Merge branch 'release/3.0.0'

Author: adrenth

.github/workflows/php.yml

@@ -28,6 +28,9 @@ jobs:
         php-version: ${{ matrix.php }}
         coverage: none
 
+    - name: Add HTTP basic auth credentials
+      run: echo '${{ secrets.VDLP_OCTOBER_CMS_AUTH_JSON }}' > $GITHUB_WORKSPACE/auth.json
+
     - name: Validate composer.json and composer.lock
       run: composer validate
 

CHANGELOG.md

@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.0.0] - 2022-03-14
+
+- !! Dropped logic for "Excluded URLs". Please add whitelisted paths after upgrading to this version.
+- !! Passwords are now stored as hashed _values_ and you should change the passwords after upgrading.
+- Add whitelisting for specific paths (two match types; `exact` and `starts_with`).
+- Add composer requirement `october/system:>=1.0`.
+- Old (plain text stored) password do still work.
+
 ## [2.1.0] - 2022-02-15
 
 - Maintenance update:

Plugin.php

@@ -76,16 +76,6 @@ public function registerSettings(): array
                 'keywords' => 'basic authentication security',
                 'order' => 500,
             ],
-            'excludedurls' => [
-                'label' => 'vdlp.basicauthentication::lang.excludedurls.label',
-                'description' => 'vdlp.basicauthentication::lang.excludedurls.description',
-                'url' => $backendHelper->url('vdlp/basicauthentication/excludedurls'),
-                'category' => 'Basic Authentication',
-                'icon' => 'icon-link',
-                'permissions' => ['vdlp.basicauthentication.*'],
-                'keywords' => 'basic authentication security',
-                'order' => 501,
-            ],
         ];
     }
 }

README.md

@@ -4,6 +4,7 @@ Allows users to manage Basic Authentication credentials for multiple hostnames a
 
 ## Requirements
 
+* October CMS ^1.1
 * PHP 7.4 or higher
 
 ## Installation

composer.json

@@ -14,10 +14,12 @@
     },
     "require": {
         "php": "^7.4 || ^8.0",
+        "october/system": ">=1.0",
         "composer/installers": "^1.0 || ^2.0"
     },
     "archive": {
         "exclude": [
+            ".gitattributes",
             ".gitignore",
             ".github"
         ]

console/CreateCredentialsCommand.php

@@ -18,24 +18,38 @@ public function __construct()
         parent::__construct();
     }
 
-    public function handle(): void
+    public function handle(): int
     {
+        $exists = Credential::query()
+            ->where('hostname', $this->argument('hostname'))
+            ->exists();
+
+        if ($exists) {
+            $this->error('Hostname already exists.');
+
+            return 1;
+        }
+
         try {
-            Credential::query()
-                ->updateOrInsert([
-                    'hostname' => $this->argument('hostname'),
-                ], [
-                    'realm' => $this->argument('realm'),
-                    'username' => $this->argument('username'),
-                    'password' => $this->argument('password'),
-                    'is_enabled' => true,
-                    'updated_at' => now(),
-                    'created_at' => now(),
-                ]);
-
-            $this->info('Basic Authentication credentials have been added to the database.');
+            $credential = new Credential([
+                'hostname' => $this->argument('hostname'),
+                'realm' => $this->argument('realm'),
+                'username' => $this->argument('username'),
+                'password' => $this->argument('password'),
+                'is_enabled' => true,
+                'updated_at' => now(),
+                'created_at' => now(),
+            ]);
+
+            $credential->forceSave();
         } catch (Throwable $throwable) {
             $this->error('Could not create Basic Authentication credentials: ' . $throwable->getMessage());
+
+            return 2;
         }
+
+        $this->info('Basic Authentication credentials have been added to the database.');
+
+        return 0;
     }
 }

controllers/Credentials.php

@@ -32,6 +32,7 @@ public function __construct(Repository $config)
         parent::__construct();
 
         NavigationManager::instance()->setContext('October.System', 'system', 'settings');
+
         SettingsManager::setContext('Vdlp.BasicAuthentication', 'credentials');
 
         $this->enabled = (bool) $config->get('basicauthentication.enabled', false);

controllers/ExcludedUrls.php

@@ -19,7 +19,7 @@
                 <button
                     type="submit"
                     data-request="onSave"
-                    data-request-data="redirect:0"
+                    data-request-data="redirect:0,refresh:1"
                     data-hotkey="ctrl+s, cmd+s"
                     data-load-indicator="<?= e(trans('backend::lang.form.saving')) ?>"
                     class="btn btn-primary">