From a2fc20de2211924e8ba696e5f0c466fd6265922c Mon Sep 17 00:00:00 2001 From: Sam Minnee Date: Sun, 15 Nov 2009 21:42:35 +0000 Subject: [PATCH] API CHANGE: Replaced BasicAuth::enable() with BasicAuth::protect_entire_site() API CHANGE: BasicAuth::requireLogin() no longer has an option to automatically log you in. You can call logIn() on the object returned, instead. (from r91603) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@91610 467b73ca-7a2a-4603-9d3b-597d59a354a9 --- cli/CliController.php | 1 - conf/ConfigureFromEnv.php | 2 +- core/control/Controller.php | 11 +++---- dev/Debug.php | 10 ++++++ security/BasicAuth.php | 64 +++++++++++++++++++++++++++++-------- 5 files changed, 65 insertions(+), 23 deletions(-) diff --git a/cli/CliController.php b/cli/CliController.php index c232ec741..a2ef6792f 100755 --- a/cli/CliController.php +++ b/cli/CliController.php @@ -6,7 +6,6 @@ */ abstract class CliController extends Controller { function init() { - $this->disableBasicAuth(); parent::init(); // Unless called from the command line, all CliControllers need ADMIN privileges if(!Director::is_cli() && !Permission::check("ADMIN")) return Security::permissionFailure(); diff --git a/conf/ConfigureFromEnv.php b/conf/ConfigureFromEnv.php index 5a8dd0bda..5331c6734 100644 --- a/conf/ConfigureFromEnv.php +++ b/conf/ConfigureFromEnv.php @@ -92,7 +92,7 @@ if(defined('SS_DEFAULT_ADMIN_USERNAME')) { Security::setDefaultAdmin(SS_DEFAULT_ADMIN_USERNAME, SS_DEFAULT_ADMIN_PASSWORD); } if(defined('SS_USE_BASIC_AUTH') && SS_USE_BASIC_AUTH) { - BasicAuth::enable(); + BasicAuth::protect_entire_site(); } if(defined('SS_ERROR_LOG')) { diff --git a/core/control/Controller.php b/core/control/Controller.php index f87231227..ab2886bb7 100644 --- a/core/control/Controller.php +++ b/core/control/Controller.php @@ -75,10 +75,7 @@ class Controller extends RequestHandler { * @uses BasicAuth::requireLogin() */ function init() { - // Test and development sites should be secured, via basic-auth - if(Director::isTest() && $this->basicAuthEnabled && Security::database_is_ready()) { - BasicAuth::requireLogin("SilverStripe test website. Use your CMS login", "ADMIN"); - } + if($this->basicAuthEnabled) BasicAuth::protect_site_if_necessary(); // Directly access the session variable just in case the Group or Member tables don't yet exist if(Session::get('loggedInAs') && Security::database_is_ready()) { @@ -327,9 +324,9 @@ class Controller extends RequestHandler { } /** - * Call this to disable basic authentication on test sites. - * must be called in the init() method - * @deprecated Use BasicAuth::disable() instead? This is used in CliController - it should be updated. + * Call this to disable site-wide basic authentication for a specific contoller. + * This must be called before Controller::init(). That is, you must call it in your controller's + * init method before it calls parent::init(). */ function disableBasicAuth() { $this->basicAuthEnabled = false; diff --git a/dev/Debug.php b/dev/Debug.php index ae07acc2f..0c0a85706 100644 --- a/dev/Debug.php +++ b/dev/Debug.php @@ -398,6 +398,16 @@ class Debug { * @todo Log detailed errors to full file */ protected static function log_error_if_necessary($errno, $errstr, $errfile, $errline, $errcontext, $errtype) { + if(class_exists('SS_Log')) { + SS_Log::log(array( + 'errno' => $errno, + 'errstr' => $errstr, + 'errfile' => $errfile, + 'errline' => $errline, + 'errcontext' => $errcontext + ), $errtype); + } + if(self::$log_errors_to) { $shortFile = "../" . self::$log_errors_to; $fullFile = $shortFile . '.full'; diff --git a/security/BasicAuth.php b/security/BasicAuth.php index 351971e2a..6ae3ed53e 100755 --- a/security/BasicAuth.php +++ b/security/BasicAuth.php @@ -1,17 +1,21 @@ $_SERVER['PHP_AUTH_USER'], @@ -35,9 +37,6 @@ class BasicAuth extends Object { if($member) { $authenticated = true; - if(self::$autologin) { - $member->logIn(); - } } } @@ -68,12 +67,49 @@ class BasicAuth extends Object { return $member; } + + /** + * Enable protection of the entire site with basic authentication. + * + * This log-in uses the Member database for authentication, but doesn't interfere with the + * regular log-in form. This can be useful for test sites, where you want to hide the site + * away from prying eyes, but still be able to test the regular log-in features of the site. + * + * If you are including conf/ConfigureFromEnv.php in your _config.php file, you can also enable + * this feature by adding this line to your _ss_environment.php: + * + * define('SS_USE_BASIC_AUTH', true); + * + * @param $protect Set this to false to disable protection. + */ + static function protect_entire_site($protect = true) { + return self::$entire_site_protected = $protect; + } - static function enable($auto = false) { - self::$enabled = true; - self::$autologin = $auto; + /** + * @deprecated Use BasicAuth::protect_entire_site() instead. + */ + static function enable() { + user_error("BasicAuth::enable() is deprated. Use BasicAuth::protect_entire_site() instead.", E_USER_NOTICE); + return self::protect_entire_site(); } + + /** + * @deprecated Use BasicAuth::protect_entire_site(false) instead. + */ static function disable() { - self::$enabled = false; + user_error("BasicAuth::disable() is deprated. Use BasicAuth::protect_entire_site(false) instead.", E_USER_NOTICE); + return self::protect_entire_site(false); } + + /** + * Call {@link BasicAuth::requireLogin()} if {@link BasicAuth::protect_entire_site()} has been called. + * This is a helper function used by Controller. + */ + static function protect_site_if_necessary() { + if(self::$entire_site_protected) { + self::requireLogin("SilverStripe test website. Use your CMS login.", "ADMIN"); + } + } + }