mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
API CHANGE: Replaced BasicAuth::enable() with BasicAuth::protect_entire_site()
API CHANGE: BasicAuth::requireLogin() no longer has an option to automatically log you in. You can call logIn() on the object returned, instead. (from r91603) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@91610 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee
parent
5d71f30794
commit
a2fc20de22
@ -6,7 +6,6 @@
|
||||
*/
|
||||
abstract class CliController extends Controller {
|
||||
function init() {
|
||||
$this->disableBasicAuth();
|
||||
parent::init();
|
||||
// Unless called from the command line, all CliControllers need ADMIN privileges
|
||||
if(!Director::is_cli() && !Permission::check("ADMIN")) return Security::permissionFailure();
|
||||
|
||||
@ -92,7 +92,7 @@ if(defined('SS_DEFAULT_ADMIN_USERNAME')) {
|
||||
Security::setDefaultAdmin(SS_DEFAULT_ADMIN_USERNAME, SS_DEFAULT_ADMIN_PASSWORD);
|
||||
}
|
||||
if(defined('SS_USE_BASIC_AUTH') && SS_USE_BASIC_AUTH) {
|
||||
BasicAuth::enable();
|
||||
BasicAuth::protect_entire_site();
|
||||
}
|
||||
|
||||
if(defined('SS_ERROR_LOG')) {
|
||||
|
||||
@ -75,10 +75,7 @@ class Controller extends RequestHandler {
|
||||
* @uses BasicAuth::requireLogin()
|
||||
*/
|
||||
function init() {
|
||||
// Test and development sites should be secured, via basic-auth
|
||||
if(Director::isTest() && $this->basicAuthEnabled && Security::database_is_ready()) {
|
||||
BasicAuth::requireLogin("SilverStripe test website. Use your CMS login", "ADMIN");
|
||||
}
|
||||
if($this->basicAuthEnabled) BasicAuth::protect_site_if_necessary();
|
||||
|
||||
// Directly access the session variable just in case the Group or Member tables don't yet exist
|
||||
if(Session::get('loggedInAs') && Security::database_is_ready()) {
|
||||
@ -327,9 +324,9 @@ class Controller extends RequestHandler {
|
||||
}
|
||||
|
||||
/**
|
||||
* Call this to disable basic authentication on test sites.
|
||||
* must be called in the init() method
|
||||
* @deprecated Use BasicAuth::disable() instead? This is used in CliController - it should be updated.
|
||||
* Call this to disable site-wide basic authentication for a specific contoller.
|
||||
* This must be called before Controller::init(). That is, you must call it in your controller's
|
||||
* init method before it calls parent::init().
|
||||
*/
|
||||
function disableBasicAuth() {
|
||||
$this->basicAuthEnabled = false;
|
||||
|
||||
@ -398,6 +398,16 @@ class Debug {
|
||||
* @todo Log detailed errors to full file
|
||||
*/
|
||||
protected static function log_error_if_necessary($errno, $errstr, $errfile, $errline, $errcontext, $errtype) {
|
||||
if(class_exists('SS_Log')) {
|
||||
SS_Log::log(array(
|
||||
'errno' => $errno,
|
||||
'errstr' => $errstr,
|
||||
'errfile' => $errfile,
|
||||
'errline' => $errline,
|
||||
'errcontext' => $errcontext
|
||||
), $errtype);
|
||||
}
|
||||
|
||||
if(self::$log_errors_to) {
|
||||
$shortFile = "../" . self::$log_errors_to;
|
||||
$fullFile = $shortFile . '.full';
|
||||
|
||||
@ -1,17 +1,21 @@
|
||||
<?php
|
||||
/**
|
||||
* Provides an interface to HTTP basic authentication.
|
||||
*
|
||||
* This utility class can be used to secure any request with basic authentication. To do so,
|
||||
* {@link BasicAuth::requireLogin()} from your Controller's init() method or action handler method.
|
||||
*
|
||||
* It also has a function to protect your entire site. See {@link BasicAuth::protect_entire_site()}
|
||||
* for more information.
|
||||
*
|
||||
* @package sapphire
|
||||
* @subpackage security
|
||||
*/
|
||||
class BasicAuth extends Object {
|
||||
|
||||
/**
|
||||
* Site-wide basic auth is disabled by default but can be enabled as needed in _config.php by calling BasicAuth::enable()
|
||||
* @var boolean
|
||||
* Flag set by {@link self::protect_entire_site()}
|
||||
*/
|
||||
static protected $enabled = false;
|
||||
static protected $autologin = false;
|
||||
private static $entire_site_protected = true;
|
||||
|
||||
/**
|
||||
* Require basic authentication. Will request a username and password if none is given.
|
||||
@ -23,10 +27,8 @@ class BasicAuth extends Object {
|
||||
* @return Member $member
|
||||
*/
|
||||
static function requireLogin($realm, $permissionCode) {
|
||||
if(!self::$enabled) return true;
|
||||
if(!Security::database_is_ready() || Director::is_cli()) return true;
|
||||
|
||||
|
||||
if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
|
||||
$member = MemberAuthenticator::authenticate(array(
|
||||
'Email' => $_SERVER['PHP_AUTH_USER'],
|
||||
@ -35,9 +37,6 @@ class BasicAuth extends Object {
|
||||
|
||||
if($member) {
|
||||
$authenticated = true;
|
||||
if(self::$autologin) {
|
||||
$member->logIn();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -68,12 +67,49 @@ class BasicAuth extends Object {
|
||||
|
||||
return $member;
|
||||
}
|
||||
|
||||
/**
|
||||
* Enable protection of the entire site with basic authentication.
|
||||
*
|
||||
* This log-in uses the Member database for authentication, but doesn't interfere with the
|
||||
* regular log-in form. This can be useful for test sites, where you want to hide the site
|
||||
* away from prying eyes, but still be able to test the regular log-in features of the site.
|
||||
*
|
||||
* If you are including conf/ConfigureFromEnv.php in your _config.php file, you can also enable
|
||||
* this feature by adding this line to your _ss_environment.php:
|
||||
*
|
||||
* define('SS_USE_BASIC_AUTH', true);
|
||||
*
|
||||
* @param $protect Set this to false to disable protection.
|
||||
*/
|
||||
static function protect_entire_site($protect = true) {
|
||||
return self::$entire_site_protected = $protect;
|
||||
}
|
||||
|
||||
static function enable($auto = false) {
|
||||
self::$enabled = true;
|
||||
self::$autologin = $auto;
|
||||
/**
|
||||
* @deprecated Use BasicAuth::protect_entire_site() instead.
|
||||
*/
|
||||
static function enable() {
|
||||
user_error("BasicAuth::enable() is deprated. Use BasicAuth::protect_entire_site() instead.", E_USER_NOTICE);
|
||||
return self::protect_entire_site();
|
||||
}
|
||||
|
||||
/**
|
||||
* @deprecated Use BasicAuth::protect_entire_site(false) instead.
|
||||
*/
|
||||
static function disable() {
|
||||
self::$enabled = false;
|
||||
user_error("BasicAuth::disable() is deprated. Use BasicAuth::protect_entire_site(false) instead.", E_USER_NOTICE);
|
||||
return self::protect_entire_site(false);
|
||||
}
|
||||
|
||||
/**
|
||||
* Call {@link BasicAuth::requireLogin()} if {@link BasicAuth::protect_entire_site()} has been called.
|
||||
* This is a helper function used by Controller.
|
||||
*/
|
||||
static function protect_site_if_necessary() {
|
||||
if(self::$entire_site_protected) {
|
||||
self::requireLogin("SilverStripe test website. Use your CMS login.", "ADMIN");
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user