Merge branch 'release/2.0.0-beta.2'

CHANGELOG.md

@@ -1,3 +1,154 @@
+# v2.0.0-beta.2
+## 05/03/2016
+
+1. [](#improved)
+    * Improved the login form page once logged in
+    * Translate welcome and logout strings
+1. [](#bugfix)
+    * Fixed logging out on the homepage
+    * Fixed an issue in processing user registration
+
+# v2.0.0-beta.1
+## 04/20/2016
+
+1. [](#new)
+    * Introduce a more flexible Login plugin architecture, which allows separate authentication plugins to hook into the Login events. Separated OAuth to its own plugin.
+    * OAuth has been separated to its own plugin, needs to be installed separately and configured. The users account filename format has changed too, to fix an issue that involved people with the same name on a service.
+    * The `redirect` option  has been changed to `redirect_after_login`. Make sure you update your configuration file.
+1. [](#improved)
+    * Add a proper 'Access levels' config section for Login.
+    * Various underlying improvements
+    * Updated french, added german
+1. [](#bugfix)
+    * Make username field autofocus
+    * Add validation to the password reset form
+    * Fixed an issue that allowed a user logged in, without access to the actual permissions set to view a page, to see its content, and the login form again even if already logged in.
+
+# v1.3.1
+## 02/05/2016
+
+1. [](#new)
+    * Add translations for Username and Password (placeholders are not translated)
+1. [](#improved)
+    * Improve registration, forgot, reset and login forms accessibility by setting the id attribute
+    * Improved french translation
+    * Add the correct message type when raising a form processing error
+1. [](#bugfix)
+    * Show the correct error message when the user is not authorized to view a page
+    * Fix showing the OAuth links in the login form 
+
+# v1.3.0
+## 01/06/2016
+
+1. [](#new)
+    * Added a new CLI command to change a user's password
+    * Added a new CLI command to edit the user state
+1. [](#improved)
+    * Improved french translation
+
+# v1.2.1
+## 12/18/2015
+
+1. [](#new)
+    * Croatian translation
+1. [](#improved)
+    * Use type `email` in registration form
+    * Drop manual validation in registration
+
+# v1.2.0
+## 12/11/2015
+
+1. [](#new)
+    * Added account activation email upon registration
+    * Added forgot password functionality
+    * Support ACL from parent page
+    * Allow login immediately after account activation
+1. [](#improved)
+    * Handle admin login page if available
+    * Example registration form now provided by plugin
+    * Better error handling of registration
+    * Tab-based plugin configuration
+    * Updated translations
+1. [](#bugfix)
+    * Prevent failing when no default values are set
+
+# v1.1.0
+## 12/01/2015
+
+1. [](#new)
+    * Support new **User Registration**
+1. [](#improved)
+    * Use new security salt for newer and fallback otherwise
+    * Composer update of libraries
+    * Check for session existence else throw a runtime error
+1. [](#bugfix)
+    * Fix remember-me functionality
+    * Check page exists so as not to fail hard
+    * Fix for static Inflector references #17
+
+
+# v1.0.1
+## 11/23/2015
+
+1. [](#improved)
+    * Hardening cookies with user-agent and system cache key instead of deprecated system hash
+    * Set a custom route for login only if it's not an admin path
+
+# v1.0.0
+## 11/21/2015
+
+1. [](#new)
+    * Added OAuth login support for _Facebook_, _Google_, _GitHub_ and _Twitter_
+    * Added **Nonce** form security support
+    * Added option to "redirect after login"
+    * Added "remember me" functionality
+    * Added Hungarian translation
+2. [](#improved)
+    * Added blueprints for Grav Admin plugin (multi-language support!)
+
+# v0.3.3
+## 09/11/2015
+
+1. [](#improved)
+    * Changed authorise to authorize
+1. [](#bugfix)
+    * Fix denied string
+
+# v0.3.2
+## 09/01/2015
+
+1. [](#improved)
+    * Broke out login form into its own partial
+
+# v0.3.1
+## 08/31/2015
+
+1. [](#improved)
+    * Added username field autofocus
+
+# v0.3.0
+## 08/24/2015
+
+1. [](#new)
+    * Added simple CSS styling
+    * Added simple login status with logout
+1. [](#improved)
+    * Improved README documentation
+    * More strings translated
+    * Updated blueprints
+
+# v0.2.0
+## 08/11/2015
+
+1. [](#improved)
+    * Disable `enable` in admin
+
+# v0.1.0
+## 08/04/2015
+
+1. [](#new)
+    * ChangeLog started...
+
 # v1.3.1
 ## 02/05/2016
 

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015 Grav
+Copyright (c) 2016 Grav
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -12,6 +12,15 @@ These are available via GPM, and because the plugin has dependencies you just ne
 $ bin/gpm install login
 ```
 
+# Changes in version 2.0 (STILL TO BE RELEASED)
+
+The Login Plugin 2.0 has the following changes compared to 1.0:
+
+- OAuth has been separated to its own plugin, needs to be installed separately and configured. The users account filename format has changed too, to fix an issue that involved people with the same name on a service.
+- The `redirect` option has been changed to `redirect_after_login`.
+- The Remember Me session minimum length is now 1 week.
+- Removed the option to login from oauth without creating the corresponding user file under `user/accounts/`.
+
 # Creating Users
 
 You can either use the built-in CLI capabilities, or you create a user manually by creating a new YAML file in your `user/acounts` folder.
@@ -332,60 +341,6 @@ You can set the "Redirect after registration" option in the Login plugin, or as
 ```
 
 
-# OAuth
-
-You can add OAuth providers to the login plugin as another method to have users on your site. To enable OAuth change `oauth.enabled` to `true` in `login.yaml`. By default OAuth allows users to login though they do not create an account file for the user. If you want an account file created (ex: for tracking purposes) change `oauth.user.autocreate` to `true` in `login.yaml`.
->Note: OAuth has not been tested with Grav's multilang feature! Due to this, certain OAuth providers may not function properly on multilang sites
-
->IMPORTANT: `localhost` may NOT be used for callback and allowed URLs when creating OAuth provider applications due to certificate verification issues. Some services allow other URLs and it may be possible to add custom domains pointing to 127.0.0.1 in your hosts file and point applications there.
-
-## Facebook
-
-Visit https://developers.facebook.com/quickstarts/?platform=web and create an app name then click **Create New Facebook App ID.**
-
-Choose a category most similar to your business then click **Create App ID.**
-
-Scroll down on the next screen to the section titled **Tell us about your website.** Input a URL for the site (no need to include the protocol). Click **Next**
-
-Click **Skip Quick Start** Copy the **App ID** and **App Secret** into `login.yaml`
-
-On the left hand side click **Settings**
-In the **Basic** tab add your domain into the **App Domains** section as well as enter a contact email (required for facebook developer program). In the **Advanced** tab scroll down to the **Client OAuth Settings** Make sure that **Client OAuth Login** is enabled as well as **Web OAuth Login** is enabled. In the **Valid OAuth redirect URIs** section add the routes of all pages that are protected by login. This includes the domains. EX: `http://getgrav.org/`, `http://getgrav.org/login`, `http://getgrav.org/en/login`, and `http://getgrav.org/protected/page/route`
-
-
-## Github
-
-Visit Github's [Developer Applications Console](https://github.com/settings/developers) and press button **Register new application** (login if necesarry). ![](assets/github/github.png)
-
-Fill out the name and the URL (can be anything) and fill in the **callback**, which must be equal to where your grav site is located, generally just the host, i.e. `http://getgrav.org`. ![](assets/github/github_2.png)
-
-Copy **Client ID** and **client secret** into login.yaml under Github. ![](assets/github/github_3.png)Be sure to change `Github.enabled` to `true`
-
-## Google
-
-Visit the [Google Developers Console](https://console.developers.google.com) (sign in with a google account, preferably your businesses gmail).
-
-Select **Create Project** and give the project a name (can be anything). Click **Create**. ![](assets/google/google.png)
-
-When it's finished creating in the left hand menu choose **Credentials** under **APIs & Auth** (you may need to click **APIs & Auth** in order to display **Credntials**). ![](assets/google/google_3.png)
-
-Under **Add credentials** (center of screen) select **OAuth 2.0 client ID**.![](assets/google/google_4.png)
-
-Then select **Configure consent screen** in the top right corner. ![](assets/google/google_5.png)
-
-The only requirement is **Product name** which should be the name of your website/business (not a url). You may fill in the other options as you want on the consent screen. (The consent screen can also be changed later). ![](assets/google/google_6.png)
-
-Then once you save the consent screen select **Web application** from the radio buttons and fill in the fields. **Name** being name of product/business. **Authorized Javascript origins** is the root domain name of the login page (no routes or wildcards) such as `http://getgrav.org`.
-
-If needed, enter multiple sub domains, creating an entry for each. **Authorized redirect URIs** include the **same** Authorized Javascript origins used along with the **route** to the login page such as `http://getgrav.org/login`. Click **create**.
-
-![](assets/google/google_7.png)
-
-Copy **Client ID** and **client secret** into login.yaml under Google. ![](assets/google/google_8.png)Be sure to change `Google.enabled` to `true`
-
-## Twitter
-
-Login if necessary. Create a [new Twitter App](https://apps.twitter.com/app/new) , fill out name, application website, choose "Browser" as application type, choose the callback URL like above, default access type can be set to read-only, click on "Register application" and then you should be directed to your new application with the Client ID and secret ready to be copied and pasted into the YAML file.
 
 # Known issues