|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* |
|
4
|
|
|
* This file is part of the 2amigos/yii2-usuario project. |
|
5
|
|
|
* |
|
6
|
|
|
* (c) 2amigOS! <http://2amigos.us/> |
|
7
|
|
|
* |
|
8
|
|
|
* For the full copyright and license information, please view |
|
9
|
|
|
* the LICENSE file that was distributed with this source code. |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
namespace Da\User; |
|
13
|
|
|
|
|
14
|
|
|
use Da\User\Contracts\MailChangeStrategyInterface; |
|
15
|
|
|
use Da\User\Filter\AccessRuleFilter; |
|
16
|
|
|
use Yii; |
|
17
|
|
|
use yii\base\Module as BaseModule; |
|
18
|
|
|
use yii\helpers\Html; |
|
19
|
|
|
|
|
20
|
|
|
/** |
|
21
|
|
|
* This is the main module class of the yii2-usuario extension. |
|
22
|
|
|
*/ |
|
23
|
|
|
class Module extends BaseModule |
|
24
|
|
|
{ |
|
25
|
|
|
/** |
|
26
|
|
|
* @var bool whether to enable european G.D.P.R. compliance. |
|
27
|
|
|
* This will add a few elements to comply with european general data protection regulation. |
|
28
|
|
|
* This regulation affects to all companies in Europe a those companies outside that offer their |
|
29
|
|
|
* services to the E.U. |
|
30
|
|
|
* List of elements that will be added when this is enabled: |
|
31
|
|
|
* - Checkbox to request consent on register form |
|
32
|
|
|
* - Forgot me button in profile view. |
|
33
|
|
|
* - Download my data button in profile |
|
34
|
|
|
*/ |
|
35
|
|
|
public $enableGdprCompliance = false; |
|
36
|
|
|
/** |
|
37
|
|
|
* @var null|array|string with the url to privacy policy. |
|
38
|
|
|
* Must be in the same format as yii/helpers/Url::to requires. |
|
39
|
|
|
*/ |
|
40
|
|
|
public $gdprPrivacyPolicyUrl = null; |
|
41
|
|
|
/** |
|
42
|
|
|
* @var array with the name of the user identity properties to be included when user request download of his data. |
|
43
|
|
|
* Names can include relations like `profile.name`. |
|
44
|
|
|
* GPDR says: |
|
45
|
|
|
* > The data subject shall have the right to receive the personal data concerning him or her, which he |
|
46
|
|
|
* > or she has provided to a controller, in a structured, commonly used and machine-readable format |
|
47
|
|
|
*/ |
|
48
|
|
|
public $gdprExportProperties = [ |
|
49
|
|
|
'email', |
|
50
|
|
|
'username', |
|
51
|
|
|
'profile.public_email', |
|
52
|
|
|
'profile.name', |
|
53
|
|
|
'profile.gravatar_email', |
|
54
|
|
|
'profile.location', |
|
55
|
|
|
'profile.website', |
|
56
|
|
|
'profile.bio' |
|
57
|
|
|
]; |
|
58
|
|
|
/** |
|
59
|
|
|
* @var string prefix to be used as a replacement when user requests deletion of his data. |
|
60
|
|
|
*/ |
|
61
|
|
|
public $gdprAnonymizePrefix = 'GDPR'; |
|
62
|
|
|
/** |
|
63
|
|
|
* @var bool if true, all registered users will be prompted to give consent if they have not gave it earlier. |
|
64
|
|
|
*/ |
|
65
|
|
|
public $gdprRequireConsentToAll = false; |
|
66
|
|
|
/** |
|
67
|
|
|
* @var null|string use this to customize the message that will appear as hint in the give consent checkbox |
|
68
|
|
|
*/ |
|
69
|
|
|
public $gdprConsentMessage; |
|
70
|
|
|
/** |
|
71
|
|
|
* @var array list of url that does not require explicit data processing consent |
|
72
|
|
|
* to be accessed, like own profile, account... You can use wildcards like `route/to/*`. Do not prefix |
|
73
|
|
|
* "/" required for redirection, they are used to match against action ids. |
|
74
|
|
|
* |
|
75
|
|
|
* @see AccessRuleFilter |
|
76
|
|
|
*/ |
|
77
|
|
|
public $gdprConsentExcludedUrls = [ |
|
78
|
|
|
'user/settings/*' |
|
79
|
|
|
]; |
|
80
|
|
|
/** |
|
81
|
|
|
* @var bool whether to enable two factor authentication or not |
|
82
|
|
|
*/ |
|
83
|
|
|
public $enableTwoFactorAuthentication = false; |
|
84
|
|
|
/** |
|
85
|
|
|
* @var int cycles of key generation are set on 30 sec. To avoid sync issues, increased validity up to 60 sec. |
|
86
|
|
|
* @see http://2fa-library.readthedocs.io/en/latest/ |
|
87
|
|
|
*/ |
|
88
|
|
|
public $twoFactorAuthenticationCycles = 1; |
|
89
|
|
|
/** |
|
90
|
|
|
* @var bool whether to allow auto login or not |
|
91
|
|
|
*/ |
|
92
|
|
|
public $enableAutoLogin = true; |
|
93
|
|
|
/** |
|
94
|
|
|
* @var bool whether to allow registration process or not |
|
95
|
|
|
*/ |
|
96
|
|
|
public $enableRegistration = true; |
|
97
|
|
|
/** |
|
98
|
|
|
* @var bool whether to force email confirmation to |
|
99
|
|
|
*/ |
|
100
|
|
|
public $enableEmailConfirmation = true; |
|
101
|
|
|
/** |
|
102
|
|
|
* @var bool whether to display flash messages or not |
|
103
|
|
|
*/ |
|
104
|
|
|
public $enableFlashMessages = true; |
|
105
|
|
|
/** |
|
106
|
|
|
* @var bool whether to be able to, as an admin, impersonate other users |
|
107
|
|
|
*/ |
|
108
|
|
|
public $enableSwitchIdentities = true; |
|
109
|
|
|
/** |
|
110
|
|
|
* @var bool whether to generate passwords automatically and remove the password field from the registration form |
|
111
|
|
|
*/ |
|
112
|
|
|
public $generatePasswords = false; |
|
113
|
|
|
/** |
|
114
|
|
|
* @var bool whether to allow login accounts with unconfirmed emails |
|
115
|
|
|
*/ |
|
116
|
|
|
public $allowUnconfirmedEmailLogin = false; |
|
117
|
|
|
/** |
|
118
|
|
|
* @var bool whether to enable password recovery or not |
|
119
|
|
|
*/ |
|
120
|
|
|
public $allowPasswordRecovery = true; |
|
121
|
|
|
/** |
|
122
|
|
|
* @var bool whether to enable password recovery from the admin console |
|
123
|
|
|
*/ |
|
124
|
|
|
public $allowAdminPasswordRecovery = true; |
|
125
|
|
|
/** |
|
126
|
|
|
* @var bool whether user can remove his account |
|
127
|
|
|
*/ |
|
128
|
|
|
public $allowAccountDelete = false; |
|
129
|
|
|
/** |
|
130
|
|
|
* @var string the class name of the strategy class to handle user's email change |
|
131
|
|
|
*/ |
|
132
|
|
|
public $emailChangeStrategy = MailChangeStrategyInterface::TYPE_DEFAULT; |
|
133
|
|
|
/** |
|
134
|
|
|
* @var int the time user will be auto logged in |
|
135
|
|
|
*/ |
|
136
|
|
|
public $rememberLoginLifespan = 1209600; |
|
137
|
|
|
/** |
|
138
|
|
|
* @var int the time before the confirmation token becomes invalid. Defaults to 24 hours |
|
139
|
|
|
*/ |
|
140
|
|
|
public $tokenConfirmationLifespan = 86400; |
|
141
|
|
|
/** |
|
142
|
|
|
* @var int the time before a recovery token is invalid. Defaults to 6 hours |
|
143
|
|
|
*/ |
|
144
|
|
|
public $tokenRecoveryLifespan = 21600; |
|
145
|
|
|
/** |
|
146
|
|
|
* @var array a list of admin usernames |
|
147
|
|
|
*/ |
|
148
|
|
|
public $administrators = []; |
|
149
|
|
|
/** |
|
150
|
|
|
* @var string the administrator permission name |
|
151
|
|
|
*/ |
|
152
|
|
|
public $administratorPermissionName; |
|
153
|
|
|
/** |
|
154
|
|
|
* @var string the route prefix |
|
155
|
|
|
*/ |
|
156
|
|
|
public $prefix = 'user'; |
|
157
|
|
|
/** |
|
158
|
|
|
* @var array MailService configuration |
|
159
|
|
|
*/ |
|
160
|
|
|
public $mailParams = []; |
|
161
|
|
|
/** |
|
162
|
|
|
* @var int the cost parameter used by the Blowfish hash algorithm. |
|
163
|
|
|
* The higher the value of cost, the longer it takes to generate the hash and to verify a password |
|
164
|
|
|
* against it. Higher cost therefore slows down a brute-force attack. For best protection against |
|
165
|
|
|
* brute-force attacks, set it to the highest value that is tolerable on production servers. The time taken |
|
166
|
|
|
* to compute the hash doubles for every increment by one of $cost |
|
167
|
|
|
*/ |
|
168
|
|
|
public $blowfishCost = 10; |
|
169
|
|
|
/** |
|
170
|
|
|
* @var string Web controller namespace |
|
171
|
|
|
*/ |
|
172
|
|
|
public $controllerNamespace = 'Da\User\Controller'; |
|
173
|
|
|
/** |
|
174
|
|
|
* @var string Console controller namespace |
|
175
|
|
|
*/ |
|
176
|
|
|
public $consoleControllerNamespace = 'Da\User\Command'; |
|
177
|
|
|
/** |
|
178
|
|
|
* @var array the class map. How the container should load specific classes |
|
179
|
|
|
* @see Bootstrap::buildClassMap() for more details |
|
180
|
|
|
*/ |
|
181
|
|
|
public $classMap = []; |
|
182
|
|
|
/** |
|
183
|
|
|
* @var array the url rules (routes) |
|
184
|
|
|
*/ |
|
185
|
|
|
public $routes = [ |
|
186
|
|
|
'<id:\d+>' => 'profile/show', |
|
187
|
|
|
'<action:(login|logout)>' => 'security/<action>', |
|
188
|
|
|
'<action:(register|resend)>' => 'registration/<action>', |
|
189
|
|
|
'confirm/<id:\d+>/<code:[A-Za-z0-9_-]+>' => 'registration/confirm', |
|
190
|
|
|
'forgot' => 'recovery/request', |
|
191
|
|
|
'recover/<id:\d+>/<code:[A-Za-z0-9_-]+>' => 'recovery/reset' |
|
192
|
|
|
]; |
|
193
|
|
|
/** |
|
194
|
|
|
* @var string |
|
195
|
|
|
*/ |
|
196
|
|
|
public $viewPath = '@Da/User/resources/views'; |
|
197
|
|
|
/** |
|
198
|
|
|
* @var string the session key name to impersonate users. Please, modify it for security reasons! |
|
199
|
|
|
*/ |
|
200
|
|
|
public $switchIdentitySessionKey = 'yuik_usuario'; |
|
201
|
|
|
/** |
|
202
|
|
|
* @var integer If != NULL sets a max password age in days |
|
203
|
|
|
*/ |
|
204
|
|
|
public $maxPasswordAge; |
|
205
|
|
|
/** |
|
206
|
|
|
* @var boolean whether to restrict assignment of permissions to users |
|
207
|
|
|
*/ |
|
208
|
|
|
public $restrictUserPermissionAssignment = false; |
|
209
|
|
|
/** |
|
210
|
|
|
* @var boolean whether to disable IP logging into user table |
|
211
|
|
|
*/ |
|
212
|
|
|
public $disableIpLogging = false; |
|
213
|
|
|
|
|
214
|
|
|
/** |
|
215
|
|
|
* @return string with the hit to be used with the give consent checkbox |
|
216
|
|
|
*/ |
|
217
|
7 |
|
public function getConsentMessage() |
|
218
|
|
|
{ |
|
219
|
7 |
|
$defaultConsentMessage = Yii::t( |
|
220
|
7 |
|
'usuario', |
|
221
|
7 |
|
'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}', |
|
222
|
|
|
[ |
|
223
|
7 |
|
'privacyPolicy' => Html::a( |
|
224
|
7 |
|
Yii::t('usuario', 'privacy policy'), |
|
225
|
7 |
|
$this->gdprPrivacyPolicyUrl, |
|
226
|
7 |
|
['target' => '_blank'] |
|
227
|
|
|
), |
|
228
|
|
|
] |
|
229
|
|
|
); |
|
230
|
|
|
|
|
231
|
7 |
|
return $this->gdprConsentMessage ?: $defaultConsentMessage; |
|
232
|
|
|
} |
|
233
|
|
|
} |
|
234
|
|
|
|
2amigos /
yii2-usuario
