From 1a265b2b9876580d7169deee6b9d44e8be78cd30 Mon Sep 17 00:00:00 2001 From: Iwona Just Date: Thu, 18 May 2023 13:12:10 +0100 Subject: [PATCH 1/5] first save user groups then permissions --- src/controllers/UsersController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/controllers/UsersController.php b/src/controllers/UsersController.php index 993cb31a7f3..49a3dfd1ee6 100644 --- a/src/controllers/UsersController.php +++ b/src/controllers/UsersController.php @@ -1348,8 +1348,8 @@ public function actionSaveUser() } // Assign user groups and permissions if the current user is allowed to do that - $this->_saveUserPermissions($user, $currentUser); $this->_saveUserGroups($user, $currentUser); + $this->_saveUserPermissions($user, $currentUser); // Fire an 'afterAssignGroupsAndPermissions' event if ($this->hasEventHandlers(self::EVENT_AFTER_ASSIGN_GROUPS_AND_PERMISSIONS)) { From a19f4dab1d480e9e16fd82c1e28c9dd1e35cd004 Mon Sep 17 00:00:00 2001 From: brandonkelly Date: Thu, 18 May 2023 08:39:14 -0700 Subject: [PATCH 2/5] composer update --- composer.lock | 133 ++++++++++++++++++++++++-------------------------- 1 file changed, 63 insertions(+), 70 deletions(-) diff --git a/composer.lock b/composer.lock index d3604c9c16f..5670c350714 100644 --- a/composer.lock +++ b/composer.lock @@ -1211,16 +1211,16 @@ }, { "name": "guzzlehttp/guzzle", - "version": "7.5.1", + "version": "7.6.1", "source": { "type": "git", "url": "https://github.com/guzzle/guzzle.git", - "reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9" + "reference": "8444a2bacf1960bc6a2b62ed86b8e72e11eebe51" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b964ca597e86b752cd994f27293e9fa6b6a95ed9", - "reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/8444a2bacf1960bc6a2b62ed86b8e72e11eebe51", + "reference": "8444a2bacf1960bc6a2b62ed86b8e72e11eebe51", "shasum": "" }, "require": { @@ -1251,9 +1251,6 @@ "bamarni-bin": { "bin-links": true, "forward-command": false - }, - "branch-alias": { - "dev-master": "7.5-dev" } }, "autoload": { @@ -1319,7 +1316,7 @@ ], "support": { "issues": "https://github.com/guzzle/guzzle/issues", - "source": "https://github.com/guzzle/guzzle/tree/7.5.1" + "source": "https://github.com/guzzle/guzzle/tree/7.6.1" }, "funding": [ { @@ -1335,7 +1332,7 @@ "type": "tidelift" } ], - "time": "2023-04-17T16:30:08+00:00" + "time": "2023-05-15T20:43:01+00:00" }, { "name": "guzzlehttp/promises", @@ -2704,23 +2701,23 @@ }, { "name": "react/promise", - "version": "v2.9.0", + "version": "v2.10.0", "source": { "type": "git", "url": "https://github.com/reactphp/promise.git", - "reference": "234f8fd1023c9158e2314fa9d7d0e6a83db42910" + "reference": "f913fb8cceba1e6644b7b90c4bfb678ed8a3ef38" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/reactphp/promise/zipball/234f8fd1023c9158e2314fa9d7d0e6a83db42910", - "reference": "234f8fd1023c9158e2314fa9d7d0e6a83db42910", + "url": "https://api.github.com/repos/reactphp/promise/zipball/f913fb8cceba1e6644b7b90c4bfb678ed8a3ef38", + "reference": "f913fb8cceba1e6644b7b90c4bfb678ed8a3ef38", "shasum": "" }, "require": { "php": ">=5.4.0" }, "require-dev": { - "phpunit/phpunit": "^9.3 || ^5.7 || ^4.8.36" + "phpunit/phpunit": "^9.5 || ^5.7 || ^4.8.36" }, "type": "library", "autoload": { @@ -2764,19 +2761,15 @@ ], "support": { "issues": "https://github.com/reactphp/promise/issues", - "source": "https://github.com/reactphp/promise/tree/v2.9.0" + "source": "https://github.com/reactphp/promise/tree/v2.10.0" }, "funding": [ { - "url": "https://github.com/WyriHaximus", - "type": "github" - }, - { - "url": "https://github.com/clue", - "type": "github" + "url": "https://opencollective.com/reactphp", + "type": "open_collective" } ], - "time": "2022-02-11T10:27:51+00:00" + "time": "2023-05-02T15:15:43+00:00" }, { "name": "seld/cli-prompt", @@ -2835,16 +2828,16 @@ }, { "name": "seld/jsonlint", - "version": "1.9.0", + "version": "1.10.0", "source": { "type": "git", "url": "https://github.com/Seldaek/jsonlint.git", - "reference": "4211420d25eba80712bff236a98960ef68b866b7" + "reference": "594fd6462aad8ecee0b45ca5045acea4776667f1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Seldaek/jsonlint/zipball/4211420d25eba80712bff236a98960ef68b866b7", - "reference": "4211420d25eba80712bff236a98960ef68b866b7", + "url": "https://api.github.com/repos/Seldaek/jsonlint/zipball/594fd6462aad8ecee0b45ca5045acea4776667f1", + "reference": "594fd6462aad8ecee0b45ca5045acea4776667f1", "shasum": "" }, "require": { @@ -2883,7 +2876,7 @@ ], "support": { "issues": "https://github.com/Seldaek/jsonlint/issues", - "source": "https://github.com/Seldaek/jsonlint/tree/1.9.0" + "source": "https://github.com/Seldaek/jsonlint/tree/1.10.0" }, "funding": [ { @@ -2895,7 +2888,7 @@ "type": "tidelift" } ], - "time": "2022-04-01T13:37:23+00:00" + "time": "2023-05-11T13:16:46+00:00" }, { "name": "seld/phar-utils", @@ -3023,16 +3016,16 @@ }, { "name": "symfony/console", - "version": "v5.4.22", + "version": "v5.4.23", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "3cd51fd2e6c461ca678f84d419461281bd87a0a8" + "reference": "90f21e27d0d88ce38720556dd164d4a1e4c3934c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/3cd51fd2e6c461ca678f84d419461281bd87a0a8", - "reference": "3cd51fd2e6c461ca678f84d419461281bd87a0a8", + "url": "https://api.github.com/repos/symfony/console/zipball/90f21e27d0d88ce38720556dd164d4a1e4c3934c", + "reference": "90f21e27d0d88ce38720556dd164d4a1e4c3934c", "shasum": "" }, "require": { @@ -3102,7 +3095,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v5.4.22" + "source": "https://github.com/symfony/console/tree/v5.4.23" }, "funding": [ { @@ -3118,7 +3111,7 @@ "type": "tidelift" } ], - "time": "2023-03-25T09:27:28+00:00" + "time": "2023-04-24T18:47:29+00:00" }, { "name": "symfony/deprecation-contracts", @@ -3189,16 +3182,16 @@ }, { "name": "symfony/filesystem", - "version": "v5.4.21", + "version": "v5.4.23", "source": { "type": "git", "url": "https://github.com/symfony/filesystem.git", - "reference": "e75960b1bbfd2b8c9e483e0d74811d555ca3de9f" + "reference": "b2f79d86cd9e7de0fff6d03baa80eaed7a5f38b5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/filesystem/zipball/e75960b1bbfd2b8c9e483e0d74811d555ca3de9f", - "reference": "e75960b1bbfd2b8c9e483e0d74811d555ca3de9f", + "url": "https://api.github.com/repos/symfony/filesystem/zipball/b2f79d86cd9e7de0fff6d03baa80eaed7a5f38b5", + "reference": "b2f79d86cd9e7de0fff6d03baa80eaed7a5f38b5", "shasum": "" }, "require": { @@ -3233,7 +3226,7 @@ "description": "Provides basic utilities for the filesystem", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/filesystem/tree/v5.4.21" + "source": "https://github.com/symfony/filesystem/tree/v5.4.23" }, "funding": [ { @@ -3249,7 +3242,7 @@ "type": "tidelift" } ], - "time": "2023-02-14T08:03:56+00:00" + "time": "2023-03-02T11:38:35+00:00" }, { "name": "symfony/finder", @@ -4054,16 +4047,16 @@ }, { "name": "symfony/process", - "version": "v5.4.22", + "version": "v5.4.23", "source": { "type": "git", "url": "https://github.com/symfony/process.git", - "reference": "4b850da0cc3a2a9181c1ed407adbca4733dc839b" + "reference": "4b842fc4b61609e0a155a114082bd94e31e98287" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/process/zipball/4b850da0cc3a2a9181c1ed407adbca4733dc839b", - "reference": "4b850da0cc3a2a9181c1ed407adbca4733dc839b", + "url": "https://api.github.com/repos/symfony/process/zipball/4b842fc4b61609e0a155a114082bd94e31e98287", + "reference": "4b842fc4b61609e0a155a114082bd94e31e98287", "shasum": "" }, "require": { @@ -4096,7 +4089,7 @@ "description": "Executes commands in sub-processes", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/process/tree/v5.4.22" + "source": "https://github.com/symfony/process/tree/v5.4.23" }, "funding": [ { @@ -4112,7 +4105,7 @@ "type": "tidelift" } ], - "time": "2023-03-06T21:29:33+00:00" + "time": "2023-04-18T13:50:24+00:00" }, { "name": "symfony/service-contracts", @@ -4285,16 +4278,16 @@ }, { "name": "symfony/yaml", - "version": "v5.4.21", + "version": "v5.4.23", "source": { "type": "git", "url": "https://github.com/symfony/yaml.git", - "reference": "3713e20d93e46e681e51605d213027e48dab3469" + "reference": "4cd2e3ea301aadd76a4172756296fe552fb45b0b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/yaml/zipball/3713e20d93e46e681e51605d213027e48dab3469", - "reference": "3713e20d93e46e681e51605d213027e48dab3469", + "url": "https://api.github.com/repos/symfony/yaml/zipball/4cd2e3ea301aadd76a4172756296fe552fb45b0b", + "reference": "4cd2e3ea301aadd76a4172756296fe552fb45b0b", "shasum": "" }, "require": { @@ -4340,7 +4333,7 @@ "description": "Loads and dumps YAML files", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/yaml/tree/v5.4.21" + "source": "https://github.com/symfony/yaml/tree/v5.4.23" }, "funding": [ { @@ -4356,20 +4349,20 @@ "type": "tidelift" } ], - "time": "2023-02-21T19:46:44+00:00" + "time": "2023-04-23T19:33:36+00:00" }, { "name": "twig/twig", - "version": "v2.15.4", + "version": "v2.15.5", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "3e059001d6d597dd50ea7c74dd2464b4adea48d3" + "reference": "fc02a6af3eeb97c4bf5650debc76c2eda85ac22e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/3e059001d6d597dd50ea7c74dd2464b4adea48d3", - "reference": "3e059001d6d597dd50ea7c74dd2464b4adea48d3", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/fc02a6af3eeb97c4bf5650debc76c2eda85ac22e", + "reference": "fc02a6af3eeb97c4bf5650debc76c2eda85ac22e", "shasum": "" }, "require": { @@ -4424,7 +4417,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v2.15.4" + "source": "https://github.com/twigphp/Twig/tree/v2.15.5" }, "funding": [ { @@ -4436,7 +4429,7 @@ "type": "tidelift" } ], - "time": "2022-12-27T12:26:20+00:00" + "time": "2023-05-03T17:49:41+00:00" }, { "name": "voku/anti-xss", @@ -7441,16 +7434,16 @@ }, { "name": "sebastian/diff", - "version": "3.0.3", + "version": "3.0.4", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/diff.git", - "reference": "14f72dd46eaf2f2293cbe79c93cc0bc43161a211" + "reference": "6296a0c086dd0117c1b78b059374d7fcbe7545ae" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/14f72dd46eaf2f2293cbe79c93cc0bc43161a211", - "reference": "14f72dd46eaf2f2293cbe79c93cc0bc43161a211", + "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/6296a0c086dd0117c1b78b059374d7fcbe7545ae", + "reference": "6296a0c086dd0117c1b78b059374d7fcbe7545ae", "shasum": "" }, "require": { @@ -7495,7 +7488,7 @@ ], "support": { "issues": "https://github.com/sebastianbergmann/diff/issues", - "source": "https://github.com/sebastianbergmann/diff/tree/3.0.3" + "source": "https://github.com/sebastianbergmann/diff/tree/3.0.4" }, "funding": [ { @@ -7503,7 +7496,7 @@ "type": "github" } ], - "time": "2020-11-30T07:59:04+00:00" + "time": "2023-05-07T05:30:20+00:00" }, { "name": "sebastian/environment", @@ -8248,16 +8241,16 @@ }, { "name": "symfony/dom-crawler", - "version": "v5.4.22", + "version": "v5.4.23", "source": { "type": "git", "url": "https://github.com/symfony/dom-crawler.git", - "reference": "4c633facee8da59998e0c90e337a586cf07a21e7" + "reference": "4a286c916b74ecfb6e2caf1aa31d3fe2a34b7e08" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/dom-crawler/zipball/4c633facee8da59998e0c90e337a586cf07a21e7", - "reference": "4c633facee8da59998e0c90e337a586cf07a21e7", + "url": "https://api.github.com/repos/symfony/dom-crawler/zipball/4a286c916b74ecfb6e2caf1aa31d3fe2a34b7e08", + "reference": "4a286c916b74ecfb6e2caf1aa31d3fe2a34b7e08", "shasum": "" }, "require": { @@ -8303,7 +8296,7 @@ "description": "Eases DOM navigation for HTML and XML documents", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/dom-crawler/tree/v5.4.22" + "source": "https://github.com/symfony/dom-crawler/tree/v5.4.23" }, "funding": [ { @@ -8319,7 +8312,7 @@ "type": "tidelift" } ], - "time": "2023-03-06T21:29:33+00:00" + "time": "2023-04-08T21:20:19+00:00" }, { "name": "symfony/event-dispatcher", From 081137d1b9ac66ec56418345437f6afedab82cdc Mon Sep 17 00:00:00 2001 From: brandonkelly Date: Thu, 18 May 2023 08:47:49 -0700 Subject: [PATCH 3/5] Removed unused OAuth libs --- composer.json | 3 -- composer.lock | 127 +------------------------------------------------- 2 files changed, 1 insertion(+), 129 deletions(-) diff --git a/composer.json b/composer.json index f6f22a5cb77..57cf439a042 100644 --- a/composer.json +++ b/composer.json @@ -33,7 +33,6 @@ "ext-pdo": "*", "ext-zip": "*", "composer/composer": "2.2.19", - "craftcms/oauth2-craftid": "~1.0.0", "craftcms/plugin-installer": "~1.6.0", "craftcms/server-check": "~1.2.0", "creocoder/yii2-nested-sets": "~0.9.0", @@ -42,7 +41,6 @@ "guzzlehttp/guzzle": "^6.5.5|^7.2.0", "laminas/laminas-feed": "~2.12.3|^2.13.1", "league/flysystem": "^1.1.4", - "league/oauth2-client": "^2.6.0", "mikehaertl/php-shellcommand": "^1.6.3", "pixelandtonic/imagine": "~1.3.3.1", "seld/cli-prompt": "^1.0.4", @@ -75,7 +73,6 @@ "yii2tech/ar-softdelete": "1.0.4" }, "conflict": { - "league/oauth2-client": "2.4.0", "webonyx/graphql-php": "14.11.7" }, "suggest": { diff --git a/composer.lock b/composer.lock index 5670c350714..3020cd4dcc9 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "a5ede7d1968e82d710ff5a95f2b4df7e", + "content-hash": "6eb4b359fad9bd32d8905401402e89c3", "packages": [ { "name": "cebe/markdown", @@ -612,61 +612,6 @@ ], "time": "2022-02-25T21:32:43+00:00" }, - { - "name": "craftcms/oauth2-craftid", - "version": "1.0.0.1", - "source": { - "type": "git", - "url": "https://github.com/craftcms/oauth2-craftid.git", - "reference": "3f18364139d72d83fb50546d85130beaaa868836" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/craftcms/oauth2-craftid/zipball/3f18364139d72d83fb50546d85130beaaa868836", - "reference": "3f18364139d72d83fb50546d85130beaaa868836", - "shasum": "" - }, - "require": { - "league/oauth2-client": "^2.2.1" - }, - "require-dev": { - "phpunit/phpunit": "^5.0", - "satooshi/php-coveralls": "^1.0", - "squizlabs/php_codesniffer": "^2.0" - }, - "type": "library", - "autoload": { - "psr-4": { - "craftcms\\oauth2\\client\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Pixel & Tonic", - "homepage": "https://pixelandtonic.com/" - } - ], - "description": "Craft OAuth 2.0 Client Provider for The PHP League OAuth2-Client", - "keywords": [ - "Authentication", - "authorization", - "client", - "cms", - "craftcms", - "craftid", - "oauth", - "oauth2" - ], - "support": { - "issues": "https://github.com/craftcms/oauth2-craftid/issues", - "source": "https://github.com/craftcms/oauth2-craftid/tree/1.0.0.1" - }, - "time": "2017-11-22T19:46:18+00:00" - }, { "name": "craftcms/plugin-installer", "version": "1.6.0", @@ -2010,76 +1955,6 @@ ], "time": "2022-04-17T13:12:02+00:00" }, - { - "name": "league/oauth2-client", - "version": "2.7.0", - "source": { - "type": "git", - "url": "https://github.com/thephpleague/oauth2-client.git", - "reference": "160d6274b03562ebeb55ed18399281d8118b76c8" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/thephpleague/oauth2-client/zipball/160d6274b03562ebeb55ed18399281d8118b76c8", - "reference": "160d6274b03562ebeb55ed18399281d8118b76c8", - "shasum": "" - }, - "require": { - "guzzlehttp/guzzle": "^6.0 || ^7.0", - "paragonie/random_compat": "^1 || ^2 || ^9.99", - "php": "^5.6 || ^7.0 || ^8.0" - }, - "require-dev": { - "mockery/mockery": "^1.3.5", - "php-parallel-lint/php-parallel-lint": "^1.3.1", - "phpunit/phpunit": "^5.7 || ^6.0 || ^9.5", - "squizlabs/php_codesniffer": "^2.3 || ^3.0" - }, - "type": "library", - "extra": { - "branch-alias": { - "dev-2.x": "2.0.x-dev" - } - }, - "autoload": { - "psr-4": { - "League\\OAuth2\\Client\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Alex Bilbie", - "email": "hello@alexbilbie.com", - "homepage": "http://www.alexbilbie.com", - "role": "Developer" - }, - { - "name": "Woody Gilk", - "homepage": "https://github.com/shadowhand", - "role": "Contributor" - } - ], - "description": "OAuth 2.0 Client Library", - "keywords": [ - "Authentication", - "SSO", - "authorization", - "identity", - "idp", - "oauth", - "oauth2", - "single sign on" - ], - "support": { - "issues": "https://github.com/thephpleague/oauth2-client/issues", - "source": "https://github.com/thephpleague/oauth2-client/tree/2.7.0" - }, - "time": "2023-04-16T18:19:15+00:00" - }, { "name": "mikehaertl/php-shellcommand", "version": "1.7.0", From 20879575a5bc7249fa7460bf74652ee49ff8ea1d Mon Sep 17 00:00:00 2001 From: brandonkelly Date: Thu, 18 May 2023 08:57:55 -0700 Subject: [PATCH 4/5] Release note [ci skip] --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9281f3163d5..687af856b8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ## Unreleased - Improved `craft\helpers\FileHelper::getExtensionByMimeType()` for some ambiguous, web-friendly MIME types. +- Removed the OAuth 2.0 Client library, as it’s no longer used in core. ## 3.8.11 - 2023-05-15 From 500784abd2d032b347d6c6e90afb440aafb6ba77 Mon Sep 17 00:00:00 2001 From: brandonkelly Date: Mon, 22 May 2023 17:17:04 -0700 Subject: [PATCH 5/5] Release note [ci skip] --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 687af856b8c..3faf3dcd9a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ - Improved `craft\helpers\FileHelper::getExtensionByMimeType()` for some ambiguous, web-friendly MIME types. - Removed the OAuth 2.0 Client library, as it’s no longer used in core. +- Fixed a bug where activation emails sent to newly-created users could link to the front-end site, if they were granted control panel access via a user group. ([#13204](https://github.com/craftcms/cms/issues/13204)) ## 3.8.11 - 2023-05-15