Improve the default LoginForm

- has the fields and actions extracted to a separate method, so it's more easily overridable - Moved the global variable $_REQUEST to getting the info from the controller - Updated string variables to `::class` - Updated RequiredFields to be set in the YML, so it's overridable/updatable from either Config or code
2024-10-22 14:05:37 +02:00 · 2017-04-14 16:21:38 +12:00 · 2017-04-14 16:21:38 +12:00 · 3f1f9d04b7
commit 3f1f9d04b7
parent 8ad9207d85
3 changed files with 79 additions and 51 deletions
--- a/_config/security.yml
+++ b/_config/security.yml
@ -0,0 +1,4 @@
+SilverStripe\Security\MemberLoginForm:
+  required_fields:
+    - Email
+    - Password
--- a/src/Security/Authenticator.php
+++ b/src/Security/Authenticator.php
@ -22,7 +22,7 @@ abstract class Authenticator extends Object
     *
     * @var array
     */
-    private static $authenticators = array('SilverStripe\\Security\\MemberAuthenticator');
+    private static $authenticators = array(MemberAuthenticator::class);

    /**
     * Used to influence the order of authenticators on the login-screen
@ -30,7 +30,7 @@ abstract class Authenticator extends Object
     *
     * @var string
     */
-    private static $default_authenticator = 'SilverStripe\\Security\\MemberAuthenticator';
+    private static $default_authenticator = MemberAuthenticator::class;


    /**
@ -113,7 +113,7 @@ abstract class Authenticator extends Object
            return false;
        }

-        if (is_subclass_of($authenticator, 'SilverStripe\\Security\\Authenticator') == false) {
+        if (is_subclass_of($authenticator, self::class) == false) {
            return false;
        }

--- a/src/Security/MemberLoginForm.php
+++ b/src/Security/MemberLoginForm.php
@ -35,6 +35,12 @@ class MemberLoginForm extends LoginForm
     */
    public $loggedInAsField = 'FirstName';

+    /**
+     * Required fields for validation
+     * @var array
+     */
+    private static $required_fields;
+
    /**
     * Constructor
     *
@ -69,8 +75,8 @@ class MemberLoginForm extends LoginForm
            Requirements::css($customCSS);
        }

-        if (isset($_REQUEST['BackURL'])) {
-            $backURL = $_REQUEST['BackURL'];
+        if ($controller->request->getVar('BackURL')) {
+            $backURL = $controller->request->getVar('BackURL');
        } else {
            $backURL = Session::get('BackURL');
        }
@ -84,14 +90,43 @@ class MemberLoginForm extends LoginForm
            );
        } else {
            if (!$fields) {
+                $fields = $this->getFormFields();
+            }
+            if (!$actions) {
+                $actions = $this->getFormActions();
+            }
+        }
+
+        if (isset($backURL)) {
+            $fields->push(HiddenField::create('BackURL', 'BackURL', $backURL));
+        }
+
+        // Reduce attack surface by enforcing POST requests
+        $this->setFormMethod('POST', true);
+
+        parent::__construct($controller, $name, $fields, $actions);
+
+        $this->setValidator(RequiredFields::create(self::config()->get('required_fields')));
+    }
+
+    /**
+     * Build the FieldList for the login form
+     *
+     * @return FieldList
+     */
+    protected function getFormFields()
+    {
        $label = Member::singleton()->fieldLabel(Member::config()->unique_identifier_field);
        $fields = FieldList::create(
            HiddenField::create("AuthenticationMethod", null, $this->authenticator_class, $this),
            // Regardless of what the unique identifer field is (usually 'Email'), it will be held in the
            // 'Email' value, below:
+            // @todo Rename the field to a more generic covering name
            $emailField = TextField::create("Email", $label, null, null, $this),
            PasswordField::create("Password", _t('Member.PASSWORD', 'Password'))
        );
+        $emailField->setAttribute('autofocus', 'true');
+
        if (Security::config()->remember_username) {
            $emailField->setValue(Session::get('SessionForms.MemberLoginForm.Email'));
        } else {
@ -113,8 +148,17 @@ class MemberLoginForm extends LoginForm
                )
            );
        }
+
+        return $fields;
    }
-            if (!$actions) {
+
+    /**
+     * Build default login form action FieldList
+     *
+     * @return FieldList
+     */
+    protected function getFormActions()
+    {
        $actions = FieldList::create(
            FormAction::create('dologin', _t('Member.BUTTONLOGIN', "Log in")),
            LiteralField::create(
@ -123,28 +167,8 @@ class MemberLoginForm extends LoginForm
                . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'
            )
        );
-            }
-        }

-        if (isset($backURL)) {
-            $fields->push(HiddenField::create('BackURL', 'BackURL', $backURL));
-        }
-
-        // Reduce attack surface by enforcing POST requests
-        $this->setFormMethod('POST', true);
-
-        parent::__construct($controller, $name, $fields, $actions);
-
-        $this->setValidator(RequiredFields::create('Email', 'Password'));
-
-        // Focus on the email input when the page is loaded
-        $js = <<<JS
-			(function() {
-				var el = document.getElementById("MemberLoginForm_LoginForm_Email");
-				if(el && el.focus && (typeof jQuery == 'undefined' || jQuery(el).is(':visible'))) el.focus();
-			})();
-JS;
-        Requirements::customScript($js, 'MemberLoginFormFieldFocus');
+        return $actions;
    }

    public function restoreFormState()