auto-save events with User

Author: alexweissman

userfrosting/controllers/AccountController.php

@@ -436,18 +436,16 @@ public function register(){
         foreach ($defaultGroups as $group_id => $group)
             $user->addGroup($group_id);    
 
-        // Store new user to database
-        $user->save();        
-        
         // Create sign-up event
-        $sign_up_event = $user->newEventSignUp();
-        $sign_up_event->save();   
+        $user->newEventSignUp();
+        
+        // Store new user to database
+        $user->save();
 
         if ($this->_app->site->require_activation) {
             // Create verification request event
-            $verification_request = $user->newEventVerificationRequest();
-            $user->save();      // Re-save is needed to update user's secret token
-            $verification_request->save();            
+            $user->newEventVerificationRequest();
+            $user->save();      // Re-save with verification event      
 
             // Create and send verification email
             $twig = $this->_app->view()->getEnvironment();
@@ -557,7 +555,7 @@ public function forgotPassword(){
         // TODO: rate-limit the number of password reset requests for a given user
 
         // Generate a new password reset request.  This will also generate a new secret token for the user.
-        $event = $user->newEventPasswordReset();
+        $user->newEventPasswordReset();
 
         // Email the user asking to confirm this change password request
         $twig = $this->_app->view()->getEnvironment();
@@ -577,8 +575,7 @@ public function forgotPassword(){
             $this->_app->halt(500);
         }
 
-        $user->store();
-        $event->save();
+        $user->save();
         $ms->addMessageTranslated("success", "FORGOTPASS_REQUEST_SUCCESS");
     }
 
@@ -740,7 +737,8 @@ public function denyResetPassword(){
      * 4. A request to resend the activation link wasn't already processed in the last X seconds (specified in site settings)
      * 5. The submitted data is valid.
      * This route is "public access".
-     * Request type: POST     
+     * Request type: POST
+     * @todo Again, just like with password reset - do we really need to get the user's user_name to do this?
      */         
     public function resendActivation(){
         $data = $this->_app->request->post();
@@ -796,7 +794,7 @@ public function resendActivation(){
         }
 
         // We're good to go - create a new verification request and send the email
-        $event = $user->newEventVerificationRequest();
+        $user->newEventVerificationRequest();
 
         // Email the user
         $twig = $this->_app->view()->getEnvironment();
@@ -816,8 +814,7 @@ public function resendActivation(){
             $this->_app->halt(500);
         }
 
-        $user->store();
-        $event->save();
+        $user->save();
         $ms->addMessageTranslated("success", "ACCOUNT_NEW_ACTIVATION_SENT");
     }
 

userfrosting/controllers/InstallController.php

@@ -231,13 +231,12 @@ public function setupMasterAccount(){
         foreach ($defaultGroups as $group_id => $group)
             $user->addGroup($group_id);    
 
+        // Add sign-up event
+        $user->newEventSignUp();
+        
         // Store new user to database
         $user->save();
 
-        // Add sign-up event
-        $event = $user->newEventSignUp();
-        $event->save();
-        
         // No activation required
         $ms->addMessageTranslated("success", "ACCOUNT_REGISTRATION_COMPLETE_TYPE1");
 

userfrosting/controllers/UserController.php

@@ -445,19 +445,12 @@ public function createUser(){
             }
         }
 
-        // Store new user to database so that we have a user_id
-        $user->save();
-        
         // Create events - account creation and password reset
-        $event_sign_up = $user->newEventSignUp($this->_app->user);
-        $event_password_reset_request = $user->newEventPasswordReset();    
-        
-        // Save user again after creating reset event
-        $user->save();        
+        $user->newEventSignUp($this->_app->user);
+        $user->newEventPasswordReset();    
 
-        // Save user events
-        $event_sign_up->save();
-        $event_password_reset_request->save();        
+        // Save user again after creating events
+        $user->save();             
 
         // Send an email to the user's email address to set up password
         $twig = $this->_app->view()->getEnvironment();

userfrosting/initialize.php

@@ -190,6 +190,7 @@
     $app->site->register('userfrosting', 'email_login', "Email Login", "toggle", [0 => "Off", 1 => "On"]);
     $app->site->register('userfrosting', 'resend_activation_threshold', "Resend Activation Email Cooloff (s)");
     $app->site->register('userfrosting', 'reset_password_timeout', "Password Recovery Timeout (s)");
+    $app->site->register('userfrosting', 'create_password_expiration', "Create Password for New Users Timeout (s)");    
     $app->site->register('userfrosting', 'minify_css', "Minify CSS", "toggle", [0 => "Off", 1 => "On"]);
     $app->site->register('userfrosting', 'minify_js', "Minify JS", "toggle", [0 => "Off", 1 => "On"]);
 }, 1);

userfrosting/models/database/User.php

@@ -43,6 +43,11 @@ class User extends UFModel {
      */
     protected $_primary_group;  
 
+    /**
+     * @var UserEvent[] An array of events to be inserted for this User when save is called.
+     */
+    protected $new_events = [];
+    
     /**
      * @var bool Enable timestamps for Users.
      */ 
@@ -149,6 +154,7 @@ public function newCollection(array $models = Array()) {
 
     /**
      * Get all events for this user.
+     * @todo save events in $new_events as well?
      */    
     public function events(){
         return $this->hasMany('UserFrosting\UserEvent');
@@ -329,20 +335,6 @@ private function fetchPrimaryGroup() {
         }
         return $this->belongsTo('UserFrosting\Group', 'primary_group_id')->getEager()->first();
     }
- 
-    /**
-     * Store the User to the database, along with any group associations, updating as necessary.
-     *
-     */
-    public function save(array $options = []){       
-        // Update the user record itself
-        $result = parent::save($options);
-        
-        // Synchronize model's group relations with database
-        $this->syncCachedGroups();
-        
-        return $result;
-    }
 
     /**
      * Create an event saying that this user registered their account, or an account was created for them.
@@ -356,10 +348,10 @@ public function newEventSignUp($creator = null){
         else
             $description = "User {$this->user_name} successfully registered on " . date("Y-m-d H:i:s") . ".";
         $event = new UserEvent([
-            "user_id"     => $this->id,
             "event_type"  => "sign_up",
             "description" => $description
         ]);
+        $this->new_events[] = $event;
         return $event;
     }
 
@@ -369,11 +361,12 @@ public function newEventSignUp($creator = null){
      * @return UserEvent
      */
     public function newEventSignIn(){    
-        return new UserEvent([
-            "user_id"     => $this->id,
+        $event = new UserEvent([
             "event_type"  => "sign_in",
             "description" => "User {$this->user_name} signed in at " . date("Y-m-d H:i:s") . "."
         ]);
+        $this->new_events[] = $event;
+        return $event;
     }
 
     /**
@@ -384,10 +377,10 @@ public function newEventSignIn(){
     public function newEventVerificationRequest(){
         $this->secret_token = User::generateActivationToken();
         $event = new UserEvent([
-            "user_id"     => $this->id,
             "event_type"  => "verification_request",
             "description" => "User {$this->user_name} requested verification on " . date("Y-m-d H:i:s") . "."
         ]);
+        $this->new_events[] = $event;
         return $event;
     }    
 
@@ -400,13 +393,32 @@ public function newEventPasswordReset(){
         $this->secret_token = User::generateActivationToken();
         $this->flag_password_reset = "1";
         $event = new UserEvent([
-            "user_id"     => $this->id,
             "event_type"  => "password_reset_request",
             "description" => "User {$this->user_name} requested a password reset on " . date("Y-m-d H:i:s") . "."
         ]);
+        $this->new_events[] = $event;
         return $event;
     } 
 
+    /**
+     * Store the User to the database, along with any group associations and new events, updating as necessary.
+     *
+     */
+    public function save(array $options = []){       
+        // Update the user record itself
+        $result = parent::save($options);
+        
+        // Synchronize model's group relations with database
+        $this->syncCachedGroups();
+        
+        // Save any new events for this user
+        foreach ($this->new_events as $event){
+            $this->events()->save($event);
+        }
+        
+        return $result;
+    }
+    
     /**
      * Delete this user from the database, along with any linked groups and authorization rules
      *
@@ -513,8 +525,7 @@ public function verifyPassword($password){
      */
     public function login(){    
         // Add a sign in event (time is automatically set by database)
-        $event = $this->newEventSignIn();
-        $event->save();
+        $this->newEventSignIn();
 
         // Update password if we had encountered an outdated hash
         if (Authentication::getPasswordHashType($this->password) != "modern"){
@@ -528,12 +539,18 @@ public function login(){
             }
         }
 
-        // Store changes
-        $this->store();
+        // Save changes
+        $this->save();
 
         return $this;
     }
 
+    /**
+     * Log this user out.
+     *
+     * Destroys the PHP session as well.
+     * @param bool $complete If set to true, will also clear out any persistent sessions.
+     */    
     public function logout($complete = false) {
         if ($complete){
             $storage = new \Birke\Rememberme\Storage\PDO(static::$app->remember_me_table);

userfrosting/templates/themes/default/account/reset-password.twig

@@ -20,6 +20,9 @@
     </p>
     {% include 'components/common/alerts.twig' %}
     <form class="form-horizontal" role="form" name="reset_password" action="{{site.uri.public}}/account/set-password" method="post">
+        <!-- Prevent browsers from trying to autofill the password field.  See http://stackoverflow.com/a/23234498/2970321 -->
+        <input type="text" style="display:none">
+        <input type="password" style="display:none">       
         <div class="form-group">
             <label for="input_password" class="control-label col-sm-4">New Password</label>
             <div class="col-sm-8">

userfrosting/templates/themes/default/components/common/user-set-password.twig

@@ -1,22 +1,49 @@
-        {% if 'password' not in fields.hidden %}             
-        <div class="col-sm-6">  
-            <div class="form-group">
-                <label>Password</label>
-                <div class="input-group">
-                    <span class="input-group-addon"><i class="fa fa-key"></i></span>
-                    <input type="password" class="form-control" name="password" autocomplete="off" value="" placeholder="8-50 characters">
-                </div>
+<div id='{{box_id}}' class='modal fade' data-width="760">
+    <div class='modal-header'>
+        <button type='button' class='close' data-dismiss='modal' aria-hidden='true'>&times;</button>
+        <h4 class='modal-title'>{{box_title}}</h4>
+    </div>
+    <div class='modal-body'>
+        <form name="user_password" method="post" action="{{form_action}}">
+            <div id="form-alerts">
             </div>
-            <div class="form-group">
-                <label>Confirm password</label>
-                <div class="input-group">
-                    <span class="input-group-addon"><i class="fa fa-key"></i></span>
-                    <input type="password" class="form-control" name="passwordc" autocomplete="off" value="" placeholder="Confirm password">
+            <div class="row">           
+                <div class="col-sm-6">  
+                    <div class="form-group">
+                        <label>Password</label>
+                        <div class="input-group">
+                            <span class="input-group-addon"><i class="fa fa-key"></i></span>
+                            <input type="password" class="form-control" name="password" autocomplete="off" value="" placeholder="8-50 characters">
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label>Confirm password</label>
+                        <div class="input-group">
+                            <span class="input-group-addon"><i class="fa fa-key"></i></span>
+                            <input type="password" class="form-control" name="passwordc" autocomplete="off" value="" placeholder="Confirm password">
+                        </div>
+                    </div>
+                </div>
+            </div><br>
+            <div class="row">
+                <div class="col-xs-8 col-sm-4">
+                    <div class="vert-pad">
+                        <button type="submit" class="btn btn-block btn-lg btn-success">
+                            {{submit_button}}
+                        </button>
+                    </div>          
+                </div>       
+                <div class="col-xs-4 col-sm-3 pull-right">
+                    <div class="vert-pad">
+                        <button type="button" class="btn btn-block btn-lg btn-link" data-dismiss="modal">Cancel</button>
+                    </div>
                 </div>
             </div>
-        </div>
-        {% endif %}
-        
+        </form>
+    </div>
+</div>
 
-    
-    
+<script>
+// Load the validator rules for this form
+var validators = {{validators | raw}};
+</script>