mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
API CHANGE: Replaced BasicAuth::enable() with BasicAuth::protect_entire_site()
API CHANGE: BasicAuth::requireLogin() no longer has an option to automatically log you in. You can call logIn() on the object returned, instead. (from r91603) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@91610 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
5d71f30794
commit
a2fc20de22
@ -6,7 +6,6 @@
|
|||||||
*/
|
*/
|
||||||
abstract class CliController extends Controller {
|
abstract class CliController extends Controller {
|
||||||
function init() {
|
function init() {
|
||||||
$this->disableBasicAuth();
|
|
||||||
parent::init();
|
parent::init();
|
||||||
// Unless called from the command line, all CliControllers need ADMIN privileges
|
// Unless called from the command line, all CliControllers need ADMIN privileges
|
||||||
if(!Director::is_cli() && !Permission::check("ADMIN")) return Security::permissionFailure();
|
if(!Director::is_cli() && !Permission::check("ADMIN")) return Security::permissionFailure();
|
||||||
|
@ -92,7 +92,7 @@ if(defined('SS_DEFAULT_ADMIN_USERNAME')) {
|
|||||||
Security::setDefaultAdmin(SS_DEFAULT_ADMIN_USERNAME, SS_DEFAULT_ADMIN_PASSWORD);
|
Security::setDefaultAdmin(SS_DEFAULT_ADMIN_USERNAME, SS_DEFAULT_ADMIN_PASSWORD);
|
||||||
}
|
}
|
||||||
if(defined('SS_USE_BASIC_AUTH') && SS_USE_BASIC_AUTH) {
|
if(defined('SS_USE_BASIC_AUTH') && SS_USE_BASIC_AUTH) {
|
||||||
BasicAuth::enable();
|
BasicAuth::protect_entire_site();
|
||||||
}
|
}
|
||||||
|
|
||||||
if(defined('SS_ERROR_LOG')) {
|
if(defined('SS_ERROR_LOG')) {
|
||||||
|
@ -75,10 +75,7 @@ class Controller extends RequestHandler {
|
|||||||
* @uses BasicAuth::requireLogin()
|
* @uses BasicAuth::requireLogin()
|
||||||
*/
|
*/
|
||||||
function init() {
|
function init() {
|
||||||
// Test and development sites should be secured, via basic-auth
|
if($this->basicAuthEnabled) BasicAuth::protect_site_if_necessary();
|
||||||
if(Director::isTest() && $this->basicAuthEnabled && Security::database_is_ready()) {
|
|
||||||
BasicAuth::requireLogin("SilverStripe test website. Use your CMS login", "ADMIN");
|
|
||||||
}
|
|
||||||
|
|
||||||
// Directly access the session variable just in case the Group or Member tables don't yet exist
|
// Directly access the session variable just in case the Group or Member tables don't yet exist
|
||||||
if(Session::get('loggedInAs') && Security::database_is_ready()) {
|
if(Session::get('loggedInAs') && Security::database_is_ready()) {
|
||||||
@ -327,9 +324,9 @@ class Controller extends RequestHandler {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Call this to disable basic authentication on test sites.
|
* Call this to disable site-wide basic authentication for a specific contoller.
|
||||||
* must be called in the init() method
|
* This must be called before Controller::init(). That is, you must call it in your controller's
|
||||||
* @deprecated Use BasicAuth::disable() instead? This is used in CliController - it should be updated.
|
* init method before it calls parent::init().
|
||||||
*/
|
*/
|
||||||
function disableBasicAuth() {
|
function disableBasicAuth() {
|
||||||
$this->basicAuthEnabled = false;
|
$this->basicAuthEnabled = false;
|
||||||
|
@ -398,6 +398,16 @@ class Debug {
|
|||||||
* @todo Log detailed errors to full file
|
* @todo Log detailed errors to full file
|
||||||
*/
|
*/
|
||||||
protected static function log_error_if_necessary($errno, $errstr, $errfile, $errline, $errcontext, $errtype) {
|
protected static function log_error_if_necessary($errno, $errstr, $errfile, $errline, $errcontext, $errtype) {
|
||||||
|
if(class_exists('SS_Log')) {
|
||||||
|
SS_Log::log(array(
|
||||||
|
'errno' => $errno,
|
||||||
|
'errstr' => $errstr,
|
||||||
|
'errfile' => $errfile,
|
||||||
|
'errline' => $errline,
|
||||||
|
'errcontext' => $errcontext
|
||||||
|
), $errtype);
|
||||||
|
}
|
||||||
|
|
||||||
if(self::$log_errors_to) {
|
if(self::$log_errors_to) {
|
||||||
$shortFile = "../" . self::$log_errors_to;
|
$shortFile = "../" . self::$log_errors_to;
|
||||||
$fullFile = $shortFile . '.full';
|
$fullFile = $shortFile . '.full';
|
||||||
|
@ -1,17 +1,21 @@
|
|||||||
<?php
|
<?php
|
||||||
/**
|
/**
|
||||||
* Provides an interface to HTTP basic authentication.
|
* Provides an interface to HTTP basic authentication.
|
||||||
|
*
|
||||||
|
* This utility class can be used to secure any request with basic authentication. To do so,
|
||||||
|
* {@link BasicAuth::requireLogin()} from your Controller's init() method or action handler method.
|
||||||
|
*
|
||||||
|
* It also has a function to protect your entire site. See {@link BasicAuth::protect_entire_site()}
|
||||||
|
* for more information.
|
||||||
|
*
|
||||||
* @package sapphire
|
* @package sapphire
|
||||||
* @subpackage security
|
* @subpackage security
|
||||||
*/
|
*/
|
||||||
class BasicAuth extends Object {
|
class BasicAuth extends Object {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Site-wide basic auth is disabled by default but can be enabled as needed in _config.php by calling BasicAuth::enable()
|
* Flag set by {@link self::protect_entire_site()}
|
||||||
* @var boolean
|
|
||||||
*/
|
*/
|
||||||
static protected $enabled = false;
|
private static $entire_site_protected = true;
|
||||||
static protected $autologin = false;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Require basic authentication. Will request a username and password if none is given.
|
* Require basic authentication. Will request a username and password if none is given.
|
||||||
@ -23,10 +27,8 @@ class BasicAuth extends Object {
|
|||||||
* @return Member $member
|
* @return Member $member
|
||||||
*/
|
*/
|
||||||
static function requireLogin($realm, $permissionCode) {
|
static function requireLogin($realm, $permissionCode) {
|
||||||
if(!self::$enabled) return true;
|
|
||||||
if(!Security::database_is_ready() || Director::is_cli()) return true;
|
if(!Security::database_is_ready() || Director::is_cli()) return true;
|
||||||
|
|
||||||
|
|
||||||
if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
|
if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
|
||||||
$member = MemberAuthenticator::authenticate(array(
|
$member = MemberAuthenticator::authenticate(array(
|
||||||
'Email' => $_SERVER['PHP_AUTH_USER'],
|
'Email' => $_SERVER['PHP_AUTH_USER'],
|
||||||
@ -35,9 +37,6 @@ class BasicAuth extends Object {
|
|||||||
|
|
||||||
if($member) {
|
if($member) {
|
||||||
$authenticated = true;
|
$authenticated = true;
|
||||||
if(self::$autologin) {
|
|
||||||
$member->logIn();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -69,11 +68,48 @@ class BasicAuth extends Object {
|
|||||||
return $member;
|
return $member;
|
||||||
}
|
}
|
||||||
|
|
||||||
static function enable($auto = false) {
|
/**
|
||||||
self::$enabled = true;
|
* Enable protection of the entire site with basic authentication.
|
||||||
self::$autologin = $auto;
|
*
|
||||||
|
* This log-in uses the Member database for authentication, but doesn't interfere with the
|
||||||
|
* regular log-in form. This can be useful for test sites, where you want to hide the site
|
||||||
|
* away from prying eyes, but still be able to test the regular log-in features of the site.
|
||||||
|
*
|
||||||
|
* If you are including conf/ConfigureFromEnv.php in your _config.php file, you can also enable
|
||||||
|
* this feature by adding this line to your _ss_environment.php:
|
||||||
|
*
|
||||||
|
* define('SS_USE_BASIC_AUTH', true);
|
||||||
|
*
|
||||||
|
* @param $protect Set this to false to disable protection.
|
||||||
|
*/
|
||||||
|
static function protect_entire_site($protect = true) {
|
||||||
|
return self::$entire_site_protected = $protect;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @deprecated Use BasicAuth::protect_entire_site() instead.
|
||||||
|
*/
|
||||||
|
static function enable() {
|
||||||
|
user_error("BasicAuth::enable() is deprated. Use BasicAuth::protect_entire_site() instead.", E_USER_NOTICE);
|
||||||
|
return self::protect_entire_site();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @deprecated Use BasicAuth::protect_entire_site(false) instead.
|
||||||
|
*/
|
||||||
static function disable() {
|
static function disable() {
|
||||||
self::$enabled = false;
|
user_error("BasicAuth::disable() is deprated. Use BasicAuth::protect_entire_site(false) instead.", E_USER_NOTICE);
|
||||||
|
return self::protect_entire_site(false);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Call {@link BasicAuth::requireLogin()} if {@link BasicAuth::protect_entire_site()} has been called.
|
||||||
|
* This is a helper function used by Controller.
|
||||||
|
*/
|
||||||
|
static function protect_site_if_necessary() {
|
||||||
|
if(self::$entire_site_protected) {
|
||||||
|
self::requireLogin("SilverStripe test website. Use your CMS login.", "ADMIN");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user