Fix for CMS Authenticator. Should only apply to CMSSecurity

2024-06-26 06:29:24 +02:00 · 2017-06-10 14:46:01 +12:00 · 2017-06-10 14:46:01 +12:00 · 3fe837dad7
commit 3fe837dad7
parent c7f7233c4d
3 changed files with 6 additions and 3 deletions
--- a/_config/security.yml
+++ b/_config/security.yml
@ -31,5 +31,8 @@ SilverStripe\Core\Injector\Injector:
    properties:
      Authenticators:
        default: %$SilverStripe\Security\MemberAuthenticator\MemberAuthenticator
+  SilverStripe\Security\CMSSecurity:
+    properties:
+      Authenticators:
        cms: %$SilverStripe\Security\MemberAuthenticator\CMSMemberAuthenticator
  SilverStripe\Security\IdentityStore: %$SilverStripe\Security\AuthenticationHandler
--- a/src/Security/CMSSecurity.php
+++ b/src/Security/CMSSecurity.php
@ -165,14 +165,14 @@ PHP
     *
     * @return bool
     */
-    public static function enabled()
+    public function enabled()
    {
        // Disable shortcut
        if (!static::config()->get('reauth_enabled')) {
            return false;
        }

-        return count(Security::singleton()->getApplicableAuthenticators(Authenticator::CMS_LOGIN)) > 0;
+        return count($this->getApplicableAuthenticators(Authenticator::CMS_LOGIN)) > 0;
    }

    /**
--- a/src/Security/Security.php
+++ b/src/Security/Security.php
@ -356,7 +356,7 @@ class Security extends Controller implements TemplateGlobalProvider
                    _t('SilverStripe\\CMS\\Controllers\\ContentController.NOTLOGGEDIN', 'Not logged in')
                );
                // Tell the CMS to allow re-authentication
-                if (CMSSecurity::enabled()) {
+                if (CMSSecurity::singleton()->enabled()) {
                    $response->addHeader('X-Reauthenticate', '1');
                }
            }