This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /* |
||
4 | * This file is part of the 2amigos/yii2-usuario project. |
||
5 | * |
||
6 | * (c) 2amigOS! <http://2amigos.us/> |
||
7 | * |
||
8 | * For the full copyright and license information, please view |
||
9 | * the LICENSE file that was distributed with this source code. |
||
10 | */ |
||
11 | |||
12 | namespace Da\User; |
||
13 | |||
14 | use Da\User\Component\AuthDbManagerComponent; |
||
15 | use Da\User\Contracts\AuthManagerInterface; |
||
16 | use Da\User\Controller\SecurityController; |
||
17 | use Da\User\Event\FormEvent; |
||
18 | use Da\User\Helper\ClassMapHelper; |
||
19 | use Da\User\Model\User; |
||
20 | use Yii; |
||
21 | use yii\authclient\Collection; |
||
22 | use yii\base\Application; |
||
23 | use yii\base\BootstrapInterface; |
||
24 | use yii\base\Event as YiiEvent; |
||
25 | use yii\base\Exception; |
||
26 | use yii\base\InvalidConfigException; |
||
27 | use yii\console\Application as ConsoleApplication; |
||
28 | use yii\i18n\PhpMessageSource; |
||
29 | use yii\web\Application as WebApplication; |
||
30 | |||
31 | /** |
||
32 | * Bootstrap class of the yii2-usuario extension. Configures container services, initializes translations, |
||
33 | * builds class map, and does the other setup actions participating in the application bootstrap process. |
||
34 | */ |
||
35 | class Bootstrap implements BootstrapInterface |
||
36 | { |
||
37 | /** |
||
38 | * {@inheritdoc} |
||
39 | * |
||
40 | * @throws InvalidConfigException |
||
41 | */ |
||
42 | public function bootstrap($app) |
||
43 | { |
||
44 | if ($app->hasModule('user') && $app->getModule('user') instanceof Module) { |
||
45 | $map = $this->buildClassMap($app->getModule('user')->classMap); |
||
46 | $this->initContainer($app, $map); |
||
47 | $this->initTranslations($app); |
||
48 | $this->initMailServiceConfiguration($app, $app->getModule('user')); |
||
49 | |||
50 | if ($app instanceof WebApplication) { |
||
51 | $this->initControllerNamespace($app); |
||
52 | $this->initUrlRoutes($app); |
||
53 | $this->initAuthCollection($app); |
||
54 | $this->initAuthManager($app); |
||
55 | } else { |
||
56 | /* @var $app ConsoleApplication */ |
||
57 | $this->initConsoleCommands($app); |
||
58 | $this->initAuthManager($app); |
||
59 | } |
||
60 | } |
||
61 | } |
||
62 | |||
63 | /** |
||
64 | * Initialize container with module classes. |
||
65 | * |
||
66 | * @param \yii\base\Application $app |
||
67 | * @param array $map the previously built class map list |
||
68 | */ |
||
69 | 16 | protected function initContainer($app, $map) |
|
70 | { |
||
71 | $di = Yii::$container; |
||
72 | try { |
||
73 | // events |
||
74 | $di->set(Event\FormEvent::class); |
||
75 | $di->set(Event\ProfileEvent::class); |
||
76 | $di->set(Event\ResetPasswordEvent::class); |
||
77 | $di->set(Event\SocialNetworkAuthEvent::class); |
||
78 | $di->set(Event\SocialNetworkConnectEvent::class); |
||
79 | $di->set(Event\UserEvent::class); |
||
80 | $di->set(Event\GdprEvent::class); |
||
81 | |||
82 | // forms |
||
83 | $di->set(Form\LoginForm::class); |
||
84 | $di->set(Form\RecoveryForm::class); |
||
85 | $di->set(Form\RegistrationForm::class); |
||
86 | $di->set(Form\ResendForm::class); |
||
87 | $di->set(Form\SettingsForm::class); |
||
88 | $di->set(Form\GdprDeleteForm::class); |
||
89 | |||
90 | // helpers |
||
91 | $di->set(Helper\AuthHelper::class); |
||
92 | $di->set(Helper\GravatarHelper::class); |
||
93 | $di->set(Helper\SecurityHelper::class); |
||
94 | $di->set(Helper\TimezoneHelper::class); |
||
95 | |||
96 | // services |
||
97 | $di->set(Service\AccountConfirmationService::class); |
||
98 | $di->set(Service\EmailChangeService::class); |
||
99 | $di->set(Service\PasswordExpireService::class); |
||
100 | $di->set(Service\PasswordRecoveryService::class); |
||
101 | $di->set(Service\ResendConfirmationService::class); |
||
102 | $di->set(Service\ResetPasswordService::class); |
||
103 | $di->set(Service\SocialNetworkAccountConnectService::class); |
||
104 | $di->set(Service\SocialNetworkAuthenticateService::class); |
||
105 | $di->set(Service\UserBlockService::class); |
||
106 | $di->set(Service\UserCreateService::class); |
||
107 | $di->set(Service\UserRegisterService::class); |
||
108 | $di->set(Service\UserConfirmationService::class); |
||
109 | $di->set(Service\AuthItemEditionService::class); |
||
110 | $di->set(Service\UpdateAuthAssignmentsService::class); |
||
111 | $di->set(Service\SwitchIdentityService::class); |
||
112 | $di->set(Service\TwoFactorQrCodeUriGeneratorService::class); |
||
113 | |||
114 | // email change strategy |
||
115 | $di->set(Strategy\DefaultEmailChangeStrategy::class); |
||
116 | $di->set(Strategy\InsecureEmailChangeStrategy::class); |
||
117 | $di->set(Strategy\SecureEmailChangeStrategy::class); |
||
118 | |||
119 | // validators |
||
120 | $di->set(Validator\AjaxRequestModelValidator::class); |
||
121 | $di->set(Validator\TimeZoneValidator::class); |
||
122 | $di->set(Validator\TwoFactorCodeValidator::class); |
||
123 | |||
124 | // class map models + query classes |
||
125 | $modelClassMap = []; |
||
126 | foreach ($map as $class => $definition) { |
||
127 | $di->set($class, $definition); |
||
128 | $model = is_array($definition) ? $definition['class'] : $definition; |
||
129 | $name = substr($class, strrpos($class, '\\') + 1); |
||
130 | $modelClassMap[$class] = $model; |
||
131 | if (in_array($name, ['User', 'Profile', 'Token', 'SocialNetworkAccount'])) { |
||
132 | $di->set( |
||
133 | "Da\\User\\Query\\{$name}Query", |
||
134 | function () use ($model) { |
||
135 | 16 | return $model::find(); |
|
136 | } |
||
137 | ); |
||
138 | } |
||
139 | } |
||
140 | $di->setSingleton(ClassMapHelper::class, ClassMapHelper::class, [$modelClassMap]); |
||
141 | |||
142 | // search classes |
||
143 | if (!$di->has(Search\UserSearch::class)) { |
||
144 | $di->set(Search\UserSearch::class, [$di->get(Query\UserQuery::class)]); |
||
145 | } |
||
146 | if (!$di->has(Search\PermissionSearch::class)) { |
||
147 | $di->set(Search\PermissionSearch::class); |
||
148 | } |
||
149 | if (!$di->has(Search\RoleSearch::class)) { |
||
150 | $di->set(Search\RoleSearch::class); |
||
151 | } |
||
152 | |||
153 | // Attach an event to check if the password has expired |
||
154 | if (null !== Yii::$app->getModule('user')->maxPasswordAge) { |
||
155 | YiiEvent::on(SecurityController::class, FormEvent::EVENT_AFTER_LOGIN, function (FormEvent $event) { |
||
156 | $user = $event->form->user; |
||
157 | if ($user->password_age >= Yii::$app->getModule('user')->maxPasswordAge) { |
||
158 | // Force password change |
||
159 | Yii::$app->session->setFlash('warning', Yii::t('usuario', 'Your password has expired, you must change it now')); |
||
160 | Yii::$app->response->redirect(['/user/settings/account'])->send(); |
||
161 | } |
||
162 | }); |
||
163 | } |
||
164 | |||
165 | if ($app instanceof WebApplication) { |
||
166 | // override Yii |
||
167 | $di->set( |
||
168 | 'yii\web\User', |
||
169 | [ |
||
170 | 'enableAutoLogin' => $app->getModule('user')->enableAutoLogin, |
||
171 | 'loginUrl' => ['/user/security/login'], |
||
172 | 'identityClass' => $di->get(ClassMapHelper::class)->get(User::class), |
||
173 | ] |
||
174 | ); |
||
175 | } |
||
176 | } catch (Exception $e) { |
||
177 | die($e); |
||
178 | } |
||
179 | } |
||
180 | |||
181 | /** |
||
182 | * Registers module translation messages. |
||
183 | * |
||
184 | * @param Application $app |
||
185 | * |
||
186 | * @throws InvalidConfigException |
||
187 | */ |
||
188 | protected function initTranslations(Application $app) |
||
189 | { |
||
190 | if (!isset($app->get('i18n')->translations['usuario*'])) { |
||
191 | $app->get('i18n')->translations['usuario*'] = [ |
||
192 | 'class' => PhpMessageSource::class, |
||
193 | 'basePath' => __DIR__ . '/resources/i18n', |
||
194 | 'sourceLanguage' => 'en-US', |
||
195 | ]; |
||
196 | } |
||
197 | } |
||
198 | |||
199 | /** |
||
200 | * Ensures the auth manager is the one provided by the library. |
||
201 | * |
||
202 | * @param Application $app |
||
203 | * |
||
204 | * @throws InvalidConfigException |
||
205 | */ |
||
206 | protected function initAuthManager(Application $app) |
||
207 | { |
||
208 | if (!($app->getAuthManager() instanceof AuthManagerInterface)) { |
||
209 | $app->set( |
||
210 | 'authManager', |
||
211 | [ |
||
212 | 'class' => AuthDbManagerComponent::class, |
||
213 | ] |
||
214 | ); |
||
215 | } |
||
216 | } |
||
217 | |||
218 | /** |
||
219 | * Initializes web url routes (rules in Yii2). |
||
220 | * |
||
221 | * @param WebApplication $app |
||
222 | * |
||
223 | * @throws InvalidConfigException |
||
224 | */ |
||
225 | protected function initUrlRoutes(WebApplication $app) |
||
226 | { |
||
227 | /** @var $module Module */ |
||
228 | $module = $app->getModule('user'); |
||
229 | $config = [ |
||
230 | 'class' => 'yii\web\GroupUrlRule', |
||
231 | 'prefix' => $module->prefix, |
||
232 | 'rules' => $module->routes, |
||
233 | ]; |
||
234 | |||
235 | if ($module->prefix !== 'user') { |
||
236 | $config['routePrefix'] = 'user'; |
||
237 | } |
||
238 | |||
239 | $rule = Yii::createObject($config); |
||
240 | $app->getUrlManager()->addRules([$rule], false); |
||
241 | } |
||
242 | |||
243 | /** |
||
244 | * Ensures required mail parameters needed for the mail service. |
||
245 | * |
||
246 | * @param Application $app |
||
247 | * @param Module|\yii\base\Module $module |
||
248 | */ |
||
249 | protected function initMailServiceConfiguration(Application $app, Module $module) |
||
250 | { |
||
251 | $defaults = [ |
||
252 | 'fromEmail' => '[email protected]', |
||
253 | 'welcomeMailSubject' => Yii::t('usuario', 'Welcome to {0}', $app->name), |
||
0 ignored issues
–
show
|
|||
254 | 'confirmationMailSubject' => Yii::t('usuario', 'Confirm account on {0}', $app->name), |
||
0 ignored issues
–
show
$app->name is of type string , but the function expects a array .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
255 | 'reconfirmationMailSubject' => Yii::t('usuario', 'Confirm email change on {0}', $app->name), |
||
256 | 'recoveryMailSubject' => Yii::t('usuario', 'Complete password reset on {0}', $app->name), |
||
257 | ]; |
||
258 | |||
259 | $module->mailParams = array_merge($defaults, $module->mailParams); |
||
260 | } |
||
261 | |||
262 | /** |
||
263 | * Ensures the authCollection component is configured. |
||
264 | * |
||
265 | * @param WebApplication $app |
||
266 | * |
||
267 | * @throws InvalidConfigException |
||
268 | */ |
||
269 | protected function initAuthCollection(WebApplication $app) |
||
270 | { |
||
271 | if (!$app->has('authClientCollection')) { |
||
272 | $app->set('authClientCollection', Collection::class); |
||
273 | } |
||
274 | } |
||
275 | |||
276 | /** |
||
277 | * Registers console commands to main app. |
||
278 | * |
||
279 | * @param ConsoleApplication $app |
||
280 | */ |
||
281 | protected function initConsoleCommands(ConsoleApplication $app) |
||
282 | { |
||
283 | $app->getModule('user')->controllerNamespace = $app->getModule('user')->consoleControllerNamespace; |
||
284 | } |
||
285 | |||
286 | /** |
||
287 | * Registers controllers. |
||
288 | * |
||
289 | * @param WebApplication $app |
||
290 | */ |
||
291 | protected function initControllerNamespace(WebApplication $app) |
||
292 | { |
||
293 | $app->getModule('user')->controllerNamespace = $app->getModule('user')->controllerNamespace; |
||
294 | $app->getModule('user')->setViewPath($app->getModule('user')->viewPath); |
||
295 | } |
||
296 | |||
297 | /** |
||
298 | * Builds class map according to user configuration. |
||
299 | * |
||
300 | * @param array $userClassMap user configuration on the module |
||
301 | * |
||
302 | * @throws Exception |
||
303 | * @return array |
||
304 | */ |
||
305 | protected function buildClassMap(array $userClassMap) |
||
306 | { |
||
307 | $map = []; |
||
308 | |||
309 | $defaults = [ |
||
310 | // --- models |
||
311 | 'User' => 'Da\User\Model\User', |
||
312 | 'SocialNetworkAccount' => 'Da\User\Model\SocialNetworkAccount', |
||
313 | 'Profile' => 'Da\User\Model\Profile', |
||
314 | 'Token' => 'Da\User\Model\Token', |
||
315 | 'Assignment' => 'Da\User\Model\Assignment', |
||
316 | 'Permission' => 'Da\User\Model\Permission', |
||
317 | 'Role' => 'Da\User\Model\Role', |
||
318 | // --- search |
||
319 | 'UserSearch' => 'Da\User\Search\UserSearch', |
||
320 | 'PermissionSearch' => 'Da\User\Search\PermissionSearch', |
||
321 | 'RoleSearch' => 'Da\User\Search\RoleSearch', |
||
322 | // --- forms |
||
323 | 'RegistrationForm' => 'Da\User\Form\RegistrationForm', |
||
324 | 'ResendForm' => 'Da\User\Form\ResendForm', |
||
325 | 'LoginForm' => 'Da\User\Form\LoginForm', |
||
326 | 'SettingsForm' => 'Da\User\Form\SettingsForm', |
||
327 | 'RecoveryForm' => 'Da\User\Form\RecoveryForm', |
||
328 | // --- services |
||
329 | 'MailService' => 'Da\User\Service\MailService', |
||
330 | ]; |
||
331 | |||
332 | $routes = [ |
||
333 | 'Da\User\Model' => [ |
||
334 | 'User', |
||
335 | 'SocialNetworkAccount', |
||
336 | 'Profile', |
||
337 | 'Token', |
||
338 | 'Assignment', |
||
339 | 'Permission', |
||
340 | 'Role', |
||
341 | ], |
||
342 | 'Da\User\Search' => [ |
||
343 | 'UserSearch', |
||
344 | 'PermissionSearch', |
||
345 | 'RoleSearch', |
||
346 | ], |
||
347 | 'Da\User\Form' => [ |
||
348 | 'RegistrationForm', |
||
349 | 'ResendForm', |
||
350 | 'LoginForm', |
||
351 | 'SettingsForm', |
||
352 | 'RecoveryForm', |
||
353 | ], |
||
354 | 'Da\User\Service' => [ |
||
355 | 'MailService', |
||
356 | ], |
||
357 | ]; |
||
358 | |||
359 | $mapping = array_merge($defaults, $userClassMap); |
||
360 | |||
361 | foreach ($mapping as $name => $definition) { |
||
362 | $map[$this->getRoute($routes, $name) . "\\$name"] = $definition; |
||
363 | } |
||
364 | |||
365 | return $map; |
||
366 | } |
||
367 | |||
368 | /** |
||
369 | * Returns the parent class name route of a short class name. |
||
370 | * |
||
371 | * @param array $routes class name routes |
||
372 | * @param string $name |
||
373 | * |
||
374 | * @throws Exception |
||
375 | * @return int|string |
||
376 | * |
||
377 | */ |
||
378 | protected function getRoute(array $routes, $name) |
||
379 | { |
||
380 | foreach ($routes as $route => $names) { |
||
381 | if (in_array($name, $names, false)) { |
||
382 | return $route; |
||
383 | } |
||
384 | } |
||
385 | throw new Exception("Unknown configuration class name '{$name}'"); |
||
386 | } |
||
387 | } |
||
388 |
It seems like the type of the argument is not accepted by the function/method which you are calling.
In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug.
We suggest to add an explicit type cast like in the following example: