||
$localConfig = $this->getLocalConfig($name);
|
||||
$localConfig = $config ?? $this->getLocalConfig($name);
|
||||
|
||||
if (empty($localConfig)) {
|
||||
throw new InvalidArgumentException("Disk [{$name}] has not been declared. Use the Filesystem extender to do this.");
|
||||
}
|
||||
|
||||
$driver = $config['driver'] ?? $this->getDriver($name);
|
||||
|
||||
if ($driver === 'local') {
|
||||
return $this->createLocalDriver($localConfig);
|
||||
}
|
||||
|
||||
@@ -21,7 +21,7 @@ class Application
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
const VERSION = '1.0.2';
|
||||
const VERSION = '1.0.3';
|
||||
|
||||
/**
|
||||
* The IoC container for the Flarum application.
|
||||
|
||||
@@ -48,7 +48,7 @@ class InstalledApp implements AppInterface
|
||||
public function getRequestHandler()
|
||||
{
|
||||
if ($this->config->inMaintenanceMode()) {
|
||||
return new MaintenanceModeHandler();
|
||||
return $this->container->make('flarum.maintenance.handler');
|
||||
} elseif ($this->needsUpdate()) {
|
||||
return $this->getUpdaterHandler();
|
||||
}
|
||||
|
||||
@@ -105,6 +105,7 @@ class InstalledSite implements SiteInterface
|
||||
$container->alias('flarum.config', Config::class);
|
||||
$container->instance('flarum.debug', $this->config->inDebugMode());
|
||||
$container->instance('config', $config = $this->getIlluminateConfig($laravel));
|
||||
$container->instance('flarum.maintenance.handler', new MaintenanceModeHandler);
|
||||
|
||||
$this->registerLogger($container);
|
||||
$this->registerCache($container);
|
||||
|
||||
@@ -21,8 +21,10 @@ use Flarum\User\UserValidator;
|
||||
use Illuminate\Contracts\Events\Dispatcher;
|
||||
use Illuminate\Support\Arr;
|
||||
use Illuminate\Support\Str;
|
||||
use Illuminate\Validation\Factory;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
use Intervention\Image\ImageManager;
|
||||
use InvalidArgumentException;
|
||||
|
||||
class RegisterUserHandler
|
||||
{
|
||||
@@ -36,12 +38,16 @@ class RegisterUserHandler
|
||||
/**
|
||||
* @var UserValidator
|
||||
*/
|
||||
protected $validator;
|
||||
protected $userValidator;
|
||||
|
||||
/**
|
||||
* @var AvatarUploader
|
||||
*/
|
||||
protected $avatarUploader;
|
||||
/**
|
||||
* @var Factory
|
||||
*/
|
||||
private $validator;
|
||||
|
||||
/**
|
||||
* @param Dispatcher $events
|
||||
@@ -49,12 +55,13 @@ class RegisterUserHandler
|
||||
* @param UserValidator $validator
|
||||
* @param AvatarUploader $avatarUploader
|
||||
*/
|
||||
public function __construct(Dispatcher $events, SettingsRepositoryInterface $settings, UserValidator $validator, AvatarUploader $avatarUploader)
|
||||
public function __construct(Dispatcher $events, SettingsRepositoryInterface $settings, UserValidator $userValidator, AvatarUploader $avatarUploader, Factory $validator)
|
||||
{
|
||||
$this->events = $events;
|
||||
$this->settings = $settings;
|
||||
$this->validator = $validator;
|
||||
$this->userValidator = $userValidator;
|
||||
$this->avatarUploader = $avatarUploader;
|
||||
$this->validator = $validator;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -101,7 +108,7 @@ class RegisterUserHandler
|
||||
new Saving($user, $actor, $data)
|
||||
);
|
||||
|
||||
$this->validator->assertValid(array_merge($user->getAttributes(), compact('password')));
|
||||
$this->userValidator->assertValid(array_merge($user->getAttributes(), compact('password')));
|
||||
|
||||
$user->save();
|
||||
|
||||
@@ -134,8 +141,25 @@ class RegisterUserHandler
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws InvalidArgumentException
|
||||
*/
|
||||
private function uploadAvatarFromUrl(User $user, string $url)
|
||||
{
|
||||
$urlValidator = $this->validator->make(compact('url'), [
|
||||
'url' => 'required|active_url',
|
||||
]);
|
||||
|
||||
if ($urlValidator->fails()) {
|
||||
throw new InvalidArgumentException('Provided avatar URL must be a valid URI.', 503);
|
||||
}
|
||||
|
||||
$scheme = parse_url($url, PHP_URL_SCHEME);
|
||||
|
||||
if (! in_array($scheme, ['http', 'https'])) {
|
||||
throw new InvalidArgumentException("Provided avatar URL must have scheme http or https. Scheme provided was $scheme.", 503);
|
||||
}
|
||||
|
||||
$image = (new ImageManager)->make($url);
|
||||
|
||||
$this->avatarUploader->upload($user, $image);
|
||||
|
||||
@@ -12,6 +12,7 @@ namespace Flarum\Tests\integration\api\users;
|
||||
use Flarum\Settings\SettingsRepositoryInterface;
|
||||
use Flarum\Testing\integration\RetrievesAuthorizedUsers;
|
||||
use Flarum\Testing\integration\TestCase;
|
||||
use Flarum\User\RegistrationToken;
|
||||
use Flarum\User\User;
|
||||
|
||||
class CreateTest extends TestCase
|
||||
@@ -168,4 +169,218 @@ class CreateTest extends TestCase
|
||||
|
||||
$settings->set('allow_sign_up', true);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function cannot_create_user_with_invalid_avatar_uri_scheme()
|
||||
{
|
||||
// Boot app
|
||||
$this->app();
|
||||
|
||||
$regTokens = [];
|
||||
|
||||
// Add registration tokens that should cause a failure
|
||||
$regTokens[] = [
|
||||
'token' => RegistrationToken::generate('flarum', '1', [
|
||||
'username' => 'test',
|
||||
'email' => 'test@machine.local',
|
||||
'is_email_confirmed' => 1,
|
||||
'avatar_url' => 'file://localhost/etc/passwd'
|
||||
], []),
|
||||
'scheme' => 'file'
|
||||
];
|
||||
|
||||
$regTokens[] = [
|
||||
'token' => RegistrationToken::generate('flarum', '1', [
|
||||
'username' => 'test',
|
||||
'email' => 'test@machine.local',
|
||||
'is_email_confirmed' => 1,
|
||||
'avatar_url' => 'ftp://localhost/image.png'
|
||||
], []),
|
||||
'scheme' => 'ftp'
|
||||
];
|
||||
|
||||
// Test each reg token
|
||||
foreach ($regTokens as $regToken) {
|
||||
$regToken['token']->saveOrFail();
|
||||
|
||||
// Call the registration endpoint
|
||||
$response = $this->send(
|
||||
$this->request(
|
||||
'POST',
|
||||
'/api/users',
|
||||
[
|
||||
'json' => [
|
||||
'data' => [
|
||||
'attributes' => [
|
||||
'token' => $regToken['token']->token,
|
||||
],
|
||||
]
|
||||
],
|
||||
]
|
||||
)->withAttribute('bypassCsrfToken', true)
|
||||
);
|
||||
|
||||
// The response body should contain details about the invalid URI
|
||||
$body = (string) $response->getBody();
|
||||
$this->assertJson($body);
|
||||
$decodedBody = json_decode($body, true);
|
||||
|
||||
$this->assertEquals(500, $response->getStatusCode());
|
||||
|
||||
$firstError = $decodedBody['errors'][0];
|
||||
|
||||
// Check that the error is an invalid URI
|
||||
$this->assertStringStartsWith('InvalidArgumentException: Provided avatar URL must have scheme http or https. Scheme provided was '.$regToken['scheme'].'.', $firstError['detail']);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function cannot_create_user_with_invalid_avatar_uri()
|
||||
{
|
||||
// Boot app
|
||||
$this->app();
|
||||
|
||||
$regTokens = [];
|
||||
|
||||
// Add registration tokens that should cause a failure
|
||||
$regTokens[] = RegistrationToken::generate('flarum', '1', [
|
||||
'username' => 'test',
|
||||
'email' => 'test@machine.local',
|
||||
'is_email_confirmed' => 1,
|
||||
'avatar_url' => 'https://127.0.0.1/image.png'
|
||||
], []);
|
||||
|
||||
$regTokens[] = RegistrationToken::generate('flarum', '1', [
|
||||
'username' => 'test',
|
||||
'email' => 'test@machine.local',
|
||||
'is_email_confirmed' => 1,
|
||||
'avatar_url' => 'https://192.168.0.1/image.png'
|
||||
], []);
|
||||
|
||||
$regTokens[] = RegistrationToken::generate('flarum', '1', [
|
||||
'username' => 'test',
|
||||
'email' => 'test@machine.local',
|
||||
'is_email_confirmed' => 1,
|
||||
'avatar_url' => '../image.png'
|
||||
], []);
|
||||
|
||||
$regTokens[] = RegistrationToken::generate('flarum', '1', [
|
||||
'username' => 'test',
|
||||
'email' => 'test@machine.local',
|
||||
'is_email_confirmed' => 1,
|
||||
'avatar_url' => 'image.png'
|
||||
], []);
|
||||
|
||||
// Test each reg token
|
||||
foreach ($regTokens as $regToken) {
|
||||
$regToken->saveOrFail();
|
||||
|
||||
// Call the registration endpoint
|
||||
$response = $this->send(
|
||||
$this->request(
|
||||
'POST',
|
||||
'/api/users',
|
||||
[
|
||||
'json' => [
|
||||
'data' => [
|
||||
'attributes' => [
|
||||
'token' => $regToken->token,
|
||||
],
|
||||
]
|
||||
],
|
||||
]
|
||||
)->withAttribute('bypassCsrfToken', true)
|
||||
);
|
||||
|
||||
// The response body should contain details about the invalid URI
|
||||
$body = (string) $response->getBody();
|
||||
$this->assertJson($body);
|
||||
$decodedBody = json_decode($body, true);
|
||||
|
||||
$this->assertEquals(500, $response->getStatusCode());
|
||||
|
||||
$firstError = $decodedBody['errors'][0];
|
||||
|
||||
// Check that the error is an invalid URI
|
||||
$this->assertStringStartsWith('InvalidArgumentException: Provided avatar URL must be a valid URI.', $firstError['detail']);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function can_create_user_with_valid_avatar_uri()
|
||||
{
|
||||
// Boot app
|
||||
$this->app();
|
||||
|
||||
$regTokens = [];
|
||||
|
||||
// Add registration tokens that should work fine
|
||||
$regTokens[] = RegistrationToken::generate('flarum', '1', [
|
||||
'username' => 'test1',
|
||||
'email' => 'test1@machine.local',
|
||||
'is_email_confirmed' => 1,
|
||||
'avatar_url' => 'https://via.placeholder.com/150.png'
|
||||
], []);
|
||||
|
||||
$regTokens[] = RegistrationToken::generate('flarum', '2', [
|
||||
'username' => 'test2',
|
||||
'email' => 'test2@machine.local',
|
||||
'is_email_confirmed' => 1,
|
||||
'avatar_url' => 'https://via.placeholder.com/150.jpg'
|
||||
], []);
|
||||
|
||||
$regTokens[] = RegistrationToken::generate('flarum', '3', [
|
||||
'username' => 'test3',
|
||||
'email' => 'test3@machine.local',
|
||||
'is_email_confirmed' => 1,
|
||||
'avatar_url' => 'https://via.placeholder.com/150.gif'
|
||||
], []);
|
||||
|
||||
$regTokens[] = RegistrationToken::generate('flarum', '4', [
|
||||
'username' => 'test4',
|
||||
'email' => 'test4@machine.local',
|
||||
'is_email_confirmed' => 1,
|
||||
'avatar_url' => 'http://via.placeholder.com/150.png'
|
||||
], []);
|
||||
|
||||
/**
|
||||
* Test each reg token.
|
||||
*
|
||||
* @var RegistrationToken $regToken
|
||||
*/
|
||||
foreach ($regTokens as $regToken) {
|
||||
$regToken->saveOrFail();
|
||||
|
||||
// Call the registration endpoint
|
||||
$response = $this->send(
|
||||
$this->request(
|
||||
'POST',
|
||||
'/api/users',
|
||||
[
|
||||
'json' => [
|
||||
'data' => [
|
||||
'attributes' => [
|
||||
'token' => $regToken->token,
|
||||
],
|
||||
]
|
||||
],
|
||||
]
|
||||
)->withAttribute('bypassCsrfToken', true)
|
||||
);
|
||||
|
||||
$this->assertEquals(201, $response->getStatusCode());
|
||||
|
||||
$user = User::where('username', $regToken->user_attributes['username'])->firstOrFail();
|
||||
|
||||
$this->assertEquals($regToken->user_attributes['is_email_confirmed'], $user->is_email_confirmed);
|
||||
$this->assertEquals($regToken->user_attributes['username'], $user->username);
|
||||
$this->assertEquals($regToken->user_attributes['email'], $user->email);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user