diff --git a/CHANGELOG.md b/CHANGELOG.md index 1c36fdaa0ba..6174e194b21 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,8 @@ - Fixed a bug where `craft\web\View::registerTwigExtension()` could throw an exception if Twig was already initialized. ([#13208](https://github.com/craftcms/cms/issues/13208)) - Fixed a bug where entries mutated via GraphQL weren’t becoming globally enabled if `enabled` was set to `true`. ([#13214](https://github.com/craftcms/cms/pull/13214)) - Fixed a styling issue with “Post Date” and “Expiry Date” fields. ([#13216](https://github.com/craftcms/cms/issues/13216)) +- Removed the OAuth 2.0 Client library, as it’s no longer used in core. +- Fixed a bug where activation emails sent to newly-created users could link to the front-end site, if they were granted control panel access via a user group. ([#13204](https://github.com/craftcms/cms/issues/13204)) - Fixed two XSS vulnerabilities. ## 4.4.11 - 2023-05-15 diff --git a/composer.json b/composer.json index 00e1cbc3aa6..8e03008e23f 100644 --- a/composer.json +++ b/composer.json @@ -36,7 +36,6 @@ "ext-zip": "*", "commerceguys/addressing": "^1.2", "composer/composer": "2.2.19", - "craftcms/oauth2-craftid": "~1.0.0", "craftcms/plugin-installer": "~1.6.0", "craftcms/server-check": "~2.1.2", "creocoder/yii2-nested-sets": "~0.9.0", @@ -44,7 +43,6 @@ "enshrined/svg-sanitize": "~0.16.0", "guzzlehttp/guzzle": "^7.2.0", "illuminate/collections": "^9.1.0", - "league/oauth2-client": "^2.6.0", "mikehaertl/php-shellcommand": "^1.6.3", "moneyphp/money": "^4.0", "monolog/monolog": "^2.3", @@ -85,7 +83,6 @@ "yii2tech/ar-softdelete": "1.0.4" }, "conflict": { - "league/oauth2-client": "2.4.0", "webonyx/graphql-php": "14.11.7" }, "suggest": { diff --git a/composer.lock b/composer.lock index 8bba2972077..df6a0a04d3e 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "3439b91c74d4d2cccc1edba4100d0abe", + "content-hash": "db570d1d17f4ec1b4c17cba6640cf8c5", "packages": [ { "name": "cebe/markdown", @@ -676,61 +676,6 @@ ], "time": "2022-02-25T21:32:43+00:00" }, - { - "name": "craftcms/oauth2-craftid", - "version": "1.0.0.1", - "source": { - "type": "git", - "url": "https://github.com/craftcms/oauth2-craftid.git", - "reference": "3f18364139d72d83fb50546d85130beaaa868836" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/craftcms/oauth2-craftid/zipball/3f18364139d72d83fb50546d85130beaaa868836", - "reference": "3f18364139d72d83fb50546d85130beaaa868836", - "shasum": "" - }, - "require": { - "league/oauth2-client": "^2.2.1" - }, - "require-dev": { - "phpunit/phpunit": "^5.0", - "satooshi/php-coveralls": "^1.0", - "squizlabs/php_codesniffer": "^2.0" - }, - "type": "library", - "autoload": { - "psr-4": { - "craftcms\\oauth2\\client\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Pixel & Tonic", - "homepage": "https://pixelandtonic.com/" - } - ], - "description": "Craft OAuth 2.0 Client Provider for The PHP League OAuth2-Client", - "keywords": [ - "Authentication", - "authorization", - "client", - "cms", - "craftcms", - "craftid", - "oauth", - "oauth2" - ], - "support": { - "issues": "https://github.com/craftcms/oauth2-craftid/issues", - "source": "https://github.com/craftcms/oauth2-craftid/tree/1.0.0.1" - }, - "time": "2017-11-22T19:46:18+00:00" - }, { "name": "craftcms/plugin-installer", "version": "1.6.0", @@ -1346,21 +1291,21 @@ }, { "name": "guzzlehttp/guzzle", - "version": "7.6.1", + "version": "7.7.0", "source": { "type": "git", "url": "https://github.com/guzzle/guzzle.git", - "reference": "8444a2bacf1960bc6a2b62ed86b8e72e11eebe51" + "reference": "fb7566caccf22d74d1ab270de3551f72a58399f5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/guzzle/zipball/8444a2bacf1960bc6a2b62ed86b8e72e11eebe51", - "reference": "8444a2bacf1960bc6a2b62ed86b8e72e11eebe51", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/fb7566caccf22d74d1ab270de3551f72a58399f5", + "reference": "fb7566caccf22d74d1ab270de3551f72a58399f5", "shasum": "" }, "require": { "ext-json": "*", - "guzzlehttp/promises": "^1.5", + "guzzlehttp/promises": "^1.5.3 || ^2.0", "guzzlehttp/psr7": "^1.9.1 || ^2.4.5", "php": "^7.2.5 || ^8.0", "psr/http-client": "^1.0", @@ -1372,7 +1317,8 @@ "require-dev": { "bamarni/composer-bin-plugin": "^1.8.1", "ext-curl": "*", - "php-http/client-integration-tests": "^3.0", + "php-http/client-integration-tests": "dev-master#2c025848417c1135031fdf9c728ee53d0a7ceaee as 3.0.999", + "php-http/message-factory": "^1.1", "phpunit/phpunit": "^8.5.29 || ^9.5.23", "psr/log": "^1.1 || ^2.0 || ^3.0" }, @@ -1451,7 +1397,7 @@ ], "support": { "issues": "https://github.com/guzzle/guzzle/issues", - "source": "https://github.com/guzzle/guzzle/tree/7.6.1" + "source": "https://github.com/guzzle/guzzle/tree/7.7.0" }, "funding": [ { @@ -1467,38 +1413,37 @@ "type": "tidelift" } ], - "time": "2023-05-15T20:43:01+00:00" + "time": "2023-05-21T14:04:53+00:00" }, { "name": "guzzlehttp/promises", - "version": "1.5.2", + "version": "2.0.0", "source": { "type": "git", "url": "https://github.com/guzzle/promises.git", - "reference": "b94b2807d85443f9719887892882d0329d1e2598" + "reference": "3a494dc7dc1d7d12e511890177ae2d0e6c107da6" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/promises/zipball/b94b2807d85443f9719887892882d0329d1e2598", - "reference": "b94b2807d85443f9719887892882d0329d1e2598", + "url": "https://api.github.com/repos/guzzle/promises/zipball/3a494dc7dc1d7d12e511890177ae2d0e6c107da6", + "reference": "3a494dc7dc1d7d12e511890177ae2d0e6c107da6", "shasum": "" }, "require": { - "php": ">=5.5" + "php": "^7.2.5 || ^8.0" }, "require-dev": { - "symfony/phpunit-bridge": "^4.4 || ^5.1" + "bamarni/composer-bin-plugin": "^1.8.1", + "phpunit/phpunit": "^8.5.29 || ^9.5.23" }, "type": "library", "extra": { - "branch-alias": { - "dev-master": "1.5-dev" + "bamarni-bin": { + "bin-links": true, + "forward-command": false } }, "autoload": { - "files": [ - "src/functions_include.php" - ], "psr-4": { "GuzzleHttp\\Promise\\": "src/" } @@ -1535,7 +1480,7 @@ ], "support": { "issues": "https://github.com/guzzle/promises/issues", - "source": "https://github.com/guzzle/promises/tree/1.5.2" + "source": "https://github.com/guzzle/promises/tree/2.0.0" }, "funding": [ { @@ -1551,7 +1496,7 @@ "type": "tidelift" } ], - "time": "2022-08-28T14:55:35+00:00" + "time": "2023-05-21T13:50:22+00:00" }, { "name": "guzzlehttp/psr7", @@ -1934,76 +1879,6 @@ }, "time": "2022-04-13T08:02:27+00:00" }, - { - "name": "league/oauth2-client", - "version": "2.7.0", - "source": { - "type": "git", - "url": "https://github.com/thephpleague/oauth2-client.git", - "reference": "160d6274b03562ebeb55ed18399281d8118b76c8" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/thephpleague/oauth2-client/zipball/160d6274b03562ebeb55ed18399281d8118b76c8", - "reference": "160d6274b03562ebeb55ed18399281d8118b76c8", - "shasum": "" - }, - "require": { - "guzzlehttp/guzzle": "^6.0 || ^7.0", - "paragonie/random_compat": "^1 || ^2 || ^9.99", - "php": "^5.6 || ^7.0 || ^8.0" - }, - "require-dev": { - "mockery/mockery": "^1.3.5", - "php-parallel-lint/php-parallel-lint": "^1.3.1", - "phpunit/phpunit": "^5.7 || ^6.0 || ^9.5", - "squizlabs/php_codesniffer": "^2.3 || ^3.0" - }, - "type": "library", - "extra": { - "branch-alias": { - "dev-2.x": "2.0.x-dev" - } - }, - "autoload": { - "psr-4": { - "League\\OAuth2\\Client\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Alex Bilbie", - "email": "hello@alexbilbie.com", - "homepage": "http://www.alexbilbie.com", - "role": "Developer" - }, - { - "name": "Woody Gilk", - "homepage": "https://github.com/shadowhand", - "role": "Contributor" - } - ], - "description": "OAuth 2.0 Client Library", - "keywords": [ - "Authentication", - "SSO", - "authorization", - "identity", - "idp", - "oauth", - "oauth2", - "single sign on" - ], - "support": { - "issues": "https://github.com/thephpleague/oauth2-client/issues", - "source": "https://github.com/thephpleague/oauth2-client/tree/2.7.0" - }, - "time": "2023-04-16T18:19:15+00:00" - }, { "name": "mikehaertl/php-shellcommand", "version": "1.7.0", @@ -7616,16 +7491,16 @@ }, { "name": "nikic/php-parser", - "version": "v4.15.4", + "version": "v4.15.5", "source": { "type": "git", "url": "https://github.com/nikic/PHP-Parser.git", - "reference": "6bb5176bc4af8bcb7d926f88718db9b96a2d4290" + "reference": "11e2663a5bc9db5d714eedb4277ee300403b4a9e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/6bb5176bc4af8bcb7d926f88718db9b96a2d4290", - "reference": "6bb5176bc4af8bcb7d926f88718db9b96a2d4290", + "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/11e2663a5bc9db5d714eedb4277ee300403b4a9e", + "reference": "11e2663a5bc9db5d714eedb4277ee300403b4a9e", "shasum": "" }, "require": { @@ -7666,9 +7541,9 @@ ], "support": { "issues": "https://github.com/nikic/PHP-Parser/issues", - "source": "https://github.com/nikic/PHP-Parser/tree/v4.15.4" + "source": "https://github.com/nikic/PHP-Parser/tree/v4.15.5" }, - "time": "2023-03-05T19:49:14+00:00" + "time": "2023-05-19T20:20:00+00:00" }, { "name": "phar-io/manifest", diff --git a/src/controllers/UsersController.php b/src/controllers/UsersController.php index 355d9890e29..2d0187b3d2c 100644 --- a/src/controllers/UsersController.php +++ b/src/controllers/UsersController.php @@ -1524,8 +1524,8 @@ public function actionSaveUser(): ?Response } // Assign user groups and permissions if the current user is allowed to do that - $this->_saveUserPermissions($user, $currentUser); $this->_saveUserGroups($user, $currentUser); + $this->_saveUserPermissions($user, $currentUser); // Fire an 'afterAssignGroupsAndPermissions' event if ($this->hasEventHandlers(self::EVENT_AFTER_ASSIGN_GROUPS_AND_PERMISSIONS)) {