1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
/* |
4
|
|
|
* This file is part of the 2amigos/yii2-usuario project. |
5
|
|
|
* |
6
|
|
|
* (c) 2amigOS! <http://2amigos.us/> |
7
|
|
|
* |
8
|
|
|
* For the full copyright and license information, please view |
9
|
|
|
* the LICENSE file that was distributed with this source code. |
10
|
|
|
*/ |
11
|
|
|
|
12
|
|
|
namespace Da\User; |
13
|
|
|
|
14
|
|
|
use Da\User\Contracts\MailChangeStrategyInterface; |
15
|
|
|
use Da\User\Filter\AccessRuleFilter; |
16
|
|
|
use Yii; |
17
|
|
|
use yii\base\Module as BaseModule; |
18
|
|
|
use yii\helpers\Html; |
19
|
|
|
|
20
|
|
|
/** |
21
|
|
|
* This is the main module class of the yii2-usuario extension. |
22
|
|
|
*/ |
23
|
|
|
class Module extends BaseModule |
24
|
|
|
{ |
25
|
|
|
/** |
26
|
|
|
* @var bool whether to enable european G.D.P.R. compliance. |
27
|
|
|
* This will add a few elements to comply with european general data protection regulation. |
28
|
|
|
* This regulation affects to all companies in Europe a those companies outside that offer their |
29
|
|
|
* services to the E.U. |
30
|
|
|
* List of elements that will be added when this is enabled: |
31
|
|
|
* - Checkbox to request consent on register form |
32
|
|
|
* - Forgot me button in profile view. |
33
|
|
|
* - Download my data button in profile |
34
|
|
|
*/ |
35
|
|
|
public $enableGdprCompliance = false; |
36
|
|
|
/** |
37
|
|
|
* @var null|array|string with the url to privacy policy. |
38
|
|
|
* Must be in the same format as yii/helpers/Url::to requires. |
39
|
|
|
*/ |
40
|
|
|
public $gdprPrivacyPolicyUrl = null; |
41
|
|
|
/** |
42
|
|
|
* @var array with the name of the user identity properties to be included when user request download of his data. |
43
|
|
|
* Names can include relations like `profile.name`. |
44
|
|
|
* GPDR says: |
45
|
|
|
* > The data subject shall have the right to receive the personal data concerning him or her, which he |
46
|
|
|
* > or she has provided to a controller, in a structured, commonly used and machine-readable format |
47
|
|
|
*/ |
48
|
|
|
public $gdprExportProperties = [ |
49
|
|
|
'email', |
50
|
|
|
'username', |
51
|
|
|
'profile.public_email', |
52
|
|
|
'profile.name', |
53
|
|
|
'profile.gravatar_email', |
54
|
|
|
'profile.location', |
55
|
|
|
'profile.website', |
56
|
|
|
'profile.bio' |
57
|
|
|
]; |
58
|
|
|
/** |
59
|
|
|
* @var string prefix to be used as a replacement when user requests deletion of his data. |
60
|
|
|
*/ |
61
|
|
|
public $gdprAnonymizePrefix = 'GDPR'; |
62
|
|
|
/** |
63
|
|
|
* @var bool if true, all registered users will be prompted to give consent if they have not gave it earlier. |
64
|
|
|
*/ |
65
|
|
|
public $gdprRequireConsentToAll = false; |
66
|
|
|
/** |
67
|
|
|
* @var null|string use this to customize the message that will appear as hint in the give consent checkbox |
68
|
|
|
*/ |
69
|
|
|
public $gdprConsentMessage; |
70
|
|
|
/** |
71
|
|
|
* @var array list of url that does not require explicit data processing consent |
72
|
|
|
* to be accessed, like own profile, account... You can use wildcards like `route/to/*`. Do not prefix |
73
|
|
|
* "/" required for redirection, they are used to match against action ids. |
74
|
|
|
* |
75
|
|
|
* @see AccessRuleFilter |
76
|
|
|
*/ |
77
|
|
|
public $gdprConsentExcludedUrls = [ |
78
|
|
|
'user/settings/*' |
79
|
|
|
]; |
80
|
|
|
/** |
81
|
|
|
* @var bool whether to enable two factor authentication or not |
82
|
|
|
*/ |
83
|
|
|
public $enableTwoFactorAuthentication = false; |
84
|
|
|
/** |
85
|
|
|
* @var int cycles of key generation are set on 30 sec. To avoid sync issues, increased validity up to 60 sec. |
86
|
|
|
* @see http://2fa-library.readthedocs.io/en/latest/ |
87
|
|
|
*/ |
88
|
|
|
public $twoFactorAuthenticationCycles = 1; |
89
|
|
|
/** |
90
|
|
|
* @var bool whether to allow auto login or not |
91
|
|
|
*/ |
92
|
|
|
public $enableAutoLogin = true; |
93
|
|
|
/** |
94
|
|
|
* @var bool whether to allow registration process or not |
95
|
|
|
*/ |
96
|
|
|
public $enableRegistration = true; |
97
|
|
|
/** |
98
|
|
|
* @var bool whether to force email confirmation to |
99
|
|
|
*/ |
100
|
|
|
public $enableEmailConfirmation = true; |
101
|
|
|
/** |
102
|
|
|
* @var bool whether to display flash messages or not |
103
|
|
|
*/ |
104
|
|
|
public $enableFlashMessages = true; |
105
|
|
|
/** |
106
|
|
|
* @var bool whether to be able to, as an admin, impersonate other users |
107
|
|
|
*/ |
108
|
|
|
public $enableSwitchIdentities = true; |
109
|
|
|
/** |
110
|
|
|
* @var bool whether to generate passwords automatically and remove the password field from the registration form |
111
|
|
|
*/ |
112
|
|
|
public $generatePasswords = false; |
113
|
|
|
/** |
114
|
|
|
* @var bool whether to allow login accounts with unconfirmed emails |
115
|
|
|
*/ |
116
|
|
|
public $allowUnconfirmedEmailLogin = false; |
117
|
|
|
/** |
118
|
|
|
* @var bool whether to enable password recovery or not |
119
|
|
|
*/ |
120
|
|
|
public $allowPasswordRecovery = true; |
121
|
|
|
/** |
122
|
|
|
* @var bool whether to enable password recovery from the admin console |
123
|
|
|
*/ |
124
|
|
|
public $allowAdminPasswordRecovery = true; |
125
|
|
|
/** |
126
|
|
|
* @var bool whether user can remove his account |
127
|
|
|
*/ |
128
|
|
|
public $allowAccountDelete = false; |
129
|
|
|
/** |
130
|
|
|
* @var string the class name of the strategy class to handle user's email change |
131
|
|
|
*/ |
132
|
|
|
public $emailChangeStrategy = MailChangeStrategyInterface::TYPE_DEFAULT; |
133
|
|
|
/** |
134
|
|
|
* @var int the time user will be auto logged in |
135
|
|
|
*/ |
136
|
|
|
public $rememberLoginLifespan = 1209600; |
137
|
|
|
/** |
138
|
|
|
* @var int the time before the confirmation token becomes invalid. Defaults to 24 hours |
139
|
|
|
*/ |
140
|
|
|
public $tokenConfirmationLifespan = 86400; |
141
|
|
|
/** |
142
|
|
|
* @var int the time before a recovery token is invalid. Defaults to 6 hours |
143
|
|
|
*/ |
144
|
|
|
public $tokenRecoveryLifespan = 21600; |
145
|
|
|
/** |
146
|
|
|
* @var array a list of admin usernames |
147
|
|
|
*/ |
148
|
|
|
public $administrators = []; |
149
|
|
|
/** |
150
|
|
|
* @var string the administrator permission name |
151
|
|
|
*/ |
152
|
|
|
public $administratorPermissionName; |
153
|
|
|
/** |
154
|
|
|
* @var string the route prefix |
155
|
|
|
*/ |
156
|
|
|
public $prefix = 'user'; |
157
|
|
|
/** |
158
|
|
|
* @var array MailService configuration |
159
|
|
|
*/ |
160
|
|
|
public $mailParams = []; |
161
|
|
|
/** |
162
|
|
|
* @var int the cost parameter used by the Blowfish hash algorithm. |
163
|
|
|
* The higher the value of cost, the longer it takes to generate the hash and to verify a password |
164
|
|
|
* against it. Higher cost therefore slows down a brute-force attack. For best protection against |
165
|
|
|
* brute-force attacks, set it to the highest value that is tolerable on production servers. The time taken |
166
|
|
|
* to compute the hash doubles for every increment by one of $cost |
167
|
|
|
*/ |
168
|
|
|
public $blowfishCost = 10; |
169
|
|
|
/** |
170
|
|
|
* @var string Web controller namespace |
171
|
|
|
*/ |
172
|
|
|
public $controllerNamespace = 'Da\User\Controller'; |
173
|
|
|
/** |
174
|
|
|
* @var string Console controller namespace |
175
|
|
|
*/ |
176
|
|
|
public $consoleControllerNamespace = 'Da\User\Command'; |
177
|
|
|
/** |
178
|
|
|
* @var array the class map. How the container should load specific classes |
179
|
|
|
* @see Bootstrap::buildClassMap() for more details |
180
|
|
|
*/ |
181
|
|
|
public $classMap = []; |
182
|
|
|
/** |
183
|
|
|
* @var array the url rules (routes) |
184
|
|
|
*/ |
185
|
|
|
public $routes = [ |
186
|
|
|
'<id:\d+>' => 'profile/show', |
187
|
|
|
'<action:(login|logout)>' => 'security/<action>', |
188
|
|
|
'<action:(register|resend)>' => 'registration/<action>', |
189
|
|
|
'confirm/<id:\d+>/<code:[A-Za-z0-9_-]+>' => 'registration/confirm', |
190
|
|
|
'forgot' => 'recovery/request', |
191
|
|
|
'recover/<id:\d+>/<code:[A-Za-z0-9_-]+>' => 'recovery/reset' |
192
|
|
|
]; |
193
|
|
|
/** |
194
|
|
|
* @var string |
195
|
|
|
*/ |
196
|
|
|
public $viewPath = '@Da/User/resources/views'; |
197
|
|
|
/** |
198
|
|
|
* @var string the session key name to impersonate users. Please, modify it for security reasons! |
199
|
|
|
*/ |
200
|
|
|
public $switchIdentitySessionKey = 'yuik_usuario'; |
201
|
|
|
/** |
202
|
|
|
* @var integer If != NULL sets a max password age in days |
203
|
|
|
*/ |
204
|
|
|
public $maxPasswordAge; |
205
|
|
|
/** |
206
|
|
|
* @var boolean whether to restrict assignment of permissions to users |
207
|
|
|
*/ |
208
|
|
|
public $restrictUserPermissionAssignment = false; |
209
|
|
|
|
210
|
|
|
/** |
211
|
|
|
* @return string with the hit to be used with the give consent checkbox |
212
|
|
|
*/ |
213
|
7 |
|
public function getConsentMessage() |
214
|
|
|
{ |
215
|
7 |
|
$defaultConsentMessage = Yii::t( |
216
|
7 |
|
'usuario', |
217
|
7 |
|
'I agree processing of my personal data and the use of cookies to facilitate the operation of this site. For more information read our {privacyPolicy}', |
218
|
|
|
[ |
219
|
7 |
|
'privacyPolicy' => Html::a( |
220
|
7 |
|
Yii::t('usuario', 'privacy policy'), |
221
|
7 |
|
$this->gdprPrivacyPolicyUrl, |
222
|
7 |
|
['target' => '_blank'] |
223
|
|
|
), |
224
|
|
|
] |
225
|
|
|
); |
226
|
|
|
|
227
|
7 |
|
return $this->gdprConsentMessage ?: $defaultConsentMessage; |
228
|
|
|
} |
229
|
|
|
} |
230
|
|
|
|