mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
FEATURE: Moved the log-in validation process from individual authenticators into Member->checkPassword() and canLogIn(), to allow more extensibility and control (trunk, 2.4).
MINOR: Use a ValidationResult to log in a member so that custom errors can be generated. From: Andrew Short <andrewjshort@gmail.com> (from r98267) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98268 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
30382db462
commit
a0ab707feb
@ -126,15 +126,14 @@ class Member extends DataObject {
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the passed password matches the stored one
|
||||
* Check if the passed password matches the stored one (if the member is not locked out).
|
||||
*
|
||||
* @param string $password The clear text password to check
|
||||
* @return bool Returns TRUE if the passed password is valid, otherwise FALSE.
|
||||
* @param string $password
|
||||
* @return ValidationResult
|
||||
*/
|
||||
public function checkPassword($password) {
|
||||
// Only confirm that the password matches if the user isn't locked out
|
||||
if($this->isLockedOut()) return false;
|
||||
|
||||
$result = $this->canLogIn();
|
||||
|
||||
$spec = Security::encrypt_password(
|
||||
$password,
|
||||
$this->Salt,
|
||||
@ -142,10 +141,40 @@ class Member extends DataObject {
|
||||
$this
|
||||
);
|
||||
$e = $spec['encryptor'];
|
||||
|
||||
return $e->compare($this->Password, $spec['password']);
|
||||
|
||||
if(!$e->compare($this->Password, $spec['password'])) {
|
||||
$result->error(_t (
|
||||
'Member.ERRORWRONGCRED',
|
||||
'That doesn\'t seem to be the right e-mail address or password. Please try again.'
|
||||
));
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Returns a valid {@link ValidationResult} if this member can currently log in, or an invalid
|
||||
* one with error messages to display if the member is locked out.
|
||||
*
|
||||
* You can hook into this with a "canLogIn" method on an attached extension.
|
||||
*
|
||||
* @return ValidationResult
|
||||
*/
|
||||
public function canLogIn() {
|
||||
$result = new ValidationResult();
|
||||
|
||||
if($this->isLockedOut()) {
|
||||
$result->error(_t (
|
||||
'Member.ERRORLOCKEDOUT',
|
||||
'Your account has been temporarily disabled because of too many failed attempts at ' .
|
||||
'logging in. Please try again in 20 minutes.'
|
||||
));
|
||||
}
|
||||
|
||||
$this->extend('canLogIn', $result);
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns true if this user is locked out
|
||||
*/
|
||||
|
29
security/MemberAuthenticator.php
Normal file → Executable file
29
security/MemberAuthenticator.php
Normal file → Executable file
@ -32,6 +32,7 @@ class MemberAuthenticator extends Authenticator {
|
||||
public static function authenticate($RAW_data, Form $form = null) {
|
||||
$SQL_user = Convert::raw2sql($RAW_data['Email']);
|
||||
$isLockedOut = false;
|
||||
$result = null;
|
||||
|
||||
// Default login (see Security::setDefaultAdmin())
|
||||
if(Security::check_default_admin($RAW_data['Email'], $RAW_data['Password'])) {
|
||||
@ -41,9 +42,9 @@ class MemberAuthenticator extends Authenticator {
|
||||
"Member",
|
||||
"\"" . Member::get_unique_identifier_field() . "\" = '$SQL_user' AND \"Password\" IS NOT NULL"
|
||||
);
|
||||
|
||||
if($member && ($member->checkPassword($RAW_data['Password']) == false)) {
|
||||
if($member->isLockedOut()) $isLockedOut = true;
|
||||
$result = $member->checkPassword($RAW_data['Password']);
|
||||
|
||||
if($member && !$result->valid()) {
|
||||
$member->registerFailedLogin();
|
||||
$member = false;
|
||||
}
|
||||
@ -102,22 +103,14 @@ class MemberAuthenticator extends Authenticator {
|
||||
$member->write();
|
||||
}
|
||||
|
||||
if($member) {
|
||||
Session::clear("BackURL");
|
||||
} else if($isLockedOut) {
|
||||
if($form) $form->sessionMessage(
|
||||
_t('Member.ERRORLOCKEDOUT', "Your account has been temporarily disabled because of too many failed attempts at logging in. Please try again in 20 minutes."),
|
||||
"bad"
|
||||
);
|
||||
} else {
|
||||
if($form) $form->sessionMessage(
|
||||
_t('Member.ERRORWRONGCRED', "That doesn't seem to be the right e-mail address or password. Please try again."),
|
||||
"bad"
|
||||
);
|
||||
}
|
||||
if($member) {
|
||||
Session::clear('BackURL');
|
||||
} else {
|
||||
if($form && $result) $form->sessionMessage($result->message(), 'bad');
|
||||
}
|
||||
|
||||
return $member;
|
||||
}
|
||||
return $member;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user