4.4.1 Release

.github/CONTRIBUTING.md

@@ -58,7 +58,7 @@ Contains breaking changes that will need to wait for the next version to be inte
 When ready, changes should be merged into both **master** and **hotfix**.
 
 #### `feature-*`
-New features that introduce some breaking changes or incomplete code should be committed in a separate `feature-{name}` branch.  
+New features that introduce some breaking changes or incomplete code should be committed in a separate `feature-{name}` branch.
 
 When ready, the branch should be **[squashed-merged](https://github.com/blog/2141-squash-your-commits)** ([guide](https://stackoverflow.com/a/5309051/445757)) into `develop` (or `hotfix` if it doesn't introduce a breaking change).
 
@@ -117,11 +117,13 @@ Additionally, the `learn` repository can have `dev-*` for learn specific feature
 
 ## Building the API documentation
 
-To build the API documentation, install [ApiGen](http://www.apigen.org/) globally and then run:
+To build the API documentation, install [phpDocumentor](https://www.phpdoc.org) globally and then run from the UserFrosting root :
 
-`apigen generate --source UserFrosting/app,userfrosting-assets/src,userfrosting-config/Config,userfrosting-fortress/Fortress,userfrosting-i18n/I18n,userfrosting-session/Session,userfrosting-support/Support --destination userfrosting-api --exclude *vendor*,*_meta* --template-theme "bootstrap"`
+```
+phpdoc
+```
 
-from inside your dev directory.
+The resulting documentation will be available in `api/`.
 
 ## Automatically fixing coding style with PHP-CS-Fixer
 
@@ -135,6 +137,6 @@ app/vendor/bin/php-cs-fixer fix
 
 ## Useful tools
 
-If you are using **Atom**, be sure to checkout theses useful packages :  
+If you are using **Atom**, be sure to checkout theses useful packages :
  - [Docblockr](https://atom.io/packages/docblockr) : Used to generate [documentation block](https://github.com/userfrosting/UserFrosting/blob/master/STYLE-GUIDE.md#documentation).
  - [php-ide-serenata](https://atom.io/packages/php-ide-serenata) : Integrates [Serenata](https://gitlab.com/Serenata/Serenata) as PHP IDE, providing autocompletion, code navigation, refactoring, signature help, linting and annotations.

.gitignore

@@ -77,6 +77,9 @@ vagrant/Homestead/
 .phpunit.result.cache
 .php_cs.cache
 
+# Ignore api doc
+api/
+
 # Igore npm lockfile
 build/package-lock.json
 build/package.lock

CHANGELOG.md

@@ -5,6 +5,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [v4.4.1]
+
+### Fixed
+- Fixed issue where incompatible NPM packages would be browserified, resulting in install failures.
+- Replaced deprecated Twig class.
+- Fixed issue when compiling assets for production ([#1078]).
+- Migration dependencies should work with and without leading `\` ([#1023])
+- Throttler don't count successful logins ([#1073])
+
 ## [v4.4.0]
 
 ### Changed Requirements
@@ -921,6 +930,7 @@ See [http://learn.userfrosting.com/upgrading/40-to-41](Upgrading 4.0.x to 4.1.x
 [#1017]: https://github.com/userfrosting/UserFrosting/issues/1017
 [#1018]: https://github.com/userfrosting/UserFrosting/issues/1018
 [#1019]: https://github.com/userfrosting/UserFrosting/issues/1019
+[#1023]: https://github.com/userfrosting/UserFrosting/issues/1023
 [#1027]: https://github.com/userfrosting/UserFrosting/issues/1027
 [#1028]: https://github.com/userfrosting/UserFrosting/issues/1028
 [#1030]: https://github.com/userfrosting/UserFrosting/issues/1030
@@ -938,6 +948,8 @@ See [http://learn.userfrosting.com/upgrading/40-to-41](Upgrading 4.0.x to 4.1.x
 [#1057]: https://github.com/userfrosting/UserFrosting/issues/1057
 [#1061]: https://github.com/userfrosting/UserFrosting/issues/1061
 [#1062]: https://github.com/userfrosting/UserFrosting/issues/1062
+[#1073]: https://github.com/userfrosting/UserFrosting/issues/1073
+[#1078]: https://github.com/userfrosting/UserFrosting/issues/1078
 
 [v4.2.0]: https://github.com/userfrosting/UserFrosting/compare/v4.1.22...v4.2.0
 [v4.2.1]: https://github.com/userfrosting/UserFrosting/compare/v4.2.0...v.4.2.1

app/defines.php

@@ -11,7 +11,7 @@
 namespace UserFrosting;
 
 // Some standard defines
-define('UserFrosting\VERSION', '4.4.0');
+define('UserFrosting\VERSION', '4.4.1');
 define('UserFrosting\DS', '/');
 define('UserFrosting\PHP_MIN_VERSION', '7.1');
 define('UserFrosting\PHP_RECOMMENDED_VERSION', '7.3');

app/sprinkles/account/src/Controller/AccountController.php

@@ -396,13 +396,11 @@ public function login(Request $request, Response $response, $args)
             return $response->withJson([], 429);
         }
 
-        // Log throttleable event
-        $throttler->logEvent('sign_in_attempt', $throttleData);
-
         // If credential is an email address, but email login is not enabled, raise an error.
-        // Note that we do this after logging throttle event, so this error counts towards throttling limit.
+        // Note that this error counts towards the throttling limit.
         if ($isEmail && !$config['site.login.enable_email']) {
             $ms->addMessageTranslated('danger', 'USER_OR_PASS_INVALID');
+            $throttler->logEvent('sign_in_attempt', $throttleData);
 
             return $response->withJson([], 403);
         }
@@ -411,7 +409,14 @@ public function login(Request $request, Response $response, $args)
         /** @var \UserFrosting\Sprinkle\Account\Authenticate\Authenticator $authenticator */
         $authenticator = $this->ci->authenticator;
 
-        $currentUser = $authenticator->attempt(($isEmail ? 'email' : 'user_name'), $userIdentifier, $data['password'], $data['rememberme']);
+        try {
+            $currentUser = $authenticator->attempt(($isEmail ? 'email' : 'user_name'), $userIdentifier, $data['password'], $data['rememberme']);
+        } catch (\Exception $e) {
+            // only let unsuccessful logins count toward the throttling limit
+            $throttler->logEvent('sign_in_attempt', $throttleData);
+
+            throw $e;
+        }
 
         $ms->addMessageTranslated('success', 'WELCOME', $currentUser->export());
 

app/sprinkles/account/src/Database/Models/Activity.php

@@ -21,11 +21,11 @@
  *
  * @author Alex Weissman (https://alexanderweissman.com)
  *
- * @property string ip_address
- * @property int user_id
- * @property string type
- * @property datetime occurred_at
- * @property string description
+ * @property string $ip_address
+ * @property int $user_id
+ * @property string $type
+ * @property datetime $occurred_at
+ * @property string $description
  */
 class Activity extends Model
 {

app/sprinkles/account/src/Database/Models/Group.php

@@ -21,10 +21,10 @@
  *
  * @see http://www.userfrosting.com/tutorials/lesson-3-data-model/
  *
- * @property string slug
- * @property string name
- * @property string description
- * @property string icon
+ * @property string $slug
+ * @property string $name
+ * @property string $description
+ * @property string $icon
  */
 class Group extends Model
 {

app/sprinkles/account/src/Database/Models/PasswordReset.php

@@ -19,11 +19,11 @@
  *
  * @author Alex Weissman (https://alexanderweissman.com)
  *
- * @property int user_id
- * @property hash token
- * @property bool completed
- * @property datetime expires_at
- * @property datetime completed_at
+ * @property int $user_id
+ * @property hash $token
+ * @property bool $completed
+ * @property datetime $expires_at
+ * @property datetime $completed_at
  */
 class PasswordReset extends Model
 {

app/sprinkles/account/src/Database/Models/Permission.php

@@ -20,10 +20,10 @@
  *
  * @author Alex Weissman (https://alexanderweissman.com)
  *
- * @property string slug
- * @property string name
- * @property string conditions
- * @property string description
+ * @property string $slug
+ * @property string $name
+ * @property string $conditions
+ * @property string $description
  */
 class Permission extends Model
 {

app/sprinkles/account/src/Database/Models/Persistence.php

@@ -20,10 +20,10 @@
  *
  * @author Louis Charette
  *
- * @property string user_id
- * @property string token
- * @property string persistent_token
- * @property string expires_at
+ * @property string $user_id
+ * @property string $token
+ * @property string $persistent_token
+ * @property string $expires_at
  */
 class Persistence extends Model
 {

app/sprinkles/account/src/Database/Models/Role.php

@@ -20,9 +20,9 @@
  *
  * @author Alex Weissman (https://alexanderweissman.com)
  *
- * @property string slug
- * @property string name
- * @property string description
+ * @property string $slug
+ * @property string $name
+ * @property string $description
  */
 class Role extends Model
 {

app/sprinkles/account/src/Database/Models/User.php

@@ -25,21 +25,21 @@
  *
  * @author Alex Weissman (https://alexanderweissman.com)
  *
- * @property int id
- * @property string user_name
- * @property string first_name
- * @property string last_name
- * @property string email
- * @property string locale
- * @property string theme
- * @property int group_id
- * @property bool flag_verified
- * @property bool flag_enabled
- * @property int last_activity_id
- * @property timestamp created_at
- * @property timestamp updated_at
- * @property string password
- * @property timestamp deleted_at
+ * @property int $id
+ * @property string $user_name
+ * @property string $first_name
+ * @property string $last_name
+ * @property string $email
+ * @property string $locale
+ * @property string $theme
+ * @property int $group_id
+ * @property bool $flag_verified
+ * @property bool $flag_enabled
+ * @property int $last_activity_id
+ * @property timestamp $created_at
+ * @property timestamp $updated_at
+ * @property string $password
+ * @property timestamp $deleted_at
  */
 class User extends Model implements UserInterface
 {

app/sprinkles/account/src/Database/Models/Verification.php

@@ -19,11 +19,11 @@
  *
  * @author Alex Weissman (https://alexanderweissman.com)
  *
- * @property int user_id
- * @property hash token
- * @property bool completed
- * @property datetime expires_at
- * @property datetime completed_at
+ * @property int $user_id
+ * @property hash $token
+ * @property bool $completed
+ * @property datetime $expires_at
+ * @property datetime $completed_at
  */
 class Verification extends Model
 {

app/sprinkles/account/src/Twig/AccountExtension.php

@@ -11,14 +11,17 @@
 namespace UserFrosting\Sprinkle\Account\Twig;
 
 use Psr\Container\ContainerInterface;
+use Twig\Extension\AbstractExtension;
+use Twig\Extension\GlobalsInterface;
+use Twig\TwigFunction;
 use UserFrosting\Support\Repository\Repository as Config;
 
 /**
  * Extends Twig functionality for the Account sprinkle.
  *
  * @author Alex Weissman (https://alexanderweissman.com)
  */
-class AccountExtension extends \Twig_Extension implements \Twig_Extension_GlobalsInterface
+class AccountExtension extends AbstractExtension implements GlobalsInterface
 {
     /**
      * @var ContainerInterface
@@ -48,13 +51,13 @@ public function getFunctions()
     {
         return [
             // Add Twig function for checking permissions during dynamic menu rendering
-            new \Twig_SimpleFunction('checkAccess', function ($slug, $params = []) {
+            new TwigFunction('checkAccess', function ($slug, $params = []) {
                 $authorizer = $this->services->authorizer;
                 $currentUser = $this->services->currentUser;
 
                 return $authorizer->checkAccess($currentUser, $slug, $params);
             }),
-            new \Twig_SimpleFunction('checkAuthenticated', function () {
+            new TwigFunction('checkAuthenticated', function () {
                 $authenticator = $this->services->authenticator;
 
                 return $authenticator->check();

app/sprinkles/account/tests/Integration/Controller/AccountControllerTest.php

@@ -11,6 +11,7 @@
 namespace UserFrosting\Sprinkle\Account\Tests\Integration\Controller;
 
 use Mockery as m;
+use UserFrosting\Sprinkle\Account\Authenticate\Exception;
 use UserFrosting\Sprinkle\Account\Controller\AccountController;
 use UserFrosting\Sprinkle\Account\Controller\Exception\SpammyRequestException;
 use UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface;
@@ -618,6 +619,74 @@ public function testloginWithThrottler()
         $this->assertSame('danger', end($messages)['type']);
     }
 
+    /**
+     * @depends testControllerConstructor
+     */
+    public function testloginThrottlerCountsFailedLogins()
+    {
+        // Create fake throttler
+        $throttler = m::mock(Throttler::class);
+        $throttler->shouldReceive('getDelay')->once()->with('sign_in_attempt', ['user_identifier' => 'foo'])->andReturn(0);
+        $throttler->shouldReceive('logEvent')->once()->with('sign_in_attempt', ['user_identifier' => 'foo']);
+        $this->ci->throttler = $throttler;
+
+        // Recreate controller to use fake throttler
+        $controller = $this->getController();
+
+        // Set POST
+        $request = $this->getRequest()->withParsedBody([
+            'user_name'  => 'foo',
+            'password'   => 'bar',
+            'rememberme' => false,
+        ]);
+
+        $this->expectException(Exception\InvalidCredentialsException::class);
+
+        $controller->login($request, $this->getResponse(), []);
+    }
+
+    /**
+     * @depends testControllerConstructor
+     */
+    public function testloginThrottlerDoesntCountSuccessfulLogins()
+    {
+        // Create a test user
+        $testUser = $this->createTestUser();
+
+        // Faker doesn't hash the password. Let's do that now
+        $unhashed = $testUser->password;
+        $testUser->password = Password::hash($testUser->password);
+        $testUser->save();
+
+        // Create fake throttler
+        $throttler = m::mock(Throttler::class);
+        $throttler->shouldReceive('getDelay')->once()->with('sign_in_attempt', ['user_identifier' => $testUser->email])->andReturn(0);
+        $throttler->shouldNotReceive('logEvent');
+        $this->ci->throttler = $throttler;
+
+        // Recreate controller to use fake throttler and test user
+        $controller = $this->getController();
+
+        // Set POST
+        $request = $this->getRequest()->withParsedBody([
+            'user_name'  => $testUser->email,
+            'password'   => $unhashed,
+            'rememberme' => false,
+        ]);
+
+        $result = $controller->login($request, $this->getResponse(), []);
+        $this->assertInstanceOf(\Psr\Http\Message\ResponseInterface::class, $result);
+        // Can't assert the status code or data, as this can be overwrited by sprinkles
+
+        // Test message
+        $ms = $this->ci->alerts;
+        $messages = $ms->getAndClearMessages();
+        $this->assertSame('success', end($messages)['type']);
+
+        // We have to logout the user to avoid problem
+        $this->logoutCurrentUser($testUser);
+    }
+
     /**
      * @depends testControllerConstructor
      */