yii2-usuario
yii2-usuario copied to clipboard
2amigos
Suggestion: Recaptcha component can be at module level
Instead of defining a global recaptcha component at the app level... wondering if we can define this instead as a configuration at the module level (since the recaptcha is a module specific component) - based on which the recaptcha component can be stored as part of the module and not needed to be loaded globally.
'modules' => [
'user' => [
'recaptcha' => [
'class' => 'Da\User\Component\ReCaptchaComponent',
'key' => 'yourSiteKey',
'secret' => 'secretKeyGivenByGoogle'
]
]
]
I had the same thought at the beginning and then got into the feeling that would be better outside of the module. After I realized that not having the property on the module then user is forced to use a certain key name recaptcha. I think your suggestion is good and we should go that way.
Since version 2.0.13 modules support tree traversal.
https://github.com/yiisoft/yii2/blob/master/docs/guide/structure-modules.md#accessing-components-from-within-modules
Before 2.0.13 I add support to override module components by using Instance::ensure() method.
For example we have module:
<?php
namespace my\module;
class Module extends \yii\base\Module
{
/** @var \yii\caching\Cache */
public $cache = 'cache';
public function init()
{
// When module will be initialized, in $this->cache field will be \yii\caching\Cache instance
$this->cache = Instance::ensure($this->cache);
}
}
And in app config I can configure it like this:
// In this case will be used application cache component
[
'modules' => [
'myModule' [
'class' => my\module\Module::class,
],
],
]
// In this case we can configure cache component
[
'modules' => [
'myModule' [
'class' => my\module\Module::class,
'cache' => [
'class' => yii\redis\Cache::class,
// some cache config
],
],
],
]
Yes v2.0.13 does offer a better way to do this... by defining the same component at both levels (app and module if needed).
Specific to recaptcha the following are the reasons it makes sense to be used at module level:
- it is currently only needed within this module - (if needed separately - then it can be created as a separate extension - but I think this is more hard linked to this user module)
- it need not be loaded always globally at app level (in case there are scenarios where the developer is not loading the user module globally across his apps - i.e. frontend, backend etc.)
- the name
recaptchaneed not be hard coded at app level... we can have a module configuration to be able to define or override this
@kartik-v there are also some points to take into account with recaptcha:
- Some systems use recaptcha not only as a protection for their registration and login systems but also on other areas (i.e. contact forms)
- In crypto currency systems, I was also forced to include that as part of a requirement when x security information was needed
So, I think that we should not force user to work with the recaptcha uniquely within the module but also let the possibility to work as it is right now, as a global application component. Using recaptcha within the module allow us to get rid of the hard coded naming convention that is right now.
I suppose defining the component globally is always an option available to the developer.
By default the suggestion can be define it within the module and then if needed outside the module it can be defined outside.
For preventing the hard coded name - do you think providing a module level property like $recaptchaComponentName is good (if not set it will default to recaptcha)? This can allow folks to also do advanced configurations like multiple recaptcha component definitions and setting them in the $user module dynamically.
What about simply $recaptcha? That way we could allow the developer whether is a string which will relate to an application component or an array which should contain the configuration as you stated at the beginning of this issue thread:
[
'class' => 'Da\User\Component\ReCaptchaComponent',
'key' => 'yourSiteKey',
'secret' => 'secretKeyGivenByGoogle'
]
What about simply $recaptcha? That way we could allow the developer whether is a string which will relate to an application component or an array which should contain the configuration as you stated at the beginning of this issue thread:
👍