boltauth / auth Goto Github PK
View Code? Open in Web Editor NEWAuth extension for Bolt
License: MIT License
Auth extension for Bolt
License: MIT License
There's a few missing translations or untranslated messages left. Listing it here.
template | message |
---|---|
templates/profile/registration/subject.twig |
Auth address confirmation |
templates/authentication/recovery/subject.twig |
Password Reset Request |
templates/authentication/recovery.twig l.49 |
Submit » |
templates/authentication/recovery.twig l.62 |
Continue » |
templates/profile/edit.twig l.17 |
Edit Profile |
templates/profile/edit.twig l.50 |
Add Social Media Account |
templates/profile/verify.twig l.17 |
Account Verification |
templates/profile/verify.twig l.29 |
Account verification code is invalid! |
If you can register an account, nou need to be able to unregister.
This is why BoltAuth needs a "Delete my account" button.
And because the European GDPR exists this is a hot feature that people need.
The way to set this up UX wise could be as follows.
If you're registered and login you can edit your profile.
On the edit profile page is a button "Delete my account"
Clicking that button leads you to a page/popup with the following text:
Deleting your account removes your login information
This means you can not login anymore with your account
..
To delete your account click:
[Yes I want to delete my account]
Because BoltAuth does not handle creating content we can not automatically remove that too.
So if the site has user generated content that is linked to BoltAuth it either has to be anonymized, or it has to be removed.
Handling the removal of content will have to be the responsibility of the website developer, but we can help by adding events like \BoltAuth\Events::FORGET_ME_DELETE
or \BoltAuth\Events::FORGET_ME_ANONYMIZE
If you change your password to a password with less than 6 characters you can do this successfully. But after you login again there is a check if you use less than 6 characters. While you change your password there seems to be no such check. In the end you are left out because of your password change.
Result: There will be no error. The password is accepted.
Result: There will be a message "This value is too short. It should have 6 characters or more."
Result: If you are not an administrator you will be left out of the system.
Same issue happens when you change your password while logged into Auth at the password change page: No warning and you will be left out after you log out.
When I edit my profile and submit the form I get no feedback. When I want to recover my password and I use an e-mailadres that's not registered I get no feedback. The feedback template
is included inside the files. The only form that gives feedback is the login form
.
The documentation is missing/lacking in explaining if there are twig-functions for this to do this manually.
Copy all needed files to the theme directory and set the paths accordingly inside the auth config.
Test the login / recovery / edit templates. You wil notice that only the login template gives feedback of being successfully logged in or out.
I looked in the source of my HTML and there is also no empty html tag from the feedback template. It does not show at all.
Hey Team,
No issue with the project - looking to see some guidance as to where (file) I would need to inject my own code to enable LDAP as a provider?
Cheers.
Steps to reproduce
Line 133 in 8b272b8
Expected Behaviour
User must be redirected to /auth/profile/edit
The 11th entry does not show. Page does not load pagination and only the first 10 accounts are visible.
Happens on /bolt/extensions/auth
Add 11 accounts, you will see that there are only 10 visible.
Change 10 to 20 for example here: https://github.com/BoltAuth/Auth/blob/f1080cec5e805b907be9c84d2943d5d2de1ed7a8/src/Controller/Backend.php#L177-L179
and you will see the accounts are still there, just no pagination.
If you're filing a bug, please describe how to reproduce it. Include as much
relevant information as possible, such as:
other plugins that are installed
Seo 1.10
BoltForms 4.2.3
EmailSpooler 3.1.1
Sitemap 2.5.0
google/recaptcha 1.1.3
pagerfanta/pagerfanta 1.1.0
Paragonie/random_compat 2.0.15
ramsey/uuid 3.7.3
When reporting a bug in github against BoltAuth the reporter is told
NOTE: We are close to being finished with Auth version 3.0.0. If you have an
issue, be sure to try the beta for 3.0.0, and see if the issue is still present
there.
It seems this information is way outdated as version 3.0.1 has been around for quite a while already.
Hi,
There is a javascript issue in auth.twig causing an error:
SyntaxError: missing ) after argument list
I fixed it by replacing simple quotes with double quotes for setMessage arguments:
boltExt.setMessage("useradd", "{{__('Adding user...')}}" );
boltExt.setMessage("userdel", "{{__('Removing user(s)...')}}");
boltExt.setMessage("userenable", "{{__('Enabling user(s)...')}}" );
boltExt.setMessage("userdisable", "{{__('Disabling user(s)...')}}");
boltExt.setMessage("roleadd", "{{__('Adding role...')}}");
boltExt.setMessage("roledel", "{{__('Removing role...')}}");
boltExt.setMessage("authnotsellHeader", "{{__('Nothing Selected!')}}");
boltExt.setMessage("authnotsell", "{{__('You need to choose a auth.')}}");
boltExt.setMessage("rolenotsellHeader", "{{__('None role Selected!')}}");
boltExt.setMessage("rolenotsell", "{{__('You need to choose a role.')}}");
boltExt.setMessage("autherrorHeader", "{{__('Error!')}}");
boltExt.setMessage("autherror", "{{__('The server returned an error.')}}");
boltExt.setMessage("confirmdeleteHeader", "{{__('Confim deletion')}}");
boltExt.setMessage("confirmdelete", "{{__('Are you sure you want to delete these accounts?')}}");
boltExt.setMessage("confirmdeleteButton", "{{__('Yes!')}}");
If you have a website that had the Members extension and you want to replace that extension with the Auth extension you will need to update the database to make everything happen smoothly.
On mysql you can probably perform the following queries in your bolt database:
ALTER TABLE `bolt_members_account` RENAME TO `bolt_auth_account` ;
ALTER TABLE `bolt_members_account_meta` RENAME TO `bolt_auth_account_meta` ;
ALTER TABLE `bolt_members_oauth` RENAME TO `bolt_auth_oauth` ;
ALTER TABLE `bolt_members_provider` RENAME TO `bolt_auth_provider` ;
ALTER TABLE `bolt_members_token` RENAME TO `bolt_auth_token` ;
But not all servers might support RENAME TO
And after that the schema needs to be updated too.
Is it possible to make this happen automagically?
Link to http://boltauth.com/ on the BoltAuth GitHub frontpage is not working at time of writing. (The link works but the domain seems down)
There is no way to make any admin user role able to view the Auth menu item.
It looks like this is caused by this section:
Lines 113 to 119 in 5ba4600
And maybe I'm misunderstanding here, but setPermission()'s argument should be the name of the permission required to view the menu item. Rather than a ||-separated list of roles.
https://docs.bolt.cm/3.3/extensions/intermediate/admin-menus
roles:
admin:
- root
- admin
- editor
The way this hack works is by creating both a role and a permission with the same name.
If you are running into this problem you can do a hack like this:
auth.boltauth.yml:
roles:
admin:
- authmanager
permissions.yml:
roles:
authmanager:
description: Able to edit the auth user accounts
label: Auth Manager
# and further down...
global:
authmanager: [ authmanager ]
Then create a bolt admin user and give them the Auth Manager role. They will now be able to see the Auth menu item as well as visit the Auth page.
It seems like Bolt wants us to grant access to things via permissions rather than roles. So perhaps this extension can switch to that philosophy as well. In the auth.boltauth.yml we can define the name of a permission required to manage auth stuff - maybe a default of "auth"? Then in our global permissions.yml we can grant the defined permission to the appropriate roles.
After adding an account the account looks disabled. But when I check the checkbox for the account and click the 'enable' button, I still can't login afterwards.
If I go into the edit account a second time and add a new/or the same password again the account wil log in.
Happens on /bolt/extensions/auth
Add 11 accounts, you will see that there are only 10 visible.
Change 10 to 20 for example here: https://github.com/BoltAuth/Auth/blob/f1080cec5e805b907be9c84d2943d5d2de1ed7a8/src/Controller/Backend.php#L177-L179
and you will see the accounts are still there, just no pagination.
If you're filing a bug, please describe how to reproduce it. Include as much
relevant information as possible, such as:
other plugins that are installed
Seo 1.10
BoltForms 4.2.3
EmailSpooler 3.1.1
Sitemap 2.5.0
google/recaptcha 1.1.3
pagerfanta/pagerfanta 1.1.0
Paragonie/random_compat 2.0.15
ramsey/uuid 3.7.3
may be good idea to use domain for auth cookie from globals config?
In:
Auth/src/Oauth2/Client/ProviderManager.php
Line 167 in 2cddfab
the client_secret is put into the ProviderOptions, which is used here:
Auth/src/Oauth2/Handler/Remote.php
Line 184 in 2cddfab
Auth/src/Oauth2/Handler/Remote.php
Line 185 in 2cddfab
Auth/src/Oauth2/Handler/Remote.php
Line 186 in 2cddfab
to build the authorization Url, which ist send as a redirect to the users browser, thus exposing the client_secret.
the client_secret should only be used in the token exchange, thus when the server makes the request to the provider, and not during authorization when the browser of the user does.
This is NOT a flaw in Leagues client, this is due to too many options being included when forming the url in the aforementioned lines of code.
Hi,
Forcing the redirect after login by adding the redirect
param in the url does not work. The user gets redirected to the login page instead of the url passed in redirect
param.
?redirect=/your/target/url
/your/target/url
/authentication/login?redirect=/your/target/url
The redirect
path is set in the Autentication
controller, wether the form is submitted or not. Therefore, the last redirect is set on the form submission as the referrer
, being /authentication/login?redirect=/your/target/url
. The referrer
overrides the redirect
parameter because the form is submitted without parameters
It happens here. Surrounding this piece of code with an if ($request->isMethod('get'))
or if ($oauthForm->isSubmitted())
would fix the bug, PR coming up soon.
I'm using Auth v3.0.1 on top of bolt 3.3.3.
Error on using the urls described here: https://boltauth.com/routes-urls.html
I just migrated from a simple 2.2 install to 3.3. I wasnt using boltauth but I want to. But the links wont work. The twig functions like {{ auth_auth_login() }} do work.
When visiting /auth/profile/register or /authentication/reset i got:
ContextErrorException in Bag.php line 276: Catchable Fatal Error: Object of class Bolt\Extension\BoltAuth\Auth\AccessControl\Redirect could not be converted to string in Bag.php line 276 at ErrorHandler->handleError('4096', 'Object of class Bolt\Extension\BoltAuth\Auth\AccessControl\Redirect could not be converted to string', '/home/elimkerk/web/vendor/bolt/collection/src/Bag.php', '276', array('separator' => ' ')) at implode(' ', array(object(Redirect))) in Bag.php line 276 at Bag->join(' ') in RequestSanitiser.php line 49
Was just trying to install this via the Extensions menu item in the Bolt toolbar on a fresh clean install of Bolt (nothing in the database). Install failed with an error and now I'm getting this on every page (including the Bolt CMS pages themselves):
ContextErrorException in AuthServiceProvider.php line 415:
Notice: Undefined index: providers
in AuthServiceProvider.php line 415
at ErrorHandler->handleError('8', 'Undefined index: providers', '/var/www/ws/extensions/vendor/boltauth/auth/src/Provider/AuthServiceProvider.php', '415', array('app' => object(Application))) in AuthServiceProvider.php line 415
at AuthServiceProvider->registerOauthProviders(object(Application)) in AuthServiceProvider.php line 63
at AuthServiceProvider->register(object(Application)) in Application.php line 178
at Application->register(object(AuthServiceProvider)) in Manager.php line 212
at Manager->register(object(Application)) in ExtensionServiceProvider.php line 150
at ExtensionServiceProvider->boot(object(Application)) in Application.php line 197
at Application->boot() in Application.php line 91
at Application->run() in index.php line 8
Was I supposed to do something with the Providers first, before performing this install?
I'm working on a Dockerized version of Bolt, running locally. Fresh install with no data, no configuration, no other extensions.
I went into the control panel and selected Extensions, then typed BoltAuth into the field. It gave me the BoltAuth version it recommended, and I installed it. Popped up a little window that says it was Preparing install.... and then I got an error message about something failing, I don't recall exactly what it said. And now every page on the site gives me the message in the attached screenshot.
Happy to help debug further, but I can't seem to get Bolt to do anything but output this error at this point. Since I'm relatively new to Bolt, not sure what happens next or how to 'undo' this extension.
Thanks.
I think I've reported this as bug 70 when BoltAuth was still bolt/Members. It seems to have survived the transition to BoltAuth.
I have a pretty virgin installation of bolt 3.3.6 with BoltAuth 3.0.1 at http://localhost/bolt. When I visit http://localhost/bolt/bolt/extensions/auth the sidebar on the right is mostly not functioning. None of the buttons of "Enable", "Disable", "Add role" and "Remove role" seem to have any effect. There is no page refresh or any other discernible action even when I select a user first.
I also find this isn't the best UI. It is my understanding that for those buttons to have any effect, one needs to select at least one user from the list first. As such, I think it would help if they were greyed out until that is the case. I hope this would be easy enough to implement.
FWIW, I use Firefox 56 on Ubuntu. I've tried this in Chromium for the same result.
There are global settings to set the senderName and senderEmail in the global Bolt config.yml
bolt/bolt#7675 bolt/bolt#7675
We should make the global config values the default sender and reply to for the botlauth notifications if no values are set in https://github.com/BoltAuth/Auth/blob/master/config/config.yml.dist#L23-L25
As per #41 the documentation of Auth needs updates for the changed templates and the new global feedback.
Hi,
The form LoginPasswordType has a constraint on the password length. This kind of constraint is useful for password creation / update but not much for the login form.
My issue here is that I'm extending BoltAuth by adding a custom AuthorisationHandler to allow my users to login through a webservice. Some of these existing users have passwords with less than 6 characters.
I could override the form itself but I reckon this constraint could simply be removed because it also gives a potential attacker a clue on the passwords hashed in the database.
Alternatively, making the length configurable could be a solution.
If you redirect to another page after logging out the feedback will not be shown.
The feedback is only visible when you return to a profile or the logout page.
page/welcome
app/config/extensions/auth.boltauth.yml
to the welcome pageredirects:
login: /page/welcome
/page/welcome
After upgrading to Bolt 3.4, the database check tool says:
Table
bolt_auth_token
is not the correct schema: invalid columntoken
Trying to update the database doesn't fix it.
When I upgraded Bolt from 3.3 to 3.4, I had this problem with some core Bolt tables as well, and it was fixed when I upgraded to 3.4.2 (possibly with this? https://github.com/bolt/bolt/pull/7187/files). The issue remains only with BoltAuth.
bolt_auth_token
is not the correct schema, no matter how many times I run the database update.bolt_auth_token
is not the correct schema: invalid column token
"A Javascript error occurs when trying to enable/disable/delete a user or add/remove a role.
The error is auth is not defined
Console output below:
Deleting user(s): 739ebb13-8d53-4d70-89c9-4cb0f1e9b914 auth-admin.js:93:13
ReferenceError: auth is not defined[Learn More] bolt.js:1:1
Create a new boltauth user, then try to enable/disable/delete him or add/remove a role.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.