[VYMCA-64] CSV Security Enhancement

README.md

@@ -56,7 +56,9 @@ For videos, protected from embed by "Specific domains" you can have an issue
 with thumbnails download to drupal media. In this case - apply a patch
 for drupal core:
 
-* _patches/OEmbed\_vimeo\_private\_videos.patch_
+* _patches/OEmbed\_vimeo\_private\_videos.patch_ - in case of using core media
+* _patches/video\_embed\_field\_vimeo\_private\_videos.patch_ - in case of
+using video_embed_field module
 
 
 ### JSON API patch required for Drupal 8.7

js/gated-content/src/components/auth/CustomAuth.vue

@@ -1,17 +1,20 @@
 <template>
-  <div>
+  <div class="container">
+    <div v-if="message" class="alert alert-info">
+      <span v-html="message"></span>
+    </div>
     <div v-if="loading" class="spinner-center">
       <Spinner></Spinner>
     </div>
     <form v-else class="plugin-custom">
-      <div v-if="this.error" class="alert alert-danger">
-        <span>{{ this.error }}</span>
+      <div v-if="error" class="alert alert-danger">
+        <span>{{ error }}</span>
       </div>
       <div class="form-group">
         <label for="auth-email">Email Address</label>
         <input
           v-model="form.email"
-          placeholder="jondoe@example.com"
+          placeholder="johndoe@example.com"
           type="email"
           id="auth-email"
           class="form-control"
@@ -42,8 +45,10 @@ export default {
       form: {
         email: '',
         recaptchaToken: '',
+        path: '',
       },
       error: '',
+      message: '',
     };
   },
   computed: {
@@ -55,27 +60,38 @@ export default {
     async login() {
       this.loading = true;
       this.error = '';
+      const appUrl = this.$store.getters.getAppUrl;
+      if (appUrl !== undefined && appUrl.length > 0) {
+        this.form.path = appUrl;
+      } else {
+        this.form.path = window.location.pathname;
+      }
       await this.$store
         .dispatch('customAuthorize', this.form)
-        .then(() => {
-          const appUrl = this.$store.getters.getAppUrl;
+        .then((response) => {
+          if (response.status === 202) {
+            this.message = response.data.message;
+            this.form.email = '';
+            if (this.config.enableRecaptcha) {
+              this.$refs.recaptcha.reset();
+            }
+            this.loading = false;
+            return;
+          }
           if (appUrl !== undefined && appUrl.length > 0) {
             window.location = appUrl;
           } else {
             this.$router.push({ name: 'Home' }).catch(() => {});
           }
         })
         .catch((error) => {
-          this.loading = false;
           this.error = error.response ? error.response.data.message : 'Something went wrong!';
-          console.log(this.$refs);
-          this.$refs.recaptcha.reset();
+          if (this.config.enableRecaptcha) {
+            this.$refs.recaptcha.reset();
+          }
+          this.loading = false;
         });
     },
   },
 };
 </script>
-
-<style scoped>
-
-</style>

js/gated-content/src/components/auth/CustomAuthEmailConfirm.vue

@@ -0,0 +1,68 @@
+<template>
+  <div class="container">
+    <div v-if="error" class="error-wrapper">
+      <div class="alert alert-danger">
+        <span>{{ error }}</span>
+      </div>
+
+      <p class="text-center">
+        <router-link :to="{ name: 'Login' }" class="btn btn-lg btn-primary">Sign In</router-link>
+      </p>
+    </div>
+    <div v-if="loading" class="spinner-center">
+      <Spinner></Spinner>
+    </div>
+  </div>
+</template>
+
+<script>
+import Spinner from '@/components/Spinner.vue';
+
+export default {
+  name: 'CustomAuthEmailConfirm',
+  components: {
+    Spinner,
+  },
+  props: {
+    id: {
+      type: String,
+      required: true,
+    },
+    token: {
+      type: String,
+      required: true,
+    },
+  },
+  data() {
+    return {
+      loading: true,
+      error: '',
+    };
+  },
+  computed: {
+    config() {
+      return this.$store.getters.getCustomConfig;
+    },
+  },
+  mounted() {
+    this.confirmEmail();
+  },
+  methods: {
+    async confirmEmail() {
+      this.loading = true;
+      await this.$store
+        .dispatch('customEmailConfirmation', {
+          id: this.id,
+          token: this.token,
+        })
+        .then(() => {
+          this.$router.push({ name: 'Home' }).catch(() => {});
+        })
+        .catch((error) => {
+          this.error = error.response ? error.response.data.message : 'Something went wrong!';
+          this.loading = false;
+        });
+    },
+  },
+};
+</script>

js/gated-content/src/router/index.js

@@ -3,6 +3,7 @@ import VueRouter from 'vue-router';
 import Store from '@/store';
 import Home from '@/views/Home.vue';
 import Login from '@/views/Login.vue';
+import CustomAuthEmailConfirm from '@/components/auth/CustomAuthEmailConfirm.vue';
 import NotFound from '@/views/NotFound.vue';
 import VideoPage from '@/views/VideoPage.vue';
 import BlogPage from '@/views/BlogPage.vue';
@@ -29,6 +30,13 @@ const routes = [
     component: Login,
     meta: { requiresGuest: true },
   },
+  {
+    path: '/login/:id/:token/confirm',
+    name: 'CustomAuthEmailConfirm',
+    component: CustomAuthEmailConfirm,
+    props: true,
+    meta: { requiresGuest: true },
+  },
   {
     path: '/categories',
     name: 'CategoryListing',

js/gated-content/src/scss/global.scss

@@ -42,3 +42,9 @@
     }
   }
 }
+
+.openy_carnation {
+  #gated-content {
+    padding-top: 30px;
+  }
+}

js/gated-content/src/store/modules/auth/custom.js

@@ -21,11 +21,43 @@ export default {
           data: {
             recaptchaToken: data.recaptchaToken,
             email: data.email,
+            path: data.path,
           },
+        })
+          .then((response2) => {
+            if (response2.status === 200) {
+              // Call the base auth authorize action.
+              context.dispatch('authorize', response2.data.user);
+            }
+            return response2;
+          })
+          .catch((error) => {
+            console.error(error);
+            throw error;
+          }))
+        .catch((error) => {
+          throw error;
+        });
+    },
+    async customEmailConfirmation(context, data) {
+      return client
+        .get('session/token')
+        .then((response) => client({
+          url: context.getters.getCustomConfig.emailVerificationApiEndpoint,
+          method: 'post',
+          headers: {
+            'Content-Type': 'application/json',
+            'X-CSRF-Token': response.data,
+          },
+          params: {
+            _format: 'json',
+          },
+          data,
         })
           .then((response2) => {
             // Call the base auth authorize action.
             context.dispatch('authorize', response2.data.user);
+            return response2;
           })
           .catch((error) => {
             console.error(error);

js/gated-content/src/views/Login.vue

@@ -34,8 +34,6 @@ export default {
       return this.$store.getters.authPlugin;
     },
   },
-  mounted() {
-  },
   methods: {
     loginSuccess() {
       this.$router.push({ name: 'Home' });

modules/openy_gc_auth/modules/openy_gc_auth_custom/config/install/openy_gc_auth.provider.custom.yml

@@ -1,2 +1,7 @@
-enable_recaptcha: 1
+enable_recaptcha: 0
 api_endpoint: /openy-gc-auth/provider/custom/login
+enable_email_verification: 1
+email_verification_api_endpoint: /openy-gc-auth/provider/custom/login-by-link
+email_verification_link_life_time: '14400'
+email_verification_text: 'Hello! <br> You’re just one step away from accessing your Virtual YMCA. Please open the link below to begin enjoying YMCA content made exclusively for members like you.'
+verification_message: 'We have sent a verification link to the email address you provided. Please open this link and activate your account. If you do not receive an email, please try again or contact us at XXX-XXX-XXXX to ensure we have the correct email on file for your membership.'

modules/openy_gc_auth/modules/openy_gc_auth_custom/config/install/rest.resource.openy_gc_auth_custom_confirm.yml

@@ -0,0 +1,17 @@
+langcode: en
+status: true
+dependencies:
+  module:
+    - openy_gc_auth_custom
+    - serialization
+    - user
+id: openy_gc_auth_custom_confirm
+plugin_id: openy_gc_auth_custom_confirm
+granularity: resource
+configuration:
+  methods:
+    - POST
+  formats:
+    - json
+  authentication:
+    - cookie