mirror of
https://github.com/silverstripe/silverstripe-environmentcheck
synced 2024-10-22 17:05:40 +02:00
BUG Only present basic auth challenge if configured to use it
This commit is contained in:
parent
c5783a2450
commit
a54400681f
@ -44,6 +44,7 @@ class DevCheckController extends Controller
|
||||
}
|
||||
|
||||
$checker = new EnvironmentChecker($suite, 'Environment status');
|
||||
$checker->setRequest($request);
|
||||
$checker->init($this->config()->permission);
|
||||
|
||||
return $checker;
|
||||
|
@ -101,7 +101,7 @@ class EnvironmentCheckSuite
|
||||
/**
|
||||
* Run this test suite and return the result code of the worst result.
|
||||
*
|
||||
* @return int
|
||||
* @return EnvironmentCheckSuiteResult
|
||||
*/
|
||||
public function run()
|
||||
{
|
||||
@ -125,7 +125,7 @@ class EnvironmentCheckSuite
|
||||
/**
|
||||
* Get instances of all the environment checks.
|
||||
*
|
||||
* @return array
|
||||
* @return EnvironmentChecker[]
|
||||
* @throws InvalidArgumentException
|
||||
*/
|
||||
protected function checkInstances()
|
||||
|
@ -2,8 +2,8 @@
|
||||
|
||||
namespace SilverStripe\EnvironmentCheck;
|
||||
|
||||
use Psr\Log\LogLevel;
|
||||
use Psr\Log\LoggerInterface;
|
||||
use Psr\Log\LogLevel;
|
||||
use SilverStripe\Control\Director;
|
||||
use SilverStripe\Control\Email\Email;
|
||||
use SilverStripe\Control\HTTPResponse;
|
||||
@ -12,7 +12,6 @@ use SilverStripe\Control\RequestHandler;
|
||||
use SilverStripe\Core\Environment;
|
||||
use SilverStripe\Core\Injector\Injector;
|
||||
use SilverStripe\Dev\Deprecation;
|
||||
use SilverStripe\Security\BasicAuth;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\Permission;
|
||||
use SilverStripe\Security\Security;
|
||||
@ -104,42 +103,29 @@ class EnvironmentChecker extends RequestHandler
|
||||
if (Environment::getEnv('ENVCHECK_BASICAUTH_USERNAME')
|
||||
&& Environment::getEnv('ENVCHECK_BASICAUTH_PASSWORD')
|
||||
) {
|
||||
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
|
||||
// authenticate the input user/pass with the configured credentials
|
||||
if (!(
|
||||
$_SERVER['PHP_AUTH_USER'] == Environment::getEnv('ENVCHECK_BASICAUTH_USERNAME')
|
||||
&& $_SERVER['PHP_AUTH_PW'] == Environment::getEnv('ENVCHECK_BASICAUTH_PASSWORD')
|
||||
)
|
||||
// Check that details are both provided, and match
|
||||
if (empty($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_PW'])
|
||||
|| $_SERVER['PHP_AUTH_USER'] != Environment::getEnv('ENVCHECK_BASICAUTH_USERNAME')
|
||||
|| $_SERVER['PHP_AUTH_PW'] != Environment::getEnv('ENVCHECK_BASICAUTH_PASSWORD')
|
||||
) {
|
||||
// Fail check with basic auth challenge
|
||||
$response = new HTTPResponse(null, 401);
|
||||
$response->addHeader('WWW-Authenticate', "Basic realm=\"Environment check\"");
|
||||
// Exception is caught by RequestHandler->handleRequest() and will halt further execution
|
||||
$e = new HTTPResponse_Exception(null, 401);
|
||||
$e->setResponse($response);
|
||||
throw $e;
|
||||
}
|
||||
} else {
|
||||
$response = new HTTPResponse(null, 401);
|
||||
$response->addHeader('WWW-Authenticate', "Basic realm=\"Environment check\"");
|
||||
// Exception is caught by RequestHandler->handleRequest() and will halt further execution
|
||||
$e = new HTTPResponse_Exception(null, 401);
|
||||
$e->setResponse($response);
|
||||
throw $e;
|
||||
}
|
||||
} else {
|
||||
if (!$this->canAccess(null, $permission)) {
|
||||
return $this->httpError(403);
|
||||
throw new HTTPResponse_Exception($response);
|
||||
}
|
||||
} elseif (!$this->canAccess(null, $permission)) {
|
||||
// Fail check with silverstripe login challenge
|
||||
$result = Security::permissionFailure($this, "You must have the {$permission} permission to access this check");
|
||||
throw new HTTPResponse_Exception($result);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine if the current member can access the environment checker
|
||||
*
|
||||
* @param null|int|Member $member
|
||||
* @param string $permission
|
||||
*
|
||||
* @return bool
|
||||
*
|
||||
* @throws HTTPResponse_Exception
|
||||
*/
|
||||
public function canAccess($member = null, $permission = 'ADMIN')
|
||||
{
|
||||
@ -147,10 +133,6 @@ class EnvironmentChecker extends RequestHandler
|
||||
$member = Security::getCurrentUser();
|
||||
}
|
||||
|
||||
if (!$member) {
|
||||
$member = BasicAuth::requireLogin($this->getRequest(), 'Environment Checker', $permission, false);
|
||||
}
|
||||
|
||||
// We allow access to this controller regardless of live-status or ADMIN permission only
|
||||
// if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
|
||||
if (Director::isDev()
|
||||
|
Loading…
Reference in New Issue
Block a user