Yii 3 progress, Yii 2 and extension releases. Many part of Yii 3 guide ready.
Feb 20, 2020
LUYA admin 3.0.0 release
You can now set up two-factor authentication for your account, rendering the need to send access tokens by email unnecessary. If secure login is set up, no access tokens will be sent to users with active two-factor authentication and OTP.
With version 3.0 it is now possible to remember devices: If the remember this device checkbox is ticked on login, you will be logged in automatically for a certain amount of days on this device without being asked for a password or access token. How does this work? LUYA will store a device-specific unique token in a cookie that will be retrieved when accessing the admin ui. If you are inactive for too long and the admin logs you out, the cookie with this information will be destroyed and the device will be removed from the list of remembered devices. So better don't fall asleep while typing. ;-)
The account view received a small overhaul with accordions, an element widely used in the admin ui (it's an AngularJS directive that you can use everywhere in your custom LUYA code:
<collapse-container title="Advanced Settings">Content</collapse-container>).
The integration with Yii Queue gets even deeper: Exceptions thrown while the queue is running are now logged for each retry. Even when a job is finished successfully in the end, all exceptions and errors thrown while processing the job are stored and visible. This makes it much easier to debug queue jobs!
Finally! A new button "Forgot Your Password?" is added to the login screen when enabled in the admin module configuration. By default it is disabled due to a small security risk. In order to enable the new option, set the LUYA admin module property
$resetPassword to true.
By the way, if you would like to have a random image as a background of the login screen, simply install the login image extension https://luya.io/packages/nadar--luya-login-image.
In the previous version of the LUYA admin we had integrated a session based lockout: If you failed to login a certain amount of tries, your session profile was locked out. As it is rather easy to clear session data, we have now implemented an IP based lockout. While it would still be possible to switch IPs, this method is preferred to session based lockout. In case of a brute-force attack and a breach of the email address, the email based lockout will take effect.
February 2020, LUYA developer team
Feb 19, 2020
Good set of advice about how to write code.
Software engineering principles, from Robert C. Martin's book Clean Code, adapted for PHP. This is not a style guide. It's a guide to producing readable, reusable, and refactorable software in PHP.
Not every principle herein has to be strictly followed, and even fewer will be universally agreed upon. These are guidelines and nothing more, but they are ones codified over many years of collective experience by the authors of Clean Code.