Release 2.3.1 (#1158)

* Parent + Nested validation changes (#1138)

* #1121 (#1126)

* Public Role : UserId should be set 0 instead of null

* Change : invalid token

* Issue Fix #1109 (#1146)

* Added file support for 7.0 (Explained) (#1124)

* Bump version to 2.3.0 (#1120)

* Added file support for 7.0 (Explained)

Having `public` in front of `const` completely breaks the application for `PHP 7.0` usage, which broke everything when I pulled origin.

Though I understand `PHP 7.0` isn't officially supported, and that `PHP 7.1+` is, there is no reason to use public alongside const as the default visibility of class constants are public. We might as well provide support where possible if it doesn't hurt.

Explained here:
https://stackoverflow.com/a/51568547

* Issue Fix #1114 (#1128)

* Issue Fix #1114

* Change exception message

* Update .gitignore (#1129)

* Bump version to 2.3.0 (#1120)

* Update .gitignore

* Update .gitignore

* Update .gitignore

* Update .gitignore

* Issue Fix #1125 (#1134)

* Issue Fix #1131 (#1135)

* create thumb for pdf if imagick is available (#1123)

* Bump version to 2.3.0 (#1120)

* create thumb for pdf if imagick is available

* Issue Fix #1109

* Add Special characters in the radom string generator

* Issue Fix #1109

* Remove other option

* Imagick changes

* Issue Fix #1148 (#1152)

* Fix 1149 (#1156)

* Process relation & non relatinal fields sequentially to solve logical operator issue

* Process relation & non relatinal fields sequentially to solve logical operator issue

* Fixed namespace of InvalidLoggerConfigurationException (#1153)

* Bump version to v2.3.1

Author: rijkvanzanten

.gitignore

@@ -17,6 +17,10 @@ composer.phar
 composer.lock
 /vendor
 
+# Exclude env vars and custom deployment scripts
+.env
+deploy.*
+
 # Ignore configuration files
 /config/*
 !/config/migrations.php

migrations/upgrades/schemas/20190722110232_password_validation_setting_field.php

@@ -0,0 +1,29 @@
+<?php
+
+
+use Phinx\Migration\AbstractMigration;
+
+class PasswordValidationSettingField extends AbstractMigration
+{
+    public function up()
+    {
+          $conn = $this->getAdapter()->getConnection();
+
+          $fieldObject = [
+            'field' => 'password_policy',
+            'type' => 'string',
+            'note' => 'Weak : Minimum length 8; Strong :  1 small-case letter, 1 capital letter, 1 digit, 1 special character and the length should be minimum 8',
+            'interface' => 'dropdown',
+            'options'   => ['choices' => ['' => 'None', '/^.{8,}$/' => 'Weak', '/(?=^.{8,}$)(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()_+}{\';\'?>.<,])(?!.*\s).*$/' => 'Strong']]
+          ];  
+          $collection = 'directus_settings';
+          $checkSql = sprintf('SELECT 1 FROM `directus_fields` WHERE `collection` = "%s" AND `field` = "%s";', $collection, $fieldObject['field']);
+          $result = $this->query($checkSql)->fetch();
+          if (!$result) {
+            $insertSqlFormat = "INSERT INTO `directus_fields` (`collection`, `field`, `type`, `interface`, `options`, `note`) VALUES ('%s', '%s', '%s', '%s' , %s, '%s');";
+            $insertSql = sprintf($insertSqlFormat, $collection, $fieldObject['field'], $fieldObject['type'], $fieldObject['interface'], $conn->quote(json_encode($fieldObject['options'])) , $fieldObject['note']);
+            $this->execute($insertSql);
+          }
+
+    }
+}

migrations/upgrades/schemas/20190726064001_update_note_for_default_limit.php

@@ -0,0 +1,47 @@
+<?php
+
+
+use Phinx\Migration\AbstractMigration;
+
+class UpdateNoteForDefaultLimit extends AbstractMigration
+{
+    public function up()
+    {
+        $this->execute(\Directus\phinx_update(
+            $this->getAdapter(),
+            'directus_fields',
+            [
+              'note' => 'The color that best fits your brand.'
+            ],
+            ['collection' => 'directus_settings', 'field' => 'color']
+        ));
+
+        $this->execute(\Directus\phinx_update(
+            $this->getAdapter(),
+            'directus_fields',
+            [
+              'note' => 'Default max amount of items that\'s returned at a time in the API.'
+            ],
+            ['collection' => 'directus_settings', 'field' => 'default_limit']
+        ));
+
+        $this->execute(\Directus\phinx_update(
+            $this->getAdapter(),
+            'directus_fields',
+            [
+              'width' => 'half',
+            ],
+            ['collection' => 'directus_settings', 'field' => 'password_policy']
+        ));
+
+        $this->execute(\Directus\phinx_update(
+            $this->getAdapter(),
+            'directus_fields',
+            [
+              'width' => 'half',
+            ],
+            ['collection' => 'directus_settings', 'field' => 'file_max_size']
+        ));
+
+    }
+}

package.json

@@ -1,7 +1,7 @@
 {
   "name": "@directus/api",
   "private": true,
-  "version": "2.3.0",
+  "version": "2.3.1",
   "description": "Directus API",
   "main": "index.js",
   "repository": "directus/api",

src/core/Directus/Application/Application.php

@@ -13,7 +13,7 @@ class Application extends App
      *
      * @var string
      */
-    const DIRECTUS_VERSION = '2.3.0';
+    const DIRECTUS_VERSION = '2.3.1';
 
     /**
      * NOT USED

src/core/Directus/Application/CoreServicesProvider.php

@@ -321,12 +321,14 @@ protected function getEmitter()
                 $files = $container->get('files');
 
                 $fileData = ArrayUtils::get($data, 'data');
+
+                $dataInfo = [];
                 if (is_a_url($fileData)) {
                     $dataInfo = $files->getLink($fileData);
                     // Set the URL payload data
                     $payload['data'] = ArrayUtils::get($dataInfo, 'data');
                     $payload['filename'] = ArrayUtils::get($dataInfo, 'filename');
-                } else {
+                } else if(!is_object($fileData)) {
                     $dataInfo = $files->getDataInfo($fileData);
                 }
 

src/core/Directus/Application/Http/Middleware/AuthenticationMiddleware.php

@@ -53,15 +53,7 @@ public function __invoke(Request $request, Response $response, callable $next)
 
             if (!is_null($user)) {
                 $rolesIpWhitelist = $this->getUserRolesIPWhitelist($user->getId());
-                $permissionsByCollection = $permissionsTable->getUserPermissions($user->getId());
-
-                // TODO: Adding an user should auto set its ID and GROUP
-                // TODO: User data should be casted to its data type
-                // TODO: Make sure that the group is not empty
-                $acl->setUserId($user->getId());
-                $acl->setUserEmail($user->getEmail());
-                $acl->setUserFullName($user->get('first_name') . ' ' . $user->get('last_name'));
-
+                $permissionsByCollection = $permissionsTable->getUserPermissions($user->getId());                
                 $hookEmitter->run('auth.success', [$user]);
             } else {
                 if (is_null($user) && $publicRoleId) {
@@ -102,9 +94,13 @@ public function __invoke(Request $request, Response $response, callable $next)
             $hookEmitter->run('auth.fail', [$exception]);
             throw $exception;
         }
-
-
-
+       
+        // TODO: Adding an user should auto set its ID and GROUP
+        // TODO: User data should be casted to its data type
+        // TODO: Make sure that the group is not empty
+        $acl->setUserId($user->getId());
+        $acl->setUserEmail($user->getEmail());
+        $acl->setUserFullName($user->get('first_name') . ' ' . $user->get('last_name'));
 
         return $next($request, $response);
     }

src/core/Directus/Config/Schema/Types.php

@@ -7,8 +7,8 @@
  */
 interface Types
 {
-    public const INTEGER = 'number';
-    public const FLOAT = 'float';
-    public const STRING = 'string';
-    public const BOOLEAN = 'boolean';
+    const INTEGER = 'number';
+    const FLOAT = 'float';
+    const STRING = 'string';
+    const BOOLEAN = 'boolean';
 }

src/core/Directus/Console/Common/User.php

@@ -7,6 +7,7 @@
 use Directus\Console\Common\Exception\UserUpdateException;
 use Zend\Db\TableGateway\TableGateway;
 use Directus\Util\Installation\InstallerUtils;
+use function Directus\get_directus_setting;
 
 class User
 {
@@ -74,6 +75,14 @@ public function changePassword($email, $password)
     {
 
         $auth = $this->app->getContainer()->get('auth');
+
+        $passwordValidation = get_directus_setting('password_policy');
+        if(!empty($passwordValidation)){
+            if(!preg_match($passwordValidation, $password, $match)){
+                throw new PasswordChangeException('Password is not valid.');
+            }
+        }
+
         $hash = $auth->hashPassword($password);
         $user = $this->usersTableGateway->select(['email' => $email])->current();