Fix must change password (#5638)

* Fix must change password * Update CHANGELOG.md (#5638) * Improve access validation * Update CHANGELOG.md Co-authored-by: Lucas Bartholemy <luke-@users.noreply.github.com>
humhub · Apr 19, 2022 · eb83de2 · eb83de2
1 parent abe0f3c
commit eb83de2
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 12 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@ HumHub Changelog
 - Fix #5517: Don't send "Follows" notification on request friendship
 - Fix #5563: Limit backup duration of RichText editor for 2 hours
 - Enh #5601: Backup RichText in sessionStorage
+- Fix #5638: Removed return values from `codeCallback`
 - Fix #5634: Fix tests NonceCest
 - Fix #5644: Fix console command space/assign-all-members
 

diff --git a/protected/humhub/components/behaviors/AccessControl.php b/protected/humhub/components/behaviors/AccessControl.php
@@ -11,9 +11,7 @@
 use humhub\components\access\ControllerAccess;
 use Yii;
 use yii\base\ActionFilter;
-use yii\helpers\Url;
 use yii\web\HttpException;
-use yii\web\Response;
 
 /**
  * Handles the AccessControl for a Controller.
@@ -151,12 +149,13 @@ public function beforeAction($action)
                 method_exists($this, $this->controllerAccess->codeCallback)) {
                 // Call a specific function for current action filter,
                 // may be used to filter a logged in user for some restriction e.g. "must change password"
-                return call_user_func([$this, $this->controllerAccess->codeCallback]);
+                call_user_func([$this, $this->controllerAccess->codeCallback]);
             } else if ($this->controllerAccess->code == 401) {
-                return $this->loginRequired();
+                $this->loginRequired();
             } else {
                 $this->forbidden();
             }
+            return false;
         }
 
         return parent::beforeAction($action);
@@ -217,31 +216,27 @@ protected function forbidden()
     }
 
     /**
-     * @return bool forces user login
+     * Force user to log in
      */
     protected function loginRequired()
     {
         Yii::$app->user->logout();
         Yii::$app->user->loginRequired();
-
-        return false;
     }
 
     /**
-     * @return Response Redirect user to force to change password
+     * Force user to redirect to change password
      * @since 1.8
      */
     protected function forceChangePassword()
     {
         if (!Yii::$app->user->isMustChangePasswordUrl()) {
-            return Yii::$app->getResponse()->redirect(Url::toRoute(Yii::$app->user->mustChangePasswordRoute));
+            Yii::$app->getResponse()->redirect([Yii::$app->user->mustChangePasswordRoute]);
         }
     }
 
     /**
      * Log out all non admin users when maintenance mode is active
-     *
-     * @return Response Redirect to home page
      * @since 1.8
      */
     protected function checkMaintenanceMode()
@@ -251,7 +246,7 @@ protected function checkMaintenanceMode()
                 Yii::$app->user->logout();
                 Yii::$app->getView()->warn(Yii::t('error', 'Maintenance mode activated: You have been automatically logged out and will no longer have access the platform until the maintenance has been completed.'));
             }
-            return Yii::$app->getResponse()->redirect(['/user/auth/login']);
+            Yii::$app->getResponse()->redirect(['/user/auth/login']);
         }
     }
 }