Added option offerPasswordChangeAfterConfirmation

CHANGELOG.md

@@ -8,6 +8,7 @@
 - Fix #546: The profile/show page must not be visible by default, implement configurable policy (TonisOrmisson)
 - Fix #397: No more fatal Exceptions when connecting to already taken Social Network (edegaudenzi)
 - Ehh: Added option to pre-fill recovery email via url parameter (TonisOrmisson)
+- Ehh: Added option for user to reset password right after confirmation (TonisOrmisson)
 
 ## 1.6.3 Mar 18th, 2024
 

docs/install/configuration-options.md

@@ -143,6 +143,14 @@ List of urls that does not require explicit data processing consent to be access
 Setting this attribute allows the registration process. If you set it to `false`, the module won't allow users to
 register by throwing a `NotFoundHttpException` if the `RegistrationController::actionRegister()` is accessed.
 
+#### offerPasswordChangeAfterConfirmation (type: `boolean`, default: `false`)
+
+Setting this `true` a user will get redirected to a password reset page right after clicking the confirmation url. 
+This option is useful if a user is created via admin processes and user should start from setting their password. 
+In this case system will generate a pseudo password for the user, which is not presented to user. Instead, after
+clicking the confirmation link, a password reset token is generated to user by system and user is redirected to the 
+password reset page with the flash message of successful confirmation. 
+
 #### enableSocialNetworkRegistration (type: `boolean`, default: `true`)
 
 Setting this attribute allows the registration process via social networks. If you set it to `false`, the module won't allow users to

src/User/Controller/RegistrationController.php

@@ -15,6 +15,7 @@
 use Da\User\Event\SocialNetworkConnectEvent;
 use Da\User\Event\UserEvent;
 use Da\User\Factory\MailFactory;
+use Da\User\Factory\TokenFactory;
 use Da\User\Form\RegistrationForm;
 use Da\User\Form\ResendForm;
 use Da\User\Helper\SecurityHelper;
@@ -23,6 +24,7 @@
 use Da\User\Query\SocialNetworkAccountQuery;
 use Da\User\Query\UserQuery;
 use Da\User\Service\AccountConfirmationService;
+use Da\User\Service\PasswordRecoveryService;
 use Da\User\Service\ResendConfirmationService;
 use Da\User\Service\UserConfirmationService;
 use Da\User\Service\UserCreateService;
@@ -223,10 +225,15 @@ public function actionConfirm($id, $code)
         $this->trigger(UserEvent::EVENT_BEFORE_CONFIRMATION, $event);
 
         if ($this->make(AccountConfirmationService::class, [$code, $user, $userConfirmationService])->run()) {
-            Yii::$app->user->login($user, $this->module->rememberLoginLifespan);
             Yii::$app->session->setFlash('success', Yii::t('usuario', 'Thank you, registration is now complete.'));
-
             $this->trigger(UserEvent::EVENT_AFTER_CONFIRMATION, $event);
+            if($this->module->offerPasswordChangeAfterConfirmation) {
+                $token = TokenFactory::makeRecoveryToken($user->id);
+                $url = $token->getUrl();
+                return $this->redirect($url);
+            } else {
+                Yii::$app->user->login($user, $this->module->rememberLoginLifespan);
+            }
         } else {
             Yii::$app->session->setFlash(
                 'danger',

src/User/Form/RegistrationForm.php

@@ -73,7 +73,7 @@ public function rules()
                 'message' => Yii::t('usuario', 'This email address has already been taken'),
             ],
             // password rules
-            'passwordRequired' => ['password', 'required', 'skipOnEmpty' => $this->module->generatePasswords],
+            'passwordRequired' => ['password', 'required', 'skipOnEmpty' => !$this->module->isPasswordRequiredOnRegistration()],
             'passwordLength' => ['password', 'string', 'min' => 6, 'max' => 72],
             'gdprType' => ['gdpr_consent', 'boolean'],
             'gdprDefault' => ['gdpr_consent', 'default', 'value' => 0, 'skipOnEmpty' => false],

src/User/Module.php

@@ -69,7 +69,7 @@ class Module extends BaseModule
         'profile.gravatar_email',
         'profile.location',
         'profile.website',
-        'profile.bio'
+        'profile.bio',
     ];
     /**
      * @var string prefix to be used as a replacement when user requests deletion of his data.
@@ -91,7 +91,7 @@ class Module extends BaseModule
      * @see AccessRuleFilter
      */
     public $gdprConsentExcludedUrls = [
-        'user/settings/*'
+        'user/settings/*',
     ];
     /**
      * @var bool whether to enable two factor authentication or not
@@ -118,6 +118,10 @@ class Module extends BaseModule
      * @var bool whether to allow registration process or not
      */
     public $enableRegistration = true;
+    /**
+     * @var bool whether user can (re)set password on confirmation. Useful in cases where user is created by admin, and we do not want to e-mail plain text passwords.
+     */
+    public $offerPasswordChangeAfterConfirmation = false;
     /**
      * @var bool whether to allow registration process for social network or not
      */
@@ -227,7 +231,7 @@ class Module extends BaseModule
         'confirm/<id:\d+>/<code:[A-Za-z0-9_-]+>' => 'registration/confirm',
         'forgot' => 'recovery/request',
         'forgot/<email:[a-zA-Z0-9_.±]+@[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+>' => 'recovery/request',
-        'recover/<id:\d+>/<code:[A-Za-z0-9_-]+>' => 'recovery/reset'
+        'recover/<id:\d+>/<code:[A-Za-z0-9_-]+>' => 'recovery/reset',
     ];
     /**
      * @var string
@@ -332,4 +336,12 @@ public function hasTimeoutSessionHistory()
     {
         return $this->timeoutSessionHistory !== false && $this->timeoutSessionHistory > 0;
     }
+
+    public function isPasswordRequiredOnRegistration() : bool
+    {
+        if($this->offerPasswordChangeAfterConfirmation) {
+            return false;
+        }
+        return !$this->generatePasswords;
+    }
 }

src/User/Service/UserRegisterService.php

@@ -50,7 +50,7 @@ public function run()
 
         try {
             $model->confirmed_at = $this->getModule()->enableEmailConfirmation ? null : time();
-            $model->password = $this->getModule()->generatePasswords
+            $model->password = ($this->getModule()->generatePasswords or $model->getModule()->offerPasswordChangeAfterConfirmation)
                 ? $this->securityHelper->generatePassword(8, $this->getModule()->minPasswordRequirements)
                 : $model->password;
 

src/User/resources/views/mail/text/welcome.php

@@ -26,7 +26,7 @@
     <?= Yii::t('usuario', 'We have generated a password for you') ?>:
     <?= $user->password ?>
 <?php endif ?>
-<?php if ($module->allowPasswordRecovery): ?>
+<?php if ($module->allowPasswordRecovery && !$module->offerPasswordChangeAfterConfirmation): ?>
     <?= Yii::t('usuario', 'If you haven\'t received a password, you can reset it at') ?>:
     <?= Url::to(['/user/recovery/request'], true) ?>
 <?php endif ?>

src/User/resources/views/mail/welcome.php

@@ -29,7 +29,7 @@
     <?php if ($showPassword || $module->generatePasswords): ?>
         <?= Yii::t('usuario', 'We have generated a password for you') ?>: <strong><?= Html::encode($user->password) ?></strong>
     <?php endif ?>
-    <?php if ($module->allowPasswordRecovery): ?>
+    <?php if ($module->allowPasswordRecovery && !$module->offerPasswordChangeAfterConfirmation): ?>
         <?= Yii::t('usuario', 'If you haven\'t received a password, you can reset it at') ?>: <strong><?= Html::a(Html::encode(Url::to(['/user/recovery/request'], true)), Url::to(['/user/recovery/request'], true)) ?></strong>
     <?php endif ?>
 

src/User/resources/views/recovery/reset.php

@@ -21,6 +21,9 @@
 $this->title = Yii::t('usuario', 'Reset your password');
 $this->params['breadcrumbs'][] = $this->title;
 ?>
+
+<?= $this->render('/shared/_alert', ['module' => Yii::$app->getModule('user')]) ?>
+
 <div class="row">
     <div class="col-md-4 col-md-offset-4 col-sm-6 col-sm-offset-3">
         <div class="panel panel-default">

src/User/resources/views/registration/register.php

@@ -18,10 +18,13 @@
  * @var \Da\User\Model\User            $user
  * @var \Da\User\Module                $module
  */
-
 $this->title = Yii::t('usuario', 'Sign up');
 $this->params['breadcrumbs'][] = $this->title;
 ?>
+
+<?= $this->render('/shared/_alert', ['module' => Yii::$app->getModule('user')]) ?>
+
+
 <div class="row">
     <div class="col-md-4 col-md-offset-4 col-sm-6 col-sm-offset-3">
         <div class="panel panel-default">
@@ -41,7 +44,7 @@
 
                 <?= $form->field($model, 'username') ?>
 
-                <?php if ($module->generatePasswords === false): ?>
+                <?php if ($module->isPasswordRequiredOnRegistration()): ?>
                     <?= $form->field($model, 'password')->passwordInput() ?>
                 <?php endif ?>
 

tests/functional.suite.yml

@@ -1,4 +1,4 @@
-class_name: FunctionalTester
+actor: FunctionalTester
 modules:
     enabled:
         - Filesystem

tests/functional/RegistrationCest.php

@@ -5,13 +5,14 @@
 use Da\User\Model\User;
 use Da\User\Module;
 use tests\_fixtures\UserFixture;
+use tests\_fixtures\TokenFixture;
 use yii\helpers\Html;
 
 class RegistrationCest
 {
     public function _before(FunctionalTester $I)
     {
-        $I->haveFixtures(['user' => UserFixture::className()]);
+        $I->haveFixtures(['user' => UserFixture::class]);
     }
 
     public function _after(FunctionalTester $I)
@@ -47,7 +48,7 @@ public function testRegistration(FunctionalTester $I)
 
         $this->register($I, '[email protected]', 'tester', 'tester');
         $I->see('Your account has been created');
-        $user = $I->grabRecord(User::className(), ['email' => '[email protected]']);
+        $user = $I->grabRecord(User::class, ['email' => '[email protected]']);
         $I->assertTrue($user->isConfirmed);
 
         $I->amOnRoute('/user/security/login');
@@ -84,19 +85,53 @@ public function testRegistrationWithConfirmation(FunctionalTester $I)
      */
     public function testRegistrationWithoutPassword(FunctionalTester $I)
     {
-        Yii::$app->getModule('user')->enableEmailConfirmation = false;
-        Yii::$app->getModule('user')->generatePasswords = true;
+        /** @var Module $module */
+        $module = Yii::$app->getModule('user');
+        $module->enableEmailConfirmation = false;
+        $module->generatePasswords = true;
         $I->amOnRoute('/user/registration/register');
         $this->register($I, '[email protected]', 'tester');
         $I->see('Your account has been created');
-        $user = $I->grabRecord(User::className(), ['email' => '[email protected]']);
+        $user = $I->grabRecord(User::class, ['email' => '[email protected]']);
         $I->assertEquals('tester', $user->username);
         /** @var \yii\mail\MessageInterface $message */
         $message = $I->grabLastSentEmail();
         $I->assertArrayHasKey($user->email, $message->getTo());
         $I->assertStringContainsString('We have generated a password for you', utf8_encode(quoted_printable_decode($message->toString())));
     }
 
+    /**
+     * Tests registration when user should set the password right after confirmation
+     *
+     * @param FunctionalTester $I
+     */
+    public function testRegistrationWithPasswordResetAfterConfirmation(FunctionalTester $I)
+    {
+        /** @var Module $module */
+        $module = Yii::$app->getModule('user');
+        $module->generatePasswords = false;
+        $module->offerPasswordChangeAfterConfirmation = true;
+        $I->amOnRoute('/user/registration/register');
+        $I->dontSee('Password');
+        $this->register($I, '[email protected]', 'tester');
+        $I->see('Your account has been created');
+        /** @var User $user */
+        $user = $I->grabRecord(User::class, ['email' => '[email protected]']);
+        $I->assertEquals('tester', $user->username);
+        /** @var \yii\mail\MessageInterface $message */
+        $message = $I->grabLastSentEmail();
+        $I->assertArrayHasKey($user->email, $message->getTo());
+        $I->assertStringNotContainsString('We have generated a password for you', utf8_encode(quoted_printable_decode($message->toString())));
+        /** @var \Da\User\Query\TokenQuery $tokenQuery */
+        $tokenQuery = Yii::createObject(\Da\User\Query\TokenQuery::class);
+        /** @var Token $confirmationToken */
+        $confirmationToken = $tokenQuery->whereUserId($user->primaryKey)->one();
+        $I->amOnPage($confirmationToken->getUrl());
+        $I->see("Thank you, registration is now complete.");
+        $I->see("Reset your password");
+
+    }
+
     protected function register(FunctionalTester $I, $email, $username = null, $password = null) {
         $I->fillField('#registrationform-email', $email);
         $I->fillField('#registrationform-username', $username);