Merge pull request #22 from mageplaza/2.4-develop

2.4 develop

Controller/Adminhtml/LoginLog/Index.php

@@ -30,6 +30,8 @@
  */
 class Index extends AbstractLog
 {
+    protected $_publicActions = ['view', 'index'];
+
     /**
      * @return Page
      */

Cron/SendMail.php

@@ -160,7 +160,7 @@ public function execute()
                         'logs'         => $logArr,
                         'failed_count' => $failedCount,
                         'failed_time'  => $failedTime,
-                        'viewLogUrl'   => $this->backendUrl->getUrl('mpsecurity/loginlog/'),
+                        'viewLogUrl'   => $this->backendUrl->getRouteUrl('mpsecurity/loginlog/index/'),
                         'logo_url'     => 'https://www.mageplaza.com/media/mageplaza-security-email.png',
                         'logo_alt'     => 'Mageplaza',
                         'store_url'    => $storeUrl

Helper/ErrorProcessor.php

@@ -70,8 +70,10 @@ public function __construct(
      */
     public function processSecurityReport($errorCode = '', $reportData = '', $title = '')
     {
+        $this->pageTitle = $title ?: __('You don\'t have permission to access this page');
         $this->pageTitle  = $title ?: __('You don\'t have permission to access this page');
         $this->reportData = $reportData;
+        $this->errorCode = $errorCode;
         $this->errorCode  = $errorCode;
 
         $html = $this->_renderPage('security_report');

Plugin/LockUser.php

@@ -124,7 +124,7 @@ public function beforeUpdateFailure(User $userModel, $user, $setLockExpires, $se
                         'logo_alt'   => 'Mageplaza',
                         'store_url'  => $storeUrl,
                         'user_name'  => $user->getUserName(),
-                        'viewLogUrl' => $this->_backendUrl->getUrl('mpsecurity/loginlog/'),
+                        'viewLogUrl' => $this->_backendUrl->getRouteUrl('mpsecurity/loginlog/index/'),
                     ];
 
                     $this->_transportBuilder

README.md

@@ -2,7 +2,7 @@
 
 Security issues for Magento have left a big question mark in the community of online stores. This problem is specially cared when Magento-based stores which own critical information and huge transactional volume can easily become ideal prey for blackhat hackers to attack. To help online stores prevent brutal break-ins, Mageplaza has developed the Security extension.
 
-**Magento 2 Security extension by Magpelaza** gives store owners the ability to detect the IP addresses that are intentionally attacking their store at any given time. Therefore, they have timely measures to prevent this issue such as blocking those IP addresses or sending warning emails to store owners.
+**Magento 2 Security extension by Mageplaza** gives store owners the ability to detect the IP addresses that are intentionally attacking their store at any given time. Therefore, they have timely measures to prevent this issue such as blocking those IP addresses or sending warning emails to store owners.
 
 [![Latest Stable Version](https://poser.pugx.org/mageplaza/module-security/v/stable)](https://packagist.org/packages/mageplaza/module-security)
 [![Total Downloads](https://poser.pugx.org/mageplaza/module-security/downloads)](https://packagist.org/packages/mageplaza/module-security)

composer.json

@@ -2,13 +2,13 @@
   "name": "mageplaza/module-security",
   "description": "Mageplaza Security Extension",
   "require": {
-    "mageplaza/module-core": "^1.4.12",
-    "mageplaza/module-google-recaptcha": "^4.0.1",
-    "mageplaza/module-two-factor-authentication": "^4.0.3",
+    "mageplaza/module-core": "^1.4.3",
+    "mageplaza/module-google-recaptcha": "^4.0.3",
+    "mageplaza/module-two-factor-authentication": "^4.0.4",
     "sinergi/browser-detector": "*"
   },
   "type": "magento2-module",
-  "version": "4.0.3",
+  "version": "4.1.0",
   "license": "proprietary",
   "authors": [
     {

etc/db_schema.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0"?>
+<schema xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Setup/Declaration/Schema/etc/schema.xsd">
+  <table name="mageplaza_security_login_log" resource="default" engine="innodb" comment="Mageplaza Security Login Log Table">
+    <column xsi:type="int" name="id" padding="10" unsigned="true" nullable="false" identity="true" comment="Login Log"/>
+    <column xsi:type="timestamp" name="time" on_update="false" nullable="true" comment="Time"/>
+    <column xsi:type="text" name="user_name" nullable="true" comment="User Name"/>
+    <column xsi:type="text" name="ip" nullable="true" comment="IP address"/>
+    <column xsi:type="text" name="browser_agent" nullable="true" comment="Browser Agent"/>
+    <column xsi:type="text" name="url" nullable="true" comment="URL"/>
+    <column xsi:type="text" name="referer" nullable="true" comment="Referer"/>
+    <column xsi:type="boolean" name="status" nullable="true" comment="Status"/>
+    <column xsi:type="boolean" name="is_sent_mail" nullable="true" comment="Is sent mail"/>
+    <column xsi:type="boolean" name="is_warning" nullable="true" comment="Is Warning"/>
+    <constraint xsi:type="primary" referenceId="PRIMARY">
+      <column name="id"/>
+    </constraint>
+  </table>
+</schema>

etc/db_schema_whitelist.json

@@ -0,0 +1,19 @@
+{
+    "mageplaza_security_login_log": {
+        "column": {
+            "id": true,
+            "time": true,
+            "user_name": true,
+            "ip": true,
+            "browser_agent": true,
+            "url": true,
+            "referer": true,
+            "status": true,
+            "is_sent_mail": true,
+            "is_warning": true
+        },
+        "constraint": {
+            "PRIMARY": true
+        }
+    }
+}

i18n/en_US.csv

@@ -1,79 +1,84 @@
-"User Name","User Name"
-Status,Status
-Time,Time
-Security,Security
-"Login Log","Login Log"
-"Login information","Login information"
-ID,ID
-IP,IP
-URL,URL
-"Referer URL","Referer URL"
-Success,Success
-Failed,Failed
-"Browser Information","Browser Information"
-Brower,Brower
-"Brower Version","Brower Version"
-Platform,Platform
-"Platform Version","Platform Version"
-"%1 ago","%1 ago"
-"just now","just now"
-"Security Checklist","Security Checklist"
-"Login record details","Login record details"
-"This log no longer exists.","This log no longer exists."
-"You don't have permission to access this page","You don't have permission to access this page"
-"Your IP has been blocked.","Your IP has been blocked."
-"Check admin's username:","Check admin's username:"
-"The following usernames are not secured: %1.","The following usernames are not secured: %1."
-"Hackers can guest username easily. Click on an user to change username.","Hackers can guest username easily. Click on an user to change username."
-"Username: ""%1"" is not secure.","Username: ""%1"" is not secure."
-"Fix it","Fix it"
-"All users are adequate for security purposes","All users are adequate for security purposes"
-"Check captcha:","Check captcha:"
-"Frontend captcha is not enabled. Hackers may carry out brute-force attacks on your customers' accounts","Frontend captcha is not enabled. Hackers may carry out brute-force attacks on your customers' accounts"
-"Frontend captcha is enabled.","Frontend captcha is enabled."
-"Backend captcha is not enabled. To protect your backend from brute-force attacks, you should enable it.","Backend captcha is not enabled. To protect your backend from brute-force attacks, you should enable it."
-"Backend captcha is enabled.","Backend captcha is enabled."
-"Check Magento Version:","Check Magento Version:"
-"Your Magento version is: %1, the latest version is: %2","Your Magento version is: %1, the latest version is: %2"
-Upgrade,Upgrade
-"Your store is running on the latest version.","Your store is running on the latest version."
-"Check database prefix:","Check database prefix:"
-"Your store's database is good.","Your store's database is good."
-"Your store’s database hasn’t got table prefixes.","Your store’s database hasn’t got table prefixes."
-"Please update to %1 edition to have these issues solved automatically.","Please update to %1 edition to have these issues solved automatically."
-"Exception printing is disabled by default for security reasons.","Exception printing is disabled by default for security reasons."
-"%store_url - Security Alert by Mageplaza","%store_url - Security Alert by Mageplaza"
-"Bad Login Notification","Bad Login Notification"
-"Mageplaza Security detected unusual activities in your store. You're getting this email to make sure it was you or your team.","Mageplaza Security detected unusual activities in your store. You're getting this email to make sure it was you or your team."
-User,User
-"CHECK ACTIVITY","CHECK ACTIVITY"
-"You received this email as the security alerts are considered to be important to your store(s).","You received this email as the security alerts are considered to be important to your store(s)."
-"%store_url - Lock User Alert by Mageplaza","%store_url - Lock User Alert by Mageplaza"
-"Lock User Notification","Lock User Notification"
-"User '%user_name' is locked due to many failed login attempts.","User '%user_name' is locked due to many failed login attempts."
-"Mageplaza Security locked the above user(s) intermediately.","Mageplaza Security locked the above user(s) intermediately."
-"If there is something wrong, you can reset locked","If there is something wrong, you can reset locked"
-here,here
-"Review login logs","Review login logs"
-General,General
-Enable,Enable
-"Send warning emails to","Send warning emails to"
-"All warning letters will be sent to these emails. Separated with add (,)","All warning letters will be sent to these emails. Separated with add (,)"
-"Brute Force Protection","Brute Force Protection"
-"Maximum number of failed login attempts","Maximum number of failed login attempts"
-"Allowed duration","Allowed duration"
-"Within this period of time (minutes), the number of failed login attempts is not allowed to exceed","Within this period of time (minutes), the number of failed login attempts is not allowed to exceed"
-"Locked User Alert","Locked User Alert"
-"Send alert mail when backend user is locked","Send alert mail when backend user is locked"
-"Email template","Email template"
-"Choose an email template to send alerts","Choose an email template to send alerts"
-"Blacklist/Whitelist IPs","Blacklist/Whitelist IPs"
-Blacklist(s),Blacklist(s)
-"Enter forbidden IP(s). Login attempts from these IPs will be prevented. Separated with add (,). eg : 123.123.0.*, 10.22.*.*","Enter forbidden IP(s). Login attempts from these IPs will be prevented. Separated with add (,). eg : 123.123.0.*, 10.22.*.*"
-Whitelist(s),Whitelist(s)
-"Enter IP(s) which is allowed to access website. Only login attempts from these IPs are granted. Separated with add (,). eg : 123.123.0.*, 10.22.*.*. Make sure you add your IP address first.","Enter IP(s) which is allowed to access website. Only login attempts from these IPs are granted. Separated with add (,). eg : 123.123.0.*, 10.22.*.*. Make sure you add your IP address first."
-"Last Login","Last Login"
-"IP Address","IP Address"
-"Browser Agent","Browser Agent"
-"Referer Url","Referer Url"
-View,View
+"User Name","User Name"
+Status,Status
+Time,Time
+Security,Security
+"Login Log","Login Log"
+"Login information","Login information"
+ID,ID
+IP,IP
+URL,URL
+"Referer URL","Referer URL"
+Success,Success
+Failed,Failed
+"Browser Information","Browser Information"
+Brower,Brower
+"Brower Version","Brower Version"
+Platform,Platform
+"Platform Version","Platform Version"
+"%1 ago","%1 ago"
+"just now","just now"
+"Security Checklist","Security Checklist"
+"A total of %1 record(s) have been deleted.","A total of %1 record(s) have been deleted."
+"Login record details","Login record details"
+"This log no longer exists.","This log no longer exists."
+"You don't have permission to access this page","You don't have permission to access this page"
+"Your IP has been blocked.","Your IP has been blocked."
+"Check admin's username:","Check admin's username:"
+"The following usernames are not secured: %1.","The following usernames are not secured: %1."
+"Hackers can guest username easily. Click on an user to change username.","Hackers can guest username easily. Click on an user to change username."
+"Username: ""%1"" is not secure.","Username: ""%1"" is not secure."
+"Fix it","Fix it"
+"All users are adequate for security purposes","All users are adequate for security purposes"
+"Check captcha:","Check captcha:"
+"Frontend captcha is not enabled. Hackers may carry out brute-force attacks on your customers' accounts","Frontend captcha is not enabled. Hackers may carry out brute-force attacks on your customers' accounts"
+"Frontend captcha is enabled.","Frontend captcha is enabled."
+"Backend captcha is not enabled. To protect your backend from brute-force attacks, you should enable it.","Backend captcha is not enabled. To protect your backend from brute-force attacks, you should enable it."
+"Backend captcha is enabled.","Backend captcha is enabled."
+"Check Magento Version:","Check Magento Version:"
+"Your Magento version is: %1, the latest version is: %2","Your Magento version is: %1, the latest version is: %2"
+Upgrade,Upgrade
+"Your store is running on the latest version.","Your store is running on the latest version."
+"Check database prefix:","Check database prefix:"
+"Your store's database is good.","Your store's database is good."
+"Your store’s database hasn’t got table prefixes.","Your store’s database hasn’t got table prefixes."
+"Please update to %1 edition to have these issues solved automatically.","Please update to %1 edition to have these issues solved automatically."
+"Exception printing is disabled by default for security reasons.","Exception printing is disabled by default for security reasons."
+"%store_url - Security Alert by Mageplaza","%store_url - Security Alert by Mageplaza"
+"Bad Login Notification","Bad Login Notification"
+"Mageplaza Security detected unusual activities in your store. You're getting this email to make sure it was you or your team.","Mageplaza Security detected unusual activities in your store. You're getting this email to make sure it was you or your team."
+User,User
+"CHECK ACTIVITY","CHECK ACTIVITY"
+"You received this email as the security alerts are considered to be important to your store(s).","You received this email as the security alerts are considered to be important to your store(s)."
+"%store_url - Lock User Alert by Mageplaza","%store_url - Lock User Alert by Mageplaza"
+"Lock User Notification","Lock User Notification"
+"User '%user_name' is locked due to many failed login attempts.","User '%user_name' is locked due to many failed login attempts."
+"Mageplaza Security locked the above user(s) intermediately.","Mageplaza Security locked the above user(s) intermediately."
+"If there is something wrong, you can reset locked","If there is something wrong, you can reset locked"
+here,here
+"Review login logs","Review login logs"
+General,General
+Enable,Enable
+"Send warning emails to","Send warning emails to"
+"All warning letters will be sent to these emails. Separated with add (,)","All warning letters will be sent to these emails. Separated with add (,)"
+"Brute Force Protection","Brute Force Protection"
+"Maximum number of failed login attempts","Maximum number of failed login attempts"
+"Allowed duration","Allowed duration"
+"Within this period of time (minutes), the number of failed login attempts is not allowed to exceed","Within this period of time (minutes), the number of failed login attempts is not allowed to exceed"
+"Locked User Alert","Locked User Alert"
+"Send alert mail when backend user is locked","Send alert mail when backend user is locked"
+"Email template","Email template"
+"Choose an email template to send alerts","Choose an email template to send alerts"
+"Blacklist/Whitelist IPs","Blacklist/Whitelist IPs"
+Blacklist(s),Blacklist(s)
+"Enter forbidden IP(s). Login attempts from these IPs will be prevented. Separated with add (,). eg : 123.123.0.*, 10.22.*.*","Enter forbidden IP(s). Login attempts from these IPs will be prevented. Separated with add (,). eg : 123.123.0.*, 10.22.*.*"
+Whitelist(s),Whitelist(s)
+"Enter IP(s) which is allowed to access website. Only login attempts from these IPs are granted. Separated with add (,). eg : 123.123.0.*, 10.22.*.*. Make sure you add your IP address first.","Enter IP(s) which is allowed to access website. Only login attempts from these IPs are granted. Separated with add (,). eg : 123.123.0.*, 10.22.*.*. Make sure you add your IP address first."
+"Last Login","Last Login"
+"IP Address","IP Address"
+"Clear All","Clear All"
+Delete,Delete
+"Delete Logs","Delete Logs"
+"Are you sure you wan't to delete selected Logs?","Are you sure you wan't to delete selected Logs?"
+"Browser Agent","Browser Agent"
+"Referer Url","Referer Url"
+View,View