(Grav GitSync) Automatic Commit from smokephil

2024-06-09 22:35:15 +02:00 · 2024-06-09 22:35:15 +02:00 · f5636adc16
commit f5636adc16
parent b2cdb7f301
7 changed files with 28 additions and 7 deletions
--- a/plugins/admin/CHANGELOG.md
+++ b/plugins/admin/CHANGELOG.md
@ -1,3 +1,9 @@
+# v1.10.46
+## 05/15/2024
+
+1. [](#improved)
+  * Used Login's new `site_host` security setting for Admin password reset. Requires Login version `3.7.8+`
+
 # v1.10.45
 ## 03/18/2024

--- a/plugins/admin/blueprints.yaml
+++ b/plugins/admin/blueprints.yaml
@ -1,7 +1,7 @@
 name: Admin Panel
 slug: admin
 type: plugin
-version: 1.10.45
+version: 1.10.46
 description: Adds an advanced administration panel to manage your site
 icon: empire
 author:
@ -17,7 +17,7 @@ license: MIT
 dependencies:
    - { name: grav, version: '>=1.7.42' }
    - { name: form, version: '>=6.0.1' }
-    - { name: login, version: '>=3.7.0' }
+    - { name: login, version: '>=3.7.8' }
    - { name: email, version: '>=3.1.6' }
    - { name: flex-objects, version: '>=1.2.0' }

--- a/plugins/admin/classes/plugin/Controllers/Login/LoginController.php
+++ b/plugins/admin/classes/plugin/Controllers/Login/LoginController.php
@ -469,7 +469,15 @@ class LoginController extends AdminController
        $fullname = $user->fullname ?: $username;
        $author = $config->get('site.author.name', '');
        $sitename = $config->get('site.title', 'Website');
-        $reset_link = $this->getAbsoluteAdminUrl("/reset/u/{$username}/{$token}");
+        $reset_route = "/reset/u/{$username}/{$token}";
+
+        $site_host = $config->get('plugins.login.site_host');
+        if (!empty($site_host)) {
+            $admin = $this->getAdmin();
+            $reset_link = rtrim($site_host, '/') . '/' . trim($admin->base, '/') . '/' . ltrim($reset_route, '/');
+        } else {
+            $reset_link = $this->getAbsoluteAdminUrl($reset_route);
+        }

        // For testing only!
        //Admin::DEBUG && Admin::addDebugMessage(sprintf('Reset link: %s', $reset_link));
--- a/plugins/login/CHANGELOG.md
+++ b/plugins/login/CHANGELOG.md
@ -1,3 +1,9 @@
+# v3.7.9
+## 05/15/2024
+
+1. [](#improved)
+   * Added default `site_host:` entry to `login.yaml` configuration file
+
 # v3.7.8.1
 ## 04/19/2024

--- a/plugins/login/blueprints.yaml
+++ b/plugins/login/blueprints.yaml
@ -1,7 +1,7 @@
 name: Login
 slug: login
 type: plugin
-version: 3.7.8.1
+version: 3.7.9
 testing: false
 description: Enables user authentication and login screen.
 icon: sign-in
--- a/plugins/login/login.yaml
+++ b/plugins/login/login.yaml
@ -4,6 +4,7 @@ redirect_to_login: false                    # If you try to access a page you do
 redirect_after_login: false                 # Path to redirect to after a successful login
 redirect_after_logout: true                 # Path to redirect to after a successful logout
 session_user_sync: false                    # Sync session user with changes in stored user file
+site_host:                                  # Site host to use for email links. Enhances security by ensuring links are to the correct host (e.g. https://foo.com)

 route: '/login'                             # Specific route for Login page (default is '/login')
 route_after_login: '/'                      # Route to go to after login if enabled