[TylerAustin] Google One Tap Sign-In - XF2 1.1.0

Thank you for your consistent support and assistance in improving this add-on. This version of the XF2 Add-on includes several bug fixes and enhancements.

Full Changelog:

Change:

• Updated firebase/php-jwt from v7.0.3 to v7.0.5.
• Removed the login-page and register-page template modification from template_modifications.xml
  • The login form and register form no longer gets a .google-one-tap-container injected above it.
• On /login, the script now removes any old injected container and skips google.accounts.id.renderButton(...).
  • The One Tap popup still runs through google.accounts.id.prompt().

Bug Fixes:

• Keeps the associated Google-account card rendering reliably instead of collapsing to empty/generic output.
• Added DB fallback when provider_data entity access fails under third-party XF extensions.
• Callback handling now consistently respects the global enable flag and googleOneTap.use policy, and reads JSON/raw request bodies properly.
• Restored fixed missing XF\Entity\UserProfile extension registration is in place, so the user opt-out normalization code is actually active after rebuild/import.
• Fixed the connected-account profile JS so root-relative local avatar URLs render, not just absolute http(s) URLs.
• Fixed profile/avatar URLs is not rendering in connected account page

Thank you for your consistent support and assistance in improving this add-on. This version of the XF2 Add-on includes several bug fixes and a few changes.

Full Changelog:

• Added mask + reveal behavior on Google connected-account provider ACP page (client ID + client secret fields):
• Switched these options to callback renderers so they are password-masked by default:
• Hardened setup constants and reuse (ADDON_ID) to reduce drift.
• Added legacy option-group migration cleanup (google_one_tap -> googleOneTap) and uninstall cleanup for both IDs.
• Fixed log table backfill safety: when log_id is added in fallback mode, it now gets setDefault(0) to avoid strict-schema insert failures.
• Added defensive table/column existence checks before provider-link migration to avoid SQL failures on partial/odd installs.
• Added safe tableExists() helper and used it in provider migration flow.
• Hardened group detection in templaterMacroPreRender() with OptionGroup type checks (prevents invalid access warnings).
• Hardened callback CSRF behavior: If Google g_csrf_token is absent, controller now requires valid XenForo CSRF token.
• Replaced fragile phrase-key usage in tab labels with stable literals (no phrase dependency regressions).
• Removed suppressed logging and made debug logging safer (isDebugEnabled() + user id only).
• Added strict_types and made handler final.
• Fixed method signatures to be compatibility-safe across XF handler variations (...$extra variadics).
• Added recursion guard to prevent self-trigger logging loops.
• Removed internal XF::logError() recursion risk; now writes to PHP error log directly.
• Added request-context safety for non-web/edge contexts.
• Added URI/token redaction and truncation to reduce sensitive data leakage and oversized log entries.
• Hardened serialized-data handling to prevent object deserialization via allowed_classes => false.
• Fixed table-name resolution fallback in user entity logic so installs with atypical DB prefix/table setups don’t fail lookup/upsert paths.
• Fixed optional client-id validator mismatch so empty client ID is accepted where intended.
• Fixed provider-data class inheritance bug (namespace/import correctness):
• Fixed DB schema detection bug for provider_data column type (safer SHOW COLUMNS handling):
• Fixed potential runtime break when third-party add-ons change XF:Login->completeLogin() signature.
• Added a compatibility wrapper and switched to redirect after login completion.
• Added missing One Tap opt-out enforcement in legacy login controller:
• Added missing One Tap opt-out + banned-email enforcement in legacy user login controller:
• Added powerful filters in AdminCP Log Viewer:
  • message search
  • username contains
  • user ID
  • date range (from / to)
  • context filter (auto-detected from log tags like [callback], [login], [connected])
  • per-page size (25/50/100/200)
• Added context column for each log row.
• Added truncation + expand (<details>) for very long log messages.
• Added filtered-clear behavior:
  • if filters are active, “Clear filtered logs” only deletes matching rows
  • if no filters, clears all logs as before
• Added matching/total counter at top of the page.
• Upgraded vulnerable JWT dependency to remove the current advisory:
  • Vendor updated to firebase/php-jwt v7.0.3.
• Added a new ACP option googleOneTap_enable_failures_widget (default 0 / OFF) to control failures-widget visibility for both front-end and AdminCP widget contexts.

Thank you for your unwavering support and assistance in further enhancing this add-on. This version of the XF2 Add-on includes several bug fixes and changes.

Full Changelog(s):

• Schema-safe connected-account upsert now fills required custom columns (including extra_data) when they have no default:
• Added generated-column guard so DB-generated fields are not inserted:
• Increased One Tap callback fetch abort timeout from 15000 to 45000 to reduce false client aborts on slower callback processing:
• Added missing repository init in completion action:
• Fixed callback logic so mapped users who are blocked (including email_confirm when option is OFF) are not treated as stale and deleted:
• Added explicit blocked-login message for email_confirm when option is OFF: