mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Separate out the log-out handling.
Repairing tests and regressions Consistently use `Security::getCurrentUser()` and `Security::setCurrentUser()` Fix for the logout handler to properly logout, some minor wording updates Remove the login hashes for the member when logging out. BasicAuth to use `HTTPRequest`
This commit is contained in:
Simon Erkelens
parent
f9ea752bae
commit
2b26cafcff
@ -30,7 +30,7 @@ Example: Disallow creation of new players if the currently logged-in player is n
|
||||
public function onBeforeWrite() {
|
||||
// check on first write action, aka "database row creation" (ID-property is not set)
|
||||
if(!$this->isInDb()) {
|
||||
$currentPlayer = Member::currentUser();
|
||||
$currentPlayer = Security::getCurrentUser();
|
||||
|
||||
if(!$currentPlayer->IsTeamManager()) {
|
||||
user_error('Player-creation not allowed', E_USER_ERROR);
|
||||
|
||||
@ -9,7 +9,7 @@ checks. Often it makes sense to centralize those checks on the model, regardless
|
||||
The API provides four methods for this purpose: `canEdit()`, `canCreate()`, `canView()` and `canDelete()`.
|
||||
|
||||
Since they're PHP methods, they can contain arbitrary logic matching your own requirements. They can optionally receive
|
||||
a `$member` argument, and default to the currently logged in member (through `Member::currentUser()`).
|
||||
a `$member` argument, and default to the currently logged in member (through `Security::getCurrentUser()`).
|
||||
|
||||
<div class="notice" markdown="1">
|
||||
By default, all `DataObject` subclasses can only be edited, created and viewed by users with the 'ADMIN' permission
|
||||
|
||||
@ -40,7 +40,7 @@ includes [api:Controller], [api:FormField] and [api:DataObject] instances.
|
||||
```php
|
||||
$controller->renderWith(array('MyController', 'MyBaseController'));
|
||||
|
||||
Member::currentUser()->renderWith('Member_Profile');
|
||||
Security::getCurrentUser()->renderWith('Member_Profile');
|
||||
```
|
||||
|
||||
`renderWith` can be used to override the default template process. For instance, to provide an ajax version of a
|
||||
|
||||
@ -109,7 +109,7 @@ we added a `SayHi` method which is unique to our extension.
|
||||
|
||||
**mysite/code/Page.php**
|
||||
:::php
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
echo $member->SayHi;
|
||||
|
||||
// "Hi Sam"
|
||||
@ -220,7 +220,7 @@ To see what extensions are currently enabled on an object, use [api:Object::getE
|
||||
|
||||
|
||||
:::php
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
|
||||
print_r($member->getExtensionInstances());
|
||||
|
||||
|
||||
@ -24,12 +24,12 @@ next method for testing if you just need to test.
|
||||
}
|
||||
|
||||
|
||||
**Member::currentUser()**
|
||||
**Security::getCurrentUser()**
|
||||
|
||||
Returns the full *Member* Object for the current user, returns *null* if user is not logged in.
|
||||
|
||||
:::php
|
||||
if( $member = Member::currentUser() ) {
|
||||
if( $member = Security::getCurrentUser() ) {
|
||||
// Work with $member
|
||||
} else {
|
||||
// Do non-member stuff
|
||||
|
||||
@ -60,7 +60,7 @@ The PHP Logic..
|
||||
$email = SilverStripe\Control\Email\Email::create()
|
||||
->setHTMLTemplate('Email\\MyCustomEmail')
|
||||
->setData(array(
|
||||
'Member' => Member::currentUser(),
|
||||
'Member' => Security::getCurrentUser(),
|
||||
'Link'=> $link,
|
||||
))
|
||||
->setFrom($from)
|
||||
|
||||
@ -9,6 +9,7 @@ use SilverStripe\ORM\DataModel;
|
||||
use SilverStripe\ORM\FieldType\DBHTMLText;
|
||||
use SilverStripe\Security\BasicAuth;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\Security;
|
||||
use SilverStripe\View\SSViewer;
|
||||
use SilverStripe\View\TemplateGlobalProvider;
|
||||
|
||||
@ -575,7 +576,7 @@ class Controller extends RequestHandler implements TemplateGlobalProvider
|
||||
public function can($perm, $member = null)
|
||||
{
|
||||
if (!$member) {
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
}
|
||||
if (is_array($perm)) {
|
||||
$perm = array_map(array($this, 'can'), $perm, array_fill(0, count($perm), $member));
|
||||
|
||||
@ -5,6 +5,7 @@ namespace SilverStripe\Dev;
|
||||
use SilverStripe\Control\Session;
|
||||
use SilverStripe\Control\HTTPResponse;
|
||||
use SilverStripe\Core\Config\Config;
|
||||
use SilverStripe\ORM\DataObject;
|
||||
use SilverStripe\Security\BasicAuth;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\Security;
|
||||
@ -415,11 +416,9 @@ class FunctionalTest extends SapphireTest
|
||||
Security::setCurrentUser($member);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Log in as the given member
|
||||
* Log out the member
|
||||
*
|
||||
* @param Member|int|string $member The ID, fixture codename, or Member object of the member that you want to log in
|
||||
*/
|
||||
public function logOut()
|
||||
{
|
||||
|
||||
@ -38,7 +38,7 @@ class TestSession
|
||||
/**
|
||||
* Necessary to use the mock session
|
||||
* created in {@link session} in the normal controller stack,
|
||||
* e.g. to overwrite Member::currentUser() with custom login data.
|
||||
* e.g. to overwrite Security::getCurrentUser() with custom login data.
|
||||
*
|
||||
* @var Controller
|
||||
*/
|
||||
|
||||
@ -5,6 +5,7 @@ namespace SilverStripe\Forms;
|
||||
use SilverStripe\ORM\DataObject;
|
||||
use SilverStripe\ORM\DataObjectInterface;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\Security;
|
||||
use SilverStripe\View\Requirements;
|
||||
|
||||
/**
|
||||
@ -504,7 +505,7 @@ class ConfirmedPasswordField extends FormField
|
||||
}
|
||||
|
||||
// Check this password is valid for the current user
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
if (!$member) {
|
||||
$validator->validationError(
|
||||
$name,
|
||||
|
||||
@ -10,6 +10,7 @@ use SilverStripe\ORM\DataObject;
|
||||
use SilverStripe\ORM\FieldType\DBDatetime;
|
||||
use SilverStripe\ORM\FieldType\DBHTMLText;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\Security;
|
||||
use SilverStripe\View\Requirements;
|
||||
use SilverStripe\View\ArrayData;
|
||||
|
||||
@ -249,7 +250,7 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
|
||||
"Header" => $header,
|
||||
"ItemRows" => $itemRows,
|
||||
"Datetime" => DBDatetime::now(),
|
||||
"Member" => Member::currentUser(),
|
||||
"Member" => Security::getCurrentUser(),
|
||||
));
|
||||
|
||||
return $ret;
|
||||
|
||||
@ -24,6 +24,7 @@ use SilverStripe\ORM\FieldType\DBComposite;
|
||||
use SilverStripe\ORM\FieldType\DBClassName;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\Permission;
|
||||
use SilverStripe\Security\Security;
|
||||
use SilverStripe\View\ViewableData;
|
||||
use LogicException;
|
||||
use InvalidArgumentException;
|
||||
@ -76,11 +77,11 @@ use stdClass;
|
||||
* static $api_access = true;
|
||||
*
|
||||
* function canView($member = false) {
|
||||
* if(!$member) $member = Member::currentUser();
|
||||
* if(!$member) $member = Security::getCurrentUser();
|
||||
* return $member->inGroup('Subscribers');
|
||||
* }
|
||||
* function canEdit($member = false) {
|
||||
* if(!$member) $member = Member::currentUser();
|
||||
* if(!$member) $member = Security::getCurrentUser();
|
||||
* return $member->inGroup('Editors');
|
||||
* }
|
||||
*
|
||||
@ -2498,7 +2499,7 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity
|
||||
public function can($perm, $member = null, $context = array())
|
||||
{
|
||||
if (!$member) {
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
}
|
||||
|
||||
if ($member && Permission::checkMember($member, "ADMIN")) {
|
||||
|
||||
@ -9,6 +9,7 @@ use SilverStripe\Forms\DateField;
|
||||
use SilverStripe\i18n\i18n;
|
||||
use SilverStripe\ORM\DB;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\Security;
|
||||
|
||||
/**
|
||||
* Represents a date field.
|
||||
@ -250,7 +251,7 @@ class DBDate extends DBField
|
||||
public function FormatFromSettings($member = null)
|
||||
{
|
||||
if (!$member) {
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
}
|
||||
|
||||
// Fall back to nice
|
||||
|
||||
@ -7,6 +7,7 @@ use SilverStripe\Forms\DatetimeField;
|
||||
use SilverStripe\i18n\i18n;
|
||||
use SilverStripe\ORM\DB;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\Security;
|
||||
use SilverStripe\View\TemplateGlobalProvider;
|
||||
use Exception;
|
||||
use InvalidArgumentException;
|
||||
@ -97,7 +98,7 @@ class DBDatetime extends DBDate implements TemplateGlobalProvider
|
||||
public function FormatFromSettings($member = null)
|
||||
{
|
||||
if (!$member) {
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
}
|
||||
|
||||
// Fall back to nice
|
||||
|
||||
@ -8,6 +8,7 @@ use SilverStripe\Forms\TimeField;
|
||||
use SilverStripe\i18n\i18n;
|
||||
use SilverStripe\ORM\DB;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\Security;
|
||||
|
||||
/**
|
||||
* Represents a column in the database with the type 'Time'.
|
||||
@ -153,7 +154,7 @@ class DBTime extends DBField
|
||||
public function FormatFromSettings($member = null)
|
||||
{
|
||||
if (!$member) {
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
}
|
||||
|
||||
// Fall back to nice
|
||||
|
||||
@ -2,6 +2,8 @@
|
||||
|
||||
namespace SilverStripe\Security;
|
||||
|
||||
use Exception;
|
||||
use SilverStripe\Control\HTTPResponse_Exception;
|
||||
use SilverStripe\Control\RequestFilter;
|
||||
use SilverStripe\Control\HTTPRequest;
|
||||
use SilverStripe\Control\HTTPResponse;
|
||||
@ -15,13 +17,16 @@ class AuthenticationRequestFilter implements RequestFilter, IdentityStore
|
||||
|
||||
use Configurable;
|
||||
|
||||
/**
|
||||
* @return array|IdentityStore[]
|
||||
*/
|
||||
protected function getHandlers()
|
||||
{
|
||||
return array_map(
|
||||
function ($identifier) {
|
||||
return Injector::inst()->get($identifier);
|
||||
},
|
||||
$this->config()->get('handlers')
|
||||
static::config()->get('handlers')
|
||||
);
|
||||
}
|
||||
|
||||
@ -31,6 +36,7 @@ class AuthenticationRequestFilter implements RequestFilter, IdentityStore
|
||||
public function preRequest(HTTPRequest $request, Session $session, DataModel $model)
|
||||
{
|
||||
try {
|
||||
/** @var AuthenticationHandler $handler */
|
||||
foreach ($this->getHandlers() as $handler) {
|
||||
// @todo Update requestfilter logic to allow modification of initial response
|
||||
// in order to add cookies, etc
|
||||
@ -41,7 +47,7 @@ class AuthenticationRequestFilter implements RequestFilter, IdentityStore
|
||||
break;
|
||||
}
|
||||
}
|
||||
} catch (ValidationException $e) {
|
||||
} catch (Exception $e) { // There's no valid exception currently. I would say AuthenticationException?
|
||||
throw new HTTPResponse_Exception(
|
||||
"Bad log-in details: " . $e->getMessage(),
|
||||
400
|
||||
|
||||
@ -39,16 +39,26 @@ interface Authenticator
|
||||
/**
|
||||
* Return RequestHandler to manage the log-in process.
|
||||
*
|
||||
* The default URL of the RequetHandler should return the initial log-in form, any other
|
||||
* The default URL of the RequestHandler should return the initial log-in form, any other
|
||||
* URL may be added for other steps & processing.
|
||||
*
|
||||
* URL-handling methods may return an array [ "Form" => (form-object) ] which can then
|
||||
* be merged into a default controller.
|
||||
*
|
||||
* @param string $link The base link to use for this RequestHnadler
|
||||
* @param string $link The base link to use for this RequestHandler
|
||||
*/
|
||||
public function getLoginHandler($link);
|
||||
|
||||
/**
|
||||
* Return the RequestHandler to manage the log-out process.
|
||||
*
|
||||
* The default URL of the RequestHandler should log the user out immediately and destroy the session.
|
||||
*
|
||||
* @param string $link The base link to use for this RequestHandler
|
||||
* @return mixed
|
||||
*/
|
||||
public function getLogOutHandler($link);
|
||||
|
||||
/**
|
||||
* Return RequestHandler to manage the change-password process.
|
||||
*
|
||||
@ -62,6 +72,7 @@ interface Authenticator
|
||||
*/
|
||||
public function getChangePasswordHandler($link);
|
||||
|
||||
|
||||
/**
|
||||
* @todo
|
||||
*/
|
||||
@ -81,13 +92,4 @@ interface Authenticator
|
||||
* @return array
|
||||
*/
|
||||
// public function getAuthenticateFields();
|
||||
|
||||
/**
|
||||
* Log the member out of this Authentication method.
|
||||
*
|
||||
* @param Member $member by reference, to allow for multiple actions on the member with a single write
|
||||
* @return boolean|Member if logout was unsuccessfull, return true, otherwise, the member is returned
|
||||
*/
|
||||
public function doLogOut(&$member);
|
||||
|
||||
}
|
||||
|
||||
@ -2,11 +2,14 @@
|
||||
|
||||
namespace SilverStripe\Security;
|
||||
|
||||
use SilverStripe\Control\Controller;
|
||||
use SilverStripe\Control\Director;
|
||||
use SilverStripe\Control\HTTPRequest;
|
||||
use SilverStripe\Control\HTTPResponse;
|
||||
use SilverStripe\Control\HTTPResponse_Exception;
|
||||
use SilverStripe\Core\Config\Config;
|
||||
use SilverStripe\Core\Config\Configurable;
|
||||
use SilverStripe\Dev\Debug;
|
||||
use SilverStripe\Dev\SapphireTest;
|
||||
use SilverStripe\Core\Injector\Injector;
|
||||
|
||||
@ -51,15 +54,16 @@ class BasicAuth
|
||||
*
|
||||
* Used by {@link Controller::init()}.
|
||||
*
|
||||
* @throws HTTPResponse_Exception
|
||||
*
|
||||
* @param HTTPRequest $request
|
||||
* @param string $realm
|
||||
* @param string|array $permissionCode Optional
|
||||
* @param boolean $tryUsingSessionLogin If true, then the method with authenticate against the
|
||||
* session log-in if those credentials are disabled.
|
||||
* @return Member|bool $member
|
||||
* @return bool|Member
|
||||
* @throws HTTPResponse_Exception
|
||||
*/
|
||||
public static function requireLogin($realm, $permissionCode = null, $tryUsingSessionLogin = true)
|
||||
public static function requireLogin(HTTPRequest $request, $realm, $permissionCode = null, $tryUsingSessionLogin = true)
|
||||
{
|
||||
$isRunningTests = (class_exists('SilverStripe\\Dev\\SapphireTest', false) && SapphireTest::is_running_test());
|
||||
if (!Security::database_is_ready() || (Director::is_cli() && !$isRunningTests)) {
|
||||
@ -74,28 +78,32 @@ class BasicAuth
|
||||
* The follow rewrite rule must be in the sites .htaccess file to enable this workaround
|
||||
* RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
|
||||
*/
|
||||
$authHeader = (isset($_SERVER['HTTP_AUTHORIZATION']) ? $_SERVER['HTTP_AUTHORIZATION'] :
|
||||
(isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) ? $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] : null));
|
||||
$authHeader = $request->getHeader('Authorization');
|
||||
$matches = array();
|
||||
if ($authHeader && preg_match('/Basic\s+(.*)$/i', $authHeader, $matches)) {
|
||||
list($name, $password) = explode(':', base64_decode($matches[1]));
|
||||
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
|
||||
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
|
||||
$request->addHeader('PHP_AUTH_USER', strip_tags($name));
|
||||
$request->addHeader('PHP_AUTH_PW', strip_tags($password));
|
||||
}
|
||||
|
||||
$member = null;
|
||||
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
|
||||
|
||||
if ($request->getHeader('PHP_AUTH_USER') && $request->getHeader('PHP_AUTH_PW')) {
|
||||
/** @var Authenticator $authenticator */
|
||||
$authenticator = Injector::inst()->get(Authenticator::class);
|
||||
|
||||
$member = $authenticator->authenticate([
|
||||
'Email' => $_SERVER['PHP_AUTH_USER'],
|
||||
'Password' => $_SERVER['PHP_AUTH_PW'],
|
||||
'Email' => $request->getHeader('PHP_AUTH_USER'),
|
||||
'Password' => $request->getHeader('PHP_AUTH_PW'),
|
||||
], $dummy);
|
||||
}
|
||||
|
||||
if($member) {
|
||||
Security::setCurrentUser($member);
|
||||
}
|
||||
|
||||
if (!$member && $tryUsingSessionLogin) {
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
}
|
||||
|
||||
// If we've failed the authentication mechanism, then show the login form
|
||||
@ -103,7 +111,7 @@ class BasicAuth
|
||||
$response = new HTTPResponse(null, 401);
|
||||
$response->addHeader('WWW-Authenticate', "Basic realm=\"$realm\"");
|
||||
|
||||
if (isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
if ($request->getHeader('PHP_AUTH_USER')) {
|
||||
$response->setBody(_t('SilverStripe\\Security\\BasicAuth.ERRORNOTREC', "That username / password isn't recognised"));
|
||||
} else {
|
||||
$response->setBody(_t('SilverStripe\\Security\\BasicAuth.ENTERINFO', "Please enter a username and password."));
|
||||
@ -119,7 +127,7 @@ class BasicAuth
|
||||
$response = new HTTPResponse(null, 401);
|
||||
$response->addHeader('WWW-Authenticate', "Basic realm=\"$realm\"");
|
||||
|
||||
if (isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
if ($request->getHeader('PHP_AUTH_USER')) {
|
||||
$response->setBody(_t('SilverStripe\\Security\\BasicAuth.ERRORNOTADMIN', "That user is not an administrator."));
|
||||
}
|
||||
|
||||
@ -152,9 +160,9 @@ class BasicAuth
|
||||
*/
|
||||
public static function protect_entire_site($protect = true, $code = 'ADMIN', $message = null)
|
||||
{
|
||||
Config::inst()->update(self::class, 'entire_site_protected', $protect);
|
||||
Config::inst()->update(self::class, 'entire_site_protected_code', $code);
|
||||
Config::inst()->update(self::class, 'entire_site_protected_message', $message);
|
||||
Config::modify()->set(self::class, 'entire_site_protected', $protect);
|
||||
Config::modify()->set(self::class, 'entire_site_protected_code', $code);
|
||||
Config::modify()->set(self::class, 'entire_site_protected_message', $message);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -167,8 +175,14 @@ class BasicAuth
|
||||
public static function protect_site_if_necessary()
|
||||
{
|
||||
$config = Config::forClass(BasicAuth::class);
|
||||
if ($config->entire_site_protected) {
|
||||
self::requireLogin($config->entire_site_protected_message, $config->entire_site_protected_code, false);
|
||||
$request = Controller::curr()->getRequest();
|
||||
if ($config->get('entire_site_protected')) {
|
||||
/** @noinspection ExceptionsAnnotatingAndHandlingInspection */
|
||||
static::requireLogin(
|
||||
$request,
|
||||
$config->get('entire_site_protected_message'),
|
||||
$config->get('entire_site_protected_code'),
|
||||
false);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -476,7 +476,7 @@ class Group extends DataObject
|
||||
public function canEdit($member = null)
|
||||
{
|
||||
if (!$member) {
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
}
|
||||
|
||||
// extended access checks
|
||||
@ -512,7 +512,7 @@ class Group extends DataObject
|
||||
public function canView($member = null)
|
||||
{
|
||||
if (!$member) {
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
}
|
||||
|
||||
// extended access checks
|
||||
@ -534,7 +534,7 @@ class Group extends DataObject
|
||||
public function canDelete($member = null)
|
||||
{
|
||||
if (!$member) {
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
}
|
||||
|
||||
// extended access checks
|
||||
|
||||
@ -15,18 +15,18 @@ interface IdentityStore
|
||||
/**
|
||||
* Log the given member into this identity store.
|
||||
*
|
||||
* @param $member The member to log in.
|
||||
* @param $persistent boolean If set to true, the login may persist beyond the current session.
|
||||
* @param $request The request of the visitor that is logging in, to get, for example, cookies.
|
||||
* @param $response The response object to modify, if needed.
|
||||
* @param Member $member The member to log in.
|
||||
* @param Boolean $persistent boolean If set to true, the login may persist beyond the current session.
|
||||
* @param HTTPRequest $request The request of the visitor that is logging in, to get, for example, cookies.
|
||||
* @param HTTPResponse $response The response object to modify, if needed.
|
||||
*/
|
||||
public function logIn(Member $member, $persistent, HTTPRequest $request);
|
||||
|
||||
/**
|
||||
* Log any logged-in member out of this identity store.
|
||||
*
|
||||
* @param $request The request of the visitor that is logging out, to get, for example, cookies.
|
||||
* @param $response The response object to modify, if needed.
|
||||
* @param HTTPRequest $request The request of the visitor that is logging out, to get, for example, cookies.
|
||||
* @param HTTPResponse $response The response object to modify, if needed.
|
||||
*/
|
||||
public function logOut(HTTPRequest $request);
|
||||
}
|
||||
|
||||
@ -158,13 +158,13 @@ class InheritedPermissions implements PermissionChecker
|
||||
{
|
||||
switch ($permission) {
|
||||
case self::EDIT:
|
||||
$this->canEditMultiple($ids, Member::currentUser(), false);
|
||||
$this->canEditMultiple($ids, Security::getCurrentUser(), false);
|
||||
break;
|
||||
case self::VIEW:
|
||||
$this->canViewMultiple($ids, Member::currentUser(), false);
|
||||
$this->canViewMultiple($ids, Security::getCurrentUser(), false);
|
||||
break;
|
||||
case self::DELETE:
|
||||
$this->canDeleteMultiple($ids, Member::currentUser(), false);
|
||||
$this->canDeleteMultiple($ids, Security::getCurrentUser(), false);
|
||||
break;
|
||||
default:
|
||||
throw new InvalidArgumentException("Invalid permission type $permission");
|
||||
|
||||
@ -57,7 +57,7 @@ use DateTime;
|
||||
* @property string $DateFormat
|
||||
* @property string $TimeFormat
|
||||
*/
|
||||
class Member extends DataObject implements TemplateGlobalProvider
|
||||
class Member extends DataObject
|
||||
{
|
||||
|
||||
private static $db = array(
|
||||
@ -717,6 +717,8 @@ class Member extends DataObject implements TemplateGlobalProvider
|
||||
/**
|
||||
* Returns the current logged in user
|
||||
*
|
||||
* @deprecated use Security::getCurrentUser()
|
||||
*
|
||||
* @return Member
|
||||
*/
|
||||
public static function currentUser()
|
||||
@ -759,6 +761,8 @@ class Member extends DataObject implements TemplateGlobalProvider
|
||||
/**
|
||||
* Get the ID of the current logged in user
|
||||
*
|
||||
* @deprecated use Security::getCurrentUser()
|
||||
*
|
||||
* @return int Returns the ID of the current logged in user or 0.
|
||||
*/
|
||||
public static function currentUserID()
|
||||
@ -1077,7 +1081,7 @@ class Member extends DataObject implements TemplateGlobalProvider
|
||||
foreach ($format['columns'] as $col) {
|
||||
$values[] = $this->getField($col);
|
||||
}
|
||||
return join($format['sep'], $values);
|
||||
return implode($format['sep'], $values);
|
||||
}
|
||||
if ($this->getField('ID') === 0) {
|
||||
return $this->getField('Surname');
|
||||
@ -1491,7 +1495,7 @@ class Member extends DataObject implements TemplateGlobalProvider
|
||||
{
|
||||
//get member
|
||||
if (!$member) {
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
}
|
||||
//check for extensions, we do this first as they can overrule everything
|
||||
$extended = $this->extendedCan(__FUNCTION__, $member);
|
||||
@ -1522,7 +1526,7 @@ class Member extends DataObject implements TemplateGlobalProvider
|
||||
{
|
||||
//get member
|
||||
if (!$member) {
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
}
|
||||
//check for extensions, we do this first as they can overrule everything
|
||||
$extended = $this->extendedCan(__FUNCTION__, $member);
|
||||
@ -1556,7 +1560,7 @@ class Member extends DataObject implements TemplateGlobalProvider
|
||||
public function canDelete($member = null)
|
||||
{
|
||||
if (!$member) {
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
}
|
||||
//check for extensions, we do this first as they can overrule everything
|
||||
$extended = $this->extendedCan(__FUNCTION__, $member);
|
||||
@ -1686,12 +1690,4 @@ class Member extends DataObject implements TemplateGlobalProvider
|
||||
// If can't find a suitable editor, just default to cms
|
||||
return $currentName ? $currentName : 'cms';
|
||||
}
|
||||
|
||||
public static function get_template_global_variables()
|
||||
{
|
||||
return array(
|
||||
'CurrentMember' => 'currentUser',
|
||||
'currentUser',
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@ -3,12 +3,10 @@
|
||||
namespace SilverStripe\Security\MemberAuthenticator;
|
||||
|
||||
use SilverStripe\Control\Controller;
|
||||
use SilverStripe\Control\Cookie;
|
||||
use SilverStripe\Control\Session;
|
||||
use SilverStripe\ORM\ValidationResult;
|
||||
use InvalidArgumentException;
|
||||
use SilverStripe\Security\Authenticator as BaseAuthenticator;
|
||||
use SilverStripe\Security\RememberLoginHash;
|
||||
use SilverStripe\Security\Security;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\LoginAttempt;
|
||||
@ -186,38 +184,10 @@ class Authenticator implements BaseAuthenticator
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param Member $member
|
||||
* @return bool|Member
|
||||
* @inherit
|
||||
*/
|
||||
public function doLogOut(&$member)
|
||||
public function getLogoutHandler($link)
|
||||
{
|
||||
if($member instanceof Member) {
|
||||
Session::clear("loggedInAs");
|
||||
if (Member::config()->login_marker_cookie) {
|
||||
Cookie::set(Member::config()->login_marker_cookie, null, 0);
|
||||
}
|
||||
|
||||
Session::destroy();
|
||||
|
||||
// Clears any potential previous hashes for this member
|
||||
RememberLoginHash::clear($member, Cookie::get('alc_device'));
|
||||
|
||||
Cookie::set('alc_enc', null); // // Clear the Remember Me cookie
|
||||
Cookie::force_expiry('alc_enc');
|
||||
Cookie::set('alc_device', null);
|
||||
Cookie::force_expiry('alc_device');
|
||||
|
||||
// Switch back to live in order to avoid infinite loops when
|
||||
// redirecting to the login screen (if this login screen is versioned)
|
||||
Session::clear('readingMode');
|
||||
|
||||
// Log out unsuccessful. Useful for 3rd-party logins that return failure. Shouldn't happen
|
||||
// on the default authenticator though.
|
||||
if(Member::currentUserID()) {
|
||||
return Member::currentUser();
|
||||
}
|
||||
}
|
||||
return true;
|
||||
return LogoutHandler::create($link, $this);
|
||||
}
|
||||
}
|
||||
|
||||
@ -37,5 +37,4 @@ class CMSAuthenticator extends Authenticator
|
||||
{
|
||||
return CMSLoginHandler::create($link, $this);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@ -82,7 +82,7 @@ PHP
|
||||
protected function redirectAfterSuccessfulLogin()
|
||||
{
|
||||
// Check password expiry
|
||||
if (Member::currentUser()->isPasswordExpired()) {
|
||||
if (Security::getCurrentUser()->isPasswordExpired()) {
|
||||
// Redirect the user to the external password change form if necessary
|
||||
return $this->redirectToChangePassword();
|
||||
}
|
||||
|
||||
@ -10,7 +10,7 @@ use SilverStripe\Forms\PasswordField;
|
||||
use SilverStripe\Forms\FormAction;
|
||||
use SilverStripe\Forms\HiddenField;
|
||||
use SilverStripe\Forms\Form;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\Security;
|
||||
|
||||
/**
|
||||
* Standard Change Password Form
|
||||
@ -36,7 +36,7 @@ class ChangePasswordForm extends Form
|
||||
// Security/changepassword?h=XXX redirects to Security/changepassword
|
||||
// without GET parameter to avoid potential HTTP referer leakage.
|
||||
// In this case, a user is not logged in, and no 'old password' should be necessary.
|
||||
if (Member::currentUser()) {
|
||||
if (Security::getCurrentUser()) {
|
||||
$fields->push(new PasswordField("OldPassword", _t('SilverStripe\\Security\\Member.YOUROLDPASSWORD', "Your old password")));
|
||||
}
|
||||
|
||||
|
||||
@ -21,7 +21,7 @@ class ChangePasswordHandler extends FormRequestHandler
|
||||
*/
|
||||
public function doChangePassword(array $data, $form)
|
||||
{
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
// The user was logged in, check the current password
|
||||
if ($member && (
|
||||
empty($data['OldPassword']) ||
|
||||
|
||||
@ -2,10 +2,8 @@
|
||||
|
||||
namespace SilverStripe\Security\MemberAuthenticator;
|
||||
|
||||
use SilverStripe\ORM\DataObject;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Control\HTTPRequest;
|
||||
use SilverStripe\Control\HTTPResponse;
|
||||
use SilverStripe\Security\AuthenticationHandler as AuthenticationHandlerInterface;
|
||||
use SilverStripe\Security\IdentityStore;
|
||||
use SilverStripe\Security\RememberLoginHash;
|
||||
@ -19,8 +17,19 @@ use SilverStripe\Control\Cookie;
|
||||
class CookieAuthenticationHandler implements AuthenticationHandlerInterface, IdentityStore
|
||||
{
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private $deviceCookieName;
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private $tokenCookieName;
|
||||
|
||||
/**
|
||||
* @var IdentityStore
|
||||
*/
|
||||
private $cascadeLogInTo;
|
||||
|
||||
/**
|
||||
@ -36,7 +45,7 @@ class CookieAuthenticationHandler implements AuthenticationHandlerInterface, Ide
|
||||
/**
|
||||
* Set the name of the cookie used to track this device
|
||||
*
|
||||
* @param string $cookieName
|
||||
* @param $deviceCookieName
|
||||
* @return null
|
||||
*/
|
||||
public function setDeviceCookieName($deviceCookieName)
|
||||
@ -57,7 +66,7 @@ class CookieAuthenticationHandler implements AuthenticationHandlerInterface, Ide
|
||||
/**
|
||||
* Set the name of the cookie used to store an login token
|
||||
*
|
||||
* @param string $cookieName
|
||||
* @param $tokenCookieName
|
||||
* @return null
|
||||
*/
|
||||
public function setTokenCookieName($tokenCookieName)
|
||||
@ -213,11 +222,17 @@ class CookieAuthenticationHandler implements AuthenticationHandlerInterface, Ide
|
||||
*/
|
||||
public function logOut(HTTPRequest $request)
|
||||
{
|
||||
$member = Security::getCurrentUser();
|
||||
if ($member) {
|
||||
RememberLoginHash::clear($member, Cookie::get('alc_device'));
|
||||
}
|
||||
// @todo couple the cookies to the response object
|
||||
|
||||
Cookie::set($this->getTokenCookieName(), null);
|
||||
Cookie::set($this->getDeviceCookieName(), null);
|
||||
Cookie::force_expiry($this->getTokenCookieName());
|
||||
Cookie::force_expiry($this->getDeviceCookieName());
|
||||
|
||||
Security::setCurrentUser(null);
|
||||
}
|
||||
}
|
||||
|
||||
@ -87,7 +87,9 @@ class LoginForm extends BaseLoginForm
|
||||
$backURL = Session::get('BackURL');
|
||||
}
|
||||
|
||||
if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) {
|
||||
if ($checkCurrentUser && Security::getCurrentUser() && Member::logged_in_session_exists()) {
|
||||
// @todo find a more elegant way to handle this
|
||||
$logoutAction = Security::logout_url();
|
||||
$fields = FieldList::create(
|
||||
HiddenField::create("AuthenticationMethod", null, $this->authenticator_class, $this)
|
||||
);
|
||||
@ -112,6 +114,9 @@ class LoginForm extends BaseLoginForm
|
||||
|
||||
parent::__construct($controller, $name, $fields, $actions);
|
||||
|
||||
if (isset($logoutAction)) {
|
||||
$this->setFormAction($logoutAction);
|
||||
}
|
||||
$this->setValidator(RequiredFields::create(self::config()->get('required_fields')));
|
||||
}
|
||||
|
||||
@ -182,7 +187,7 @@ class LoginForm extends BaseLoginForm
|
||||
parent::restoreFormState();
|
||||
|
||||
$forceMessage = Session::get('MemberLoginForm.force_message');
|
||||
if (($member = Member::currentUser()) && !$forceMessage) {
|
||||
if (($member = Security::getCurrentUser()) && !$forceMessage) {
|
||||
$message = _t(
|
||||
'SilverStripe\\Security\\Member.LOGGEDINAS',
|
||||
"You're logged in as {name}.",
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
namespace SilverStripe\Security\MemberAuthenticator;
|
||||
|
||||
use SilverStripe\Control\Controller;
|
||||
use SilverStripe\Control\HTTPRequest;
|
||||
use SilverStripe\Control\HTTPResponse;
|
||||
use SilverStripe\Control\Session;
|
||||
use SilverStripe\Control\RequestHandler;
|
||||
@ -17,6 +18,9 @@ use SilverStripe\Security\IdentityStore;
|
||||
*/
|
||||
class LoginHandler extends RequestHandler
|
||||
{
|
||||
/**
|
||||
* @var Authenticator
|
||||
*/
|
||||
protected $authenticator;
|
||||
|
||||
private static $url_handlers = [
|
||||
@ -33,11 +37,10 @@ class LoginHandler extends RequestHandler
|
||||
private static $allowed_actions = [
|
||||
'login',
|
||||
'LoginForm',
|
||||
'dologin',
|
||||
'logout',
|
||||
];
|
||||
|
||||
private $link = null;
|
||||
private $link;
|
||||
|
||||
/**
|
||||
* @param string $link The URL to recreate this request handler
|
||||
@ -53,15 +56,16 @@ class LoginHandler extends RequestHandler
|
||||
/**
|
||||
* Return a link to this request handler.
|
||||
* The link returned is supplied in the constructor
|
||||
* @param null $action
|
||||
* @return string
|
||||
*/
|
||||
public function link($action = null)
|
||||
{
|
||||
if ($action) {
|
||||
return Controller::join_links($this->link, $action);
|
||||
} else {
|
||||
return $this->link;
|
||||
}
|
||||
|
||||
return $this->link;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -89,7 +93,7 @@ class LoginHandler extends RequestHandler
|
||||
/**
|
||||
* Login form handler method
|
||||
*
|
||||
* This method is called when the user clicks on "Log in"
|
||||
* This method is called when the user finishes the login flow
|
||||
*
|
||||
* @param array $data Submitted data
|
||||
* @param LoginForm $form
|
||||
@ -102,6 +106,7 @@ class LoginHandler extends RequestHandler
|
||||
// Successful login
|
||||
if ($member = $this->checkLogin($data, $failureMessage)) {
|
||||
$this->performLogin($member, $data, $form->getRequestHandler()->getRequest());
|
||||
|
||||
return $this->redirectAfterSuccessfulLogin();
|
||||
}
|
||||
|
||||
@ -119,7 +124,6 @@ class LoginHandler extends RequestHandler
|
||||
return $form->getRequestHandler()->redirectBackToForm();
|
||||
}
|
||||
|
||||
|
||||
public function getReturnReferer()
|
||||
{
|
||||
return $this->link();
|
||||
@ -137,7 +141,6 @@ class LoginHandler extends RequestHandler
|
||||
* [Optional: 'Remember' => 1 ]
|
||||
* )
|
||||
*
|
||||
* @param array $data
|
||||
* @return HTTPResponse
|
||||
*/
|
||||
protected function redirectAfterSuccessfulLogin()
|
||||
@ -145,7 +148,7 @@ class LoginHandler extends RequestHandler
|
||||
Session::clear('SessionForms.MemberLoginForm.Email');
|
||||
Session::clear('SessionForms.MemberLoginForm.Remember');
|
||||
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
if ($member->isPasswordExpired()) {
|
||||
return $this->redirectToChangePassword();
|
||||
}
|
||||
@ -167,7 +170,7 @@ class LoginHandler extends RequestHandler
|
||||
// Welcome message
|
||||
$message = _t(
|
||||
'SilverStripe\\Security\\Member.WELCOMEBACK',
|
||||
"Welcome Back, {firstname}",
|
||||
'Welcome Back, {firstname}',
|
||||
['firstname' => $member->FirstName]
|
||||
);
|
||||
Security::setLoginMessage($message, ValidationResult::TYPE_GOOD);
|
||||
@ -177,26 +180,11 @@ class LoginHandler extends RequestHandler
|
||||
return $this->redirectBack();
|
||||
}
|
||||
|
||||
/**
|
||||
* Log out form handler method
|
||||
*
|
||||
* This method is called when the user clicks on "logout" on the form
|
||||
* created when the parameter <i>$checkCurrentUser</i> of the
|
||||
* {@link __construct constructor} was set to TRUE and the user was
|
||||
* currently logged in.
|
||||
*
|
||||
* @return HTTPResponse
|
||||
*/
|
||||
public function logout()
|
||||
{
|
||||
Security::singleton()->logout();
|
||||
return $this->redirectBack();
|
||||
}
|
||||
|
||||
/**
|
||||
* Try to authenticate the user
|
||||
*
|
||||
* @param array $data Submitted data
|
||||
* @param string $message
|
||||
* @return Member Returns the member object on successful authentication
|
||||
* or NULL on failure.
|
||||
*/
|
||||
@ -206,19 +194,19 @@ class LoginHandler extends RequestHandler
|
||||
$member = $this->authenticator->authenticate($data, $message);
|
||||
if ($member) {
|
||||
return $member;
|
||||
|
||||
} else {
|
||||
// No member, can't login
|
||||
$this->extend('authenticationFailed', $data);
|
||||
return null;
|
||||
|
||||
}
|
||||
// No member, can't login
|
||||
$this->extend('authenticationFailed', $data);
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Try to authenticate the user
|
||||
*
|
||||
* @param Member $member
|
||||
* @param array $data Submitted data
|
||||
* @param HTTPRequest $request
|
||||
* @return Member Returns the member object on successful authentication
|
||||
* or NULL on failure.
|
||||
*/
|
||||
@ -226,8 +214,10 @@ class LoginHandler extends RequestHandler
|
||||
{
|
||||
// @todo pass request/response
|
||||
Injector::inst()->get(IdentityStore::class)->logIn($member, !empty($data['Remember']), $request);
|
||||
|
||||
return $member;
|
||||
}
|
||||
|
||||
/**
|
||||
* Invoked if password is expired and must be changed
|
||||
*
|
||||
@ -242,13 +232,15 @@ class LoginHandler extends RequestHandler
|
||||
'good'
|
||||
);
|
||||
$changedPasswordLink = Security::singleton()->Link('changepassword');
|
||||
|
||||
return $this->redirect($this->addBackURLParam($changedPasswordLink));
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* @todo copypaste from FormRequestHandler - refactor
|
||||
* @param string $link
|
||||
* @return string
|
||||
*/
|
||||
protected function addBackURLParam($link)
|
||||
{
|
||||
@ -256,6 +248,7 @@ class LoginHandler extends RequestHandler
|
||||
if ($backURL) {
|
||||
return Controller::join_links($link, '?BackURL=' . urlencode($backURL));
|
||||
}
|
||||
|
||||
return $link;
|
||||
}
|
||||
}
|
||||
|
||||
68
src/Security/MemberAuthenticator/LogoutHandler.php
Normal file
68
src/Security/MemberAuthenticator/LogoutHandler.php
Normal file
@ -0,0 +1,68 @@
|
||||
<?php
|
||||
|
||||
namespace SilverStripe\Security\MemberAuthenticator;
|
||||
|
||||
use SilverStripe\Control\Cookie;
|
||||
use SilverStripe\Control\RequestHandler;
|
||||
use SilverStripe\Control\Session;
|
||||
use SilverStripe\Core\Injector\Injector;
|
||||
use SilverStripe\Security\IdentityStore;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\RememberLoginHash;
|
||||
use SilverStripe\Security\Security;
|
||||
|
||||
/**
|
||||
* Class LogoutHandler handles logging out Members from their session and/or cookie.
|
||||
* The logout process destroys all traces of the member on the server (not the actual computer user
|
||||
* at the other end of the line, don't worry)
|
||||
*
|
||||
* @package SilverStripe\Security\MemberAuthenticator
|
||||
*/
|
||||
class LogoutHandler extends RequestHandler
|
||||
{
|
||||
/**
|
||||
* @var array
|
||||
*/
|
||||
private static $url_handlers = [
|
||||
'' => 'logout'
|
||||
];
|
||||
|
||||
/**
|
||||
* @var array
|
||||
*/
|
||||
private static $allowed_actions = [
|
||||
'logout'
|
||||
];
|
||||
|
||||
|
||||
/**
|
||||
* Log out form handler method
|
||||
*
|
||||
* This method is called when the user clicks on "logout" on the form
|
||||
* created when the parameter <i>$checkCurrentUser</i> of the
|
||||
* {@link __construct constructor} was set to TRUE and the user was
|
||||
* currently logged in.
|
||||
*
|
||||
* @return bool|Member
|
||||
*/
|
||||
public function logout()
|
||||
{
|
||||
$member = Security::getCurrentUser();
|
||||
|
||||
return $this->doLogOut($member);
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param Member $member
|
||||
* @return bool|Member Return a member if something goes wrong
|
||||
*/
|
||||
public function doLogOut($member)
|
||||
{
|
||||
if ($member instanceof Member) {
|
||||
Injector::inst()->get(IdentityStore::class)->logOut($this->getRequest());
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@ -2,6 +2,7 @@
|
||||
|
||||
namespace SilverStripe\Security\MemberAuthenticator;
|
||||
|
||||
use SilverStripe\Control\Cookie;
|
||||
use SilverStripe\ORM\DataObject;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Control\HTTPRequest;
|
||||
@ -52,7 +53,7 @@ class SessionAuthenticationHandler implements AuthenticationHandlerInterface, Id
|
||||
if ($id = Session::get($this->getSessionVariable())) {
|
||||
// If ID is a bad ID it will be treated as if the user is not logged in, rather than throwing a
|
||||
// ValidationException
|
||||
return DataObject::get_by_id(Member::class, $id);
|
||||
return Member::get()->byID($id);
|
||||
}
|
||||
|
||||
return null;
|
||||
@ -66,13 +67,13 @@ class SessionAuthenticationHandler implements AuthenticationHandlerInterface, Id
|
||||
// @todo couple the session to a request object
|
||||
// $session = $request->getSession();
|
||||
|
||||
$this->regenerateSessionId();
|
||||
static::regenerateSessionId();
|
||||
Session::set($this->getSessionVariable(), $member->ID);
|
||||
|
||||
// This lets apache rules detect whether the user has logged in
|
||||
// @todo make this a settign on the authentication handler
|
||||
if (Member::config()->login_marker_cookie) {
|
||||
Cookie::set(Member::config()->login_marker_cookie, 1, 0);
|
||||
if (Member::config()->get('login_marker_cookie')) {
|
||||
Cookie::set(Member::config()->get('login_marker_cookie'), 1, 0);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -347,7 +347,7 @@ class Permission extends DataObject implements TemplateGlobalProvider, Resettabl
|
||||
{
|
||||
// Default to current member, with session-caching
|
||||
if (!$memberID) {
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
if ($member && isset($_SESSION['Permission_groupList'][$member->ID])) {
|
||||
return $_SESSION['Permission_groupList'][$member->ID];
|
||||
}
|
||||
|
||||
@ -22,11 +22,13 @@ use SilverStripe\Forms\FieldList;
|
||||
use SilverStripe\Forms\Form;
|
||||
use SilverStripe\Forms\FormAction;
|
||||
use SilverStripe\ORM\ArrayList;
|
||||
use SilverStripe\ORM\Connect\Database;
|
||||
use SilverStripe\ORM\DataModel;
|
||||
use SilverStripe\ORM\DB;
|
||||
use SilverStripe\ORM\DataObject;
|
||||
use SilverStripe\ORM\FieldType\DBField;
|
||||
use SilverStripe\ORM\ValidationResult;
|
||||
use SilverStripe\Security\MemberAuthenticator\LogoutHandler;
|
||||
use SilverStripe\View\ArrayData;
|
||||
use SilverStripe\View\SSViewer;
|
||||
use SilverStripe\View\TemplateGlobalProvider;
|
||||
@ -230,6 +232,11 @@ class Security extends Controller implements TemplateGlobalProvider
|
||||
*/
|
||||
protected static $default_authenticator = MemberAuthenticator\Authenticator::class;
|
||||
|
||||
/**
|
||||
* @var Member Currently logged in user (if available)
|
||||
*/
|
||||
private static $currentUser;
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
@ -262,7 +269,7 @@ class Security extends Controller implements TemplateGlobalProvider
|
||||
* Get the selected authenticator for this request
|
||||
*
|
||||
* @param $name string The identifier of the authenticator in your config
|
||||
* @return string Class name of Authenticator
|
||||
* @return Authenticator Class name of Authenticator
|
||||
* @throws LogicException
|
||||
*/
|
||||
protected function getAuthenticator($name)
|
||||
@ -287,15 +294,16 @@ class Security extends Controller implements TemplateGlobalProvider
|
||||
{
|
||||
$authenticators = self::config()->get('authenticators');
|
||||
|
||||
foreach($authenticators as $name => &$class) {
|
||||
foreach ($authenticators as $name => &$class) {
|
||||
/** @var Authenticator $authenticator */
|
||||
$authenticator = Injector::inst()->get($class);
|
||||
if($authenticator->supportedServices() & $service) {
|
||||
if ($authenticator->supportedServices() & $service) {
|
||||
$class = $authenticator;
|
||||
} else {
|
||||
unset($authenticators[$name]);
|
||||
}
|
||||
}
|
||||
|
||||
return $authenticators;
|
||||
}
|
||||
|
||||
@ -348,7 +356,7 @@ class Security extends Controller implements TemplateGlobalProvider
|
||||
if (Director::is_ajax()) {
|
||||
$response = ($controller) ? $controller->getResponse() : new HTTPResponse();
|
||||
$response->setStatusCode(403);
|
||||
if (!Member::currentUser()) {
|
||||
if (!static::getCurrentUser()) {
|
||||
$response->setBody(_t('SilverStripe\\CMS\\Controllers\\ContentController.NOTLOGGEDIN', 'Not logged in'));
|
||||
$response->setStatusDescription(_t('SilverStripe\\CMS\\Controllers\\ContentController.NOTLOGGEDIN', 'Not logged in'));
|
||||
// Tell the CMS to allow re-aunthentication
|
||||
@ -384,7 +392,7 @@ class Security extends Controller implements TemplateGlobalProvider
|
||||
$messageSet = array('default' => $messageSet);
|
||||
}
|
||||
|
||||
$member = Member::currentUser();
|
||||
$member = static::getCurrentUser();
|
||||
|
||||
// Work out the right message to show
|
||||
if ($member && $member->exists()) {
|
||||
@ -428,8 +436,6 @@ class Security extends Controller implements TemplateGlobalProvider
|
||||
));
|
||||
}
|
||||
|
||||
private static $currentUser;
|
||||
|
||||
public static function setCurrentUser($currentUser)
|
||||
{
|
||||
self::$currentUser = $currentUser;
|
||||
@ -498,36 +504,22 @@ class Security extends Controller implements TemplateGlobalProvider
|
||||
public function logout($redirect = true)
|
||||
{
|
||||
$this->extend('beforeMemberLoggedOut');
|
||||
$request = $this->getRequest();
|
||||
$member = Member::currentUser();
|
||||
// Reasoning for (now) to not go with a full LoginHandler call, is to not make it circular
|
||||
// re-sending the request forward to the authenticator. In the case of logout, I think it would be
|
||||
// overkill.
|
||||
if (($name = $request->param('ID')) && self::hasAuthenticator($request->param('ID'))){
|
||||
$member = static::getCurrentUser();
|
||||
|
||||
if ($member) { // If we don't have a member, there's not much to log out.
|
||||
/** @var Authenticator $authenticator */
|
||||
$authenticator = $this->getAuthenticator($request->param('ID'));
|
||||
if($authenticator->doLogOut($member) !== true) {
|
||||
$authenticator = $this->getAuthenticator('default'); // Always use the default authenticator to log out
|
||||
$handler = $authenticator->getLogOutHandler(Controller::join_links($this->Link(), 'logout'));
|
||||
$result = $this->delegateToHandler($handler, 'default', []);
|
||||
if ($result !== true) {
|
||||
$this->extend('failureMemberLoggedOut', $authenticator);
|
||||
|
||||
return $this->redirectBack();
|
||||
}
|
||||
$this->extend('successMemberLoggedOut', $authenticator);
|
||||
} else {
|
||||
$authenticators = static::getAuthenticators(Authenticator::LOGOUT);
|
||||
/**
|
||||
* @var string $name
|
||||
* @var Authenticator $authenticator
|
||||
*/
|
||||
foreach ($authenticators as $name => $authenticator) {
|
||||
if ($authenticator->logOut($member) !== true) {
|
||||
$this->extend('failureMemberLoggedOut', $authenticator);
|
||||
// Break on first log out failure(?)
|
||||
return $this->redirectBack();
|
||||
}
|
||||
$this->extend('successMemberLoggedOut', $authenticator);
|
||||
}
|
||||
// Member is successfully logged out. Write possible changes to the database.
|
||||
$member->write();
|
||||
}
|
||||
// Member is successfully logged out. Write possible changes to the database.
|
||||
$member->write();
|
||||
$this->extend('afterMemberLoggedOut');
|
||||
|
||||
if ($redirect && (!$this->getResponse()->isFinished())) {
|
||||
@ -568,7 +560,7 @@ class Security extends Controller implements TemplateGlobalProvider
|
||||
// where the user has permissions to continue but is not given the option.
|
||||
if ($this->getRequest()->requestVar('BackURL')
|
||||
&& !$this->getLoginMessage()
|
||||
&& ($member = Member::currentUser())
|
||||
&& ($member = static::getCurrentUser())
|
||||
&& $member->exists()
|
||||
) {
|
||||
return $this->redirectBack();
|
||||
@ -611,7 +603,7 @@ class Security extends Controller implements TemplateGlobalProvider
|
||||
/**
|
||||
* Combine the given forms into a formset with a tabbed interface
|
||||
*
|
||||
* @param array $authenticators List of Authenticator instances
|
||||
* @param $forms
|
||||
* @return string
|
||||
*/
|
||||
protected function generateLoginFormSet($forms)
|
||||
@ -772,7 +764,6 @@ class Security extends Controller implements TemplateGlobalProvider
|
||||
],
|
||||
$templates
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
@ -833,8 +824,8 @@ class Security extends Controller implements TemplateGlobalProvider
|
||||
|
||||
public function basicauthlogin()
|
||||
{
|
||||
$member = BasicAuth::requireLogin("SilverStripe login", 'ADMIN');
|
||||
$member->logIn();
|
||||
$member = BasicAuth::requireLogin($this->getRequest(), "SilverStripe login", 'ADMIN');
|
||||
static::setCurrentUser($member);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -888,8 +879,10 @@ class Security extends Controller implements TemplateGlobalProvider
|
||||
// On first valid password reset request redirect to the same URL without hash to avoid referrer leakage.
|
||||
|
||||
// if there is a current member, they should be logged out
|
||||
if ($curMember = Member::currentUser()) {
|
||||
$curMember->logOut();
|
||||
if ($curMember = static::getCurrentUser()) {
|
||||
/** @var LogoutHandler $handler */
|
||||
$handler = $this->getAuthenticator('default')->getLogoutHandler($this->Link('logout'));
|
||||
$handler->doLogOut($curMember);
|
||||
}
|
||||
|
||||
// Store the hash for the change password form. Will be unset after reload within the ChangePasswordForm.
|
||||
@ -905,7 +898,7 @@ class Security extends Controller implements TemplateGlobalProvider
|
||||
),
|
||||
'Form' => $this->ChangePasswordForm(),
|
||||
));
|
||||
} elseif (Member::currentUser()) {
|
||||
} elseif (static::getCurrentUser()) {
|
||||
// Logged in user requested a password change form.
|
||||
$customisedController = $controller->customise(array(
|
||||
'Content' => DBField::create_field(
|
||||
@ -1112,6 +1105,7 @@ class Security extends Controller implements TemplateGlobalProvider
|
||||
|
||||
/**
|
||||
* Check that the default admin account has been set.
|
||||
* @todo Check if we _actually_ only want this to work on dev
|
||||
*/
|
||||
public static function has_default_admin()
|
||||
{
|
||||
@ -1354,6 +1348,8 @@ class Security extends Controller implements TemplateGlobalProvider
|
||||
"LoginURL" => "login_url",
|
||||
"LogoutURL" => "logout_url",
|
||||
"LostPasswordURL" => "lost_password_url",
|
||||
"CurrentMember" => "getCurrentUser",
|
||||
"currentUser" => "getCurrentUser"
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@ -23,6 +23,7 @@ use SilverStripe\Dev\Deprecation;
|
||||
use SilverStripe\Dev\FunctionalTest;
|
||||
use SilverStripe\ORM\DataModel;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\Security;
|
||||
use SilverStripe\View\SSViewer;
|
||||
|
||||
class ControllerTest extends FunctionalTest
|
||||
@ -203,7 +204,7 @@ class ControllerTest extends FunctionalTest
|
||||
'if action is not a method but rather a template discovered by naming convention'
|
||||
);
|
||||
|
||||
$this->session()->inst_set('loggedInAs', $adminUser->ID);
|
||||
Security::setCurrentUser($adminUser);
|
||||
$response = $this->get("AccessSecuredController/templateaction");
|
||||
$this->assertEquals(
|
||||
200,
|
||||
@ -211,8 +212,8 @@ class ControllerTest extends FunctionalTest
|
||||
'Access granted for logged in admin on action with $allowed_actions on defining controller, ' .
|
||||
'if action is not a method but rather a template discovered by naming convention'
|
||||
);
|
||||
$this->session()->inst_set('loggedInAs', null);
|
||||
|
||||
Security::setCurrentUser(null);
|
||||
$response = $this->get("AccessSecuredController/adminonly");
|
||||
$this->assertEquals(
|
||||
403,
|
||||
@ -236,15 +237,15 @@ class ControllerTest extends FunctionalTest
|
||||
"Access denied to protected method even if its listed in allowed_actions"
|
||||
);
|
||||
|
||||
$this->session()->inst_set('loggedInAs', $adminUser->ID);
|
||||
Security::setCurrentUser($adminUser);
|
||||
$response = $this->get("AccessSecuredController/adminonly");
|
||||
$this->assertEquals(
|
||||
200,
|
||||
$response->getStatusCode(),
|
||||
"Permission codes are respected when set in \$allowed_actions"
|
||||
);
|
||||
$this->session()->inst_set('loggedInAs', null);
|
||||
|
||||
Security::setCurrentUser(null);
|
||||
$response = $this->get('AccessBaseController/extensionmethod1');
|
||||
$this->assertEquals(
|
||||
200,
|
||||
@ -285,7 +286,7 @@ class ControllerTest extends FunctionalTest
|
||||
"and doesn't satisfy checks"
|
||||
);
|
||||
|
||||
$this->session()->inst_set('loggedInAs', $adminUser->ID);
|
||||
Security::setCurrentUser($adminUser);
|
||||
$response = $this->get('IndexSecuredController/');
|
||||
$this->assertEquals(
|
||||
200,
|
||||
@ -293,7 +294,7 @@ class ControllerTest extends FunctionalTest
|
||||
"Access granted when index action is limited through allowed_actions, " .
|
||||
"and does satisfy checks"
|
||||
);
|
||||
$this->session()->inst_set('loggedInAs', null);
|
||||
Security::setCurrentUser(null);
|
||||
}
|
||||
|
||||
public function testWildcardAllowedActions()
|
||||
|
||||
@ -10,11 +10,10 @@ use SilverStripe\Forms\Tests\GridField\GridFieldTest\Team;
|
||||
use SilverStripe\ORM\ArrayList;
|
||||
use SilverStripe\ORM\DataList;
|
||||
use SilverStripe\ORM\ValidationException;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\Security;
|
||||
use SilverStripe\Security\SecurityToken;
|
||||
use SilverStripe\Dev\CSSContentParser;
|
||||
use SilverStripe\Dev\SapphireTest;
|
||||
use SilverStripe\Control\Controller;
|
||||
use SilverStripe\Control\HTTPRequest;
|
||||
use SilverStripe\Control\Session;
|
||||
use SilverStripe\Forms\FieldList;
|
||||
@ -67,8 +66,8 @@ class GridFieldDeleteActionTest extends SapphireTest
|
||||
|
||||
public function testDontShowDeleteButtons()
|
||||
{
|
||||
if (Member::currentUser()) {
|
||||
Member::currentUser()->logOut();
|
||||
if (Security::getCurrentUser()) {
|
||||
Security::setCurrentUser(null);
|
||||
}
|
||||
$content = new CSSContentParser($this->gridField->FieldHolder());
|
||||
// Check that there are content
|
||||
@ -116,8 +115,8 @@ class GridFieldDeleteActionTest extends SapphireTest
|
||||
|
||||
public function testDeleteActionWithoutCorrectPermission()
|
||||
{
|
||||
if (Member::currentUser()) {
|
||||
Member::currentUser()->logOut();
|
||||
if (Security::getCurrentUser()) {
|
||||
Security::setCurrentUser(null);
|
||||
}
|
||||
$this->setExpectedException(ValidationException::class);
|
||||
|
||||
|
||||
@ -17,6 +17,7 @@ use SilverStripe\Forms\Form;
|
||||
use SilverStripe\Forms\GridField\GridFieldConfig;
|
||||
use SilverStripe\Forms\GridField\GridFieldEditButton;
|
||||
use SilverStripe\Forms\GridField\GridField;
|
||||
use SilverStripe\Security\Security;
|
||||
|
||||
class GridFieldEditButtonTest extends SapphireTest
|
||||
{
|
||||
@ -62,8 +63,8 @@ class GridFieldEditButtonTest extends SapphireTest
|
||||
|
||||
public function testShowEditLinks()
|
||||
{
|
||||
if (Member::currentUser()) {
|
||||
Member::currentUser()->logOut();
|
||||
if (Security::getCurrentUser()) {
|
||||
Security::getCurrentUser()->logOut();
|
||||
}
|
||||
|
||||
$content = new CSSContentParser($this->gridField->FieldHolder());
|
||||
|
||||
@ -15,7 +15,7 @@ use SilverStripe\Security\Tests\BasicAuthTest\ControllerSecuredWithPermission;
|
||||
class BasicAuthTest extends FunctionalTest
|
||||
{
|
||||
|
||||
static $original_unique_identifier_field;
|
||||
protected static $original_unique_identifier_field;
|
||||
|
||||
protected static $fixture_file = 'BasicAuthTest.yml';
|
||||
|
||||
@ -42,7 +42,7 @@ class BasicAuthTest extends FunctionalTest
|
||||
unset($_SERVER['PHP_AUTH_USER']);
|
||||
unset($_SERVER['PHP_AUTH_PW']);
|
||||
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission');
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission', null, $_SESSION, null, null, $_SERVER);
|
||||
$this->assertEquals(401, $response->getStatusCode());
|
||||
|
||||
$_SERVER['PHP_AUTH_USER'] = $origUser;
|
||||
@ -56,13 +56,13 @@ class BasicAuthTest extends FunctionalTest
|
||||
|
||||
unset($_SERVER['PHP_AUTH_USER']);
|
||||
unset($_SERVER['PHP_AUTH_PW']);
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission');
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission', null, $_SESSION, null, null, $_SERVER);
|
||||
$this->assertFalse(BasicAuthTest\ControllerSecuredWithPermission::$index_called);
|
||||
$this->assertFalse(BasicAuthTest\ControllerSecuredWithPermission::$post_init_called);
|
||||
|
||||
$_SERVER['PHP_AUTH_USER'] = 'user-in-mygroup@test.com';
|
||||
$_SERVER['PHP_AUTH_PW'] = 'test';
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission');
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission', null, $_SESSION, null, null, $_SERVER);
|
||||
$this->assertTrue(BasicAuthTest\ControllerSecuredWithPermission::$index_called);
|
||||
$this->assertTrue(BasicAuthTest\ControllerSecuredWithPermission::$post_init_called);
|
||||
|
||||
@ -77,17 +77,17 @@ class BasicAuthTest extends FunctionalTest
|
||||
|
||||
$_SERVER['PHP_AUTH_USER'] = 'user-in-mygroup@test.com';
|
||||
$_SERVER['PHP_AUTH_PW'] = 'wrongpassword';
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission');
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission', null, $_SESSION, null, null, $_SERVER);
|
||||
$this->assertEquals(401, $response->getStatusCode(), 'Invalid users dont have access');
|
||||
|
||||
$_SERVER['PHP_AUTH_USER'] = 'user-without-groups@test.com';
|
||||
$_SERVER['PHP_AUTH_PW'] = 'test';
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission');
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission', null, $_SESSION, null, null, $_SERVER);
|
||||
$this->assertEquals(401, $response->getStatusCode(), 'Valid user without required permission has no access');
|
||||
|
||||
$_SERVER['PHP_AUTH_USER'] = 'user-in-mygroup@test.com';
|
||||
$_SERVER['PHP_AUTH_PW'] = 'test';
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission');
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithPermission', null, $_SESSION, null, null, $_SERVER);;
|
||||
$this->assertEquals(200, $response->getStatusCode(), 'Valid user with required permission has access');
|
||||
|
||||
$_SERVER['PHP_AUTH_USER'] = $origUser;
|
||||
@ -101,17 +101,17 @@ class BasicAuthTest extends FunctionalTest
|
||||
|
||||
$_SERVER['PHP_AUTH_USER'] = 'user-without-groups@test.com';
|
||||
$_SERVER['PHP_AUTH_PW'] = 'wrongpassword';
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithoutPermission');
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithoutPermission', null, $_SESSION, null, null, $_SERVER);
|
||||
$this->assertEquals(401, $response->getStatusCode(), 'Invalid users dont have access');
|
||||
|
||||
$_SERVER['PHP_AUTH_USER'] = 'user-without-groups@test.com';
|
||||
$_SERVER['PHP_AUTH_PW'] = 'test';
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithoutPermission');
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithoutPermission', null, $_SESSION, null, null, $_SERVER);
|
||||
$this->assertEquals(200, $response->getStatusCode(), 'All valid users have access');
|
||||
|
||||
$_SERVER['PHP_AUTH_USER'] = 'user-in-mygroup@test.com';
|
||||
$_SERVER['PHP_AUTH_PW'] = 'test';
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithoutPermission');
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithoutPermission', null, $_SESSION, null, null, $_SERVER);
|
||||
$this->assertEquals(200, $response->getStatusCode(), 'All valid users have access');
|
||||
|
||||
$_SERVER['PHP_AUTH_USER'] = $origUser;
|
||||
@ -127,19 +127,19 @@ class BasicAuthTest extends FunctionalTest
|
||||
// First failed attempt
|
||||
$_SERVER['PHP_AUTH_USER'] = 'failedlogin@test.com';
|
||||
$_SERVER['PHP_AUTH_PW'] = 'test';
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithoutPermission');
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithoutPermission', null, $_SESSION, null, null, $_SERVER);
|
||||
$check = Member::get()->filter('Email', 'failedlogin@test.com')->first();
|
||||
$this->assertEquals(1, $check->FailedLoginCount);
|
||||
|
||||
// Second failed attempt
|
||||
$_SERVER['PHP_AUTH_PW'] = 'testwrong';
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithoutPermission');
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithoutPermission', null, $_SESSION, null, null, $_SERVER);
|
||||
$check = Member::get()->filter('Email', 'failedlogin@test.com')->first();
|
||||
$this->assertEquals(2, $check->FailedLoginCount);
|
||||
|
||||
// successful basic auth should reset failed login count
|
||||
$_SERVER['PHP_AUTH_PW'] = 'Password';
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithoutPermission');
|
||||
$response = Director::test('BasicAuthTest_ControllerSecuredWithoutPermission', null, $_SESSION, null, null, $_SERVER);
|
||||
$check = Member::get()->filter('Email', 'failedlogin@test.com')->first();
|
||||
$this->assertEquals(0, $check->FailedLoginCount);
|
||||
}
|
||||
|
||||
@ -9,6 +9,7 @@ use SilverStripe\Security\InheritedPermissions;
|
||||
use SilverStripe\Security\InheritedPermissionsExtension;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\PermissionChecker;
|
||||
use SilverStripe\Security\Security;
|
||||
use SilverStripe\Versioned\Versioned;
|
||||
|
||||
/**
|
||||
@ -45,7 +46,7 @@ class TestPermissionNode extends DataObject implements TestOnly
|
||||
public function canEdit($member = null)
|
||||
{
|
||||
if (!$member) {
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
}
|
||||
return static::getInheritedPermissions()->canEdit($this->ID, $member);
|
||||
}
|
||||
@ -53,7 +54,7 @@ class TestPermissionNode extends DataObject implements TestOnly
|
||||
public function canView($member = null)
|
||||
{
|
||||
if (!$member) {
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
}
|
||||
return static::getInheritedPermissions()->canView($this->ID, $member);
|
||||
}
|
||||
@ -61,7 +62,7 @@ class TestPermissionNode extends DataObject implements TestOnly
|
||||
public function canDelete($member = null)
|
||||
{
|
||||
if (!$member) {
|
||||
$member = Member::currentUser();
|
||||
$member = Security::getCurrentUser();
|
||||
}
|
||||
return static::getInheritedPermissions()->canDelete($this->ID, $member);
|
||||
}
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
namespace SilverStripe\Security\Tests;
|
||||
|
||||
use SilverStripe\Core\Convert;
|
||||
use SilverStripe\Core\Injector\Injector;
|
||||
use SilverStripe\Dev\FunctionalTest;
|
||||
use SilverStripe\Control\Cookie;
|
||||
use SilverStripe\i18n\i18n;
|
||||
@ -553,7 +554,6 @@ class MemberTest extends FunctionalTest
|
||||
$this->assertFalse($member->canDelete());
|
||||
$this->assertFalse($member->canEdit());
|
||||
|
||||
$this->addExtensions($extensions);
|
||||
$this->logOut();
|
||||
}
|
||||
|
||||
@ -568,14 +568,11 @@ class MemberTest extends FunctionalTest
|
||||
$this->assertTrue($member2->canDelete());
|
||||
$this->assertTrue($member2->canEdit());
|
||||
|
||||
$this->addExtensions($extensions);
|
||||
$this->logOut();
|
||||
}
|
||||
|
||||
public function testExtendedCan()
|
||||
{
|
||||
|
||||
$extensions = $this->removeExtensions(Object::get_extensions(Member::class));
|
||||
$member = $this->objFromFixture(Member::class, 'test');
|
||||
|
||||
/* Normal behaviour is that you can't view a member unless canView() on an extension returns true */
|
||||
@ -1369,12 +1366,12 @@ class MemberTest extends FunctionalTest
|
||||
|
||||
public function testCurrentUser()
|
||||
{
|
||||
$this->assertNull(Member::currentUser());
|
||||
$this->assertNull(Security::getCurrentUser());
|
||||
|
||||
$adminMember = $this->objFromFixture(Member::class, 'admin');
|
||||
$this->logInAs($adminMember);
|
||||
|
||||
$userFromSession = Member::currentUser();
|
||||
$userFromSession = Security::getCurrentUser();
|
||||
$this->assertEquals($adminMember->ID, $userFromSession->ID);
|
||||
}
|
||||
|
||||
@ -1383,7 +1380,7 @@ class MemberTest extends FunctionalTest
|
||||
*/
|
||||
public function testActAsUserPermissions()
|
||||
{
|
||||
$this->assertNull(Member::currentUser());
|
||||
$this->assertNull(Security::getCurrentUser());
|
||||
|
||||
/** @var Member $adminMember */
|
||||
$adminMember = $this->objFromFixture(Member::class, 'admin');
|
||||
@ -1422,7 +1419,7 @@ class MemberTest extends FunctionalTest
|
||||
*/
|
||||
public function testActAsUser()
|
||||
{
|
||||
$this->assertNull(Member::currentUser());
|
||||
$this->assertNull(Security::getCurrentUser());
|
||||
|
||||
/** @var Member $adminMember */
|
||||
$adminMember = $this->objFromFixture(Member::class, 'admin');
|
||||
|
||||
@ -182,8 +182,8 @@ class SecurityTest extends FunctionalTest
|
||||
public function testAutomaticRedirectionOnLogin()
|
||||
{
|
||||
// BackURL with permission error (not authenticated) should not redirect
|
||||
if ($member = Member::currentUser()) {
|
||||
$member->logOut();
|
||||
if ($member = Security::getCurrentUser()) {
|
||||
Security::setCurrentUser(null);
|
||||
}
|
||||
$response = $this->getRecursive('SecurityTest_SecuredController');
|
||||
$this->assertContains(Convert::raw2xml("That page is secured."), $response->getBody());
|
||||
@ -228,7 +228,7 @@ class SecurityTest extends FunctionalTest
|
||||
$member = DataObject::get_one(Member::class);
|
||||
|
||||
/* Log in with any user that we can find */
|
||||
$this->session()->inst_set('loggedInAs', $member->ID);
|
||||
Security::setCurrentUser($member);
|
||||
|
||||
/* View the Security/login page */
|
||||
$response = $this->get(Config::inst()->get(Security::class, 'login_url'));
|
||||
@ -254,7 +254,7 @@ class SecurityTest extends FunctionalTest
|
||||
$this->assertNotNull($response->getBody(), 'There is body content on the page');
|
||||
|
||||
/* Log the user out */
|
||||
$this->session()->inst_set('loggedInAs', null);
|
||||
Security::setCurrentUser(null);
|
||||
}
|
||||
|
||||
public function testMemberIDInSessionDoesntExistInDatabaseHasToLogin()
|
||||
|
||||
@ -16,6 +16,7 @@ use SilverStripe\ORM\FieldType\DBField;
|
||||
use SilverStripe\ORM\ArrayList;
|
||||
use SilverStripe\ORM\PaginatedList;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Security\Security;
|
||||
use SilverStripe\Security\SecurityToken;
|
||||
use SilverStripe\Security\Permission;
|
||||
use SilverStripe\View\ArrayData;
|
||||
@ -406,22 +407,22 @@ SS;
|
||||
);
|
||||
|
||||
$this->assertEquals(
|
||||
(string)Member::currentUser(),
|
||||
(string)Security::getCurrentUser(),
|
||||
$this->render('{$CurrentMember}'),
|
||||
'Member template functions result correct result'
|
||||
);
|
||||
$this->assertEquals(
|
||||
(string)Member::currentUser(),
|
||||
(string)Security::getCurrentUser(),
|
||||
$this->render('{$CurrentUser}'),
|
||||
'Member template functions result correct result'
|
||||
);
|
||||
$this->assertEquals(
|
||||
(string)Member::currentUser(),
|
||||
(string)Security::getCurrentUser(),
|
||||
$this->render('{$currentMember}'),
|
||||
'Member template functions result correct result'
|
||||
);
|
||||
$this->assertEquals(
|
||||
(string)Member::currentUser(),
|
||||
(string)Security::getCurrentUser(),
|
||||
$this->render('{$currentUser}'),
|
||||
'Member template functions result correct result'
|
||||
);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user