mirror of
https://github.com/silverstripe/silverstripe-environmentcheck
synced 2024-10-22 17:05:40 +02:00
BUG Only present basic auth challenge if configured to use it
This commit is contained in:
parent
c5783a2450
commit
a54400681f
@ -44,6 +44,7 @@ class DevCheckController extends Controller
|
|||||||
}
|
}
|
||||||
|
|
||||||
$checker = new EnvironmentChecker($suite, 'Environment status');
|
$checker = new EnvironmentChecker($suite, 'Environment status');
|
||||||
|
$checker->setRequest($request);
|
||||||
$checker->init($this->config()->permission);
|
$checker->init($this->config()->permission);
|
||||||
|
|
||||||
return $checker;
|
return $checker;
|
||||||
|
@ -101,7 +101,7 @@ class EnvironmentCheckSuite
|
|||||||
/**
|
/**
|
||||||
* Run this test suite and return the result code of the worst result.
|
* Run this test suite and return the result code of the worst result.
|
||||||
*
|
*
|
||||||
* @return int
|
* @return EnvironmentCheckSuiteResult
|
||||||
*/
|
*/
|
||||||
public function run()
|
public function run()
|
||||||
{
|
{
|
||||||
@ -125,7 +125,7 @@ class EnvironmentCheckSuite
|
|||||||
/**
|
/**
|
||||||
* Get instances of all the environment checks.
|
* Get instances of all the environment checks.
|
||||||
*
|
*
|
||||||
* @return array
|
* @return EnvironmentChecker[]
|
||||||
* @throws InvalidArgumentException
|
* @throws InvalidArgumentException
|
||||||
*/
|
*/
|
||||||
protected function checkInstances()
|
protected function checkInstances()
|
||||||
|
@ -2,8 +2,8 @@
|
|||||||
|
|
||||||
namespace SilverStripe\EnvironmentCheck;
|
namespace SilverStripe\EnvironmentCheck;
|
||||||
|
|
||||||
use Psr\Log\LogLevel;
|
|
||||||
use Psr\Log\LoggerInterface;
|
use Psr\Log\LoggerInterface;
|
||||||
|
use Psr\Log\LogLevel;
|
||||||
use SilverStripe\Control\Director;
|
use SilverStripe\Control\Director;
|
||||||
use SilverStripe\Control\Email\Email;
|
use SilverStripe\Control\Email\Email;
|
||||||
use SilverStripe\Control\HTTPResponse;
|
use SilverStripe\Control\HTTPResponse;
|
||||||
@ -12,7 +12,6 @@ use SilverStripe\Control\RequestHandler;
|
|||||||
use SilverStripe\Core\Environment;
|
use SilverStripe\Core\Environment;
|
||||||
use SilverStripe\Core\Injector\Injector;
|
use SilverStripe\Core\Injector\Injector;
|
||||||
use SilverStripe\Dev\Deprecation;
|
use SilverStripe\Dev\Deprecation;
|
||||||
use SilverStripe\Security\BasicAuth;
|
|
||||||
use SilverStripe\Security\Member;
|
use SilverStripe\Security\Member;
|
||||||
use SilverStripe\Security\Permission;
|
use SilverStripe\Security\Permission;
|
||||||
use SilverStripe\Security\Security;
|
use SilverStripe\Security\Security;
|
||||||
@ -104,42 +103,29 @@ class EnvironmentChecker extends RequestHandler
|
|||||||
if (Environment::getEnv('ENVCHECK_BASICAUTH_USERNAME')
|
if (Environment::getEnv('ENVCHECK_BASICAUTH_USERNAME')
|
||||||
&& Environment::getEnv('ENVCHECK_BASICAUTH_PASSWORD')
|
&& Environment::getEnv('ENVCHECK_BASICAUTH_PASSWORD')
|
||||||
) {
|
) {
|
||||||
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
|
// Check that details are both provided, and match
|
||||||
// authenticate the input user/pass with the configured credentials
|
if (empty($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_PW'])
|
||||||
if (!(
|
|| $_SERVER['PHP_AUTH_USER'] != Environment::getEnv('ENVCHECK_BASICAUTH_USERNAME')
|
||||||
$_SERVER['PHP_AUTH_USER'] == Environment::getEnv('ENVCHECK_BASICAUTH_USERNAME')
|
|| $_SERVER['PHP_AUTH_PW'] != Environment::getEnv('ENVCHECK_BASICAUTH_PASSWORD')
|
||||||
&& $_SERVER['PHP_AUTH_PW'] == Environment::getEnv('ENVCHECK_BASICAUTH_PASSWORD')
|
) {
|
||||||
)
|
// Fail check with basic auth challenge
|
||||||
) {
|
|
||||||
$response = new HTTPResponse(null, 401);
|
|
||||||
$response->addHeader('WWW-Authenticate', "Basic realm=\"Environment check\"");
|
|
||||||
// Exception is caught by RequestHandler->handleRequest() and will halt further execution
|
|
||||||
$e = new HTTPResponse_Exception(null, 401);
|
|
||||||
$e->setResponse($response);
|
|
||||||
throw $e;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$response = new HTTPResponse(null, 401);
|
$response = new HTTPResponse(null, 401);
|
||||||
$response->addHeader('WWW-Authenticate', "Basic realm=\"Environment check\"");
|
$response->addHeader('WWW-Authenticate', "Basic realm=\"Environment check\"");
|
||||||
// Exception is caught by RequestHandler->handleRequest() and will halt further execution
|
throw new HTTPResponse_Exception($response);
|
||||||
$e = new HTTPResponse_Exception(null, 401);
|
|
||||||
$e->setResponse($response);
|
|
||||||
throw $e;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
if (!$this->canAccess(null, $permission)) {
|
|
||||||
return $this->httpError(403);
|
|
||||||
}
|
}
|
||||||
|
} elseif (!$this->canAccess(null, $permission)) {
|
||||||
|
// Fail check with silverstripe login challenge
|
||||||
|
$result = Security::permissionFailure($this, "You must have the {$permission} permission to access this check");
|
||||||
|
throw new HTTPResponse_Exception($result);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Determine if the current member can access the environment checker
|
||||||
|
*
|
||||||
* @param null|int|Member $member
|
* @param null|int|Member $member
|
||||||
* @param string $permission
|
* @param string $permission
|
||||||
*
|
|
||||||
* @return bool
|
* @return bool
|
||||||
*
|
|
||||||
* @throws HTTPResponse_Exception
|
|
||||||
*/
|
*/
|
||||||
public function canAccess($member = null, $permission = 'ADMIN')
|
public function canAccess($member = null, $permission = 'ADMIN')
|
||||||
{
|
{
|
||||||
@ -147,10 +133,6 @@ class EnvironmentChecker extends RequestHandler
|
|||||||
$member = Security::getCurrentUser();
|
$member = Security::getCurrentUser();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$member) {
|
|
||||||
$member = BasicAuth::requireLogin($this->getRequest(), 'Environment Checker', $permission, false);
|
|
||||||
}
|
|
||||||
|
|
||||||
// We allow access to this controller regardless of live-status or ADMIN permission only
|
// We allow access to this controller regardless of live-status or ADMIN permission only
|
||||||
// if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
|
// if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
|
||||||
if (Director::isDev()
|
if (Director::isDev()
|
||||||
@ -188,9 +170,9 @@ class EnvironmentChecker extends RequestHandler
|
|||||||
}
|
}
|
||||||
|
|
||||||
$resultText = $result->customise([
|
$resultText = $result->customise([
|
||||||
'URL' => Director::absoluteBaseURL(),
|
'URL' => Director::absoluteBaseURL(),
|
||||||
'Title' => $this->title,
|
'Title' => $this->title,
|
||||||
'Name' => $this->checkSuiteName,
|
'Name' => $this->checkSuiteName,
|
||||||
'ErrorCode' => $this->errorCode,
|
'ErrorCode' => $this->errorCode,
|
||||||
])->renderWith(__CLASS__);
|
])->renderWith(__CLASS__);
|
||||||
|
|
||||||
@ -237,7 +219,7 @@ class EnvironmentChecker extends RequestHandler
|
|||||||
* Sends a log entry to the configured PSR-3 LoggerInterface
|
* Sends a log entry to the configured PSR-3 LoggerInterface
|
||||||
*
|
*
|
||||||
* @param string $message
|
* @param string $message
|
||||||
* @param int $level
|
* @param int $level
|
||||||
*/
|
*/
|
||||||
public function log($message, $level)
|
public function log($message, $level)
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user