This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /* |
||
4 | * This file is part of the 2amigos/yii2-usuario project. |
||
5 | * |
||
6 | * (c) 2amigOS! <http://2amigos.us/> |
||
7 | * |
||
8 | * For the full copyright and license information, please view |
||
9 | * the LICENSE file that was distributed with this source code. |
||
10 | */ |
||
11 | |||
12 | namespace Da\User; |
||
13 | |||
14 | use Da\User\Component\AuthDbManagerComponent; |
||
15 | use Da\User\Contracts\AuthManagerInterface; |
||
16 | use Da\User\Controller\SecurityController; |
||
17 | use Da\User\Event\FormEvent; |
||
18 | use Da\User\Helper\ClassMapHelper; |
||
19 | use Da\User\Model\User; |
||
20 | use Yii; |
||
21 | use yii\authclient\Collection; |
||
22 | use yii\base\Application; |
||
23 | use yii\base\BootstrapInterface; |
||
24 | use yii\base\Event as YiiEvent; |
||
25 | use yii\base\Exception; |
||
26 | use yii\base\InvalidConfigException; |
||
27 | use yii\console\Application as ConsoleApplication; |
||
28 | use yii\i18n\PhpMessageSource; |
||
29 | use yii\web\Application as WebApplication; |
||
30 | |||
31 | /** |
||
32 | * Bootstrap class of the yii2-usuario extension. Configures container services, initializes translations, |
||
33 | * builds class map, and does the other setup actions participating in the application bootstrap process. |
||
34 | */ |
||
35 | class Bootstrap implements BootstrapInterface |
||
36 | { |
||
37 | /** |
||
38 | * {@inheritdoc} |
||
39 | * |
||
40 | * @throws InvalidConfigException |
||
41 | */ |
||
42 | public function bootstrap($app) |
||
43 | { |
||
44 | if ($app->hasModule('user') && $app->getModule('user') instanceof Module) { |
||
45 | $map = $this->buildClassMap($app->getModule('user')->classMap); |
||
46 | $this->initContainer($app, $map); |
||
47 | $this->initTranslations($app); |
||
48 | $this->initMailServiceConfiguration($app, $app->getModule('user')); |
||
49 | |||
50 | if ($app instanceof WebApplication) { |
||
51 | $this->initControllerNamespace($app); |
||
52 | $this->initUrlRoutes($app); |
||
53 | $this->initAuthCollection($app); |
||
54 | $this->initAuthManager($app); |
||
55 | } else { |
||
56 | /* @var $app ConsoleApplication */ |
||
57 | $this->initConsoleCommands($app); |
||
58 | $this->initAuthManager($app); |
||
59 | } |
||
60 | } |
||
61 | } |
||
62 | |||
63 | /** |
||
64 | * Initialize container with module classes. |
||
65 | * |
||
66 | * @param \yii\base\Application $app |
||
67 | * @param array $map the previously built class map list |
||
68 | */ |
||
69 | 16 | protected function initContainer($app, $map) |
|
70 | { |
||
71 | $di = Yii::$container; |
||
72 | try { |
||
73 | // events |
||
74 | $di->set(Event\FormEvent::class); |
||
75 | $di->set(Event\ProfileEvent::class); |
||
76 | $di->set(Event\ResetPasswordEvent::class); |
||
77 | $di->set(Event\SocialNetworkAuthEvent::class); |
||
78 | $di->set(Event\SocialNetworkConnectEvent::class); |
||
79 | $di->set(Event\UserEvent::class); |
||
80 | $di->set(Event\GdprEvent::class); |
||
81 | |||
82 | // forms |
||
83 | $di->set(Form\LoginForm::class); |
||
84 | $di->set(Form\RecoveryForm::class); |
||
85 | $di->set(Form\RegistrationForm::class); |
||
86 | $di->set(Form\ResendForm::class); |
||
87 | $di->set(Form\SettingsForm::class); |
||
88 | $di->set(Form\GdprDeleteForm::class); |
||
89 | |||
90 | // helpers |
||
91 | $di->set(Helper\AuthHelper::class); |
||
92 | $di->set(Helper\GravatarHelper::class); |
||
93 | $di->set(Helper\SecurityHelper::class); |
||
94 | $di->set(Helper\TimezoneHelper::class); |
||
95 | |||
96 | // services |
||
97 | $di->set(Service\AccountConfirmationService::class); |
||
98 | $di->set(Service\EmailChangeService::class); |
||
99 | $di->set(Service\PasswordExpireService::class); |
||
100 | $di->set(Service\PasswordRecoveryService::class); |
||
101 | $di->set(Service\ResendConfirmationService::class); |
||
102 | $di->set(Service\ResetPasswordService::class); |
||
103 | $di->set(Service\SocialNetworkAccountConnectService::class); |
||
104 | $di->set(Service\SocialNetworkAuthenticateService::class); |
||
105 | $di->set(Service\UserBlockService::class); |
||
106 | $di->set(Service\UserCreateService::class); |
||
107 | $di->set(Service\UserRegisterService::class); |
||
108 | $di->set(Service\UserConfirmationService::class); |
||
109 | $di->set(Service\AuthItemEditionService::class); |
||
110 | $di->set(Service\UpdateAuthAssignmentsService::class); |
||
111 | $di->set(Service\SwitchIdentityService::class); |
||
112 | $di->set(Service\TwoFactorQrCodeUriGeneratorService::class); |
||
113 | |||
114 | // email change strategy |
||
115 | $di->set(Strategy\DefaultEmailChangeStrategy::class); |
||
116 | $di->set(Strategy\InsecureEmailChangeStrategy::class); |
||
117 | $di->set(Strategy\SecureEmailChangeStrategy::class); |
||
118 | |||
119 | // validators |
||
120 | $di->set(Validator\AjaxRequestModelValidator::class); |
||
121 | $di->set(Validator\TimeZoneValidator::class); |
||
122 | $di->set(Validator\TwoFactorCodeValidator::class); |
||
123 | |||
124 | // class map models + query classes |
||
125 | $modelClassMap = []; |
||
126 | foreach ($map as $class => $definition) { |
||
127 | $di->set($class, $definition); |
||
128 | $model = is_array($definition) ? $definition['class'] : $definition; |
||
129 | $name = substr($class, strrpos($class, '\\') + 1); |
||
130 | $modelClassMap[$class] = $model; |
||
131 | if (in_array($name, ['User', 'Profile', 'Token', 'SocialNetworkAccount'])) { |
||
132 | $di->set( |
||
133 | "Da\\User\\Query\\{$name}Query", |
||
134 | function () use ($model) { |
||
135 | 16 | return $model::find(); |
|
136 | } |
||
137 | ); |
||
138 | } |
||
139 | } |
||
140 | $di->setSingleton(ClassMapHelper::class, ClassMapHelper::class, [$modelClassMap]); |
||
141 | |||
142 | // search classes |
||
143 | if (!$di->has(Search\UserSearch::class)) { |
||
144 | $di->set(Search\UserSearch::class, [$di->get(Query\UserQuery::class)]); |
||
145 | } |
||
146 | if (!$di->has(Search\PermissionSearch::class)) { |
||
147 | $di->set(Search\PermissionSearch::class); |
||
148 | } |
||
149 | if (!$di->has(Search\RoleSearch::class)) { |
||
150 | $di->set(Search\RoleSearch::class); |
||
151 | } |
||
152 | |||
153 | // Attach an event to check if the password has expired |
||
154 | if (null !== Yii::$app->getModule('user')->maxPasswordAge) { |
||
155 | YiiEvent::on(SecurityController::class, FormEvent::EVENT_AFTER_LOGIN, function (FormEvent $event) { |
||
156 | $user = $event->form->user; |
||
157 | if ($user->password_age >= Yii::$app->getModule('user')->maxPasswordAge) { |
||
158 | // Force password change |
||
159 | Yii::$app->session->setFlash('warning', Yii::t('usuario', 'Your password has expired, you must change it now')); |
||
160 | Yii::$app->response->redirect(['/user/settings/account'])->send(); |
||
161 | } |
||
162 | }); |
||
163 | } |
||
164 | |||
165 | if ($app instanceof WebApplication) { |
||
166 | // override Yii |
||
167 | $di->set( |
||
168 | 'yii\web\User', |
||
169 | [ |
||
170 | 'enableAutoLogin' => $app->getModule('user')->enableAutoLogin, |
||
171 | 'loginUrl' => ['/user/security/login'], |
||
172 | 'identityClass' => $di->get(ClassMapHelper::class)->get(User::class), |
||
173 | ] |
||
174 | ); |
||
175 | } |
||
176 | } catch (Exception $e) { |
||
177 | die($e); |
||
178 | } |
||
179 | } |
||
180 | |||
181 | /** |
||
182 | * Registers module translation messages. |
||
183 | * |
||
184 | * @param Application $app |
||
185 | * |
||
186 | * @throws InvalidConfigException |
||
187 | */ |
||
188 | protected function initTranslations(Application $app) |
||
189 | { |
||
190 | if (!isset($app->get('i18n')->translations['usuario*'])) { |
||
191 | $app->get('i18n')->translations['usuario*'] = [ |
||
192 | 'class' => PhpMessageSource::class, |
||
193 | 'basePath' => __DIR__ . '/resources/i18n', |
||
194 | 'sourceLanguage' => 'en-US', |
||
195 | ]; |
||
196 | } |
||
197 | } |
||
198 | |||
199 | /** |
||
200 | * Ensures the auth manager is the one provided by the library. |
||
201 | * |
||
202 | * @param Application $app |
||
203 | * |
||
204 | * @throws InvalidConfigException |
||
205 | */ |
||
206 | protected function initAuthManager(Application $app) |
||
207 | { |
||
208 | if (!($app->getAuthManager() instanceof AuthManagerInterface)) { |
||
209 | $app->set( |
||
210 | 'authManager', |
||
211 | [ |
||
212 | 'class' => AuthDbManagerComponent::class, |
||
213 | ] |
||
214 | ); |
||
215 | } |
||
216 | } |
||
217 | |||
218 | /** |
||
219 | * Initializes web url routes (rules in Yii2). |
||
220 | * |
||
221 | * @param WebApplication $app |
||
222 | * |
||
223 | * @throws InvalidConfigException |
||
224 | */ |
||
225 | protected function initUrlRoutes(WebApplication $app) |
||
226 | { |
||
227 | /** @var $module Module */ |
||
228 | $module = $app->getModule('user'); |
||
229 | $config = [ |
||
230 | 'class' => 'yii\web\GroupUrlRule', |
||
231 | 'prefix' => $module->prefix, |
||
232 | 'rules' => $module->routes, |
||
233 | ]; |
||
234 | |||
235 | if ($module->prefix !== 'user') { |
||
236 | $config['routePrefix'] = 'user'; |
||
237 | } |
||
238 | |||
239 | $rule = Yii::createObject($config); |
||
240 | $app->getUrlManager()->addRules([$rule], false); |
||
241 | } |
||
242 | |||
243 | /** |
||
244 | * Ensures required mail parameters needed for the mail service. |
||
245 | * |
||
246 | * @param Application $app |
||
247 | * @param Module|\yii\base\Module $module |
||
248 | */ |
||
249 | protected function initMailServiceConfiguration(Application $app, Module $module) |
||
250 | { |
||
251 | $defaults = [ |
||
252 | 'fromEmail' => '[email protected]', |
||
253 | 'welcomeMailSubject' => Yii::t('usuario', 'Welcome to {0}', $app->name), |
||
0 ignored issues
–
show
|
|||
254 | 'confirmationMailSubject' => Yii::t('usuario', 'Confirm account on {0}', $app->name), |
||
0 ignored issues
–
show
$app->name is of type string , but the function expects a array .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
255 | 'reconfirmationMailSubject' => Yii::t('usuario', 'Confirm email change on {0}', $app->name), |
||
0 ignored issues
–
show
$app->name is of type string , but the function expects a array .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
256 | 'recoveryMailSubject' => Yii::t('usuario', 'Complete password reset on {0}', $app->name), |
||
0 ignored issues
–
show
$app->name is of type string , but the function expects a array .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
257 | ]; |
||
258 | |||
259 | $module->mailParams = array_merge($defaults, $module->mailParams); |
||
260 | } |
||
261 | |||
262 | /** |
||
263 | * Ensures the authCollection component is configured. |
||
264 | * |
||
265 | * @param WebApplication $app |
||
266 | * |
||
267 | * @throws InvalidConfigException |
||
268 | */ |
||
269 | protected function initAuthCollection(WebApplication $app) |
||
270 | { |
||
271 | if (!$app->has('authClientCollection')) { |
||
272 | $app->set('authClientCollection', Collection::class); |
||
273 | } |
||
274 | } |
||
275 | |||
276 | /** |
||
277 | * Registers console commands to main app. |
||
278 | * |
||
279 | * @param ConsoleApplication $app |
||
280 | */ |
||
281 | protected function initConsoleCommands(ConsoleApplication $app) |
||
282 | { |
||
283 | $app->getModule('user')->controllerNamespace = $app->getModule('user')->consoleControllerNamespace; |
||
0 ignored issues
–
show
The property
consoleControllerNamespace does not seem to exist. Did you mean controllerNamespace ?
An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading.
Loading history...
|
|||
284 | } |
||
285 | |||
286 | /** |
||
287 | * Registers controllers. |
||
288 | * |
||
289 | * @param WebApplication $app |
||
290 | */ |
||
291 | protected function initControllerNamespace(WebApplication $app) |
||
292 | { |
||
293 | $app->getModule('user')->controllerNamespace = $app->getModule('user')->controllerNamespace; |
||
294 | $app->getModule('user')->setViewPath($app->getModule('user')->viewPath); |
||
295 | } |
||
296 | |||
297 | /** |
||
298 | * Builds class map according to user configuration. |
||
299 | * |
||
300 | * @param array $userClassMap user configuration on the module |
||
301 | * |
||
302 | * @throws Exception |
||
303 | * @return array |
||
304 | */ |
||
305 | protected function buildClassMap(array $userClassMap) |
||
306 | { |
||
307 | $map = []; |
||
308 | |||
309 | $defaults = [ |
||
310 | // --- models |
||
311 | 'User' => 'Da\User\Model\User', |
||
312 | 'SocialNetworkAccount' => 'Da\User\Model\SocialNetworkAccount', |
||
313 | 'Profile' => 'Da\User\Model\Profile', |
||
314 | 'Token' => 'Da\User\Model\Token', |
||
315 | 'Assignment' => 'Da\User\Model\Assignment', |
||
316 | 'Permission' => 'Da\User\Model\Permission', |
||
317 | 'Role' => 'Da\User\Model\Role', |
||
318 | // --- search |
||
319 | 'UserSearch' => 'Da\User\Search\UserSearch', |
||
320 | 'PermissionSearch' => 'Da\User\Search\PermissionSearch', |
||
321 | 'RoleSearch' => 'Da\User\Search\RoleSearch', |
||
322 | // --- forms |
||
323 | 'RegistrationForm' => 'Da\User\Form\RegistrationForm', |
||
324 | 'ResendForm' => 'Da\User\Form\ResendForm', |
||
325 | 'LoginForm' => 'Da\User\Form\LoginForm', |
||
326 | 'SettingsForm' => 'Da\User\Form\SettingsForm', |
||
327 | 'RecoveryForm' => 'Da\User\Form\RecoveryForm', |
||
328 | // --- services |
||
329 | 'MailService' => 'Da\User\Service\MailService', |
||
330 | ]; |
||
331 | |||
332 | $routes = [ |
||
333 | 'Da\User\Model' => [ |
||
334 | 'User', |
||
335 | 'SocialNetworkAccount', |
||
336 | 'Profile', |
||
337 | 'Token', |
||
338 | 'Assignment', |
||
339 | 'Permission', |
||
340 | 'Role', |
||
341 | ], |
||
342 | 'Da\User\Search' => [ |
||
343 | 'UserSearch', |
||
344 | 'PermissionSearch', |
||
345 | 'RoleSearch', |
||
346 | ], |
||
347 | 'Da\User\Form' => [ |
||
348 | 'RegistrationForm', |
||
349 | 'ResendForm', |
||
350 | 'LoginForm', |
||
351 | 'SettingsForm', |
||
352 | 'RecoveryForm', |
||
353 | ], |
||
354 | 'Da\User\Service' => [ |
||
355 | 'MailService', |
||
356 | ], |
||
357 | ]; |
||
358 | |||
359 | $mapping = array_merge($defaults, $userClassMap); |
||
360 | |||
361 | foreach ($mapping as $name => $definition) { |
||
362 | $map[$this->getRoute($routes, $name) . "\\$name"] = $definition; |
||
363 | } |
||
364 | |||
365 | return $map; |
||
366 | } |
||
367 | |||
368 | /** |
||
369 | * Returns the parent class name route of a short class name. |
||
370 | * |
||
371 | * @param array $routes class name routes |
||
372 | * @param string $name |
||
373 | * |
||
374 | * @throws Exception |
||
375 | * @return int|string |
||
376 | * |
||
377 | */ |
||
378 | protected function getRoute(array $routes, $name) |
||
379 | { |
||
380 | foreach ($routes as $route => $names) { |
||
381 | if (in_array($name, $names, false)) { |
||
382 | return $route; |
||
383 | } |
||
384 | } |
||
385 | throw new Exception("Unknown configuration class name '{$name}'"); |
||
386 | } |
||
387 | } |
||
388 |
It seems like the type of the argument is not accepted by the function/method which you are calling.
In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug.
We suggest to add an explicit type cast like in the following example: