Merge pull request #64 from silverstripe-security/pulls/4.0/ss-2018-010

[SS-2018-010] Fix regression of SS-2017-002
This commit is contained in:
Robbie Averill 2018-05-14 17:12:45 +12:00 committed by GitHub
commit 5887201dd5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 3 deletions

View File

@ -91,6 +91,11 @@ class MemberAuthenticator implements Authenticator
// Validate against member if possible // Validate against member if possible
if ($member && !$asDefaultAdmin) { if ($member && !$asDefaultAdmin) {
$this->checkPassword($member, $data['Password'], $result); $this->checkPassword($member, $data['Password'], $result);
} elseif (!$asDefaultAdmin) {
// spoof a login attempt
$tempMember = Member::create();
$tempMember->{Member::config()->get('unique_identifier_field')} = $email;
$tempMember->validateCanLogin($result);
} }
// Emit failure to member and form (if available) // Emit failure to member and form (if available)
@ -164,7 +169,9 @@ class MemberAuthenticator implements Authenticator
*/ */
protected function recordLoginAttempt($data, HTTPRequest $request, $member, $success) protected function recordLoginAttempt($data, HTTPRequest $request, $member, $success)
{ {
if (!Security::config()->get('login_recording')) { if (!Security::config()->get('login_recording')
&& !Member::config()->get('lock_out_after_incorrect_logins')
) {
return; return;
} }

View File

@ -243,7 +243,6 @@ class MemberAuthenticatorTest extends SapphireTest
public function testNonExistantMemberGetsLoginAttemptRecorded() public function testNonExistantMemberGetsLoginAttemptRecorded()
{ {
Security::config()->set('login_recording', true);
Member::config() Member::config()
->set('lock_out_after_incorrect_logins', 1) ->set('lock_out_after_incorrect_logins', 1)
->set('lock_out_delay_mins', 10); ->set('lock_out_delay_mins', 10);
@ -272,7 +271,6 @@ class MemberAuthenticatorTest extends SapphireTest
public function testNonExistantMemberGetsLockedOut() public function testNonExistantMemberGetsLockedOut()
{ {
Security::config()->set('login_recording', true);
Member::config() Member::config()
->set('lock_out_after_incorrect_logins', 1) ->set('lock_out_after_incorrect_logins', 1)
->set('lock_out_delay_mins', 10); ->set('lock_out_delay_mins', 10);