From e588e954831ff3c9c5d1eba0e4e0a2e2c1f2f5f3 Mon Sep 17 00:00:00 2001 From: Matt Henderson Date: Tue, 12 Dec 2017 14:38:54 -0500 Subject: [PATCH 1/3] Pull in updated Nexmo phone verification code. --- application/composer.lock | 96 +++++++++++---------------------------- 1 file changed, 27 insertions(+), 69 deletions(-) diff --git a/application/composer.lock b/application/composer.lock index 7239e1a2..1c4567e5 100644 --- a/application/composer.lock +++ b/application/composer.lock @@ -1309,12 +1309,12 @@ "source": { "type": "git", "url": "https://github.com/Roave/SecurityAdvisories.git", - "reference": "497fce9103b12b99e8d166bc466d015f5b07c0d8" + "reference": "40b035345ed34a4cc92c842f60a6cc739101542f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Roave/SecurityAdvisories/zipball/497fce9103b12b99e8d166bc466d015f5b07c0d8", - "reference": "497fce9103b12b99e8d166bc466d015f5b07c0d8", + "url": "https://api.github.com/repos/Roave/SecurityAdvisories/zipball/40b035345ed34a4cc92c842f60a6cc739101542f", + "reference": "40b035345ed34a4cc92c842f60a6cc739101542f", "shasum": "" }, "conflict": { @@ -1347,6 +1347,7 @@ "firebase/php-jwt": "<2", "friendsofsymfony/rest-bundle": ">=1.2,<1.2.2", "friendsofsymfony/user-bundle": ">=1.2,<1.3.5", + "gree/jose": "<=2.2", "gregwar/rst": "<1.0.3", "guzzlehttp/guzzle": ">=6,<6.2.1|>=4.0.0-rc2,<4.2.4|>=5,<5.3.1", "illuminate/auth": ">=4,<4.0.99|>=4.1,<4.1.26", @@ -1445,7 +1446,7 @@ } ], "description": "Prevents installation of composer packages with known security vulnerabilities: no API, simply require it", - "time": "2017-12-05T17:52:25+00:00" + "time": "2017-12-12T00:38:43+00:00" }, { "name": "robrichards/xmlseclibs", @@ -1950,16 +1951,16 @@ }, { "name": "silinternational/idp-pw-api-phoneverification-nexmo", - "version": "2.0", + "version": "2.0.1", "source": { "type": "git", "url": "https://github.com/silinternational/idp-pw-api-phoneverification-nexmo.git", - "reference": "9cad13aacf84c4548b1f7705e7d51bbccd021153" + "reference": "efb0391e7c17aa85195f3dd07755bfd2ecb68fdc" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/silinternational/idp-pw-api-phoneverification-nexmo/zipball/9cad13aacf84c4548b1f7705e7d51bbccd021153", - "reference": "9cad13aacf84c4548b1f7705e7d51bbccd021153", + "url": "https://api.github.com/repos/silinternational/idp-pw-api-phoneverification-nexmo/zipball/efb0391e7c17aa85195f3dd07755bfd2ecb68fdc", + "reference": "efb0391e7c17aa85195f3dd07755bfd2ecb68fdc", "shasum": "" }, "require": { @@ -1987,7 +1988,7 @@ } ], "description": "PhoneVerification component for IdP PW API that uses Nexmo services for SMS/Voice verification", - "time": "2017-04-28T18:19:05+00:00" + "time": "2017-12-12T18:20:35+00:00" }, { "name": "silinternational/php-env", @@ -2774,16 +2775,16 @@ }, { "name": "codeception/codeception", - "version": "2.3.6", + "version": "2.3.7", "source": { "type": "git", "url": "https://github.com/Codeception/Codeception.git", - "reference": "c3dd3b5d9e0b1ea6c2fcca52457736dc756716f8" + "reference": "151de88277878adc18784ef3eaddd87f4a2fdc14" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Codeception/Codeception/zipball/c3dd3b5d9e0b1ea6c2fcca52457736dc756716f8", - "reference": "c3dd3b5d9e0b1ea6c2fcca52457736dc756716f8", + "url": "https://api.github.com/repos/Codeception/Codeception/zipball/151de88277878adc18784ef3eaddd87f4a2fdc14", + "reference": "151de88277878adc18784ef3eaddd87f4a2fdc14", "shasum": "" }, "require": { @@ -2795,18 +2796,17 @@ "guzzlehttp/psr7": "~1.0", "php": ">=5.4.0 <8.0", "phpunit/php-code-coverage": ">=2.2.4 <6.0", - "phpunit/phpunit": ">4.8.20 <7.0", + "phpunit/phpunit": ">=4.8.28 <5.0.0 || >=5.6.3 <7.0", "phpunit/phpunit-mock-objects": ">2.3 <5.0", "sebastian/comparator": ">1.1 <3.0", "sebastian/diff": ">=1.4 <3.0", - "stecman/symfony-console-completion": "^0.7.0", - "symfony/browser-kit": ">=2.7 <4.0", - "symfony/console": ">=2.7 <4.0", - "symfony/css-selector": ">=2.7 <4.0", - "symfony/dom-crawler": ">=2.7.5 <4.0", - "symfony/event-dispatcher": ">=2.7 <4.0", - "symfony/finder": ">=2.7 <4.0", - "symfony/yaml": ">=2.7 <4.0" + "symfony/browser-kit": ">=2.7 <5.0", + "symfony/console": ">=2.7 <5.0", + "symfony/css-selector": ">=2.7 <5.0", + "symfony/dom-crawler": ">=2.7 <5.0", + "symfony/event-dispatcher": ">=2.7 <5.0", + "symfony/finder": ">=2.7 <5.0", + "symfony/yaml": ">=2.7 <5.0" }, "require-dev": { "codeception/specify": "~0.3", @@ -2819,16 +2819,19 @@ "php-amqplib/php-amqplib": "~2.4", "predis/predis": "^1.0", "squizlabs/php_codesniffer": "~2.0", - "symfony/process": ">=2.7 <4.0", + "symfony/process": ">=2.7 <5.0", "vlucas/phpdotenv": "^2.4.0" }, "suggest": { + "aws/aws-sdk-php": "For using AWS Auth in REST module and Queue module", + "codeception/phpbuiltinserver": "Start and stop PHP built-in web server for your tests", "codeception/specify": "BDD-style code blocks", "codeception/verify": "BDD-style assertions", "flow/jsonpath": "For using JSONPath in REST module", "league/factory-muffin": "For DataFactory module", "league/factory-muffin-faker": "For Faker support in DataFactory module", "phpseclib/phpseclib": "for SFTP option in FTP Module", + "stecman/symfony-console-completion": "For BASH autocompletion", "symfony/phpunit-bridge": "For phpunit-bridge support" }, "bin": [ @@ -2864,7 +2867,7 @@ "functional testing", "unit testing" ], - "time": "2017-09-28T23:19:49+00:00" + "time": "2017-12-12T04:22:17+00:00" }, { "name": "codeception/specify", @@ -4414,51 +4417,6 @@ "homepage": "https://github.com/sebastianbergmann/version", "time": "2016-10-03T07:35:21+00:00" }, - { - "name": "stecman/symfony-console-completion", - "version": "0.7.0", - "source": { - "type": "git", - "url": "https://github.com/stecman/symfony-console-completion.git", - "reference": "5461d43e53092b3d3b9dbd9d999f2054730f4bbb" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/stecman/symfony-console-completion/zipball/5461d43e53092b3d3b9dbd9d999f2054730f4bbb", - "reference": "5461d43e53092b3d3b9dbd9d999f2054730f4bbb", - "shasum": "" - }, - "require": { - "php": ">=5.3.2", - "symfony/console": "~2.3 || ~3.0" - }, - "require-dev": { - "phpunit/phpunit": "~4.4" - }, - "type": "library", - "extra": { - "branch-alias": { - "dev-master": "0.6.x-dev" - } - }, - "autoload": { - "psr-4": { - "Stecman\\Component\\Symfony\\Console\\BashCompletion\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Stephen Holdaway", - "email": "stephen@stecman.co.nz" - } - ], - "description": "Automatic BASH completion for Symfony Console Component based applications.", - "time": "2016-02-24T05:08:54+00:00" - }, { "name": "symfony/browser-kit", "version": "v3.4.1", From d0d935fad8bf6bc0a06cac5e9c732585b435d40c Mon Sep 17 00:00:00 2001 From: Matt Henderson Date: Thu, 14 Dec 2017 15:03:07 -0500 Subject: [PATCH 2/3] Save changes to generated test files. --- .../_support/_generated/ApiTesterActions.php | 37 ++++++++++++++++--- .../_support/_generated/UnitTesterActions.php | 5 +-- 2 files changed, 33 insertions(+), 9 deletions(-) diff --git a/application/tests/_support/_generated/ApiTesterActions.php b/application/tests/_support/_generated/ApiTesterActions.php index d6cc6a66..c5c73ad9 100644 --- a/application/tests/_support/_generated/ApiTesterActions.php +++ b/application/tests/_support/_generated/ApiTesterActions.php @@ -1,14 +1,10 @@ -amAWSAuthenticated(); + * ?> + * ``` + * @param array $additionalAWSConfig + * @throws ModuleException + * @see \Codeception\Module\REST::amAWSAuthenticated() + */ + public function amAWSAuthenticated($additionalAWSConfig = null) { + return $this->getScenario()->runStep(new \Codeception\Step\Condition('amAWSAuthenticated', func_get_args())); + } + + /** * [!] Method is generated. Documentation taken from corresponding module. * diff --git a/application/tests/_support/_generated/UnitTesterActions.php b/application/tests/_support/_generated/UnitTesterActions.php index 6fb5dcab..c77e5087 100644 --- a/application/tests/_support/_generated/UnitTesterActions.php +++ b/application/tests/_support/_generated/UnitTesterActions.php @@ -1,13 +1,10 @@ - Date: Thu, 14 Dec 2017 15:32:56 -0500 Subject: [PATCH 3/3] Stop changing the code if an existing reset is present. --- application/common/models/Reset.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/application/common/models/Reset.php b/application/common/models/Reset.php index 187c8447..821681ee 100644 --- a/application/common/models/Reset.php +++ b/application/common/models/Reset.php @@ -556,10 +556,10 @@ public function setType($type, $methodUid = null) throw new BadRequestHttpException('Unknown reset type requested', 1462989489); } - /* - * Generate new verification code - */ - $this->code = Utils::getRandomDigits(\Yii::$app->params['reset']['codeLength']); + // NOTE: We stopped changing the code here so that, if someone requests + // a subsequent reset while an existing one is not yet expired, the same + // code will be used. That way, clicking the link in the first email + // will still work. /* * Save changes