mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #64 from silverstripe-security/pulls/4.0/ss-2018-010
[SS-2018-010] Fix regression of SS-2017-002
This commit is contained in:
commit
5887201dd5
@ -91,6 +91,11 @@ class MemberAuthenticator implements Authenticator
|
|||||||
// Validate against member if possible
|
// Validate against member if possible
|
||||||
if ($member && !$asDefaultAdmin) {
|
if ($member && !$asDefaultAdmin) {
|
||||||
$this->checkPassword($member, $data['Password'], $result);
|
$this->checkPassword($member, $data['Password'], $result);
|
||||||
|
} elseif (!$asDefaultAdmin) {
|
||||||
|
// spoof a login attempt
|
||||||
|
$tempMember = Member::create();
|
||||||
|
$tempMember->{Member::config()->get('unique_identifier_field')} = $email;
|
||||||
|
$tempMember->validateCanLogin($result);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Emit failure to member and form (if available)
|
// Emit failure to member and form (if available)
|
||||||
@ -164,7 +169,9 @@ class MemberAuthenticator implements Authenticator
|
|||||||
*/
|
*/
|
||||||
protected function recordLoginAttempt($data, HTTPRequest $request, $member, $success)
|
protected function recordLoginAttempt($data, HTTPRequest $request, $member, $success)
|
||||||
{
|
{
|
||||||
if (!Security::config()->get('login_recording')) {
|
if (!Security::config()->get('login_recording')
|
||||||
|
&& !Member::config()->get('lock_out_after_incorrect_logins')
|
||||||
|
) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -243,7 +243,6 @@ class MemberAuthenticatorTest extends SapphireTest
|
|||||||
|
|
||||||
public function testNonExistantMemberGetsLoginAttemptRecorded()
|
public function testNonExistantMemberGetsLoginAttemptRecorded()
|
||||||
{
|
{
|
||||||
Security::config()->set('login_recording', true);
|
|
||||||
Member::config()
|
Member::config()
|
||||||
->set('lock_out_after_incorrect_logins', 1)
|
->set('lock_out_after_incorrect_logins', 1)
|
||||||
->set('lock_out_delay_mins', 10);
|
->set('lock_out_delay_mins', 10);
|
||||||
@ -272,7 +271,6 @@ class MemberAuthenticatorTest extends SapphireTest
|
|||||||
|
|
||||||
public function testNonExistantMemberGetsLockedOut()
|
public function testNonExistantMemberGetsLockedOut()
|
||||||
{
|
{
|
||||||
Security::config()->set('login_recording', true);
|
|
||||||
Member::config()
|
Member::config()
|
||||||
->set('lock_out_after_incorrect_logins', 1)
|
->set('lock_out_after_incorrect_logins', 1)
|
||||||
->set('lock_out_delay_mins', 10);
|
->set('lock_out_delay_mins', 10);
|
||||||
|
Loading…
Reference in New Issue
Block a user