silverstripe-framework/src/Security/MemberAuthenticator/CMSMemberLoginForm.php

<?php

namespace SilverStripe\Security\MemberAuthenticator;

use SilverStripe\Control\Controller;
use SilverStripe\Control\RequestHandler;
use SilverStripe\Core\Convert;
use SilverStripe\Forms\CheckboxField;
use SilverStripe\Forms\FieldList;
use SilverStripe\Forms\FormAction;
use SilverStripe\Forms\HiddenField;
use SilverStripe\Forms\LiteralField;
use SilverStripe\Forms\PasswordField;
use SilverStripe\Security\RememberLoginHash;
use SilverStripe\Security\Security;

/**
 * Provides the in-cms session re-authentication form for the "member" authenticator
 */
class CMSMemberLoginForm extends MemberLoginForm
{

    /**
     * CMSMemberLoginForm constructor.
     * @param RequestHandler $controller
     * @param string $authenticatorClass
     * @param FieldList $name
     */
    public function __construct(RequestHandler $controller, $authenticatorClass, $name)
    {
        $this->controller = $controller;

        $this->setAuthenticatorClass($authenticatorClass);

        $fields = $this->getFormFields();

        $actions = $this->getFormActions();

        parent::__construct($controller, $authenticatorClass, $name, $fields, $actions);

        $this->addExtraClass('form--no-dividers');
    }

    /**
     * @return FieldList
     */
    public function getFormFields()
    {
        // Set default fields
        $fields = FieldList::create([
            HiddenField::create("AuthenticationMethod", null, $this->getAuthenticatorClass(), $this),
            HiddenField::create('tempid', null, $this->controller->getRequest()->requestVar('tempid')),
            PasswordField::create("Password", _t('SilverStripe\\Security\\Member.PASSWORD', 'Password'))
        ]);

        if (Security::config()->get('autologin_enabled')) {
            $fields->insertAfter(
                'Password',
                CheckboxField::create(
                    "Remember",
                    _t(
                        'SilverStripe\\Security\\Member.KEEP_ME_SIGNED_IN',
                        'Keep me signed in for {count} days',
                        [ 'count' => RememberLoginHash::config()->uninherited('token_expiry_days') ]
                    )
                )
                    ->setAttribute(
                        'title',
                        _t(
                            'SilverStripe\\Security\\Member.KEEP_ME_SIGNED_IN_TOOLTIP',
                            'You will remain authenticated on this device for {count} days. Only use this feature if you trust the device you are using.',
                            ['count' => RememberLoginHash::config()->uninherited('token_expiry_days')]
                        )
                    )
            );
        }

        return $fields;
    }

    /**
     * @return FieldList
     */
    public function getFormActions()
    {
        // Determine returnurl to redirect to parent page
        $logoutLink = $this->getExternalLink('logout');
        if ($returnURL = $this->controller->getRequest()->requestVar('BackURL')) {
            $logoutLink = Controller::join_links($logoutLink, '?BackURL=' . urlencode($returnURL ?? ''));
        }

        // Make actions
        $actions = FieldList::create([
            FormAction::create('doLogin', _t(__CLASS__ . '.BUTTONLOGIN', "Let me back in"))
                ->addExtraClass('btn-primary'),
            LiteralField::create(
                'doLogout',
                sprintf(
                    '<a class="btn btn-secondary" href="%s" target="_top">%s</a>',
                    Convert::raw2att($logoutLink),
                    _t(__CLASS__ . '.BUTTONLOGOUT', "Log out")
                )
            ),
            LiteralField::create(
                'forgotPassword',
                sprintf(
                    '<a href="%s" class="cms-security__container__form__forgotPassword btn btn-secondary" target="_top">%s</a>',
                    $this->getExternalLink('lostpassword'),
                    _t(__CLASS__ . '.BUTTONFORGOTPASSWORD', "Forgot password")
                )
            )
        ]);

        return $actions;
    }

    /**
     * Get link to use for external security actions
     *
     * @param string $action Action
     * @return string
     */
    public function getExternalLink($action = null)
    {
        return Security::singleton()->Link($action);
    }

    /**
     * @return string
     */
    public function getAuthenticatorName()
    {
        return _t(__CLASS__ . '.AUTHENTICATORNAME', 'CMS Member Login Form');
    }
}
API Enable re-authentication within the CMS if a user session is lost BUG Resolve issue with error redirection being ignored within CMS BUG Fix issue with invalid securityID being re-emitted on failure 2014-10-06 05:01:33 +02:00			`<?php`

CMS Login Handling Move to canLogin in the authentication check. Protected isLockedOut Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken. logOut could be managed from the Authenticator instead of the member 2017-04-30 05:17:26 +02:00			`namespace SilverStripe\Security\MemberAuthenticator;`
API Apply Framework\Security namespace 2016-06-23 01:37:22 +02:00
API Namespace all classes Namespace all templates Move difflib and BBCodeParser2 to thirdparty Remove deprecated API marked for removal in 4.0 2016-08-19 00:51:35 +02:00			`use SilverStripe\Control\Controller;`
CMS Login Handling Move to canLogin in the authentication check. Protected isLockedOut Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken. logOut could be managed from the Authenticator instead of the member 2017-04-30 05:17:26 +02:00			`use SilverStripe\Control\RequestHandler;`
ENHANCEMENT Update style of CMSLogin form 2017-05-31 07:48:16 +02:00			`use SilverStripe\Core\Convert;`
API Namespace all classes Namespace all templates Move difflib and BBCodeParser2 to thirdparty Remove deprecated API marked for removal in 4.0 2016-08-19 00:51:35 +02:00			`use SilverStripe\Forms\CheckboxField;`
Use `Config` for authenticator settings 2017-04-17 05:07:28 +02:00			`use SilverStripe\Forms\FieldList;`
API Namespace all classes Namespace all templates Move difflib and BBCodeParser2 to thirdparty Remove deprecated API marked for removal in 4.0 2016-08-19 00:51:35 +02:00			`use SilverStripe\Forms\FormAction;`
Use `Config` for authenticator settings 2017-04-17 05:07:28 +02:00			`use SilverStripe\Forms\HiddenField;`
			`use SilverStripe\Forms\LiteralField;`
			`use SilverStripe\Forms\PasswordField;`
ENHANCEMENT Update style of CMSLogin form 2017-05-31 07:48:16 +02:00			`use SilverStripe\Security\RememberLoginHash;`
CMS Login Handling Move to canLogin in the authentication check. Protected isLockedOut Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken. logOut could be managed from the Authenticator instead of the member 2017-04-30 05:17:26 +02:00			`use SilverStripe\Security\Security;`
API Apply Framework\Security namespace 2016-06-23 01:37:22 +02:00
API Enable re-authentication within the CMS if a user session is lost BUG Resolve issue with error redirection being ignored within CMS BUG Fix issue with invalid securityID being re-emitted on failure 2014-10-06 05:01:33 +02:00			`/**`
			`* Provides the in-cms session re-authentication form for the "member" authenticator`
			`*/`
Feedback from Damian. - Move the success and message to a validationresult - Fix tests for validationresult return - We need to clear the session in Test logOut method - Rename to MemberAuthenticator and CMSMemberAuthenticator for consistency. - Unify all to getCurrentUser on Security - ChangePasswordHandler removed from Security - Update SapphireTest for CMS login/logout - Get the Member ID correctly, if it's an object. - Only enable "remember me" when it's allowed. - Add flag to disable password logging - Remove Subsites coupling, give it an extension hook to disable itself - Change cascadeLogInTo to cascadeInTo for the logout method logic naming - Docblocks - Basicauth config 2017-05-30 09:42:00 +02:00			`class CMSMemberLoginForm extends MemberLoginForm`
PSR2: Whitespace-only changes 2016-11-29 00:31:16 +01:00			`{`

Use `Config` for authenticator settings 2017-04-17 05:07:28 +02:00			`/**`
			`* CMSMemberLoginForm constructor.`
CMS Login Handling Move to canLogin in the authentication check. Protected isLockedOut Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken. logOut could be managed from the Authenticator instead of the member 2017-04-30 05:17:26 +02:00			`* @param RequestHandler $controller`
Use `Config` for authenticator settings 2017-04-17 05:07:28 +02:00			`* @param string $authenticatorClass`
			`* @param FieldList $name`
			`*/`
CMS Login Handling Move to canLogin in the authentication check. Protected isLockedOut Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken. logOut could be managed from the Authenticator instead of the member 2017-04-30 05:17:26 +02:00			`public function __construct(RequestHandler $controller, $authenticatorClass, $name)`
Use `Config` for authenticator settings 2017-04-17 05:07:28 +02:00			`{`
			`$this->controller = $controller;`

API LoginForm::authentiator_class is now deprecated, use getters or setters instead 2018-11-05 13:47:47 +01:00			`$this->setAuthenticatorClass($authenticatorClass);`
Use `Config` for authenticator settings 2017-04-17 05:07:28 +02:00
			`$fields = $this->getFormFields();`

			`$actions = $this->getFormActions();`

CMS Login Handling Move to canLogin in the authentication check. Protected isLockedOut Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken. logOut could be managed from the Authenticator instead of the member 2017-04-30 05:17:26 +02:00			`parent::__construct($controller, $authenticatorClass, $name, $fields, $actions);`
ENHANCEMENT Update style of CMSLogin form 2017-05-31 07:48:16 +02:00
			`$this->addExtraClass('form--no-dividers');`
Use `Config` for authenticator settings 2017-04-17 05:07:28 +02:00			`}`

			`/**`
			`* @return FieldList`
			`*/`
			`public function getFormFields()`
PSR2: Whitespace-only changes 2016-11-29 00:31:16 +01:00			`{`
			`// Set default fields`
CMS Login Handling Move to canLogin in the authentication check. Protected isLockedOut Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken. logOut could be managed from the Authenticator instead of the member 2017-04-30 05:17:26 +02:00			`$fields = FieldList::create([`
API LoginForm::authentiator_class is now deprecated, use getters or setters instead 2018-11-05 13:47:47 +01:00			`HiddenField::create("AuthenticationMethod", null, $this->getAuthenticatorClass(), $this),`
Use `Config` for authenticator settings 2017-04-17 05:07:28 +02:00			`HiddenField::create('tempid', null, $this->controller->getRequest()->requestVar('tempid')),`
ENHANCEMENT Update style of CMSLogin form 2017-05-31 07:48:16 +02:00			`PasswordField::create("Password", _t('SilverStripe\\Security\\Member.PASSWORD', 'Password'))`
CMS Login Handling Move to canLogin in the authentication check. Protected isLockedOut Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken. logOut could be managed from the Authenticator instead of the member 2017-04-30 05:17:26 +02:00			`]);`
PSR2: Whitespace-only changes 2016-11-29 00:31:16 +01:00
CMS Login Handling Move to canLogin in the authentication check. Protected isLockedOut Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken. logOut could be managed from the Authenticator instead of the member 2017-04-30 05:17:26 +02:00			`if (Security::config()->get('autologin_enabled')) {`
ENHANCEMENT Update style of CMSLogin form 2017-05-31 07:48:16 +02:00			`$fields->insertAfter(`
			`'Password',`
			`CheckboxField::create(`
			`"Remember",`
			`_t(`
ENH Remove wording for authenticated devices being manageable 2021-06-17 23:50:13 +02:00			`'SilverStripe\\Security\\Member.KEEP_ME_SIGNED_IN',`
			`'Keep me signed in for {count} days',`
ENHANCEMENT Update style of CMSLogin form 2017-05-31 07:48:16 +02:00			`[ 'count' => RememberLoginHash::config()->uninherited('token_expiry_days') ]`
			`)`
			`)`
Use new designs 2021-04-08 02:32:12 +02:00			`->setAttribute(`
			`'title',`
			`_t(`
			`'SilverStripe\\Security\\Member.KEEP_ME_SIGNED_IN_TOOLTIP',`
ENH Remove wording for authenticated devices being manageable 2021-06-17 23:50:13 +02:00			`'You will remain authenticated on this device for {count} days. Only use this feature if you trust the device you are using.',`
Use new designs 2021-04-08 02:32:12 +02:00			`['count' => RememberLoginHash::config()->uninherited('token_expiry_days')]`
			`)`
			`)`
ENHANCEMENT Update style of CMSLogin form 2017-05-31 07:48:16 +02:00			`);`
PSR2: Whitespace-only changes 2016-11-29 00:31:16 +01:00			`}`

Use `Config` for authenticator settings 2017-04-17 05:07:28 +02:00			`return $fields;`
			`}`

			`/**`
			`* @return FieldList`
			`*/`
			`public function getFormActions()`
			`{`
PSR2: Whitespace-only changes 2016-11-29 00:31:16 +01:00			`// Determine returnurl to redirect to parent page`
			`$logoutLink = $this->getExternalLink('logout');`
Use `Config` for authenticator settings 2017-04-17 05:07:28 +02:00			`if ($returnURL = $this->controller->getRequest()->requestVar('BackURL')) {`
ENH PHP 8.1 compatibility 2022-04-14 03:12:59 +02:00			`$logoutLink = Controller::join_links($logoutLink, '?BackURL=' . urlencode($returnURL ?? ''));`
PSR2: Whitespace-only changes 2016-11-29 00:31:16 +01:00			`}`

			`// Make actions`
CMS Login Handling Move to canLogin in the authentication check. Protected isLockedOut Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken. logOut could be managed from the Authenticator instead of the member 2017-04-30 05:17:26 +02:00			`$actions = FieldList::create([`
Fixing string concat CS issues 2018-01-16 19:39:30 +01:00			`FormAction::create('doLogin', _t(__CLASS__ . '.BUTTONLOGIN', "Let me back in"))`
ENHANCEMENT Update style of CMSLogin form 2017-05-31 07:48:16 +02:00			`->addExtraClass('btn-primary'),`
PSR2: Whitespace-only changes 2016-11-29 00:31:16 +01:00			`LiteralField::create(`
			`'doLogout',`
			`sprintf(`
ENHANCEMENT Update style of CMSLogin form 2017-05-31 07:48:16 +02:00			`'<a class="btn btn-secondary" href="%s" target="_top">%s</a>',`
			`Convert::raw2att($logoutLink),`
Fixing string concat CS issues 2018-01-16 19:39:30 +01:00			`_t(__CLASS__ . '.BUTTONLOGOUT', "Log out")`
ENHANCEMENT Update style of CMSLogin form 2017-05-31 07:48:16 +02:00			`)`
			`),`
			`LiteralField::create(`
			`'forgotPassword',`
			`sprintf(`
BUG Incorrect path for requirements file 2017-09-12 05:23:36 +02:00			`'<a href="%s" class="cms-security__container__form__forgotPassword btn btn-secondary" target="_top">%s</a>',`
ENHANCEMENT Update style of CMSLogin form 2017-05-31 07:48:16 +02:00			`$this->getExternalLink('lostpassword'),`
Fixing string concat CS issues 2018-01-16 19:39:30 +01:00			`_t(__CLASS__ . '.BUTTONFORGOTPASSWORD', "Forgot password")`
PSR2: Whitespace-only changes 2016-11-29 00:31:16 +01:00			`)`
			`)`
CMS Login Handling Move to canLogin in the authentication check. Protected isLockedOut Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken. logOut could be managed from the Authenticator instead of the member 2017-04-30 05:17:26 +02:00			`]);`
PSR2: Whitespace-only changes 2016-11-29 00:31:16 +01:00
Use `Config` for authenticator settings 2017-04-17 05:07:28 +02:00			`return $actions;`
PSR2: Whitespace-only changes 2016-11-29 00:31:16 +01:00			`}`

CMS Login Handling Move to canLogin in the authentication check. Protected isLockedOut Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken. logOut could be managed from the Authenticator instead of the member 2017-04-30 05:17:26 +02:00			`/**`
			`* Get link to use for external security actions`
			`*`
			`* @param string $action Action`
			`* @return string`
			`*/`
			`public function getExternalLink($action = null)`
PSR2: Whitespace-only changes 2016-11-29 00:31:16 +01:00			`{`
CMS Login Handling Move to canLogin in the authentication check. Protected isLockedOut Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken. logOut could be managed from the Authenticator instead of the member 2017-04-30 05:17:26 +02:00			`return Security::singleton()->Link($action);`
PSR2: Whitespace-only changes 2016-11-29 00:31:16 +01:00			`}`
Pass the AuthenticationMethod to the controller Resolves issue #6788 The AuthenticationMethed is passed in via hidden field as per usual, but due to changes, the fallback authenticator was always the MemberAuthenticator and the actual passed in authenticator was defaulting to an empty string. This causes an issue when there are multiple authenticators and the default authenticator is _not_ in the allowed authenticators, but is still the default. It caused the getAuthenticator method to return the default MemberAuthenticator to be returned, despite it being disabled. A second issue around multiple authenticators, was the template using a no-longer used method `getAuthenticatorName`. This method returned a null on the default MemberLoginForm (as nothing was set), causing a Warning. Because the getAuthenticator and getAuthenticatorName are no longer in use, I've opted to replace these with a translatable string `getAuthenticatorName`, to display the title of the form on the tabs, as per the tabset on Security_MultiAuthenticatorLogin template. 2017-04-14 05:30:55 +02:00
			`/**`
			`* @return string`
			`*/`
			`public function getAuthenticatorName()`
			`{`
Fixing string concat CS issues 2018-01-16 19:39:30 +01:00			`return _t(__CLASS__ . '.AUTHENTICATORNAME', 'CMS Member Login Form');`
Pass the AuthenticationMethod to the controller Resolves issue #6788 The AuthenticationMethed is passed in via hidden field as per usual, but due to changes, the fallback authenticator was always the MemberAuthenticator and the actual passed in authenticator was defaulting to an empty string. This causes an issue when there are multiple authenticators and the default authenticator is _not_ in the allowed authenticators, but is still the default. It caused the getAuthenticator method to return the default MemberAuthenticator to be returned, despite it being disabled. A second issue around multiple authenticators, was the template using a no-longer used method `getAuthenticatorName`. This method returned a null on the default MemberLoginForm (as nothing was set), causing a Warning. Because the getAuthenticator and getAuthenticatorName are no longer in use, I've opted to replace these with a translatable string `getAuthenticatorName`, to display the title of the form on the tabs, as per the tabset on Security_MultiAuthenticatorLogin template. 2017-04-14 05:30:55 +02:00			`}`
API Enable re-authentication within the CMS if a user session is lost BUG Resolve issue with error redirection being ignored within CMS BUG Fix issue with invalid securityID being re-emitted on failure 2014-10-06 05:01:33 +02:00			`}`