mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 12:05:37 +00:00
Merge branch 'master' of github.com:silverstripe/sapphire
This commit is contained in:
commit
6c859a7622
@ -12,3 +12,5 @@ PasswordEncryptor:
|
|||||||
PasswordEncryptor_PHPHash: md5
|
PasswordEncryptor_PHPHash: md5
|
||||||
sha1_v2.4:
|
sha1_v2.4:
|
||||||
PasswordEncryptor_PHPHash: sha1
|
PasswordEncryptor_PHPHash: sha1
|
||||||
|
blowfish:
|
||||||
|
PasswordEncryptor_Blowfish:
|
@ -33,6 +33,8 @@ class SS_Backtrace {
|
|||||||
array('PasswordEncryptor_MySQLPassword', 'salt'),
|
array('PasswordEncryptor_MySQLPassword', 'salt'),
|
||||||
array('PasswordEncryptor_MySQLOldPassword', 'encrypt'),
|
array('PasswordEncryptor_MySQLOldPassword', 'encrypt'),
|
||||||
array('PasswordEncryptor_MySQLOldPassword', 'salt'),
|
array('PasswordEncryptor_MySQLOldPassword', 'salt'),
|
||||||
|
array('PasswordEncryptor_Blowfish', 'encrypt'),
|
||||||
|
array('PasswordEncryptor_Blowfish', 'salt'),
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -28,6 +28,16 @@ class GridFieldDetailForm implements GridField_URLHandler {
|
|||||||
*/
|
*/
|
||||||
protected $validator;
|
protected $validator;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var String
|
||||||
|
*/
|
||||||
|
protected $itemRequestClass;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var function With two parameters: $form and $component
|
||||||
|
*/
|
||||||
|
protected $itemEditFormCallback;
|
||||||
|
|
||||||
function getURLHandlers($gridField) {
|
function getURLHandlers($gridField) {
|
||||||
return array(
|
return array(
|
||||||
'item/$ID' => 'handleItem',
|
'item/$ID' => 'handleItem',
|
||||||
@ -64,11 +74,7 @@ class GridFieldDetailForm implements GridField_URLHandler {
|
|||||||
$record = Object::create($gridField->getModelClass());
|
$record = Object::create($gridField->getModelClass());
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ClassInfo::exists(get_class($this) . "_ItemRequest")) {
|
$class = $this->getItemRequestClass();
|
||||||
$class = get_class($this) . "_ItemRequest";
|
|
||||||
} else {
|
|
||||||
$class = 'GridFieldDetailForm_ItemRequest';
|
|
||||||
}
|
|
||||||
|
|
||||||
$handler = Object::create($class, $gridField, $this, $record, $controller, $this->name);
|
$handler = Object::create($class, $gridField, $this, $record, $controller, $this->name);
|
||||||
$handler->setTemplate($this->template);
|
$handler->setTemplate($this->template);
|
||||||
@ -120,6 +126,41 @@ class GridFieldDetailForm implements GridField_URLHandler {
|
|||||||
public function getValidator() {
|
public function getValidator() {
|
||||||
return $this->validator;
|
return $this->validator;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param String
|
||||||
|
*/
|
||||||
|
public function setItemRequestClass($class) {
|
||||||
|
$this->itemRequestClass = $class;
|
||||||
|
return $this;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return String
|
||||||
|
*/
|
||||||
|
public function getItemRequestClass() {
|
||||||
|
if($this->itemRequestClass) {
|
||||||
|
return $this->itemRequestClass;
|
||||||
|
} else if(ClassInfo::exists(get_class($this) . "_ItemRequest")) {
|
||||||
|
return get_class($this) . "_ItemRequest";
|
||||||
|
} else {
|
||||||
|
return 'GridFieldItemRequest_ItemRequest';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param Closure $cb Make changes on the edit form after constructing it.
|
||||||
|
*/
|
||||||
|
public function setItemEditFormCallback(Closure $cb) {
|
||||||
|
$this->itemEditFormCallback = $cb;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return Closure
|
||||||
|
*/
|
||||||
|
public function getItemEditFormCallback() {
|
||||||
|
return $this->itemEditFormCallback;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class GridFieldDetailForm_ItemRequest extends RequestHandler {
|
class GridFieldDetailForm_ItemRequest extends RequestHandler {
|
||||||
@ -269,6 +310,10 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler {
|
|||||||
// e.g. page/edit/show/6/ vs. page/edit/EditForm/field/MyGridField/....
|
// e.g. page/edit/show/6/ vs. page/edit/EditForm/field/MyGridField/....
|
||||||
$form->Backlink = $toplevelController->Link();
|
$form->Backlink = $toplevelController->Link();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$cb = $this->component->getItemEditFormCallback();
|
||||||
|
if($cb) $cb($form, $this);
|
||||||
|
|
||||||
return $form;
|
return $form;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -94,12 +94,23 @@ class Group extends DataObject {
|
|||||||
$permissionsField->setHiddenPermissions(SecurityAdmin::$hidden_permissions);
|
$permissionsField->setHiddenPermissions(SecurityAdmin::$hidden_permissions);
|
||||||
|
|
||||||
if($this->ID) {
|
if($this->ID) {
|
||||||
|
$group = $this;
|
||||||
$config = new GridFieldConfig_RelationEditor();
|
$config = new GridFieldConfig_RelationEditor();
|
||||||
$config->addComponents(new GridFieldExportButton('before'));
|
$config->addComponents(new GridFieldExportButton('before'));
|
||||||
$config->addComponents(new GridFieldPrintButton('before'));
|
$config->addComponents(new GridFieldPrintButton('before'));
|
||||||
$config->getComponentByType('GridFieldAddExistingAutocompleter')
|
$config->getComponentByType('GridFieldAddExistingAutocompleter')
|
||||||
->setResultsFormat('$Title ($Email)')->setSearchFields(array('FirstName', 'Surname', 'Email'));
|
->setResultsFormat('$Title ($Email)')->setSearchFields(array('FirstName', 'Surname', 'Email'));
|
||||||
$config->getComponentByType('GridFieldDetailForm')->setValidator(new Member_Validator());
|
$config->getComponentByType('GridFieldDetailForm')
|
||||||
|
->setValidator(new Member_Validator())
|
||||||
|
->setItemEditFormCallback(function($form, $component) use($group) {
|
||||||
|
// If new records are created in a group context,
|
||||||
|
// set this group by default.
|
||||||
|
$record = $form->getRecord();
|
||||||
|
if($record && !$record->ID) {
|
||||||
|
$groupsField = $form->Fields()->dataFieldByName('DirectGroups');
|
||||||
|
if($groupsField) $groupsField->setValue($group->ID);
|
||||||
|
}
|
||||||
|
});
|
||||||
$memberList = GridField::create('Members',false, $this->Members(), $config)->addExtraClass('members_grid');
|
$memberList = GridField::create('Members',false, $this->Members(), $config)->addExtraClass('members_grid');
|
||||||
// @todo Implement permission checking on GridField
|
// @todo Implement permission checking on GridField
|
||||||
//$memberList->setPermissions(array('edit', 'delete', 'export', 'add', 'inlineadd'));
|
//$memberList->setPermissions(array('edit', 'delete', 'export', 'add', 'inlineadd'));
|
||||||
|
@ -116,7 +116,50 @@ abstract class PasswordEncryptor {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This is the default class used for built-in hash types in PHP.
|
* Blowfish encryption - this is the default from SilverStripe 3.
|
||||||
|
* PHP 5.3+ will provide a php implementation if there is no system
|
||||||
|
* version available.
|
||||||
|
*
|
||||||
|
* @package framework
|
||||||
|
* @subpackage security
|
||||||
|
*/
|
||||||
|
class PasswordEncryptor_Blowfish extends PasswordEncryptor {
|
||||||
|
/**
|
||||||
|
* Cost of encryption.
|
||||||
|
* Higher costs will increase security, but also increase server load.
|
||||||
|
* If you are using basic auth, you may need to decrease this as encryption
|
||||||
|
* will be run on every request.
|
||||||
|
* Must be between 4 and 31.
|
||||||
|
*/
|
||||||
|
protected static $cost = 10;
|
||||||
|
|
||||||
|
function encrypt($password, $salt = null, $member = null) {
|
||||||
|
// We use $2y$ here instead of $2a$ - in PHP < 5.3.7, passwords
|
||||||
|
// with non-ascii characters will use a flawed version of the blowfish
|
||||||
|
// algorithm when specified with $2a$. $2y$ specifies non-flawed version
|
||||||
|
// in all cases.
|
||||||
|
// See https://bugs.php.net/bug.php?id=55477&edit=1
|
||||||
|
$method_and_salt = '$2y$' . $salt;
|
||||||
|
$encrypted_password = crypt($password, $method_and_salt);
|
||||||
|
// We *never* want to generate blank passwords. If something
|
||||||
|
// goes wrong, throw an exception.
|
||||||
|
if(strpos($encrypted_password, $method_and_salt) === false) {
|
||||||
|
throw new PasswordEncryptor_EncryptionFailed('Blowfish password encryption failed.');
|
||||||
|
}
|
||||||
|
|
||||||
|
// Remove the method and salt from the password, as the salt
|
||||||
|
// is stored in a separate column.
|
||||||
|
return substr($encrypted_password, strlen($method_and_salt));
|
||||||
|
}
|
||||||
|
|
||||||
|
function salt($password, $memeber = null) {
|
||||||
|
$generator = new RandomGenerator();
|
||||||
|
return self::$cost . '$' . substr($generator->generateHash('sha1'), 0, 21);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Encryption using built-in hash types in PHP.
|
||||||
* Please note that the implemented algorithms depend on the PHP
|
* Please note that the implemented algorithms depend on the PHP
|
||||||
* distribution and architecture.
|
* distribution and architecture.
|
||||||
*
|
*
|
||||||
@ -240,3 +283,9 @@ class PasswordEncryptor_None extends PasswordEncryptor {
|
|||||||
* @subpackage security
|
* @subpackage security
|
||||||
*/
|
*/
|
||||||
class PasswordEncryptor_NotFoundException extends Exception {}
|
class PasswordEncryptor_NotFoundException extends Exception {}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @package framework
|
||||||
|
* @subpackage security
|
||||||
|
*/
|
||||||
|
class PasswordEncryptor_EncryptionFailed extends Exception {}
|
||||||
|
@ -50,7 +50,7 @@ class Security extends Controller {
|
|||||||
*
|
*
|
||||||
* @var string
|
* @var string
|
||||||
*/
|
*/
|
||||||
protected static $encryptionAlgorithm = 'sha1_v2.4';
|
protected static $encryptionAlgorithm = 'blowfish';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Showing "Remember me"-checkbox
|
* Showing "Remember me"-checkbox
|
||||||
|
@ -126,6 +126,32 @@ class GridFieldDetailFormTest extends FunctionalTest {
|
|||||||
|
|
||||||
// Fourth level form would be a Category detail view
|
// Fourth level form would be a Category detail view
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function testCustomItemRequestClass() {
|
||||||
|
$component = new GridFieldDetailForm();
|
||||||
|
$this->assertEquals('GridFieldDetailForm_ItemRequest', $component->getItemRequestClass());
|
||||||
|
$component->setItemRequestClass('GridFieldDetailFormTest_ItemRequest');
|
||||||
|
$this->assertEquals('GridFieldDetailFormTest_ItemRequest', $component->getItemRequestClass());
|
||||||
|
}
|
||||||
|
|
||||||
|
function testItemEditFormCallback() {
|
||||||
|
$category = new GridFieldDetailFormTest_Category();
|
||||||
|
$component = new GridFieldDetailForm();
|
||||||
|
$component->setItemEditFormCallback(function($form, $component) {
|
||||||
|
$form->Fields()->push(new HiddenField('Callback'));
|
||||||
|
});
|
||||||
|
// Note: A lot of scaffolding to execute the tested logic,
|
||||||
|
// due to the coupling of form creation with request handling (and its context)
|
||||||
|
$request = new GridFieldDetailForm_ItemRequest(
|
||||||
|
GridField::create('Categories', 'Categories'),
|
||||||
|
$component,
|
||||||
|
$category,
|
||||||
|
new Controller(),
|
||||||
|
'Form'
|
||||||
|
);
|
||||||
|
$form = $request->ItemEditForm();
|
||||||
|
$this->assertNotNull($form->Fields()->fieldByName('Callback'));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class GridFieldDetailFormTest_Person extends DataObject implements TestOnly {
|
class GridFieldDetailFormTest_Person extends DataObject implements TestOnly {
|
||||||
@ -230,3 +256,6 @@ class GridFieldDetailFormTest_GroupController extends Controller implements Test
|
|||||||
return new Form($this, 'Form', new FieldList($field), new FieldList());
|
return new Form($this, 'Form', new FieldList($field), new FieldList());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
class GridFieldDetailFormTest_ItemRequest extends GridFieldDetailForm_ItemRequest implements TestOnly {
|
||||||
|
}
|
@ -44,13 +44,13 @@ class PasswordEncryptorTest extends SapphireTest {
|
|||||||
$this->assertNotContains('test', array_keys(PasswordEncryptor::get_encryptors()));
|
$this->assertNotContains('test', array_keys(PasswordEncryptor::get_encryptors()));
|
||||||
}
|
}
|
||||||
|
|
||||||
function testEncrytorPHPHashWithArguments() {
|
function testEncryptorPHPHashWithArguments() {
|
||||||
Config::inst()->update('PasswordEncryptor', 'encryptors', array('test_md5'=>array('PasswordEncryptor_PHPHash'=>'md5')));
|
Config::inst()->update('PasswordEncryptor', 'encryptors', array('test_md5'=>array('PasswordEncryptor_PHPHash'=>'md5')));
|
||||||
$e = PasswordEncryptor::create_for_algorithm('test_md5');
|
$e = PasswordEncryptor::create_for_algorithm('test_md5');
|
||||||
$this->assertEquals('md5', $e->getAlgorithm());
|
$this->assertEquals('md5', $e->getAlgorithm());
|
||||||
}
|
}
|
||||||
|
|
||||||
function testEncrytorPHPHash() {
|
function testEncryptorPHPHash() {
|
||||||
Config::inst()->update('PasswordEncryptor', 'encryptors', array('test_sha1'=>array('PasswordEncryptor_PHPHash'=>'sha1')));
|
Config::inst()->update('PasswordEncryptor', 'encryptors', array('test_sha1'=>array('PasswordEncryptor_PHPHash'=>'sha1')));
|
||||||
$e = PasswordEncryptor::create_for_algorithm('test_sha1');
|
$e = PasswordEncryptor::create_for_algorithm('test_sha1');
|
||||||
$password = 'mypassword';
|
$password = 'mypassword';
|
||||||
@ -61,7 +61,18 @@ class PasswordEncryptorTest extends SapphireTest {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
function testEncrytorPHPHashCompare() {
|
function testEncryptorBlowfish() {
|
||||||
|
Config::inst()->update('PasswordEncryptor', 'encryptors', array('test_blowfish'=>array('PasswordEncryptor_Blowfish'=>'')));
|
||||||
|
$e = PasswordEncryptor::create_for_algorithm('test_blowfish');
|
||||||
|
$password = 'mypassword';
|
||||||
|
$salt = '10$mysaltmustbetwen2char';
|
||||||
|
$this->assertEquals(
|
||||||
|
crypt($password, '$2y$' . $salt),
|
||||||
|
'$2y$' . $salt . $e->encrypt($password, $salt)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
function testEncryptorPHPHashCompare() {
|
||||||
Config::inst()->update('PasswordEncryptor', 'encryptors', array('test_sha1'=>array('PasswordEncryptor_PHPHash'=>'sha1')));
|
Config::inst()->update('PasswordEncryptor', 'encryptors', array('test_sha1'=>array('PasswordEncryptor_PHPHash'=>'sha1')));
|
||||||
$e = PasswordEncryptor::create_for_algorithm('test_sha1');
|
$e = PasswordEncryptor::create_for_algorithm('test_sha1');
|
||||||
$this->assertTrue($e->compare(sha1('mypassword'), sha1('mypassword')));
|
$this->assertTrue($e->compare(sha1('mypassword'), sha1('mypassword')));
|
||||||
@ -74,7 +85,7 @@ class PasswordEncryptorTest extends SapphireTest {
|
|||||||
* Handy command for reproducing via CLI on different architectures:
|
* Handy command for reproducing via CLI on different architectures:
|
||||||
* php -r "echo(base_convert(sha1('mypassword'), 16, 36));"
|
* php -r "echo(base_convert(sha1('mypassword'), 16, 36));"
|
||||||
*/
|
*/
|
||||||
function testEncrytorLegacyPHPHashCompare() {
|
function testEncryptorLegacyPHPHashCompare() {
|
||||||
Config::inst()->update('PasswordEncryptor', 'encryptors', array('test_sha1legacy'=>array('PasswordEncryptor_LegacyPHPHash'=>'sha1')));
|
Config::inst()->update('PasswordEncryptor', 'encryptors', array('test_sha1legacy'=>array('PasswordEncryptor_LegacyPHPHash'=>'sha1')));
|
||||||
$e = PasswordEncryptor::create_for_algorithm('test_sha1legacy');
|
$e = PasswordEncryptor::create_for_algorithm('test_sha1legacy');
|
||||||
// precomputed hashes for 'mypassword' from different architectures
|
// precomputed hashes for 'mypassword' from different architectures
|
||||||
|
@ -14,7 +14,7 @@ class EncryptAllPasswordsTaskTest extends SapphireTest {
|
|||||||
$t->run(null);
|
$t->run(null);
|
||||||
|
|
||||||
$m = DataObject::get_by_id('Member', $m->ID);
|
$m = DataObject::get_by_id('Member', $m->ID);
|
||||||
$this->assertEquals($m->PasswordEncryption, 'sha1_v2.4');
|
$this->assertEquals($m->PasswordEncryption, 'blowfish');
|
||||||
$this->assertNotEquals($m->Password, 'plain');
|
$this->assertNotEquals($m->Password, 'plain');
|
||||||
$result = $m->checkPassword('plain');
|
$result = $m->checkPassword('plain');
|
||||||
$this->assertTrue($result->valid());
|
$this->assertTrue($result->valid());
|
||||||
|
Loading…
x
Reference in New Issue
Block a user