tonyair
/
silverstripe-framework
mirror of https://github.com/silverstripe/silverstripe-framework
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

API Apply Framework\Security namespace

This commit is contained in:
Damian Mooyman 2016-06-23 11:37:22 +12:00
parent 20efb0e8e1
commit af22a83166
155 changed files with 1704 additions and 1049 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
.upgrade.yml
View File

@ -115,8 +115,49 @@ mappings:
VersionedGridFieldDetailForm: SilverStripe\ORM\Versioning\VersionedGridFieldDetailForm
VersionedGridFieldItemRequest: SilverStripe\ORM\Versioning\VersionedGridFieldItemRequest
Hierarchy: SilverStripe\ORM\Hierarchy\Hierarchy
Authenticator: SilverStripe\Security\Authenticator
BasicAuth: SilverStripe\Security\BasicAuth
ChangePasswordForm: SilverStripe\Security\ChangePasswordForm
CMSMemberLoginForm: SilverStripe\Security\CMSMemberLoginForm
CMSSecurity: SilverStripe\Security\CMSSecurity
Group: SilverStripe\Security\Group
GroupCsvBulkLoader: SilverStripe\Security\GroupCsvBulkLoader
LoginAttempt: SilverStripe\Security\LoginAttempt
LoginForm: SilverStripe\Security\LoginForm
Member: SilverStripe\Security\Member
Member_GroupSet: SilverStripe\Security\Member_GroupSet
Member_Validator: SilverStripe\Security\Member_Validator
MemberAuthenticator: SilverStripe\Security\MemberAuthenticator
MemberCsvBulkLoader: SilverStripe\Security\MemberCsvBulkLoader
MemberLoginForm: SilverStripe\Security\MemberLoginForm
MemberPassword: SilverStripe\Security\MemberPassword
PasswordEncryptor: SilverStripe\Security\PasswordEncryptor
PasswordEncryptor_Blowfish: SilverStripe\Security\PasswordEncryptor_Blowfish
PasswordEncryptor_PHPHash: SilverStripe\Security\PasswordEncryptor_PHPHash
PasswordEncryptor_LegacyPHPHash: SilverStripe\Security\PasswordEncryptor_LegacyPHPHash
PasswordEncryptor_MySQLPassword: SilverStripe\Security\PasswordEncryptor_MySQLPassword
PasswordEncryptor_MySQLOldPassword: SilverStripe\Security\PasswordEncryptor_MySQLOldPassword
PasswordEncryptor_None: SilverStripe\Security\PasswordEncryptor_None
PasswordEncryptor_NotFoundException: SilverStripe\Security\PasswordEncryptor_NotFoundException
PasswordEncryptor_EncryptionFailed: SilverStripe\Security\PasswordEncryptor_EncryptionFailed
PasswordValidator: SilverStripe\Security\PasswordValidator
Permission: SilverStripe\Security\Permission
Permission_Group: SilverStripe\Security\Permission_Group
PermissionCheckboxSetField: SilverStripe\Security\PermissionCheckboxSetField
PermissionCheckboxSetField_Readonly: SilverStripe\Security\PermissionCheckboxSetField_Readonly
PermissionFailureException: SilverStripe\Security\PermissionFailureException
PermissionProvider: SilverStripe\Security\PermissionProvider
PermissionRole: SilverStripe\Security\PermissionRole
PermissionRoleCode: SilverStripe\Security\PermissionRoleCode
RandomGenerator: SilverStripe\Security\RandomGenerator
RememberLoginHash: SilverStripe\Security\RememberLoginHash
Security: SilverStripe\Security\Security
SecurityToken: SilverStripe\Security\SecurityToken
NullSecurityToken: SilverStripe\Security\NullSecurityToken
skipConfigs:
- db
- casting
- table_name
- fixed_fields
- menu_title
- allowed_actions

1
ORM/Connect/MySQLDatabase.php
View File

@ -5,6 +5,7 @@ namespace SilverStripe\ORM\Connect;
use Config;
use Exception;
use PaginatedList;
use SilverStripe\Framework\Core\Configurable;
use SilverStripe\ORM\DataList;
use SilverStripe\ORM\ArrayList;

4
ORM/Connect/MySQLSchemaManager.php
View File

@ -16,8 +16,10 @@ class MySQLSchemaManager extends DBSchemaManager {
/**
* Identifier for this schema, used for configuring schema-specific table
* creation options
*
* @skipUpgrade
*/
const ID = 'SilverStripe\ORM\Connect\MySQLDatabase';
const ID = 'MySQLDatabase';
public function createTable($table, $fields = null, $indexes = null, $options = null, $advancedOptions = null) {
$fieldSchemas = $indexSchemas = "";

27
ORM/DB.php
View File

@ -9,7 +9,9 @@ use Config;
use LogicException;
use Cookie;
use Injector;
use SilverStripe\ORM\Connect\DBConnector;
use SilverStripe\ORM\Connect\DBSchemaManager;
use SilverStripe\ORM\Connect\SS_Query;
use SilverStripe\ORM\Queries\SQLExpression;
use SilverStripe\ORM\Connect\SS_Database;
@ -53,8 +55,8 @@ class DB {
* Pass an object that's a subclass of SS_Database. This object will be used when {@link DB::query()}
* is called.
*
* @param $connection The connecton object to set as the connection.
* @param $name The name to give to this connection. If you omit this argument, the connection
* @param SS_Database $connection The connecton object to set as the connection.
* @param string $name The name to give to this connection. If you omit this argument, the connection
* will be the default one used by the ORM. However, you can store other named connections to
* be accessed through DB::get_conn($name). This is useful when you have an application that
* needs to connect to more than one database.
@ -147,6 +149,7 @@ class DB {
*
* Note that the database will be set on the next request.
* Set it to null to revert to the main database.
* @param string $name
*/
public static function set_alternative_database_name($name = null) {
// Skip if CLI
@ -161,7 +164,7 @@ class DB {
));
}
$key = Config::inst()->get('Security', 'token');
$key = Config::inst()->get('SilverStripe\\Security\\Security', 'token');
if(!$key) {
throw new LogicException('"Security.token" not found, run "sake dev/generatesecuretoken"');
}
@ -193,7 +196,7 @@ class DB {
$iv = Cookie::get("alternativeDatabaseNameIv");
if($name) {
$key = Config::inst()->get('Security', 'token');
$key = Config::inst()->get('SilverStripe\\Security\\Security', 'token');
if(!$key) {
throw new LogicException('"Security.token" not found, run "sake dev/generatesecuretoken"');
}
@ -231,10 +234,9 @@ class DB {
* Given the database configuration, this method will create the correct
* subclass of {@link SS_Database}.
*
* @param array $database A map of options. The 'type' is the name of the subclass of SS_Database to use. For the
* rest of the options, see the specific class.
* @param string $name identifier for the connection
*
* @param array $databaseConfig A map of options. The 'type' is the name of the
* subclass of SS_Database to use. For the rest of the options, see the specific class.
* @param string $label identifier for the connection
* @return SS_Database
*/
public static function connect($databaseConfig, $label = 'default') {
@ -296,7 +298,7 @@ class DB {
*
* @param array|integer $input An array of items needing placeholders, or a
* number to specify the number of placeholders
* @param string The string to join each placeholder together with
* @param string $join The string to join each placeholder together with
* @return string|null Either a list of placeholders, or null
*/
public static function placeholders($input, $join = ', ') {
@ -374,6 +376,8 @@ class DB {
/**
* Get the autogenerated ID from the previous INSERT query.
*
* @param string $table
* @return int
*/
public static function get_generated_id($table) {
@ -427,13 +431,14 @@ class DB {
/**
* Create a new table.
* @param string $tableName The name of the table
* @param string $table The name of the table
* @param array$fields A map of field names to field types
* @param array $indexes A map of indexes
* @param array $options An map of additional options. The available keys are as follows:
* - 'MSSQLDatabase'/'MySQLDatabase'/'PostgreSQLDatabase' - database-specific options such as "engine"
* for MySQL.
* - 'temporary' - If true, then a temporary table will be created
* @param array $advancedOptions
* @return string The table name generated. This may be different from the table name, for example with
* temporary tables.
*/
@ -577,7 +582,7 @@ class DB {
/**
* Checks a table's integrity and repairs it if necessary.
*
* @param string $tableName The name of the table.
* @param string $table The name of the table.
* @return boolean Return true if the table has integrity after the method is complete.
*/
public static function check_and_repair_table($table) {

15
ORM/DataObject.php
View File

@ -19,8 +19,8 @@ use SearchContext;
use FieldList;
use FormField;
use FormScaffolder;
use Member;
use Permission;
use Object;
use SearchFilter;
use SilverStripe\ORM\Queries\SQLInsert;
@ -30,6 +30,9 @@ use SilverStripe\ORM\FieldType\DBField;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\ORM\FieldType\DBComposite;
use SilverStripe\ORM\FieldType\DBClassName;
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;
/**
* A single database record & abstract class for the data-access-model.
@ -907,10 +910,10 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity
* Caution: Does not delete the merged object.
* Caution: Does now overwrite Created date on the original object.
*
* @param $obj DataObject
* @param $priority String left|right Determines who wins in case of a conflict (optional)
* @param $includeRelations Boolean Merge any existing relations (optional)
* @param $overwriteWithEmpty Boolean Overwrite existing left values with empty right values.
* @param DataObject $rightObj
* @param string $priority left|right Determines who wins in case of a conflict (optional)
* @param bool $includeRelations Merge any existing relations (optional)
* @param bool $overwriteWithEmpty Overwrite existing left values with empty right values.
* Only applicable with $priority='right'. (optional)
* @return Boolean
*/

8
ORM/DatabaseAdmin.php
View File

@ -5,12 +5,15 @@ namespace SilverStripe\ORM;
use Controller;
use SapphireTest;
use Director;
use Security;
use Permission;
use SS_ClassLoader;
use ClassInfo;
use TestOnly;
use Deprecation;
use SilverStripe\Security\Security;
use SilverStripe\Security\Permission;
// Include the DB class
require_once("DB.php");
@ -183,6 +186,7 @@ class DatabaseAdmin extends Controller {
*
* @param boolean $quiet Don't show messages
* @param boolean $populate Populate the database, as well as setting up its schema
* @param bool $testMode
*/
public function doBuild($quiet = false, $populate = true, $testMode = false) {
if($quiet) {

4
ORM/FieldType/DBDate.php
View File

@ -2,13 +2,15 @@
namespace SilverStripe\ORM\FieldType;
use Member;
use Zend_Date;
use DateTime;
use DateField;
use Convert;
use Exception;
use SilverStripe\ORM\DB;
use SilverStripe\Security\Member;
/**
* Represents a date field.

7
ORM/FieldType/DBDatetime.php
View File

@ -4,12 +4,13 @@ namespace SilverStripe\ORM\FieldType;
use Convert;
use Exception;
use Member;
use DatetimeField;
use Zend_Date;
use TemplateGlobalProvider;
use DateTime;
use SilverStripe\ORM\DB;
use SilverStripe\Security\Member;
/**
* Represents a date-time field.
@ -60,11 +61,11 @@ class DBDatetime extends DBDate implements TemplateGlobalProvider {
if(is_numeric($value)) {
$this->value = date('Y-m-d H:i:s', $value);
} elseif(is_string($value)) {
try {
try{
$date = new DateTime($value);
$this->value = $date->format('Y-m-d H:i:s');
return;
} catch(Exception $e) {
}catch(Exception $e){
$this->value = null;
return;
}

15
ORM/Hierarchy/Hierarchy.php
View File

@ -768,14 +768,15 @@ class Hierarchy extends DataExtension {
* @return DataObject
*/
public function getParent($filter = null) {
if($p = $this->owner->__get("ParentID")) {
$tableClasses = ClassInfo::dataClassesFor($this->owner->class);
$baseClass = array_shift($tableClasses);
return DataObject::get_one($this->owner->class, array(
array("\"$baseClass\".\"ID\"" => $p),
$filter
));
$parentID = $this->owner->ParentID;
if(empty($parentID)) {
return null;
}
$idSQL = $this->owner->getSchema()->sqlColumnForField($this->owner, 'ID');
return DataObject::get_one($this->owner->class, array(
array($idSQL => $parentID),
$filter
));
}
/**

1
ORM/Queries/SQLExpression.php
View File

@ -4,6 +4,7 @@ namespace SilverStripe\ORM\Queries;
use Exception;
use Convert;
use SilverStripe\ORM\Connect\SS_Query;
use SilverStripe\ORM\DB;
/**

11
ORM/Versioning/ChangeSet.php
View File

@ -2,9 +2,11 @@
namespace SilverStripe\ORM\Versioning;
use Member;
use Permission;
use Exception;
use FieldList;
use SilverStripe\ORM\HasManyList;
use TextField;
use ReadonlyField;
use i18n;
@ -13,6 +15,9 @@ use LogicException;
use SilverStripe\ORM\ValidationException;
use SilverStripe\ORM\DB;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;
/**
* The ChangeSet model tracks several VersionedAndStaged objects for later publication as a single
@ -57,7 +62,7 @@ class ChangeSet extends DataObject {
);
private static $has_one = array(
'Owner' => 'Member',
'Owner' => 'SilverStripe\\Security\\Member',
);
private static $casting = array(

10
ORM/Versioning/ChangeSetItem.php
View File

@ -4,12 +4,18 @@ namespace SilverStripe\ORM\Versioning;
use Exception;
use BadMethodCallException;
use Member;
use Permission;
use CMSPreviewable;
use Controller;
use SilverStripe\Filesystem\Thumbnail;
use SilverStripe\ORM\DataList;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\ManyManyList;
use SilverStripe\ORM\SS_List;
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;
/**
* A single line in a changeset

14
ORM/Versioning/Versioned.php
View File

@ -2,16 +2,17 @@
namespace SilverStripe\ORM\Versioning;
use SS_HTTPRequest;
use TemplateGlobalProvider;
use Session;
use Deprecation;
use InvalidArgumentException;
use Config;
use LogicException;
use Member;
use ClassInfo;
use Object;
use Permission;
use Director;
use Cookie;
use FieldList;
@ -25,6 +26,9 @@ use SilverStripe\ORM\DataExtension;
use SilverStripe\ORM\SS_List;
use SilverStripe\ORM\Queries\SQLSelect;
use SilverStripe\ORM\Queries\SQLUpdate;
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;
/**
* The Versioned extension allows your DataObjects to have several versions,
@ -235,8 +239,8 @@ class Versioned extends DataExtension implements TemplateGlobalProvider {
* Amend freshly created DataQuery objects with versioned-specific
* information.
*
* @param SQLSelect
* @param DataQuery
* @param SQLSelect $query
* @param DataQuery $dataQuery
*/
public function augmentDataQueryCreation(SQLSelect &$query, DataQuery &$dataQuery) {
$parts = explode('.', Versioned::get_reading_mode());
@ -2397,7 +2401,7 @@ class Versioned extends DataExtension implements TemplateGlobalProvider {
}
/**
* @param FieldList
* @param FieldList $fields
*/
public function updateCMSFields(FieldList $fields) {
// remove the version field from the CMS as this should be left

15
security/Authenticator.php → Security/Authenticator.php
View File

@ -1,4 +1,11 @@
<?php
namespace SilverStripe\Security;
use Object;
use Form;
use Controller;
/**
* Abstract base class for an authentication method
*
@ -16,7 +23,7 @@ abstract class Authenticator extends Object {
*
* @var array
*/
private static $authenticators = array('MemberAuthenticator');
private static $authenticators = array('SilverStripe\\Security\\MemberAuthenticator');
/**
* Used to influence the order of authenticators on the login-screen
@ -24,7 +31,7 @@ abstract class Authenticator extends Object {
*
* @var string
*/
private static $default_authenticator = 'MemberAuthenticator';
private static $default_authenticator = 'SilverStripe\\Security\\MemberAuthenticator';
/**
@ -43,7 +50,7 @@ abstract class Authenticator extends Object {
/**
* Method that creates the login form for this authentication method
*
* @param Controller The parent controller, necessary to create the
* @param Controller $controller The parent controller, necessary to create the
* appropriate form action tag
* @return Form Returns the login form to use with this authentication
* method
@ -99,7 +106,7 @@ abstract class Authenticator extends Object {
if(class_exists($authenticator) == false)
return false;
if(is_subclass_of($authenticator, 'Authenticator') == false)
if(is_subclass_of($authenticator, 'SilverStripe\\Security\\Authenticator') == false)
return false;
if(in_array($authenticator, self::$authenticators) == false) {

20
security/BasicAuth.php → Security/BasicAuth.php
View File

@ -1,4 +1,13 @@
<?php
namespace SilverStripe\Security;
use SapphireTest;
use Director;
use SS_HTTPResponse;
use SS_HTTPResponse_Exception;
use Config;
/**
* Provides an interface to HTTP basic authentication.
*
@ -125,14 +134,15 @@ class BasicAuth {
* define('SS_USE_BASIC_AUTH', true);
*
* @param boolean $protect Set this to false to disable protection.
* @param String $code {@link Permission} code that is required from the user.
* @param string $code {@link Permission} code that is required from the user.
* Defaults to "ADMIN". Set to NULL to just require a valid login, regardless
* of the permission codes a user has.
* @param string $message
*/
public static function protect_entire_site($protect = true, $code = 'ADMIN', $message = null) {
Config::inst()->update('BasicAuth', 'entire_site_protected', $protect);
Config::inst()->update('BasicAuth', 'entire_site_protected_code', $code);
Config::inst()->update('BasicAuth', 'entire_site_protected_message', $message);
Config::inst()->update('SilverStripe\\Security\\BasicAuth', 'entire_site_protected', $protect);
Config::inst()->update('SilverStripe\\Security\\BasicAuth', 'entire_site_protected_code', $code);
Config::inst()->update('SilverStripe\\Security\\BasicAuth', 'entire_site_protected_message', $message);
}
/**
@ -143,7 +153,7 @@ class BasicAuth {
* please use {@link protect_entire_site()}.
*/
public static function protect_site_if_necessary() {
$config = Config::inst()->forClass('BasicAuth');
$config = Config::inst()->forClass('SilverStripe\\Security\\BasicAuth');
if($config->entire_site_protected) {
self::requireLogin($config->entire_site_protected_message, $config->entire_site_protected_code, false);
}

21
security/CMSMemberLoginForm.php → Security/CMSMemberLoginForm.php
View File

@ -1,5 +1,19 @@
<?php
namespace SilverStripe\Security;
use Controller;
use FieldList;
use HiddenField;
use PasswordField;
use LiteralField;
use CheckboxField;
use FormAction;
use Session;
use Convert;
use SS_HTTPResponse;
/**
* Provides the in-cms session re-authentication form for the "member" authenticator
*
@ -8,7 +22,7 @@
*/
class CMSMemberLoginForm extends LoginForm {
protected $authenticator_class = 'MemberAuthenticator';
protected $authenticator_class = 'SilverStripe\\Security\\MemberAuthenticator';
/**
* Get link to use for external security actions
@ -68,7 +82,7 @@ class CMSMemberLoginForm extends LoginForm {
/**
* Try to authenticate the user
*
* @param array Submitted data
* @param array $data Submitted data
* @return Member Returns the member object on successful authentication
* or NULL on failure.
*/
@ -89,6 +103,7 @@ class CMSMemberLoginForm extends LoginForm {
* This method is called when the user clicks on "Log in"
*
* @param array $data Submitted data
* @return \SS_HTTPResponse
*/
public function dologin($data) {
if($this->performLogin($data)) {
@ -110,7 +125,7 @@ class CMSMemberLoginForm extends LoginForm {
*/
protected function redirectToChangePassword() {
// Since this form is loaded via an iframe, this redirect must be performed via javascript
$changePasswordForm = new ChangePasswordForm($this->controller, 'ChangePasswordForm');
$changePasswordForm = new ChangePasswordForm($this->controller, 'SilverStripe\\Security\\ChangePasswordForm');
$changePasswordForm->sessionMessage(
_t('Member.PASSWORDEXPIRED', 'Your password has expired. Please choose a new one.'),
'good'

16
security/CMSSecurity.php → Security/CMSSecurity.php
View File

@ -1,5 +1,16 @@
<?php
namespace SilverStripe\Security;
use Requirements;
use Controller;
use Director;
use Convert;
use Session;
use AdminRootController;
use SS_HTTPResponse;
/**
* Provides a security interface functionality within the cms
* @package framework
@ -12,7 +23,7 @@ class CMSSecurity extends Security {
);
private static $allowed_actions = array(
'LoginForm',
'SilverStripe\\Security\\LoginForm',
'success'
);
@ -43,6 +54,7 @@ class CMSSecurity extends Security {
}
public function Link($action = null) {
/** @skipUpgrade */
return Controller::join_links(Director::baseURL(), "CMSSecurity", $action);
}
@ -173,7 +185,7 @@ PHP
}
public function getTemplatesFor($action) {
return array("CMSSecurity_{$action}", "CMSSecurity")
return array("CMSSecurity_{$action}", "SilverStripe\\Security\\CMSSecurity")
+ parent::getTemplatesFor($action);
}

13
security/ChangePasswordForm.php → Security/ChangePasswordForm.php
View File

@ -1,4 +1,17 @@
<?php
namespace SilverStripe\Security;
use Form;
use Session;
use FieldList;
use PasswordField;
use FormAction;
use HiddenField;
use Director;
use HTTP;
use Convert;
/**
* Standard Change Password Form
* @package framework

58
security/Group.php → Security/Group.php
View File

@ -1,8 +1,33 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\HasManyList;
use SilverStripe\ORM\ManyManyList;
use SilverStripe\ORM\UnsavedRelationList;
use Requirements;
use FieldList;
use TabSet;
use Tab;
use TextField;
use DropdownField;
use TextareaField;
use Config;
use GridFieldConfig_RelationEditor;
use GridFieldButtonRow;
use GridFieldExportButton;
use GridFieldPrintButton;
use GridField;
use HTMLEditorConfig;
use LiteralField;
use ListboxField;
use HiddenField;
use InvalidArgumentException;
use Convert;
/**
* A security group.
*
@ -35,23 +60,25 @@ class Group extends DataObject {
);
private static $has_one = array(
"Parent" => "Group",
"Parent" => "SilverStripe\\Security\\Group",
);
private static $has_many = array(
"Permissions" => "Permission",
"Groups" => "Group"
"Permissions" => "SilverStripe\\Security\\Permission",
"Groups" => "SilverStripe\\Security\\Group"
);
private static $many_many = array(
"Members" => "Member",
"Roles" => "PermissionRole",
"Members" => "SilverStripe\\Security\\Member",
"Roles" => "SilverStripe\\Security\\PermissionRole",
);
private static $extensions = array(
"SilverStripe\\ORM\\Hierarchy\\Hierarchy",
);
private static $table_name = "Group";
public function populateDefaults() {
parent::populateDefaults();
@ -61,7 +88,7 @@ class Group extends DataObject {
public function getAllChildren() {
$doSet = new ArrayList();
$children = DataObject::get('Group')->filter("ParentID", $this->ID);
$children = Group::get()->filter("ParentID", $this->ID);
foreach($children as $child) {
$doSet->push($child);
$doSet->merge($child->getAllChildren());
@ -94,7 +121,7 @@ class Group extends DataObject {
$permissionsField = new PermissionCheckboxSetField(
'Permissions',
false,
'Permission',
'SilverStripe\\Security\\Permission',
'GroupID',
$this
)
@ -163,7 +190,7 @@ class Group extends DataObject {
// Only show the "Roles" tab if permissions are granted to edit them,
// and at least one role exists
if(Permission::check('APPLY_ROLES') && DataObject::get('PermissionRole')) {
if(Permission::check('APPLY_ROLES') && DataObject::get('SilverStripe\\Security\\PermissionRole')) {
$fields->findOrMakeTab('Root.Roles', _t('SecurityAdmin.ROLES', 'Roles'));
$fields->addFieldToTab('Root.Roles',
new LiteralField(
@ -223,9 +250,8 @@ class Group extends DataObject {
}
/**
*
* @param boolean $includerelations a boolean value to indicate if the labels returned include relation fields
*
* @param bool $includerelations Indicate if the labels returned include relation fields
* @return array
*/
public function fieldLabels($includerelations = true) {
$labels = parent::fieldLabels($includerelations);
@ -358,7 +384,7 @@ class Group extends DataObject {
$inheritedCodes = Permission::get()
->filter('GroupID', $this->Parent()->collateAncestorIDs())
->column('Code');
$privilegedCodes = Config::inst()->get('Permission', 'privileged_permissions');
$privilegedCodes = Config::inst()->get('SilverStripe\\Security\\Permission', 'privileged_permissions');
if(array_intersect($inheritedCodes, $privilegedCodes)) {
$result->error(sprintf(
_t(
@ -406,7 +432,7 @@ class Group extends DataObject {
* @return boolean
*/
public function canEdit($member = null) {
if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) $member = Member::currentUser();
if(!$member || !(is_a($member, 'SilverStripe\\Security\\Member')) || is_numeric($member)) $member = Member::currentUser();
// extended access checks
$results = $this->extend('canEdit', $member);
@ -436,7 +462,7 @@ class Group extends DataObject {
* @return boolean
*/
public function canView($member = null) {
if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) $member = Member::currentUser();
if(!$member || !(is_a($member, 'SilverStripe\\Security\\Member')) || is_numeric($member)) $member = Member::currentUser();
// extended access checks
$results = $this->extend('canView', $member);
@ -449,7 +475,7 @@ class Group extends DataObject {
}
public function canDelete($member = null) {
if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) $member = Member::currentUser();
if(!$member || !(is_a($member, 'SilverStripe\\Security\\Member')) || is_numeric($member)) $member = Member::currentUser();
// extended access checks
$results = $this->extend('canDelete', $member);
@ -487,7 +513,7 @@ class Group extends DataObject {
parent::requireDefaultRecords();
// Add default author group if no other group exists
$allGroups = DataObject::get('Group');
$allGroups = DataObject::get('SilverStripe\\Security\\Group');
if(!$allGroups->count()) {
$authorGroup = new Group();
$authorGroup->Code = 'content-authors';

11
security/GroupCsvBulkLoader.php → Security/GroupCsvBulkLoader.php
View File

@ -1,6 +1,11 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\DataObject;
use CsvBulkLoader;
/**
* @todo Migrate Permission->Arg and Permission->Type values
*
@ -14,7 +19,7 @@ class GroupCsvBulkLoader extends CsvBulkLoader {
);
public function __construct($objectClass = null) {
if(!$objectClass) $objectClass = 'Group';
if(!$objectClass) $objectClass = 'SilverStripe\\Security\\Group';
parent::__construct($objectClass);
}
@ -30,7 +35,7 @@ class GroupCsvBulkLoader extends CsvBulkLoader {
// are imported to avoid missing "early" references to parents
// which are imported later on in the CSV file.
if(isset($record['ParentCode']) && $record['ParentCode']) {
$parentGroup = DataObject::get_one('Group', array(
$parentGroup = DataObject::get_one('SilverStripe\\Security\\Group', array(
'"Group"."Code"' => $record['ParentCode']
));
if($parentGroup) {
@ -43,7 +48,7 @@ class GroupCsvBulkLoader extends CsvBulkLoader {
// existing permissions arent cleared.
if(isset($record['PermissionCodes']) && $record['PermissionCodes']) {
foreach(explode(',', $record['PermissionCodes']) as $code) {
$p = DataObject::get_one('Permission', array(
$p = DataObject::get_one('SilverStripe\\Security\\Permission', array(
'"Permission"."Code"' => $code,
'"Permission"."GroupID"' => $group->ID
));

18
security/LoginAttempt.php → Security/LoginAttempt.php
View File

@ -1,6 +1,11 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\DataObject;
/**
* Record all login attempts through the {@link LoginForm} object.
* This behaviour is disabled by default.
@ -31,19 +36,14 @@ class LoginAttempt extends DataObject {
);
private static $has_one = array(
'Member' => 'Member', // only linked if the member actually exists
'Member' => 'SilverStripe\\Security\\Member', // only linked if the member actually exists
);
private static $has_many = array();
private static $many_many = array();
private static $belongs_many_many = array();
private static $table_name = "LoginAttempt";
/**
*
* @param boolean $includerelations a boolean value to indicate if the labels returned include relation fields
*
* @param bool $includerelations Indicate if the labels returned include relation fields
* @return array
*/
public function fieldLabels($includerelations = true) {
$labels = parent::fieldLabels($includerelations);

8
security/LoginForm.php → Security/LoginForm.php
View File

@ -1,4 +1,10 @@
<?php
namespace SilverStripe\Security;
use Form;
use Injector;
/**
* Abstract base class for a login form
*
@ -27,7 +33,7 @@ abstract class LoginForm extends Form {
* @return Authenticator Returns the authenticator instance for this login form.
*/
public function getAuthenticator() {
if(!class_exists($this->authenticator_class) || !is_subclass_of($this->authenticator_class, 'Authenticator')) {
if(!class_exists($this->authenticator_class) || !is_subclass_of($this->authenticator_class, 'SilverStripe\\Security\\Authenticator')) {
user_error("The form uses an invalid authenticator class! '{$this->authenticator_class}'"
. " is not a subclass of 'Authenticator'", E_USER_ERROR);
return;

180
security/Member.php → Security/Member.php
View File

@ -1,6 +1,8 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\SS_Map;
use SilverStripe\ORM\ValidationResult;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\ORM\DB;
@ -10,7 +12,30 @@ use SilverStripe\ORM\SS_List;
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\Queries\SQLSelect;
use SilverStripe\ORM\ManyManyList;
use SilverStripe\MSSQL\MSSQLDatabase;
use TemplateGlobalProvider;
use Deprecation;
use i18n;
use Director;
use Session;
use Cookie;
use Config;
use SapphireTest;
use DateTime;
use DropdownField;
use ConfirmedPasswordField;
use Injector;
use TestMailer;
use Email;
use FieldList;
use ListboxField;
use Zend_Locale_Format;
use Zend_Locale;
use Zend_Date;
use MemberDatetimeOptionsetField;
use HTMLEditorConfig;
use RequiredFields;
use GridFieldDetailForm_ItemRequest;
/**
* The member class which represents the users of the system
@ -63,19 +88,15 @@ class Member extends DataObject implements TemplateGlobalProvider {
);
private static $belongs_many_many = array(
'Groups' => 'Group',
'Groups' => 'SilverStripe\\Security\\Group',
);
private static $has_one = array();
private static $has_many = array(
'LoggedPasswords' => 'MemberPassword',
'RememberLoginHashes' => 'RememberLoginHash'
'LoggedPasswords' => 'SilverStripe\\Security\\MemberPassword',
'RememberLoginHashes' => 'SilverStripe\\Security\\RememberLoginHash'
);
private static $many_many = array();
private static $many_many_extraFields = array();
private static $table_name = "Member";
private static $default_sort = '"Surname", "FirstName"';
@ -133,7 +154,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
/**
* @config
* @var Array See {@link set_title_columns()}
* @var array See {@link set_title_columns()}
*/
private static $title_format = null;
@ -148,8 +169,10 @@ class Member extends DataObject implements TemplateGlobalProvider {
private static $unique_identifier_field = 'Email';
/**
* Object for validating user's password
*
* @config
* {@link PasswordValidator} object for validating user's password
* @var PasswordValidator
*/
private static $password_validator = null;
@ -243,8 +266,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
if(!Security::has_default_admin()) return null;
// Find or create ADMIN group
singleton('Group')->requireDefaultRecords();
$adminGroup = Permission::get_groups_by_permission('ADMIN')->First();
Group::singleton()->requireDefaultRecords();
$adminGroup = Permission::get_groups_by_permission('ADMIN')->first();
// Find member
$admin = Member::get()
@ -423,6 +446,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
/**
* Set a {@link PasswordValidator} object to use to validate member's passwords.
*
* @param PasswordValidator $pv
*/
public static function set_password_validator($pv) {
self::$password_validator = $pv;
@ -430,6 +455,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
/**
* Returns the current {@link PasswordValidator}
*
* @return PasswordValidator
*/
public static function password_validator() {
return self::$password_validator;
@ -482,8 +509,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
}
if($remember) {
$rememberLoginHash = RememberLoginHash::generate($this);
$tokenExpiryDays = Config::inst()->get('RememberLoginHash', 'token_expiry_days');
$deviceExpiryDays = Config::inst()->get('RememberLoginHash', 'device_expiry_days');
$tokenExpiryDays = Config::inst()->get('SilverStripe\\Security\\RememberLoginHash', 'token_expiry_days');
$deviceExpiryDays = Config::inst()->get('SilverStripe\\Security\\RememberLoginHash', 'device_expiry_days');
Cookie::set('alc_enc', $this->ID . ':' . $rememberLoginHash->getToken(),
$tokenExpiryDays, null, null, null, true);
Cookie::set('alc_device', $rememberLoginHash->DeviceID, $deviceExpiryDays, null, null, null, true);
@ -497,10 +524,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
// Clear the incorrect log-in count
$this->registerSuccessfulLogin();
// Don't set column if its not built yet (the login might be precursor to a /dev/build...)
if(array_key_exists('LockedOutUntil', DB::field_list('Member'))) {
$this->LockedOutUntil = null;
}
$this->LockedOutUntil = null;
$this->regenerateTempID();
@ -534,7 +558,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
*/
public static function logged_in_session_exists() {
if($id = Member::currentUserID()) {
if($member = DataObject::get_by_id('Member', $id)) {
if($member = DataObject::get_by_id('SilverStripe\\Security\\Member', $id)) {
if($member->exists()) return true;
}
}
@ -570,7 +594,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
$deviceID = Cookie::get('alc_device');
$member = Member::get()->byId($uid);
$member = Member::get()->byID($uid);
$rememberLoginHash = null;
@ -606,7 +630,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
if ($rememberLoginHash) {
$rememberLoginHash->renew();
$tokenExpiryDays = Config::inst()->get('RememberLoginHash', 'token_expiry_days');
$tokenExpiryDays = Config::inst()->get('SilverStripe\\Security\\RememberLoginHash', 'token_expiry_days');
Cookie::set('alc_enc', $member->ID . ':' . $rememberLoginHash->getToken(),
$tokenExpiryDays, null, null, false, true);
}
@ -652,6 +676,10 @@ class Member extends DataObject implements TemplateGlobalProvider {
/**
* Utility for generating secure password hashes for this member.
*
* @param string $string
* @return string
* @throws PasswordEncryptor_NotFoundException
*/
public function encryptWithUserSettings($string) {
if (!$string) return null;
@ -683,7 +711,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
$generator = new RandomGenerator();
$token = $generator->randomToken();
$hash = $this->encryptWithUserSettings($token);
} while(DataObject::get_one('Member', array(
} while(DataObject::get_one('SilverStripe\\Security\\Member', array(
'"Member"."AutoLoginHash"' => $hash
)));
@ -720,7 +748,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
public static function member_from_autologinhash($hash, $login = false) {
$nowExpression = DB::get_conn()->now();
$member = DataObject::get_one('Member', array(
$member = DataObject::get_one('SilverStripe\\Security\\Member', array(
"\"Member\".\"AutoLoginHash\"" => $hash,
"\"Member\".\"AutoLoginExpired\" > $nowExpression" // NOW() can't be parameterised
));
@ -815,7 +843,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
* @return Member_Validator
*/
public function getValidator() {
$validator = Injector::inst()->create('Member_Validator');
$validator = Injector::inst()->create('SilverStripe\\Security\\Member_Validator');
$validator->setForMember($this);
$this->extend('updateValidator', $validator);
@ -826,13 +854,13 @@ class Member extends DataObject implements TemplateGlobalProvider {
/**
* Returns the current logged in user
*
* @return Member|null
* @return Member
*/
public static function currentUser() {
$id = Member::currentUserID();
if($id) {
return Member::get()->byId($id);
return Member::get()->byID($id);
}
}
@ -860,7 +888,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
* @return string Returns a random password.
*/
public static function create_new_password() {
$words = Config::inst()->get('Security', 'word_list');
$words = Config::inst()->get('SilverStripe\\Security\\Security', 'word_list');
if($words && file_exists($words)) {
$words = file($words);
@ -897,7 +925,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
if($this->ID) {
$filter[] = array('"Member"."ID" <> ?' => $this->ID);
}
$existingRecord = DataObject::get_one('Member', $filter);
$existingRecord = DataObject::get_one('SilverStripe\\Security\\Member', $filter);
if($existingRecord) {
throw new ValidationException(ValidationResult::create(false, _t(
@ -1001,8 +1029,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
* Filter out admin groups to avoid privilege escalation,
* If any admin groups are requested, deny the whole save operation.
*
* @param Array $ids Database IDs of Group records
* @return boolean True if the change can be accepted
* @param array $ids Database IDs of Group records
* @return bool True if the change can be accepted
*/
public function onChangeGroups($ids) {
// unless the current user is an admin already OR the logged in user is an admin
@ -1042,9 +1070,9 @@ class Member extends DataObject implements TemplateGlobalProvider {
*/
public function inGroup($group, $strict = false) {
if(is_numeric($group)) {
$groupCheckObj = DataObject::get_by_id('Group', $group);
$groupCheckObj = DataObject::get_by_id('SilverStripe\\Security\\Group', $group);
} elseif(is_string($group)) {
$groupCheckObj = DataObject::get_one('Group', array(
$groupCheckObj = DataObject::get_one('SilverStripe\\Security\\Group', array(
'"Group"."Code"' => $group
));
} elseif($group instanceof Group) {
@ -1068,10 +1096,10 @@ class Member extends DataObject implements TemplateGlobalProvider {
* group code does not return a valid group object.
*
* @param string $groupcode
* @param string Title of the group
* @param string $title Title of the group
*/
public function addToGroupByCode($groupcode, $title = "") {
$group = DataObject::get_one('Group', array(
$group = DataObject::get_one('SilverStripe\\Security\\Group', array(
'"Group"."Code"' => $groupcode
));
@ -1103,7 +1131,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
}
/**
* @param Array $columns Column names on the Member record to show in {@link getTitle()}.
* @param array $columns Column names on the Member record to show in {@link getTitle()}.
* @param String $sep Separator
*/
public static function set_title_columns($columns, $sep = ' ') {
@ -1151,24 +1179,28 @@ class Member extends DataObject implements TemplateGlobalProvider {
* Return a SQL CONCAT() fragment suitable for a SELECT statement.
* Useful for custom queries which assume a certain member title format.
*
* @param String $tableName
* @return String SQL
*/
public static function get_title_sql($tableName = 'Member') {
public static function get_title_sql() {
// This should be abstracted to SSDatabase concatOperator or similar.
$op = (DB::get_conn() instanceof MSSQLDatabase) ? " + " : " || ";
$format = self::config()->title_format;
if ($format) {
$columnsWithTablename = array();
foreach($format['columns'] as $column) {
$columnsWithTablename[] = "\"$tableName\".\"$column\"";
}
return "(".join(" $op '".$format['sep']."' $op ", $columnsWithTablename).")";
} else {
return "(\"$tableName\".\"Surname\" $op ' ' $op \"$tableName\".\"FirstName\")";
// Get title_format with fallback to default
$format = static::config()->title_format;
if (!$format) {
$format = [
'columns' => ['Surname', 'FirstName'],
'sep' => ' ',
];
}
$columnsWithTablename = array();
foreach($format['columns'] as $column) {
$columnsWithTablename[] = static::getSchema()->sqlColumnForField(__CLASS__, $column);
}
$sepSQL = \Convert::raw2sql($format['sep'], true);
return "(".join(" $op $sepSQL $op ", $columnsWithTablename).")";
}
@ -1249,7 +1281,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
* @return Member_Groupset
*/
public function Groups() {
$groups = Member_GroupSet::create('Group', 'Group_Members', 'GroupID', 'MemberID');
$groups = Member_GroupSet::create('SilverStripe\\Security\\Group', 'Group_Members', 'GroupID', 'MemberID');
$groups = $groups->forForeignID($this->ID);
$this->extend('updateGroups', $groups);
@ -1326,7 +1358,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
}
$permsClause = DB::placeholders($perms);
$groups = DataObject::get('Group')
/** @skipUpgrade */
$groups = DataObject::get('SilverStripe\\Security\\Group')
->innerJoin("Permission", '"Permission"."GroupID" = "Group"."ID"')
->where(array(
"\"Permission\".\"Code\" IN ($permsClause)" => $perms
@ -1343,6 +1376,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
$groupIDList = $groups;
}
/** @skipUpgrade */
$members = Member::get()
->innerJoin("Group_Members", '"Group_Members"."MemberID" = "Member"."ID"')
->innerJoin("Group", '"Group"."ID" = "Group_Members"."GroupID"');
@ -1429,7 +1463,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
}
asort($groupsMap);
$fields->addFieldToTab('Root.Main',
ListboxField::create('DirectGroups', singleton('Group')->i18n_plural_name())
ListboxField::create('DirectGroups', singleton('SilverStripe\\Security\\Group')->i18n_plural_name())
->setSource($groupsMap)
->setAttribute(
'data-placeholder',
@ -1445,12 +1479,12 @@ class Member extends DataObject implements TemplateGlobalProvider {
$permissionsField = new PermissionCheckboxSetField_Readonly(
'Permissions',
false,
'Permission',
'SilverStripe\\Security\\Permission',
'GroupID',
// we don't want parent relationships, they're automatically resolved in the field
$self->getManyManyComponents('Groups')
);
$fields->findOrMakeTab('Root.Permissions', singleton('Permission')->i18n_plural_name());
$fields->findOrMakeTab('Root.Permissions', singleton('SilverStripe\\Security\\Permission')->i18n_plural_name());
$fields->addFieldToTab('Root.Permissions', $permissionsField);
}
}
@ -1499,9 +1533,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
}
/**
*
* @param boolean $includerelations a boolean value to indicate if the labels returned include relation fields
*
* @param bool $includerelations Indicate if the labels returned include relation fields
* @return array
*/
public function fieldLabels($includerelations = true) {
$labels = parent::fieldLabels($includerelations);
@ -1522,11 +1555,14 @@ class Member extends DataObject implements TemplateGlobalProvider {
return $labels;
}
/**
* Users can view their own record.
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions.
* This is likely to be customized for social sites etc. with a looser permission model.
*/
/**
* Users can view their own record.
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions.
* This is likely to be customized for social sites etc. with a looser permission model.
*
* @param Member $member
* @return bool
*/
public function canView($member = null) {
//get member
if(!($member instanceof Member)) {
@ -1549,10 +1585,14 @@ class Member extends DataObject implements TemplateGlobalProvider {
//standard check
return Permission::checkMember($member, 'CMS_ACCESS_SecurityAdmin');
}
/**
* Users can edit their own record.
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions
*/
/**
* Users can edit their own record.
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions
*
* @param Member $member
* @return bool
*/
public function canEdit($member = null) {
//get member
if(!($member instanceof Member)) {
@ -1583,6 +1623,9 @@ class Member extends DataObject implements TemplateGlobalProvider {
/**
* Users can edit their own record.
* Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions
*
* @param Member $member
* @return bool
*/
public function canDelete($member = null) {
if(!($member instanceof Member)) {
@ -1641,7 +1684,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
* Change password. This will cause rehashing according to
* the `PasswordEncryption` property.
*
* @param String $password Cleartext password
* @param string $password Cleartext password
* @return ValidationResult
*/
public function changePassword($password) {
$this->Password = $password;
@ -1755,7 +1799,7 @@ class Member_GroupSet extends ManyManyList {
$allGroupIDs = array();
while($groupIDs) {
$allGroupIDs = array_merge($allGroupIDs, $groupIDs);
$groupIDs = DataObject::get("Group")->byIDs($groupIDs)->column("ParentID");
$groupIDs = DataObject::get("SilverStripe\\Security\\Group")->byIDs($groupIDs)->column("ParentID");
$groupIDs = array_filter($groupIDs);
}
@ -1811,7 +1855,7 @@ class Member_GroupSet extends ManyManyList {
protected function getMember() {
$id = $this->getForeignID();
if($id) {
return DataObject::get_by_id('Member', $id);
return DataObject::get_by_id('SilverStripe\\Security\\Member', $id);
}
}
}

14
security/MemberAuthenticator.php → Security/MemberAuthenticator.php
View File

@ -1,6 +1,14 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\ValidationResult;
use InvalidArgumentException;
use Controller;
use Form;
use Session;
/**
* Authenticator for the default "member" method
*
@ -123,7 +131,7 @@ class MemberAuthenticator extends Authenticator {
} else {
// Audit logging hook
singleton('Member')->extend('authenticationFailedUnknownUser', $data);
Member::singleton()->extend('authenticationFailedUnknownUser', $data);
}
}
@ -170,16 +178,18 @@ class MemberAuthenticator extends Authenticator {
/**
* Method that creates the login form for this authentication method
*
* @param Controller The parent controller, necessary to create the
* @param Controller $controller The parent controller, necessary to create the
* appropriate form action tag
* @return Form Returns the login form to use with this authentication
* method
*/
public static function get_login_form(Controller $controller) {
/** @skipUpgrade */
return MemberLoginForm::create($controller, "LoginForm");
}
public static function get_cms_login_form(\Controller $controller) {
/** @skipUpgrade */
return CMSMemberLoginForm::create($controller, "LoginForm");
}

12
security/MemberCsvBulkLoader.php → Security/MemberCsvBulkLoader.php
View File

@ -1,6 +1,12 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\DataObject;
use CsvBulkLoader;
use Convert;
/**
* Imports member records, and checks/updates duplicates based on their
* 'Email' property.
@ -17,7 +23,7 @@ class MemberCsvBulkLoader extends CsvBulkLoader {
protected $groups = array();
public function __construct($objectClass = null) {
if(!$objectClass) $objectClass = 'Member';
if(!$objectClass) $objectClass = 'SilverStripe\\Security\\Member';
parent::__construct($objectClass);
}
@ -64,14 +70,14 @@ class MemberCsvBulkLoader extends CsvBulkLoader {
}
/**
* @param Array $groups
* @param array $groups
*/
public function setGroups($groups) {
$this->groups = $groups;
}
/**
* @return Array
* @return array
*/
public function getGroups() {
return $this->groups;

34
security/MemberLoginForm.php → Security/MemberLoginForm.php
View File

@ -1,4 +1,24 @@
<?php
namespace SilverStripe\Security;
use Director;
use Requirements;
use Session;
use FieldList;
use HiddenField;
use FormAction;
use SS_HTTPResponse;
use TextField;
use PasswordField;
use CheckboxField;
use Config;
use LiteralField;
use RequiredFields;
use Controller;
use Convert;
use Email;
/**
* Log-in form for the "member" authentication method.
*
@ -20,7 +40,7 @@ class MemberLoginForm extends LoginForm {
*/
public $loggedInAsField = 'FirstName';
protected $authenticator_class = 'MemberAuthenticator';
protected $authenticator_class = 'SilverStripe\\Security\\MemberAuthenticator';
/**
* Since the logout and dologin actions may be conditionally removed, it's necessary to ensure these
@ -38,7 +58,7 @@ class MemberLoginForm extends LoginForm {
* create the appropriate form action tag.
* @param string $name The method on the controller that will return this
* form object.
* @param FieldList|FormField $fields All of the fields in the form - a
* @param FieldList $fields All of the fields in the form - a
* {@link FieldList} of {@link FormField}
* objects.
* @param FieldList|FormAction $actions All of the action buttons in the
@ -47,7 +67,6 @@ class MemberLoginForm extends LoginForm {
* @param bool $checkCurrentUser If set to TRUE, it will be checked if a
* the user is currently logged in, and if
* so, only a logout button will be rendered
* @param string $authenticatorClassName Name of the authenticator class that this form uses.
*/
public function __construct($controller, $name, $fields = null, $actions = null,
$checkCurrentUser = true) {
@ -75,7 +94,7 @@ class MemberLoginForm extends LoginForm {
);
} else {
if(!$fields) {
$label=singleton('Member')->fieldLabel(Member::config()->unique_identifier_field);
$label=singleton('SilverStripe\\Security\\Member')->fieldLabel(Member::config()->unique_identifier_field);
$fields = FieldList::create(
HiddenField::create("AuthenticationMethod", null, $this->authenticator_class, $this),
// Regardless of what the unique identifer field is (usually 'Email'), it will be held in the
@ -99,7 +118,7 @@ class MemberLoginForm extends LoginForm {
'title',
sprintf(
_t('Member.REMEMBERME', "Remember me next time? (for %d days on this device)"),
Config::inst()->get('RememberLoginHash', 'token_expiry_days')
Config::inst()->get('SilverStripe\\Security\\RememberLoginHash', 'token_expiry_days')
)
)
);
@ -212,7 +231,7 @@ JS;
if(isset($_REQUEST['BackURL']) && $backURL = $_REQUEST['BackURL']) {
Session::set('BackURL', $backURL);
}
$cp = ChangePasswordForm::create($this->controller, 'ChangePasswordForm');
$cp = ChangePasswordForm::create($this->controller, 'SilverStripe\\Security\\ChangePasswordForm');
$cp->sessionMessage(
_t('Member.PASSWORDEXPIRED', 'Your password has expired. Please choose a new one.'),
'good'
@ -275,7 +294,7 @@ JS;
/**
* Try to authenticate the user
*
* @param array Submitted data
* @param array $data Submitted data
* @return Member Returns the member object on successful authentication
* or NULL on failure.
*/
@ -300,6 +319,7 @@ JS;
* in the form detailing why the action was denied.
*
* @param array $data Submitted data
* @return SS_HTTPResponse
*/
public function forgotPassword($data) {
// Ensure password is given

17
security/MemberPassword.php → Security/MemberPassword.php
View File

@ -1,6 +1,11 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\DataObject;
/**
* Keep track of users' previous passwords, so that we can check that new passwords aren't changed back to old ones.
* @package framework
@ -22,18 +27,16 @@ class MemberPassword extends DataObject {
);
private static $has_one = array(
'Member' => 'Member'
'Member' => 'SilverStripe\\Security\\Member'
);
private static $has_many = array();
private static $many_many = array();
private static $belongs_many_many = array();
private static $table_name = "MemberPassword";
/**
* Log a password change from the given member.
* Call MemberPassword::log($this) from within Member whenever the password is changed.
*
* @param Member $member
*/
public static function log($member) {
$record = new MemberPassword();

31
security/PasswordEncryptor.php → Security/PasswordEncryptor.php
View File

@ -1,6 +1,13 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\DB;
use Config;
use ReflectionClass;
use Exception;
/**
* Allows pluggable password encryption.
* By default, this might be PHP's integrated sha1()
@ -22,10 +29,10 @@ abstract class PasswordEncryptor {
private static $encryptors = array();
/**
* @return Array Map of encryptor code to the used class.
* @return array Map of encryptor code to the used class.
*/
public static function get_encryptors() {
return Config::inst()->get('PasswordEncryptor', 'encryptors');
return Config::inst()->get('SilverStripe\\Security\\PasswordEncryptor', 'encryptors');
}
/**
@ -73,9 +80,9 @@ abstract class PasswordEncryptor {
*
* @uses RandomGenerator
*
* @param String $password Cleartext password
* @param string $password Cleartext password
* @param Member $member (Optional)
* @return String Maximum of 50 characters
* @return string Maximum of 50 characters
*/
public function salt($password, $member = null) {
$generator = new RandomGenerator();
@ -87,6 +94,12 @@ abstract class PasswordEncryptor {
* but is necessary for retain compatibility with password hashed
* with flawed algorithms - see {@link PasswordEncryptor_LegacyPHPHash} and
* {@link PasswordEncryptor_Blowfish}
*
* @param string $hash
* @param string $password
* @param string $salt
* @param Member $member
* @return bool
*/
public function check($hash, $password, $salt = null, $member = null) {
return $hash === $this->encrypt($password, $salt, $member);
@ -129,8 +142,7 @@ class PasswordEncryptor_Blowfish extends PasswordEncryptor {
/**
* Gets the cost that is set for the blowfish algorithm
*
* @param int $cost
* @return null
* @return int
*/
public static function get_cost() {
return self::$cost;
@ -242,6 +254,10 @@ class PasswordEncryptor_Blowfish extends PasswordEncryptor {
/**
* self::$cost param is forced to be two digits with leading zeroes for ints 4-9
*
* @param string $password
* @param Member $member
* @return string
*/
public function salt($password, $member = null) {
$generator = new RandomGenerator();
@ -274,7 +290,8 @@ class PasswordEncryptor_PHPHash extends PasswordEncryptor {
protected $algorithm = 'sha1';
/**
* @param String $algorithm A PHP built-in hashing algorithm as defined by hash_algos()
* @param string $algorithm A PHP built-in hashing algorithm as defined by hash_algos()
* @throws Exception
*/
public function __construct($algorithm) {
if(!in_array($algorithm, hash_algos())) {

5
security/PasswordValidator.php → Security/PasswordValidator.php
View File

@ -1,6 +1,11 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\ValidationResult;
use Object;
/**
* This class represents a validator for member passwords.

110
security/Permission.php → Security/Permission.php
View File

@ -1,8 +1,16 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\DB;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\SS_List;
use TemplateGlobalProvider;
use ClassInfo;
use TestOnly;
/**
* Represents a permission assigned to a group.
* @package framework
@ -25,20 +33,20 @@ class Permission extends DataObject implements TemplateGlobalProvider {
"Arg" => "Int",
"Type" => "Int(1)"
);
private static $has_one = array(
"Group" => "Group"
"Group" => "SilverStripe\\Security\\Group"
);
private static $indexes = array(
"Code" => true
);
private static $defaults = array(
"Type" => 1
);
private static $has_many = array();
private static $many_many = array();
private static $belongs_many_many = array();
private static $table_name = "Permission";
/**
* This is the value to use for the "Type" field if a permission should be
@ -63,7 +71,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
* Method to globally disable "strict" checking, which means a permission
* will be granted if the key does not exist at all.
*
* @var bool
* @var array
*/
private static $declared_permissions = null;
@ -172,10 +180,14 @@ class Permission extends DataObject implements TemplateGlobalProvider {
}
// Turn the code into an array as we may need to add other permsissions to the set we check
if(!is_array($code)) $code = array($code);
if(!is_array($code)) {
$code = array($code);
}
// Check if admin should be treated as holding all permissions
$adminImpliesAll = (bool)static::config()->admin_implies_all;
if($arg == 'any') {
$adminImpliesAll = (bool)Config::inst()->get('Permission', 'admin_implies_all');
// Cache the permissions in memory
if(!isset(self::$cache_permissions[$memberID])) {
self::$cache_permissions[$memberID] = self::permissions_for_member($memberID);
@ -208,8 +220,8 @@ class Permission extends DataObject implements TemplateGlobalProvider {
// Code filters
$codeParams = is_array($code) ? $code : array($code);
$codeClause = DB::placeholders($codeParams);
$adminParams = (self::$admin_implies_all) ? array('ADMIN') : array();
$adminClause = (self::$admin_implies_all) ? ", ?" : '';
$adminParams = $adminImpliesAll ? array('ADMIN') : array();
$adminClause = $adminImpliesAll ? ", ?" : '';
// The following code should only be used if you're not using the "any" arg. This is kind
// of obselete functionality and could possibly be deprecated.
@ -235,7 +247,6 @@ class Permission extends DataObject implements TemplateGlobalProvider {
user_error("Permission::checkMember: bad arg '$arg'", E_USER_ERROR);
}
}
$adminFilter = (Config::inst()->get('Permission', 'admin_implies_all')) ? ",'ADMIN'" : '';
// Raw SQL for efficiency
$permission = DB::prepared_query(
@ -259,7 +270,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
if($permission) return $permission;
// Strict checking disabled?
if(!Config::inst()->get('Permission', 'strict_checking') || !$strict) {
if(!static::config()->strict_checking || !$strict) {
$hasPermission = DB::prepared_query(
"SELECT COUNT(*)
FROM \"Permission\"
@ -270,7 +281,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
array_merge($codeParams, array(self::GRANT_PERMISSION))
)->value();
if(!$hasPermission) return;
if(!$hasPermission) return false;
}
return false;
@ -279,6 +290,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
/**
* Get all the 'any' permission codes available to the given member.
*
* @param int $memberID
* @return array
*/
public static function permissions_for_member($memberID) {
@ -332,7 +344,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
if($member && isset($_SESSION['Permission_groupList'][$member->ID]))
return $_SESSION['Permission_groupList'][$member->ID];
} else {
$member = DataObject::get_by_id("Member", $memberID);
$member = DataObject::get_by_id("SilverStripe\\Security\\Member", $memberID);
}
if($member) {
@ -364,7 +376,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
*
* @param int $groupID The ID of the group
* @param string $code The permission code
* @param string Optional: The permission argument (e.g. a page ID).
* @param string $arg Optional: The permission argument (e.g. a page ID).
* @returns Permission Returns the new permission object.
*/
public static function grant($groupID, $code, $arg = "any") {
@ -379,6 +391,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
break;
case "all":
$perm->Arg = -1;
break;
default:
if(is_numeric($arg)) {
$perm->Arg = $arg;
@ -398,7 +411,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
*
* @param int $groupID The ID of the group
* @param string $code The permission code
* @param string Optional: The permission argument (e.g. a page ID).
* @param string $arg Optional: The permission argument (e.g. a page ID).
* @returns Permission Returns the new permission object.
*/
public static function deny($groupID, $code, $arg = "any") {
@ -413,6 +426,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
break;
case "all":
$perm->Arg = -1;
break;
default:
if(is_numeric($arg)) {
$perm->Arg = $arg;
@ -448,6 +462,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
if(empty($groupIDs)) return new ArrayList();
$groupClause = DB::placeholders($groupIDs);
/** @skipUpgrade */
$members = Member::get()
->where(array("\"Group\".\"ID\" IN ($groupClause)" => $groupIDs))
->leftJoin("Group_Members", '"Member"."ID" = "Group_Members"."MemberID"')
@ -458,7 +473,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
/**
* Return all of the groups that have one of the given permission codes
* @param $codes array|string Either a single permission code, or an array of permission codes
* @param array|string $codes Either a single permission code, or an array of permission codes
* @return SS_List The matching group objects
*/
public static function get_groups_by_permission($codes) {
@ -466,7 +481,8 @@ class Permission extends DataObject implements TemplateGlobalProvider {
$codeClause = DB::placeholders($codeParams);
// Via Roles are groups that have the permission via a role
return DataObject::get('Group')
/** @skipUpgrade */
return Group::get()
->where(array(
"\"PermissionRoleCode\".\"Code\" IN ($codeClause) OR \"Permission\".\"Code\" IN ($codeClause)"
=> array_merge($codeParams, $codeParams)
@ -491,7 +507,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
* suitable for using in an interface.
*/
public static function get_codes($grouped = true) {
$classes = ClassInfo::implementorsOf('PermissionProvider');
$classes = ClassInfo::implementorsOf('SilverStripe\\Security\\PermissionProvider');
$allCodes = array();
$adminCategory = _t('Permission.AdminGroup', 'Administrator');
@ -571,6 +587,9 @@ class Permission extends DataObject implements TemplateGlobalProvider {
/**
* Sort permissions based on their sort value, or name
*
* @param array $a
* @param array $b
* @return int
*/
public static function sort_permissions($a, $b) {
if ($a['sort'] == $b['sort']) {
@ -582,48 +601,6 @@ class Permission extends DataObject implements TemplateGlobalProvider {
}
}
/**
* add a permission represented by the $code to the {@link slef::$hidden_permissions} list
*
* @deprecated 4.0 Use "Permission.hidden_permissions" config setting instead
* @param $code string - the permissions code
* @return void
*/
public static function add_to_hidden_permissions($code){
if(is_string($codes)) $codes = array($codes);
Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
Config::inst()->update('Permission', 'hidden_permissions', $codes);
}
/**
* remove a permission represented by the $code from the {@link slef::$hidden_permissions} list
*
* @deprecated 4.0 Use "Permission.hidden_permissions" config setting instead
* @param $code string - the permissions code
* @return void
*/
public static function remove_from_hidden_permissions($code){
if(is_string($codes)) $codes = array($codes);
Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
Config::inst()->remove('Permission', 'hidden_permissions', $codes);
}
/**
* Declare an array of permissions for the system.
*
* Permissions can be grouped by nesting arrays. Scalar values are always
* treated as permissions.
*
* @deprecated 4.0 Use "Permission.declared_permissions" config setting instead
* @param array $permArray A (possibly nested) array of permissions to
* declare for the system.
*/
public static function declare_permissions($permArray) {
Deprecation::notice('4.0', 'Use "Permission.declared_permissions" config setting instead');
self::config()->declared_permissions = $permArray;
}
/**
* Get a linear list of the permissions in the system.
*
@ -638,8 +615,7 @@ class Permission extends DataObject implements TemplateGlobalProvider {
self::$declared_permissions_list = array();
self::traverse_declared_permissions(self::$declared_permissions,
self::$declared_permissions_list);
self::traverse_declared_permissions(self::$declared_permissions, self::$declared_permissions_list);
return self::$declared_permissions_list;
}
@ -647,8 +623,8 @@ class Permission extends DataObject implements TemplateGlobalProvider {
/**
* Look up the human-readable title for the permission as defined by <code>Permission::declare_permissions</code>
*
* @param $perm Permission code
* @return Label for the given permission, or the permission itself if the label doesn't exist
* @param string $perm Permission code
* @return string Label for the given permission, or the permission itself if the label doesn't exist
*/
public static function get_label_for_permission($perm) {
$list = self::get_declared_permissions_list();
@ -660,8 +636,8 @@ class Permission extends DataObject implements TemplateGlobalProvider {
* Recursively traverse the nested list of declared permissions and create
* a linear list.
*
* @param aeeay $declared Nested structure of permissions.
* @param $list List of permissions in the structure. The result will be
* @param array $declared Nested structure of permissions.
* @param array $list List of permissions in the structure. The result will be
* written to this array.
*/
protected static function traverse_declared_permissions($declared, &$list) {

31
security/PermissionCheckboxSetField.php → Security/PermissionCheckboxSetField.php
View File

@ -1,10 +1,19 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\FieldType\DBHTMLText;
use SilverStripe\ORM\SS_List;
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\FieldType\DBField;
use SilverStripe\ORM\DataObjectInterface;
use FormField;
use InvalidArgumentException;
use Requirements;
use Config;
/**
@ -21,7 +30,7 @@ use SilverStripe\ORM\DataObjectInterface;
class PermissionCheckboxSetField extends FormField {
/**
* @var Array Filter certain permission codes from the output.
* @var array Filter certain permission codes from the output.
* Useful to simplify the interface
*/
protected $hiddenPermissions = array();
@ -66,14 +75,14 @@ class PermissionCheckboxSetField extends FormField {
}
/**
* @param Array $codes
* @param array $codes
*/
public function setHiddenPermissions($codes) {
$this->hiddenPermissions = $codes;
}
/**
* @return Array
* @return array
*/
public function getHiddenPermissions() {
return $this->hiddenPermissions;
@ -81,7 +90,7 @@ class PermissionCheckboxSetField extends FormField {
/**
* @param array $properties
* @return HTMLText
* @return DBHTMLText
*/
public function Field($properties = array()) {
Requirements::css(FRAMEWORK_DIR . '/client/dist/styles/CheckboxSetField.css');
@ -96,7 +105,7 @@ class PermissionCheckboxSetField extends FormField {
$record = $this->form->getRecord();
if(
$record
&& (is_a($record, 'Group') || is_a($record, 'PermissionRole'))
&& ($record instanceof Group || $record instanceof PermissionRole)
&& !$records->find('ID', $record->ID)
) {
$records->push($record);
@ -117,7 +126,7 @@ class PermissionCheckboxSetField extends FormField {
// Special case for Group records (not PermissionRole):
// Determine inherited assignments
if(is_a($record, 'Group')) {
if(is_a($record, 'SilverStripe\\Security\\Group')) {
// Get all permissions from roles
if ($record->Roles()->Count()) {
foreach($record->Roles() as $role) {
@ -172,7 +181,7 @@ class PermissionCheckboxSetField extends FormField {
$odd = 0;
$options = '';
$globalHidden = (array)Config::inst()->get('Permission', 'hidden_permissions');
$globalHidden = (array)Config::inst()->get('SilverStripe\\Security\\Permission', 'hidden_permissions');
if($this->source) {
$privilegedPermissions = Permission::config()->privileged_permissions;
@ -188,7 +197,7 @@ class PermissionCheckboxSetField extends FormField {
$odd = ($odd + 1) % 2;
$extraClass = $odd ? 'odd' : 'even';
$extraClass .= ' val' . str_replace(' ', '', $code);
$itemID = $this->id() . '_' . preg_replace('/[^a-zA-Z0-9]+/', '', $code);
$itemID = $this->ID() . '_' . preg_replace('/[^a-zA-Z0-9]+/', '', $code);
$checked = $disabled = $inheritMessage = '';
$checked = (isset($uninheritedCodes[$code]) || isset($inheritedCodes[$code]))
? ' checked="checked"'
@ -240,7 +249,7 @@ class PermissionCheckboxSetField extends FormField {
}
if($this->readonly) {
return DBField::create_field('HTMLText',
"<ul id=\"{$this->id()}\" class=\"optionset checkboxsetfield{$this->extraClass()}\">\n" .
"<ul id=\"{$this->ID()}\" class=\"optionset checkboxsetfield{$this->extraClass()}\">\n" .
"<li class=\"help\">" .
_t(
'Permissions.UserPermissionsIntro',
@ -253,7 +262,7 @@ class PermissionCheckboxSetField extends FormField {
);
} else {
return DBField::create_field('HTMLText',
"<ul id=\"{$this->id()}\" class=\"optionset checkboxsetfield{$this->extraClass()}\">\n" .
"<ul id=\"{$this->ID()}\" class=\"optionset checkboxsetfield{$this->extraClass()}\">\n" .
$options .
"</ul>\n"
);
@ -263,7 +272,7 @@ class PermissionCheckboxSetField extends FormField {
/**
* Update the permission set associated with $record DataObject
*
* @param DataObject $record
* @param DataObjectInterface $record
*/
public function saveInto(DataObjectInterface $record) {
$fieldname = $this->name;

5
security/PermissionFailureException.php → Security/PermissionFailureException.php
View File

@ -1,4 +1,9 @@
<?php
namespace SilverStripe\Security;
use Exception;
/**
* Throw this exception to register that a user doesn't have permission to do the given action
* and potentially redirect them to the log-in page. The exception message may be presented to the

5
security/PermissionProvider.php → Security/PermissionProvider.php
View File

@ -1,4 +1,9 @@
<?php
namespace SilverStripe\Security;
/**
* Used to let classes provide new permission codes.
* Every implementor of PermissionProvider is accessed and providePermissions() called to get the full list of

18
security/PermissionRole.php → Security/PermissionRole.php
View File

@ -1,6 +1,12 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\HasManyList;
use SilverStripe\ORM\ManyManyList;
/**
* A PermissionRole represents a collection of permission codes that can be applied to groups.
*
@ -28,13 +34,15 @@ class PermissionRole extends DataObject {
);
private static $has_many = array(
"Codes" => "PermissionRoleCode",
"Codes" => "SilverStripe\\Security\\PermissionRoleCode",
);
private static $belongs_many_many = array(
"Groups" => "Group",
"Groups" => "SilverStripe\\Security\\Group",
);
private static $table_name = "PermissionRole";
private static $default_sort = '"Title"';
private static $singular_name = 'Role';
@ -51,13 +59,13 @@ class PermissionRole extends DataObject {
'Root.Main',
$permissionField = new PermissionCheckboxSetField(
'Codes',
singleton('Permission')->i18n_plural_name(),
'PermissionRoleCode',
Permission::singleton()->i18n_plural_name(),
'SilverStripe\\Security\\PermissionRoleCode',
'RoleID'
)
);
$permissionField->setHiddenPermissions(
Config::inst()->get('Permission', 'hidden_permissions')
Permission::config()->hidden_permissions
);
return $fields;

9
security/PermissionRoleCode.php → Security/PermissionRoleCode.php
View File

@ -1,6 +1,9 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\DataObject;
/**
* A PermissionRoleCode represents a single permission code assigned to a {@link PermissionRole}.
*
@ -19,14 +22,16 @@ class PermissionRoleCode extends DataObject {
);
private static $has_one = array(
"Role" => "PermissionRole",
"Role" => "SilverStripe\\Security\\PermissionRole",
);
private static $table_name = "PermissionRoleCode";
public function validate() {
$result = parent::validate();
// Check that new code doesn't increase privileges, unless an admin is editing.
$privilegedCodes = Config::inst()->get('Permission', 'privileged_permissions');
$privilegedCodes = Permission::config()->privileged_permissions;
if(
$this->Code
&& in_array($this->Code, $privilegedCodes)

7
security/RandomGenerator.php → Security/RandomGenerator.php
View File

@ -1,4 +1,9 @@
<?php
namespace SilverStripe\Security;
use Exception;
/**
* Generates entropy values based on strongest available methods
* (mcrypt_create_iv(), openssl_random_pseudo_bytes(), /dev/urandom, COM.CAPICOM.Utilities.1, mt_rand()).
@ -46,7 +51,7 @@ class RandomGenerator {
// try to read from the windows RNG
if($isWin && class_exists('COM')) {
try {
$comObj = new COM('CAPICOM.Utilities.1');
$comObj = new \COM('CAPICOM.Utilities.1');
if(is_callable(array($comObj,'GetRandom'))) {
return base64_decode($comObj->GetRandom(64, 0));

33
security/RememberLoginHash.php → Security/RememberLoginHash.php
View File

@ -1,7 +1,13 @@
<?php
namespace SilverStripe\Security;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\ORM\DataObject;
use DateTime;
use DateInterval;
/**
* Persists a token associated with a device for users who opted for the "Remember Me"
* feature when logging in.
@ -26,7 +32,7 @@ class RememberLoginHash extends DataObject {
);
private static $has_one = array (
'Member' => 'Member',
'Member' => 'SilverStripe\\Security\\Member',
);
private static $indexes = array(
@ -34,6 +40,8 @@ class RememberLoginHash extends DataObject {
'Hash' => true
);
private static $table_name = "RememberLoginHash";
/**
* Determines if logging out on one device also clears existing login tokens
* on all other devices owned by the member.
@ -95,7 +103,7 @@ class RememberLoginHash extends DataObject {
/**
* Creates a new random token and hashes it using the
* member information
* @param Member The logged in user
* @param Member $member The logged in user
* @return string The hash to be stored in the database
*/
public function getNewHash(Member $member){
@ -109,25 +117,27 @@ class RememberLoginHash extends DataObject {
* The device is assigned a globally unique device ID
* The returned login hash stores the hashed token in the
* database, for this device and this member
* @param Member The logged in user
* @param Member $member The logged in user
* @return RememberLoginHash The generated login hash
*/
public static function generate(Member $member) {
if(!$member->exists()) { return; }
if (Config::inst()->get('RememberLoginHash', 'force_single_token') == true) {
$rememberLoginHash = RememberLoginHash::get()->filter('MemberID', $member->ID)->removeAll();
if(!$member->exists()) {
return null;
}
if (static::config()->force_single_token) {
RememberLoginHash::get()->filter('MemberID', $member->ID)->removeAll();
}
$rememberLoginHash = RememberLoginHash::create();
do {
$deviceID = $rememberLoginHash->getNewDeviceID();
} while (RememberLoginHash::get()->filter('DeviceID', $deviceID)->Count());
} while (RememberLoginHash::get()->filter('DeviceID', $deviceID)->count());
$rememberLoginHash->DeviceID = $deviceID;
$rememberLoginHash->Hash = $rememberLoginHash->getNewHash($member);
$rememberLoginHash->MemberID = $member->ID;
$now = DBDatetime::now();
$expiryDate = new DateTime($now->Rfc2822());
$tokenExpiryDays = Config::inst()->get('RememberLoginHash', 'token_expiry_days');
$tokenExpiryDays = static::config()->token_expiry_days;
$expiryDate->add(new DateInterval('P'.$tokenExpiryDays.'D'));
$rememberLoginHash->ExpiryDate = $expiryDate->format('Y-m-d H:i:s');
$rememberLoginHash->extend('onAfterGenerateToken');
@ -137,7 +147,7 @@ class RememberLoginHash extends DataObject {
/**
* Generates a new hash for this member but keeps the device ID intact
* @param Member the logged in user
*
* @return RememberLoginHash
*/
public function renew() {
@ -152,11 +162,14 @@ class RememberLoginHash extends DataObject {
* Deletes existing tokens for this member
* if logout_across_devices is true, all tokens are deleted, otherwise
* only the token for the provided device ID will be removed
*
* @param Member $member
* @param string $alcDevice
*/
public static function clear(Member $member, $alcDevice = null) {
if(!$member->exists()) { return; }
$filter = array('MemberID'=>$member->ID);
if ((Config::inst()->get('RememberLoginHash', 'logout_across_devices') == false) && $alcDevice) {
if (!static::config()->logout_across_devices && $alcDevice) {
$filter['DeviceID'] = $alcDevice;
}
RememberLoginHash::get()

70
security/Security.php → Security/Security.php
View File

@ -1,8 +1,30 @@
<?php
namespace SilverStripe\Security;
use Form;
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DB;
use Controller;
use SS_HTTPRequest;
use TemplateGlobalProvider;
use Deprecation;
use Director;
use SS_HTTPResponse;
use Session;
use Config;
use Exception;
use Page;
use Page_Controller;
use ArrayData;
use FieldList;
use EmailField;
use FormAction;
use Convert;
use Object;
use ClassInfo;
/**
* Implements a basic security model
* @package framework
@ -303,7 +325,7 @@ class Security extends Controller implements TemplateGlobalProvider {
$controller->extend('permissionDenied', $member);
return $controller->redirect(
Config::inst()->get('Security', 'login_url')
Config::inst()->get('SilverStripe\\Security\\Security', 'login_url')
. "?BackURL=" . urlencode($_SERVER['REQUEST_URI'])
);
}
@ -341,6 +363,7 @@ class Security extends Controller implements TemplateGlobalProvider {
* Get the login form to process according to the submitted data
*
* @return Form
* @throws Exception
*/
public function LoginForm() {
$authenticator = $this->getAuthenticator();
@ -375,6 +398,7 @@ class Security extends Controller implements TemplateGlobalProvider {
* @return string Returns the link to the given action
*/
public function Link($action = null) {
/** @skipUpgrade */
return Controller::join_links(Director::baseURL(), "Security", $action);
}
@ -448,6 +472,7 @@ class Security extends Controller implements TemplateGlobalProvider {
// Use sitetree pages to render the security page
$tmpPage = new Page();
$tmpPage->Title = $title;
/** @skipUpgrade */
$tmpPage->URLSegment = "Security";
// Disable ID-based caching of the log-in page by making it a random number
$tmpPage->ID = -1 * rand(1,10000000);
@ -465,6 +490,7 @@ class Security extends Controller implements TemplateGlobalProvider {
* @return array Template list
*/
public function getTemplatesFor($action) {
/** @skipUpgrade */
return array("Security_{$action}", 'Security', $this->stat('template_main'), 'BlankPage');
}
@ -558,7 +584,7 @@ class Security extends Controller implements TemplateGlobalProvider {
public function basicauthlogin() {
$member = BasicAuth::requireLogin("SilverStripe login", 'ADMIN');
$member->LogIn();
$member->logIn();
}
/**
@ -652,7 +678,8 @@ class Security extends Controller implements TemplateGlobalProvider {
* - t: plaintext token
*
* @param Member $member Member object associated with this link.
* @param string $autoLoginHash The auto login token.
* @param string $autologinToken The auto login token.
* @return string
*/
public static function getPasswordResetLink($member, $autologinToken) {
$autologinToken = urldecode($autologinToken);
@ -682,7 +709,7 @@ class Security extends Controller implements TemplateGlobalProvider {
// Extract the member from the URL.
$member = null;
if (isset($_REQUEST['m'])) {
$member = Member::get()->filter('ID', (int)$_REQUEST['m'])->First();
$member = Member::get()->filter('ID', (int)$_REQUEST['m'])->first();
}
// Check whether we are merely changin password, or resetting.
@ -743,17 +770,23 @@ class Security extends Controller implements TemplateGlobalProvider {
/**
* Factory method for the lost password form
*
* @return Form Returns the lost password form
* @return ChangePasswordForm Returns the lost password form
*/
public function ChangePasswordForm() {
return Object::create('ChangePasswordForm', $this, 'ChangePasswordForm');
/** @skipUpgrade */
$formName = 'ChangePasswordForm';
return \Injector::inst()->createWithArgs(
'SilverStripe\\Security\\ChangePasswordForm',
[ $this, $formName]
);
}
/**
* Gets the template for an include used for security.
* For use in any subclass.
*
* @return string|array Returns the template(s) for rendering
* @param string $name
* @return array Returns the template(s) for rendering
*/
public function getIncludeTemplate($name) {
return array('Security_' . $name);
@ -776,17 +809,17 @@ class Security extends Controller implements TemplateGlobalProvider {
// coupling to subsites module
$origSubsite = null;
if(is_callable('Subsite::changeSubsite')) {
$origSubsite = Subsite::currentSubsiteID();
Subsite::changeSubsite(0);
$origSubsite = \Subsite::currentSubsiteID();
\Subsite::changeSubsite(0);
}
$member = null;
// find a group with ADMIN permission
$adminGroup = Permission::get_groups_by_permission('ADMIN')->First();
$adminGroup = Permission::get_groups_by_permission('ADMIN')->first();
if(is_callable('Subsite::changeSubsite')) {
Subsite::changeSubsite($origSubsite);
\Subsite::changeSubsite($origSubsite);
}
if ($adminGroup) {
@ -794,13 +827,13 @@ class Security extends Controller implements TemplateGlobalProvider {
}
if(!$adminGroup) {
singleton('Group')->requireDefaultRecords();
$adminGroup = Permission::get_groups_by_permission('ADMIN')->First();
Group::singleton()->requireDefaultRecords();
$adminGroup = Permission::get_groups_by_permission('ADMIN')->first();
}
if(!$member) {
singleton('Member')->requireDefaultRecords();
$member = Permission::get_members_by_permission('ADMIN')->First();
Member::singleton()->requireDefaultRecords();
$member = Permission::get_members_by_permission('ADMIN')->first();
}
if(!$member) {
@ -841,6 +874,7 @@ class Security extends Controller implements TemplateGlobalProvider {
*
* @param string $username The user name
* @param string $password The password (in cleartext)
* @return bool
*/
public static function setDefaultAdmin($username, $password) {
// don't overwrite if already set
@ -1004,9 +1038,9 @@ class Security extends Controller implements TemplateGlobalProvider {
return self::$database_is_ready;
}
$requiredClasses = ClassInfo::dataClassesFor('Member');
$requiredClasses[] = 'Group';
$requiredClasses[] = 'Permission';
$requiredClasses = ClassInfo::dataClassesFor('SilverStripe\\Security\\Member');
$requiredClasses[] = 'SilverStripe\\Security\\Group';
$requiredClasses[] = 'SilverStripe\\Security\\Permission';
foreach($requiredClasses as $class) {
// Skip test classes, as not all test classes are scaffolded at once

14
security/SecurityToken.php → Security/SecurityToken.php
View File

@ -1,4 +1,15 @@
<?php
namespace SilverStripe\Security;
use FieldList;
use Object;
use SS_HTTPRequest;
use TemplateGlobalProvider;
use Session;
use HiddenField;
use Controller;
/**
* @package framework
* @subpackage security
@ -110,7 +121,8 @@ class SecurityToken extends Object implements TemplateGlobalProvider {
}
/**
* @return String
* @param string $name
* @return string
*/
public function setName($name) {
$val = $this->getValue();

14
_config/encryptors.yml
View File

@ -1,17 +1,17 @@
---
name: coreencryptors
---
PasswordEncryptor:
'SilverStripe\Security\PasswordEncryptor':
encryptors:
none:
PasswordEncryptor_None:
'SilverStripe\Security\PasswordEncryptor_None':
md5:
PasswordEncryptor_LegacyPHPHash: md5
'SilverStripe\Security\PasswordEncryptor_LegacyPHPHash': md5
sha1:
PasswordEncryptor_LegacyPHPHash: sha1
'SilverStripe\Security\PasswordEncryptor_LegacyPHPHash': sha1
md5_v2.4:
PasswordEncryptor_PHPHash: md5
'SilverStripe\Security\PasswordEncryptor_PHPHash': md5
sha1_v2.4:
PasswordEncryptor_PHPHash: sha1
'SilverStripe\Security\PasswordEncryptor_PHPHash': sha1
blowfish:
PasswordEncryptor_Blowfish:
'SilverStripe\Security\PasswordEncryptor_Blowfish':

4
_config/routes.yml
View File

@ -14,8 +14,8 @@ After:
---
Director:
rules:
'Security//$Action/$ID/$OtherID': 'Security'
'CMSSecurity//$Action/$ID/$OtherID': 'CMSSecurity'
'Security//$Action/$ID/$OtherID': 'SilverStripe\Security\Security'
'CMSSecurity//$Action/$ID/$OtherID': 'SilverStripe\Security\CMSSecurity'
'dev': 'DevelopmentAdmin'
'interactive': 'SapphireREPL'
'InstallerTest//$Action/$ID/$OtherID': 'InstallerTest'

13
admin/code/CMSBatchActionHandler.php
View File

@ -2,8 +2,11 @@
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\DB;
use SilverStripe\ORM\SS_List;
use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\SecurityToken;
/**
* Special request handler for admin/batchaction
@ -28,6 +31,9 @@ class CMSBatchActionHandler extends RequestHandler {
'handleConfirmation',
);
/**
* @var Controller
*/
protected $parentController;
/**
@ -43,7 +49,7 @@ class CMSBatchActionHandler extends RequestHandler {
protected $recordClass = 'SiteTree';
/**
* @param string $parentController
* @param Controller $parentController
* @param string $urlSegment
* @param string $recordClass
*/
@ -61,9 +67,10 @@ class CMSBatchActionHandler extends RequestHandler {
* Register a new batch action. Each batch action needs to be represented by a subclass
* of {@link CMSBatchAction}.
*
* @param $urlSegment The URL Segment of the batch action - the URL used to process this
* @param string $urlSegment The URL Segment of the batch action - the URL used to process this
* action will be admin/batchactions/(urlSegment)
* @param $batchActionClass The name of the CMSBatchAction subclass to register
* @param string $batchActionClass The name of the CMSBatchAction subclass to register
* @param string $recordClass
*/
public static function register($urlSegment, $batchActionClass, $recordClass = 'SiteTree') {
if(is_subclass_of($batchActionClass, 'CMSBatchAction')) {

31
admin/code/CMSMenu.php
View File

@ -1,4 +1,6 @@
<?php
use SilverStripe\Security\Member;
/**
* The object manages the main CMS menu. See {@link LeftAndMain::init()} for
* example usage.
@ -53,7 +55,6 @@ class CMSMenu extends Object implements IteratorAggregate, i18nEntityProvider {
* Add a LeftAndMain controller to the CMS menu.
*
* @param string $controllerClass The class name of the controller
* @return The result of the operation
* @todo A director rule is added when a controller link is added, but it won't be removed
* when the item is removed. Functionality needed in {@link Director}.
*/
@ -65,6 +66,9 @@ class CMSMenu extends Object implements IteratorAggregate, i18nEntityProvider {
/**
* Return a CMSMenuItem to add the given controller to the CMSMenu
*
* @param string $controllerClass
* @return CMSMenuItem
*/
protected static function menuitem_for_controller($controllerClass) {
$urlBase = Config::inst()->get($controllerClass, 'url_base', Config::FIRST_SET);
@ -107,15 +111,15 @@ class CMSMenu extends Object implements IteratorAggregate, i18nEntityProvider {
* uses {@link CMSMenu::$menu_items}
*
* @param string $code Unique identifier for this menu item (e.g. used by {@link replace_menu_item()} and
* {@link remove_menu_item}. Also used as a CSS-class for icon customization.
* {@link remove_menu_item}. Also used as a CSS-class for icon customization.
* @param string $menuTitle Localized title showing in the menu bar
* @param string $url A relative URL that will be linked in the menu bar.
* @param string $controllerClass The controller class for this menu, used to check permisssions.
* If blank, it's assumed that this is public, and always shown to users who
* have the rights to access some other part of the admin area.
* If blank, it's assumed that this is public, and always shown to users who
* have the rights to access some other part of the admin area.
* @param int $priority
* @param array $attributes an array of attributes to include on the link.
*
* @return boolean Success
* @return bool Success
*/
public static function add_menu_item($code, $menuTitle, $url, $controllerClass = null, $priority = -1,
$attributes = null) {
@ -237,16 +241,16 @@ class CMSMenu extends Object implements IteratorAggregate, i18nEntityProvider {
* Replace a navigation item to the main administration menu showing in the top bar.
*
* @param string $code Unique identifier for this menu item (e.g. used by {@link replace_menu_item()} and
* {@link remove_menu_item}. Also used as a CSS-class for icon customization.
* {@link remove_menu_item}. Also used as a CSS-class for icon customization.
* @param string $menuTitle Localized title showing in the menu bar
* @param string $url A relative URL that will be linked in the menu bar.
* Make sure to add a matching route via {@link Director::$rules} to this url.
* Make sure to add a matching route via {@link Director::$rules} to this url.
* @param string $controllerClass The controller class for this menu, used to check permisssions.
* If blank, it's assumed that this is public, and always shown to users who
* have the rights to access some other part of the admin area.
* If blank, it's assumed that this is public, and always shown to users who
* have the rights to access some other part of the admin area.
* @param int $priority
* @param array $attributes an array of attributes to include on the link.
*
* @return boolean Success
* @return bool Success
*/
public static function replace_menu_item($code, $menuTitle, $url, $controllerClass = null, $priority = -1,
$attributes = null) {
@ -265,6 +269,9 @@ class CMSMenu extends Object implements IteratorAggregate, i18nEntityProvider {
/**
* Add a previously built menu item object to the menu
*
* @param string $code
* @param CMSMenuItem $cmsMenuItem
*/
protected static function add_menu_item_obj($code, $cmsMenuItem) {
self::$menu_item_changes[] = array(

13
admin/code/CMSProfileController.php
View File

@ -1,7 +1,9 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\ArrayList;
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;
/**
* @package framework
@ -15,7 +17,7 @@ class CMSProfileController extends LeftAndMain {
private static $required_permission_codes = false;
private static $tree_class = 'Member';
private static $tree_class = 'SilverStripe\\Security\\Member';
public function getEditForm($id = null, $fields = null) {
$this->setCurrentPageID(Member::currentUserID());
@ -40,7 +42,7 @@ class CMSProfileController extends LeftAndMain {
if($member = Member::currentUser()) {
$form->setValidator($member->getValidator());
} else {
$form->setValidator(Injector::inst()->get('Member')->getValidator());
$form->setValidator(Member::singleton()->getValidator());
}
if($form->Fields()->hasTabset()) {
@ -70,7 +72,7 @@ class CMSProfileController extends LeftAndMain {
}
public function save($data, $form) {
$member = DataObject::get_by_id("Member", $data['ID']);
$member = Member::get()->byID($data['ID']);
if(!$member) return $this->httpError(404);
$origLocale = $member->Locale;
@ -93,6 +95,9 @@ class CMSProfileController extends LeftAndMain {
* Only show first element, as the profile form is limited to editing
* the current member it doesn't make much sense to show the member name
* in the breadcrumbs.
*
* @param bool $unlinked
* @return ArrayList
*/
public function Breadcrumbs($unlinked = false) {
$items = parent::Breadcrumbs($unlinked);

4
admin/code/CampaignAdmin.php
View File

@ -1,8 +1,12 @@
<?php
use SilverStripe\ORM\SS_List;
use SilverStripe\ORM\Versioning\ChangeSet;
use SilverStripe\ORM\Versioning\ChangeSetItem;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\SecurityToken;
use SilverStripe\Security\PermissionProvider;
/**
* Campaign section of the CMS

3
admin/code/GroupImportForm.php
View File

@ -1,5 +1,8 @@
<?php
use SilverStripe\Security\Group;
use SilverStripe\Security\GroupCsvBulkLoader;
/**
* Imports {@link Group} records by CSV upload, as defined in
* {@link GroupCsvBulkLoader}.

37
admin/code/LeftAndMain.php
View File

@ -7,6 +7,8 @@
use SilverStripe\Forms\Schema\FormSchema;
use SilverStripe\ORM\Hierarchy\Hierarchy;
use SilverStripe\ORM\SS_List;
use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\ORM\DataModel;
use SilverStripe\ORM\ValidationException;
@ -15,6 +17,12 @@ use SilverStripe\ORM\FieldType\DBField;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DB;
use SilverStripe\ORM\Queries\SQLSelect;
use SilverStripe\Security\SecurityToken;
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
use SilverStripe\Security\PermissionProvider;
/**
@ -660,6 +668,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
* You should implement a Link() function in your subclass of LeftAndMain,
* to point to the URL of that particular controller.
*
* @param string $action
* @return string
*/
public function Link($action = null) {
@ -733,6 +742,11 @@ class LeftAndMain extends Controller implements PermissionProvider {
return '';
}
/**
* @param SS_HTTPRequest $request
* @return SS_HTTPResponse
* @throws SS_HTTPResponse_Exception
*/
public function show($request) {
// TODO Necessary for TableListField URLs to work properly
if($request->param('ID')) $this->setCurrentPageID($request->param('ID'));
@ -775,7 +789,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
* Returns the main menu of the CMS. This is also used by init()
* to work out which sections the user has access to.
*
* @param Boolean
* @param bool $cached
* @return SS_List
*/
public function MainMenu($cached = true) {
@ -874,6 +888,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
* Return a list of appropriate templates for this class, with the given suffix using
* {@link SSViewer::get_templates_by_class()}
*
* @param string $suffix
* @return array
*/
public function getTemplatesWithSuffix($suffix) {
@ -898,6 +913,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
}
/**
* @param bool $unlinked
* @return ArrayList
*/
public function Breadcrumbs($unlinked = false) {
@ -965,12 +981,15 @@ class LeftAndMain extends Controller implements PermissionProvider {
/**
* Get a site tree HTML listing which displays the nodes under the given criteria.
*
* @param $className The class of the root object
* @param $rootID The ID of the root object. If this is null then a complete tree will be
* @param string $className The class of the root object
* @param string $rootID The ID of the root object. If this is null then a complete tree will be
* shown
* @param $childrenMethod The method to call to get the children of the tree. For example,
* @param string $childrenMethod The method to call to get the children of the tree. For example,
* Children, AllChildrenIncludingDeleted, or AllHistoricalChildren
* @return String Nested unordered list with links to each page
* @param string $numChildrenMethod
* @param callable $filterFunction
* @param int $nodeCountThreshold
* @return string Nested unordered list with links to each page
*/
public function getSiteTreeFor($className, $rootID = null, $childrenMethod = null, $numChildrenMethod = null,
$filterFunction = null, $nodeCountThreshold = 30) {
@ -1100,6 +1119,9 @@ class LeftAndMain extends Controller implements PermissionProvider {
/**
* Get a subtree underneath the request param 'ID'.
* If ID = 0, then get the whole tree.
*
* @param SS_HTTPRequest $request
* @return string
*/
public function getsubtree($request) {
$html = $this->getSiteTreeFor(
@ -1124,7 +1146,8 @@ class LeftAndMain extends Controller implements PermissionProvider {
* all children with the node. Useful to refresh views after
* state modifications, e.g. saving a form.
*
* @return String JSON
* @param SS_HTTPRequest $request
* @return string JSON
*/
public function updatetreenodes($request) {
$data = array();
@ -1264,7 +1287,9 @@ class LeftAndMain extends Controller implements PermissionProvider {
* - 'SiblingIDs': Array of all sibling nodes to the moved node (incl. the node itself).
* In case of a 'ParentID' change, relates to the new siblings under the new parent.
*
* @param SS_HTTPRequest $request
* @return SS_HTTPResponse JSON string with a
* @throws SS_HTTPResponse_Exception
*/
public function savetreenode($request) {
if (!SecurityToken::inst()->checkRequest($request)) {

2
admin/code/MemberImportForm.php
View File

@ -1,5 +1,7 @@
<?php
use SilverStripe\Security\MemberCsvBulkLoader;
/**
* Imports {@link Member} records by CSV upload, as defined in
* {@link MemberCsvBulkLoader}.

8
admin/code/ModelAdmin.php
View File

@ -1,6 +1,9 @@
<?php
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\SS_List;
use SilverStripe\Security\Member;
/**
* Generates a three-pane UI for editing model classes, with an
* automatically generated search panel, tabular results and edit forms.
@ -248,6 +251,8 @@ abstract class ModelAdmin extends LeftAndMain {
/**
* Sanitise a model class' name for inclusion in a link
*
* @param string $class
* @return string
*/
protected function sanitiseClassName($class) {
@ -256,6 +261,8 @@ abstract class ModelAdmin extends LeftAndMain {
/**
* Unsanitise a model class' name from a URL param
*
* @param string $class
* @return string
*/
protected function unsanitiseClassName($class) {
@ -444,6 +451,7 @@ abstract class ModelAdmin extends LeftAndMain {
}
/**
* @param bool $unlinked
* @return ArrayList
*/
public function Breadcrumbs($unlinked = false) {

36
admin/code/SecurityAdmin.php
View File

@ -1,5 +1,12 @@
<?php
use SilverStripe\Security\Security;
use SilverStripe\Security\Member;
use SilverStripe\Security\Group;
use SilverStripe\Security\Permission;
use SilverStripe\Security\PermissionRole;
use SilverStripe\Security\PermissionProvider;
/**
* Security section of the CMS
*
@ -14,9 +21,9 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
private static $menu_title = 'Security';
private static $tree_class = 'Group';
private static $tree_class = 'SilverStripe\\Security\\Group';
private static $subitem_class = 'Member';
private static $subitem_class = 'SilverStripe\\Security\\Member';
private static $allowed_actions = array(
'EditForm',
@ -36,6 +43,9 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
/**
* Shortcut action for setting the correct active tab.
*
* @param SS_HTTPRequest $request
* @return SS_HTTPResponse
*/
public function users($request) {
return $this->index($request);
@ -43,6 +53,9 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
/**
* Shortcut action for setting the correct active tab.
*
* @param SS_HTTPRequest $request
* @return SS_HTTPResponse
*/
public function groups($request) {
return $this->index($request);
@ -50,6 +63,9 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
/**
* Shortcut action for setting the correct active tab.
*
* @param SS_HTTPRequest $request
* @return SS_HTTPResponse
*/
public function roles($request) {
return $this->index($request);
@ -79,7 +95,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
if($record && method_exists($record, 'getValidator')) {
$validator = $record->getValidator();
} else {
$validator = Injector::inst()->get('Member')->getValidator();
$validator = Member::singleton()->getValidator();
}
$memberListConfig
@ -94,7 +110,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
);
$columns = $groupList->getConfig()->getComponentByType('GridFieldDataColumns');
$columns->setDisplayFields(array(
'Breadcrumbs' => singleton('Group')->fieldLabel('Title')
'Breadcrumbs' => singleton('SilverStripe\\Security\\Group')->fieldLabel('Title')
));
$columns->setFieldFormatting(array(
'Breadcrumbs' => function($val, $item) {
@ -117,7 +133,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
)
)
),
$groupsTab = new Tab('Groups', singleton('Group')->i18n_plural_name(),
$groupsTab = new Tab('Groups', singleton('SilverStripe\\Security\\Group')->i18n_plural_name(),
$groupList
)
),
@ -276,7 +292,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
$firstCrumb = $crumbs->shift();
if($params['FieldName'] == 'Groups') {
$crumbs->unshift(new ArrayData(array(
'Title' => singleton('Group')->i18n_plural_name(),
'Title' => singleton('SilverStripe\\Security\\Group')->i18n_plural_name(),
'Link' => $this->Link('groups')
)));
} elseif($params['FieldName'] == 'Users') {
@ -335,7 +351,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
public static function add_hidden_permission($codes){
if(is_string($codes)) $codes = array($codes);
Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
Config::inst()->update('Permission', 'hidden_permissions', $codes);
Config::inst()->update('SilverStripe\\Security\\Permission', 'hidden_permissions', $codes);
}
/**
@ -345,7 +361,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
public static function remove_hidden_permission($codes){
if(is_string($codes)) $codes = array($codes);
Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
Config::inst()->remove('Permission', 'hidden_permissions', $codes);
Config::inst()->remove('SilverStripe\\Security\\Permission', 'hidden_permissions', $codes);
}
/**
@ -354,7 +370,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
*/
public static function get_hidden_permissions(){
Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
Config::inst()->get('Permission', 'hidden_permissions', Config::FIRST_SET);
Config::inst()->get('SilverStripe\\Security\\Permission', 'hidden_permissions', Config::FIRST_SET);
}
/**
@ -364,6 +380,6 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
*/
public static function clear_hidden_permissions(){
Deprecation::notice('4.0', 'Use "Permission.hidden_permissions" config setting instead');
Config::inst()->remove('Permission', 'hidden_permissions', Config::anything());
Config::inst()->remove('SilverStripe\\Security\\Permission', 'hidden_permissions', Config::anything());
}
}

10
admin/tests/LeftAndMainTest.php
View File

@ -64,7 +64,7 @@ class LeftAndMainTest extends FunctionalTest {
public function testExtraCssAndJavascript() {
$admin = $this->objFromFixture('Member', 'admin');
$admin = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$this->session()->inst_set('loggedInAs', $admin->ID);
$response = $this->get('LeftAndMainTest_Controller');
@ -146,7 +146,7 @@ class LeftAndMainTest extends FunctionalTest {
* Check that all subclasses of leftandmain can be accessed
*/
public function testLeftAndMainSubclasses() {
$adminuser = $this->objFromFixture('Member','admin');
$adminuser = $this->objFromFixture('SilverStripe\\Security\\Member','admin');
$this->session()->inst_set('loggedInAs', $adminuser->ID);
$this->resetMenu();
@ -172,9 +172,9 @@ class LeftAndMainTest extends FunctionalTest {
}
public function testCanView() {
$adminuser = $this->objFromFixture('Member', 'admin');
$securityonlyuser = $this->objFromFixture('Member', 'securityonlyuser');
$allcmssectionsuser = $this->objFromFixture('Member', 'allcmssectionsuser');
$adminuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$securityonlyuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'securityonlyuser');
$allcmssectionsuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'allcmssectionsuser');
$allValsFn = create_function('$obj', 'return $obj->getValue();');
// anonymous user

256
admin/tests/LeftAndMainTest.yml
View File

@ -1,129 +1,129 @@
LeftAndMainTest_Object:
page1:
Title: Page 1
Sort: 1
page2:
Title: Page 2
Sort: 2
page3:
Title: Page 3
Sort: 3
page31:
Title: Page 3.1
Parent: =>LeftAndMainTest_Object.page3
Sort: 1
page32:
Title: Page 3.2
Parent: =>LeftAndMainTest_Object.page3
Sort: 2
page4:
Title: Page 4
Sort: 4
page5:
Title: Page 5
Sort: 5
page6:
Title: Page 6
Sort: 6
page7:
Title: Page 7
Sort: 7
page8:
Title: Page 8
Sort: 8
page9:
Title: Page 9
Sort: 9
page10:
Title: Page 10
Sort: 10
page11:
Title: Page 11
Sort: 11
page12:
Title: Page 12
Sort: 12
page13:
Title: Page 13
Sort: 13
page14:
Title: Page 14
Sort: 14
page15:
Title: Page 15
Sort: 15
page16:
Title: Page 16
Sort: 16
page17:
Title: Page 17
Sort: 17
page18:
Title: Page 18
Sort: 18
page19:
Title: Page 19
Sort: 19
page20:
Title: Page 20
Sort: 20
page21:
Title: Page 21
Sort: 21
page22:
Title: Page 22
Sort: 22
page23:
Title: Page 23
Sort: 23
page24:
Title: Page 24
Sort: 24
page25:
Title: Page 25
Sort: 25
page26:
Title: Page 26
Sort: 26
home:
Title: Home
URLSegment: home
Sort: 0
Group:
admin:
Title: Administrators
empty:
Title: Empty Group
securityonly:
Title: securityonly
allcmssections:
Title: allcmssections
rooteditusers:
Title: rooteditusers
Member:
admin:
Email: admin@example.com
Password: ZXXlkwecxz2390232233
Groups: =>Group.admin
securityonlyuser:
Email: securityonlyuser@test.com
Groups: =>Group.securityonly
allcmssectionsuser:
Email: allcmssectionsuser@test.com
Groups: =>Group.allcmssections
rootedituser:
Email: rootedituser@test.com
Groups: =>Group.rooteditusers
Permission:
admin:
Code: ADMIN
GroupID: =>Group.admin
securityonly:
Code: CMS_ACCESS_SecurityAdmin
GroupID: =>Group.securityonly
allcmssections:
Code: CMS_ACCESS_LeftAndMain
GroupID: =>Group.allcmssections
allcmssections2:
Code: CMS_ACCESS_LeftAndMain
GroupID: =>Group.rooteditusers
page1:
Title: Page 1
Sort: 1
page2:
Title: Page 2
Sort: 2
page3:
Title: Page 3
Sort: 3
page31:
Title: Page 3.1
Parent: =>LeftAndMainTest_Object.page3
Sort: 1
page32:
Title: Page 3.2
Parent: =>LeftAndMainTest_Object.page3
Sort: 2
page4:
Title: Page 4
Sort: 4
page5:
Title: Page 5
Sort: 5
page6:
Title: Page 6
Sort: 6
page7:
Title: Page 7
Sort: 7
page8:
Title: Page 8
Sort: 8
page9:
Title: Page 9
Sort: 9
page10:
Title: Page 10
Sort: 10
page11:
Title: Page 11
Sort: 11
page12:
Title: Page 12
Sort: 12
page13:
Title: Page 13
Sort: 13
page14:
Title: Page 14
Sort: 14
page15:
Title: Page 15
Sort: 15
page16:
Title: Page 16
Sort: 16
page17:
Title: Page 17
Sort: 17
page18:
Title: Page 18
Sort: 18
page19:
Title: Page 19
Sort: 19
page20:
Title: Page 20
Sort: 20
page21:
Title: Page 21
Sort: 21
page22:
Title: Page 22
Sort: 22
page23:
Title: Page 23
Sort: 23
page24:
Title: Page 24
Sort: 24
page25:
Title: Page 25
Sort: 25
page26:
Title: Page 26
Sort: 26
home:
Title: Home
URLSegment: home
Sort: 0
SilverStripe\Security\Group:
admin:
Title: Administrators
empty:
Title: Empty Group
securityonly:
Title: securityonly
allcmssections:
Title: allcmssections
rooteditusers:
Title: rooteditusers
SilverStripe\Security\Member:
admin:
Email: admin@example.com
Password: ZXXlkwecxz2390232233
Groups: =>SilverStripe\Security\Group.admin
securityonlyuser:
Email: securityonlyuser@test.com
Groups: =>SilverStripe\Security\Group.securityonly
allcmssectionsuser:
Email: allcmssectionsuser@test.com
Groups: =>SilverStripe\Security\Group.allcmssections
rootedituser:
Email: rootedituser@test.com
Groups: =>SilverStripe\Security\Group.rooteditusers
SilverStripe\Security\Permission:
admin:
Code: ADMIN
GroupID: =>SilverStripe\Security\Group.admin
securityonly:
Code: CMS_ACCESS_SecurityAdmin
GroupID: =>SilverStripe\Security\Group.securityonly
allcmssections:
Code: CMS_ACCESS_LeftAndMain
GroupID: =>SilverStripe\Security\Group.allcmssections
allcmssections2:
Code: CMS_ACCESS_LeftAndMain
GroupID: =>SilverStripe\Security\Group.rooteditusers

2
admin/tests/ModelAdminTest.php
View File

@ -1,6 +1,8 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Permission;
class ModelAdminTest extends FunctionalTest {
protected static $fixture_file = 'ModelAdminTest.yml';

34
admin/tests/ModelAdminTest.yml
View File

@ -1,19 +1,19 @@
ModelAdminTest_Contact:
sam:
Name: Sam
Phone: 021 123 456
ingo:
Name: ingo
Phone: 04 987 6543
sam:
Name: Sam
Phone: 021 123 456
ingo:
Name: ingo
Phone: 04 987 6543
Member:
admin:
FirstName: admin
Group:
admin:
Title: Admin
Members: =>Member.admin
Permission:
admin:
Code: ADMIN
Group: =>Group.admin
SilverStripe\Security\Member:
admin:
FirstName: admin
SilverStripe\Security\Group:
admin:
Title: Admin
Members: =>SilverStripe\Security\Member.admin
SilverStripe\Security\Permission:
admin:
Code: ADMIN
Group: =>SilverStripe\Security\Group.admin

6
admin/tests/SecurityAdminTest.php
View File

@ -46,11 +46,11 @@ class SecurityAdminTest extends FunctionalTest {
// }
public function testPermissionFieldRespectsHiddenPermissions() {
$this->session()->inst_set('loggedInAs', $this->idFromFixture('Member', 'admin'));
$this->session()->inst_set('loggedInAs', $this->idFromFixture('SilverStripe\\Security\\Member', 'admin'));
$group = $this->objFromFixture('Group', 'admin');
$group = $this->objFromFixture('SilverStripe\\Security\\Group', 'admin');
Config::inst()->update('Permission', 'hidden_permissions', array('CMS_ACCESS_ReportAdmin'));
Config::inst()->update('SilverStripe\\Security\\Permission', 'hidden_permissions', array('CMS_ACCESS_ReportAdmin'));
$response = $this->get(sprintf('admin/security/EditForm/field/Groups/item/%d/edit', $group->ID));
$this->assertContains(

3
cli/CliController.php
View File

@ -1,4 +1,7 @@
<?php
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
/**
* Base class invoked from CLI rather than the webserver (Cron jobs, handling email bounces).
* You can call subclasses of CliController directly, which will trigger a

4
conf/ConfigureFromEnv.php
View File

@ -52,6 +52,8 @@
use Monolog\Logger;
use Monolog\Handler\StreamHandler;
use SilverStripe\Security\Security;
/*
* _ss_environment.php handler
@ -139,7 +141,7 @@ if(defined('SS_DEFAULT_ADMIN_USERNAME')) {
Security::setDefaultAdmin(SS_DEFAULT_ADMIN_USERNAME, SS_DEFAULT_ADMIN_PASSWORD);
}
if(defined('SS_USE_BASIC_AUTH') && SS_USE_BASIC_AUTH) {
Config::inst()->update('BasicAuth', 'entire_site_protected', SS_USE_BASIC_AUTH);
Config::inst()->update('SilverStripe\\Security\\BasicAuth', 'entire_site_protected', SS_USE_BASIC_AUTH);
}
if(defined('SS_ERROR_LOG')) {

12
control/Controller.php
View File

@ -1,6 +1,10 @@
<?php
use SilverStripe\ORM\DataModel;
use SilverStripe\ORM\FieldType\DBHTMLText;
use SilverStripe\Security\BasicAuth;
use SilverStripe\Security\Member;
/**
* Controllers are the cornerstone of all site functionality in SilverStripe. The {@link Director}
@ -221,7 +225,7 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
* Prepare the response (we can receive an assortment of response types (strings/objects/HTTPResponses) and
* changes the controller response object appropriately
*
* @param $response
* @param SS_HTTPResponse|Object $response
*/
protected function prepareResponse($response) {
if ($response instanceof SS_HTTPResponse) {
@ -263,7 +267,7 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
* @param SS_HTTPRequest $request
* @param string $action
*
* @return HTMLText|SS_HTTPResponse
* @return DBHTMLText|SS_HTTPResponse
*/
protected function handleAction($request, $action) {
foreach($request->latestParams() as $k => $v) {
@ -302,6 +306,7 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
/**
* @param array $urlParams
* @return $this
*/
public function setURLParams($urlParams) {
$this->urlParams = $urlParams;
@ -373,8 +378,7 @@ class Controller extends RequestHandler implements TemplateGlobalProvider {
* controller object with the template returned by {@link getViewer()}.
*
* @param string $action
*
* @return HTMLText
* @return DBHTMLText
*/
public function defaultAction($action) {
return $this->getViewer($action)->process($this);

22
control/RequestHandler.php
View File

@ -1,6 +1,10 @@
<?php
use SilverStripe\ORM\DataModel;
use SilverStripe\Security\Security;
use SilverStripe\Security\PermissionFailureException;
use SilverStripe\Security\Permission;
/**
* This class is the base class of any SilverStripe object that can be used to handle HTTP requests.
@ -123,6 +127,8 @@ class RequestHandler extends ViewableData {
/**
* Set the DataModel for this request.
*
* @param DataModel $model
*/
public function setDataModel($model) {
$this->model = $model;
@ -144,9 +150,8 @@ class RequestHandler extends ViewableData {
* action will return an array of data with which to
* customise the controller.
*
* @param $request The {@link SS_HTTPRequest} object that is reponsible for distributing URL parsing
* @uses SS_HTTPRequest
* @uses SS_HTTPRequest->match()
* @param SS_HTTPRequest $request The object that is reponsible for distributing URL parsing
* @param DataModel $model
* @return SS_HTTPResponse|RequestHandler|string|array
*/
public function handleRequest(SS_HTTPRequest $request, DataModel $model) {
@ -240,6 +245,10 @@ class RequestHandler extends ViewableData {
return $this;
}
/**
* @param SS_HTTPRequest $request
* @return array
*/
protected function findAction($request) {
$handlerClass = ($this->class) ? $this->class : get_class($this);
@ -386,6 +395,9 @@ class RequestHandler extends ViewableData {
/**
* Return the class that defines the given action, so that we know where to check allowed_actions.
*
* @param string $actionOrigCasing
* @return string
*/
protected function definingClassForAction($actionOrigCasing) {
$action = strtolower($actionOrigCasing);
@ -403,6 +415,10 @@ class RequestHandler extends ViewableData {
/**
* Check that the given action is allowed to be called from a URL.
* It will interrogate {@link self::$allowed_actions} to determine this.
*
* @param string $action
* @return bool
* @throws Exception
*/
public function checkAccessAction($action) {
$actionOrigCasing = $action;

2
control/VersionedRequestFilter.php
View File

@ -2,6 +2,8 @@
use SilverStripe\ORM\DataModel;
use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\Security\Security;
/**
* Initialises the versioned stage when a request is made.

2
core/startup/ParameterConfirmationToken.php
View File

@ -1,5 +1,7 @@
<?php
use SilverStripe\Security\RandomGenerator;
/**
* Class ParameterConfirmationToken
*

49
dev/Backtrace.php
View File

@ -20,24 +20,24 @@ class SS_Backtrace {
array('mysqli', 'mysqli'),
array('mysqli', 'select_db'),
array('SilverStripe\\ORM\\DB', 'connect'),
array('Security', 'check_default_admin'),
array('Security', 'encrypt_password'),
array('Security', 'setDefaultAdmin'),
array('SilverStripe\\Security\\Security', 'check_default_admin'),
array('SilverStripe\\Security\\Security', 'encrypt_password'),
array('SilverStripe\\Security\\Security', 'setDefaultAdmin'),
array('SilverStripe\\ORM\\DB', 'createDatabase'),
array('Member', 'checkPassword'),
array('Member', 'changePassword'),
array('MemberPassword', 'checkPassword'),
array('PasswordValidator', 'validate'),
array('PasswordEncryptor_PHPHash', 'encrypt'),
array('PasswordEncryptor_PHPHash', 'salt'),
array('PasswordEncryptor_LegacyPHPHash', 'encrypt'),
array('PasswordEncryptor_LegacyPHPHash', 'salt'),
array('PasswordEncryptor_MySQLPassword', 'encrypt'),
array('PasswordEncryptor_MySQLPassword', 'salt'),
array('PasswordEncryptor_MySQLOldPassword', 'encrypt'),
array('PasswordEncryptor_MySQLOldPassword', 'salt'),
array('PasswordEncryptor_Blowfish', 'encrypt'),
array('PasswordEncryptor_Blowfish', 'salt'),
array('SilverStripe\\Security\\Member', 'checkPassword'),
array('SilverStripe\\Security\\Member', 'changePassword'),
array('SilverStripe\\Security\\MemberPassword', 'checkPassword'),
array('SilverStripe\\Security\\PasswordValidator', 'validate'),
array('SilverStripe\\Security\\PasswordEncryptor_PHPHash', 'encrypt'),
array('SilverStripe\\Security\\PasswordEncryptor_PHPHash', 'salt'),
array('SilverStripe\\Security\\PasswordEncryptor_LegacyPHPHash', 'encrypt'),
array('SilverStripe\\Security\\PasswordEncryptor_LegacyPHPHash', 'salt'),
array('SilverStripe\\Security\\PasswordEncryptor_MySQLPassword', 'encrypt'),
array('SilverStripe\\Security\\PasswordEncryptor_MySQLPassword', 'salt'),
array('SilverStripe\\Security\\PasswordEncryptor_MySQLOldPassword', 'encrypt'),
array('SilverStripe\\Security\\PasswordEncryptor_MySQLOldPassword', 'salt'),
array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'encrypt'),
array('SilverStripe\\Security\\PasswordEncryptor_Blowfish', 'salt'),
);
/**
@ -113,9 +113,10 @@ class SS_Backtrace {
/**
* Render or return a backtrace from the given scope.
*
* @param unknown_type $returnVal
* @param unknown_type $ignoreAjax
* @return unknown
* @param mixed $returnVal
* @param bool $ignoreAjax
* @param array $ignoredFunctions
* @return mixed
*/
public static function backtrace($returnVal = false, $ignoreAjax = false, $ignoredFunctions = null) {
$plainText = Director::is_cli() || (Director::is_ajax() && !$ignoreAjax);
@ -132,9 +133,9 @@ class SS_Backtrace {
* shown
*
* @param Object $item
* @param boolean $showArg
* @param Int $argCharLimit
* @return String
* @param bool $showArgs
* @param int $argCharLimit
* @return string
*/
public static function full_func_name($item, $showArgs = false, $argCharLimit = 10000) {
$funcName = '';
@ -164,7 +165,7 @@ class SS_Backtrace {
*
* @param array $bt The trace array, as returned by debug_backtrace() or Exception::getTrace()
* @param boolean $plainText Set to false for HTML output, or true for plain-text output
* @param array List of functions that should be ignored. If not set, a default is provided
* @param array $ignoredFunctions List of functions that should be ignored. If not set, a default is provided
* @return string The rendered backtrace
*/
public static function get_rendered_backtrace($bt, $plainText = false, $ignoredFunctions = null) {

10
dev/Debug.php
View File

@ -1,6 +1,9 @@
<?php
use SilverStripe\ORM\DB;
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
/**
* Supports debugging and core error handling.
@ -30,6 +33,9 @@ class Debug {
/**
* Show the contents of val in a debug-friendly way.
* Debug::show() is intended to be equivalent to dprintr()
*
* @param mixed $val
* @param bool $showHeader
*/
public static function show($val, $showHeader = true) {
if(!Director::isLive()) {
@ -195,9 +201,9 @@ class Debug {
// This basically does the same as
// Security::permissionFailure(null, "You need to login with developer access to make use of debugging tools.")
// We have to do this because of how early this method is called in execution.
$_SESSION['Security']['Message']['message']
$_SESSION['SilverStripe\\Security\\Security']['Message']['message']
= "You need to login with developer access to make use of debugging tools.";
$_SESSION['Security']['Message']['type'] = 'warning';
$_SESSION['SilverStripe\\Security\\Security']['Message']['type'] = 'warning';
$_SESSION['BackURL'] = $_SERVER['REQUEST_URI'];
header($_SERVER['SERVER_PROTOCOL'] . " 302 Found");
header("Location: " . Director::baseURL() . Security::login_url());

6
dev/DebugView.php
View File

@ -218,10 +218,10 @@ class DebugView extends Object
*
* @param string $title The main title
* @param string $subtitle The subtitle
* @param string|false $description The description to show
* @param string|bool $description The description to show
* @return string
*/
public function renderInfo($title, $subtitle, $description=false) {
public function renderInfo($title, $subtitle, $description = false) {
$output = '<div class="info">';
$output .= "<h1>" . Convert::raw2xml($title) . "</h1>";
if($subtitle) $output .= "<h3>" . Convert::raw2xml($subtitle) . "</h3>";
@ -274,7 +274,7 @@ class DebugView extends Object
* Render a fragment of the a source file
*
* @param array $lines An array of file lines; the keys should be the original line numbers
* @param int errLine The line of the error
* @param int $errline The line of the error
* @return string
*/
public function renderSourceFragment($lines, $errline) {

6
dev/DevelopmentAdmin.php
View File

@ -2,6 +2,10 @@
use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\ORM\DatabaseAdmin;
use SilverStripe\Security\Permission;
use SilverStripe\Security\RandomGenerator;
use SilverStripe\Security\Security;
/**
* Base class for development tools.
@ -202,7 +206,7 @@ class DevelopmentAdmin extends Controller {
* Returns the token and suggests PHP configuration to set it.
*/
public function generatesecuretoken() {
$generator = Injector::inst()->create('RandomGenerator');
$generator = Injector::inst()->create('SilverStripe\\Security\\RandomGenerator');
$token = $generator->randomToken('sha1');
$body = <<<TXT
Generated new token. Please add the following code to your YAML configuration:

11
dev/FunctionalTest.php
View File

@ -1,5 +1,9 @@
<?php
use SilverStripe\Security\BasicAuth;
use SilverStripe\Security\Member;
use SilverStripe\Security\SecurityToken;
/**
* SilverStripe-specific testing object designed to support functional testing of your web app. It simulates get/post
* requests, form submission, and can validate resulting HTML, looking up content by CSS selector.
@ -362,12 +366,13 @@ class FunctionalTest extends SapphireTest {
/**
* Log in as the given member
* @param $member The ID, fixture codename, or Member object of the member that you want to log in
*
* @param Member|int|string $member The ID, fixture codename, or Member object of the member that you want to log in
*/
public function logInAs($member) {
if(is_object($member)) $memberID = $member->ID;
elseif(is_numeric($member)) $memberID = $member;
else $memberID = $this->idFromFixture('Member', $member);
else $memberID = $this->idFromFixture('SilverStripe\\Security\\Member', $member);
$this->session()->inst_set('loggedInAs', $memberID);
}
@ -377,7 +382,7 @@ class FunctionalTest extends SapphireTest {
* This is helpful if you're not testing publication functionality and don't want "stage management" cluttering
* your test.
*
* @param bool toggle the use of the draft site
* @param bool $enabled toggle the use of the draft site
*/
public function useDraftSite($enabled = true) {
if($enabled) {

3
dev/SapphireInfo.php
View File

@ -1,4 +1,7 @@
<?php
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
/**
* Returns information about the current site instance.
* @package framework

7
dev/SapphireTest.php
View File

@ -9,6 +9,11 @@ use SilverStripe\ORM\DataModel;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\ORM\FieldType\DBField;
use SilverStripe\ORM\DB;
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;
use SilverStripe\Security\Group;
use SilverStripe\Security\Permission;
/**
@ -1015,7 +1020,7 @@ class SapphireTest extends PHPUnit_Framework_TestCase {
$group->Permissions()->add($permission);
}
$member = DataObject::get_one('Member', array(
$member = DataObject::get_one('SilverStripe\\Security\\Member', array(
'"Member"."Email"' => "$permCode@example.org"
));
if (!$member) {

6
dev/TaskRunner.php
View File

@ -1,4 +1,7 @@
<?php
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
/**
* @package framework
* @subpackage dev
@ -59,6 +62,9 @@ class TaskRunner extends Controller {
}
}
/**
* @param SS_HTTPRequest $request
*/
public function runTask($request) {
$name = $request->param('TaskName');
$tasks = $this->getTasks();

1
docs/en/04_Changelogs/4.0.0.md
View File

@ -31,6 +31,7 @@
* `File` is now versioned, and should be published before they can be used on the frontend.
See section on [Migrating File DataObject from 3.x to 4.0](#migrating-file-dataobject-from-3x-to-40)
below for upgrade notes.
* Removed `RegenerateCachedImagesTask`
* Removed `dev/tests/` controller in favour of standard `vendor/bin/phpunit` command
* Updated PHPUnit from 3.7 to 4.8 ([upgrade notes](https://github.com/sebastianbergmann/phpunit/wiki/Release-Announcement-for-PHPUnit-4.0.0#backwards-compatibility-issues)).
Please remove any PHPUnit related `require_once()` calls (e.g. in `FeatureContext`

4
filesystem/AssetControlExtension.php
View File

@ -4,13 +4,15 @@ namespace SilverStripe\Filesystem;
use Injector;
use Member;
use SilverStripe\Filesystem\Storage\AssetStore;
use SilverStripe\Filesystem\Storage\DBFile;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\ORM\DataExtension;
use SilverStripe\Security\Member;
/**

7
filesystem/File.php
View File

@ -9,6 +9,9 @@ use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\ORM\ValidationResult;
use SilverStripe\ORM\DB;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;
/**
@ -100,7 +103,7 @@ class File extends DataObject implements ShortcodeHandler, AssetContainer, Thumb
private static $has_one = array(
"Parent" => "File",
"Owner" => "Member"
"Owner" => "SilverStripe\\Security\\Member"
);
private static $defaults = array(
@ -186,7 +189,7 @@ class File extends DataObject implements ShortcodeHandler, AssetContainer, Thumb
/**
* @config
* @var If this is true, then restrictions set in {@link $allowed_max_file_size} and
* @var bool If this is true, then restrictions set in {@link $allowed_max_file_size} and
* {@link $allowed_extensions} will be applied to users with admin privileges as
* well.
*/

10
filesystem/Filesystem.php
View File

@ -1,6 +1,9 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
/**
* A collection of static methods for manipulating the filesystem.
*
@ -105,9 +108,10 @@ class Filesystem extends Object {
/**
* Return the most recent modification time of anything in the folder.
*
* @param $folder The folder, relative to the site root
* @param $extensionList An option array of file extensions to limit the search to
* @return String Same as filemtime() format.
* @param string $folder The folder, relative to the site root
* @param array $extensionList An option array of file extensions to limit the search to
* @param bool $recursiveCall Not used
* @return string Same as filemtime() format.
*/
public static function folderModTime($folder, $extensionList = null, $recursiveCall = false) {
//$cacheID = $folder . ',' . implode(',', $extensionList);

8
filesystem/Upload.php
View File

@ -4,6 +4,8 @@ use SilverStripe\Filesystem\Storage\AssetContainer;
use SilverStripe\Filesystem\Storage\AssetNameGenerator;
use SilverStripe\Filesystem\Storage\AssetStore;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
/**
@ -148,8 +150,8 @@ class Upload extends Controller {
/**
* Save an file passed from a form post into the AssetStore directly
*
* @param $tmpFile array Indexed array that PHP generated for every file it uploads.
* @param $folderPath string Folder path relative to /assets
* @param array $tmpFile Indexed array that PHP generated for every file it uploads.
* @param string|bool $folderPath Folder path relative to /assets
* @return array|false Either the tuple array, or false if the file could not be saved
*/
public function load($tmpFile, $folderPath = false) {
@ -174,7 +176,9 @@ class Upload extends Controller {
*
* @param array $tmpFile
* @param AssetContainer $file
* @param string|bool $folderPath
* @return bool True if the file was successfully saved into this record
* @throws Exception
*/
public function loadIntoFile($tmpFile, $file = null, $folderPath = false) {
$this->file = $file;

4
filesystem/storage/DBFile.php
View File

@ -10,12 +10,14 @@ use Injector;
use AssetField;
use File;
use Director;
use Permission;
use SilverStripe\ORM\ValidationResult;
use SilverStripe\ORM\ValidationException;
use SilverStripe\ORM\FieldType\DBComposite;
use SilverStripe\Security\Permission;
/**

11
forms/AssetField.php
View File

@ -6,6 +6,8 @@ use SilverStripe\Filesystem\Storage\DBFile;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\ValidationException;
use SilverStripe\ORM\DataObjectInterface;
use SilverStripe\Security\Permission;
/**
@ -149,7 +151,6 @@ class AssetField extends FileField {
*
* @param string $name The internal field name, passed to forms.
* @param string $title The field label.
* @param Form $form Reference to the container form
*/
public function __construct($name, $title = null) {
$this->addExtraClass('ss-upload'); // class, used by js
@ -237,7 +238,9 @@ class AssetField extends FileField {
/**
* Force a record to be used as "Parent" for uploaded Files (eg a Page with a has_one to File)
*
* @param DataObject $record
* @return $this
*/
public function setRecord($record) {
$this->record = $record;
@ -444,7 +447,7 @@ class AssetField extends FileField {
* Defaults to 'ss-uploadfield-uploadtemplate'
*
* @see javascript/UploadField_uploadtemplate.js
* @var string
* @return string
*/
public function getUploadTemplateName() {
return $this->getConfig('uploadTemplateName');
@ -465,7 +468,7 @@ class AssetField extends FileField {
* Defaults to 'ss-downloadfield-downloadtemplate'
*
* @see javascript/DownloadField_downloadtemplate.js
* @var string
* @return string
*/
public function getDownloadTemplateName() {
return $this->getConfig('downloadTemplateName');
@ -753,7 +756,7 @@ class AssetField extends FileField {
* Gets the foreign class that needs to be created, or 'File' as default if there
* is no relationship, or it cannot be determined.
*
* @param $default Default value to return if no value could be calculated
* @param string $default Default value to return if no value could be calculated
* @return string Foreign class name.
*/
public function getRelationAutosetClass($default = 'File') {

5
forms/ConfirmedPasswordField.php
View File

@ -2,6 +2,9 @@
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DataObjectInterface;
use SilverStripe\ORM\FieldType\DBHTMLText;
use SilverStripe\Security\Member;
/**
* Two masked input fields, checks for matching passwords.
@ -141,7 +144,7 @@ class ConfirmedPasswordField extends FormField {
/**
* @param array $properties
*
* @return HTMLText
* @return DBHTMLText
*/
public function Field($properties = array()) {
Requirements::javascript(FRAMEWORK_DIR . '/thirdparty/jquery/jquery.js');

2
forms/CountryDropdownField.php
View File

@ -1,5 +1,7 @@
<?php
use SilverStripe\Security\Member;
/**
* A simple extension to dropdown field, pre-configured to list countries.
* It will default to the country of the current visitor.

4
forms/DropdownField.php
View File

@ -1,6 +1,8 @@
<?php
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\FieldType\DBHTMLText;
/**
* Dropdown field, created from a <select> tag.
*
@ -112,7 +114,7 @@ class DropdownField extends SingleSelectField {
/**
* @param array $properties
* @return HTMLText
* @return DBHTMLText
*/
public function Field($properties = array()) {
$options = array();

1
forms/FieldGroup.php
View File

@ -89,6 +89,7 @@ class FieldGroup extends CompositeField {
$compositeTitle .= $subfield->getName();
if($subfield->getName()) $count++;
}
/** @skipUpgrade */
if($count == 1) $compositeTitle .= 'Group';
return preg_replace("/[^a-zA-Z0-9]+/", "", $compositeTitle);
}

26
forms/Form.php
View File

@ -1,7 +1,13 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\FieldType\DBField;
use SilverStripe\ORM\DataObjectInterface;
use SilverStripe\ORM\FieldType\DBHTMLText;
use SilverStripe\ORM\SS_List;
use SilverStripe\Security\SecurityToken;
use SilverStripe\Security\NullSecurityToken;
/**
* Base class for all forms.
* The form class is an extensible base for all forms on a SilverStripe application. It can be used
@ -700,6 +706,7 @@ class Form extends RequestHandler {
* Set actions that are exempt from validation
*
* @param array
* @return $this
*/
public function setValidationExemptActions($actions) {
$this->validationExemptActions = $actions;
@ -855,7 +862,8 @@ class Form extends RequestHandler {
}
/**
* @return string $name
* @param string $name
* @return string
*/
public function getAttribute($name) {
if(isset($this->attributes[$name])) return $this->attributes[$name];
@ -887,7 +895,7 @@ class Form extends RequestHandler {
/**
* Return the attributes of the form tag - used by the templates.
*
* @param array Custom attributes to process. Falls back to {@link getAttributes()}.
* @param array $attrs Custom attributes to process. Falls back to {@link getAttributes()}.
* If at least one argument is passed as a string, all arguments act as excludes by name.
*
* @return string HTML attributes, ready for insertion into an HTML tag
@ -966,7 +974,7 @@ class Form extends RequestHandler {
* Set the target of this form to any value - useful for opening the form
* contents in a new window or refreshing another frame.
*
* @param target $target The value of the target
* @param string $target The value of the target
* @return $this
*/
public function setTarget($target) {
@ -1611,7 +1619,7 @@ class Form extends RequestHandler {
* This is returned when you access a form as $FormObject rather
* than <% with FormObject %>
*
* @return HTML
* @return DBHTMLText
*/
public function forTemplate() {
$return = $this->renderWith(array_merge(
@ -1631,7 +1639,7 @@ class Form extends RequestHandler {
* It triggers slightly different behaviour, such as disabling the rewriting
* of # links.
*
* @return HTML
* @return DBHTMLText
*/
public function forAjaxTemplate() {
$view = new SSViewer(array(
@ -1654,7 +1662,7 @@ class Form extends RequestHandler {
* and _form_enctype. These are the attributes of the form. These fields
* can be used to send the form to Ajax.
*
* @return HTML
* @return DBHTMLText
*/
public function formHtmlContent() {
$this->IncludeFormTag = false;
@ -1674,7 +1682,7 @@ class Form extends RequestHandler {
* Render this form using the given template, and return the result as a string
* You can pass either an SSViewer or a template name
* @param string|array $template
* @return HTMLText
* @return DBHTMLText
*/
public function renderWithoutActionButton($template) {
$custom = $this->customise(array(
@ -1724,7 +1732,7 @@ class Form extends RequestHandler {
public function defaultAction() {
if($this->hasDefaultAction && $this->actions) {
return $this->actions->First();
}
}
}
/**
@ -1796,7 +1804,7 @@ class Form extends RequestHandler {
public static function single_field_required() {
if(self::current_action() == 'callfieldmethod') {
return $_REQUEST['fieldName'];
}
}
}
/**

3
forms/FormField.php
View File

@ -1201,7 +1201,8 @@ class FormField extends RequestHandler {
* @return string
*/
public function Type() {
return strtolower(preg_replace('/Field$/', '', $this->class));
$type = new ReflectionClass($this);
return strtolower(preg_replace('/Field$/', '', $type->getShortName()));
}
/**

6
forms/FormTemplateHelper.php
View File

@ -41,9 +41,9 @@ class FormTemplateHelper {
return Convert::raw2htmlid($id);
}
return Convert::raw2htmlid(
get_class($form) . '_' . str_replace(array('.', '/'), '', $form->getName())
);
$reflection = new ReflectionClass($form);
$shortName = str_replace(array('.', '/'), '', $form->getName());
return Convert::raw2htmlid($reflection->getShortName() . '_' . $shortName);
}
/**

34
forms/TreeDropdownField.php
View File

@ -1,6 +1,8 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\FieldType\DBHTMLText;
/**
* Dropdown-like field that allows you to select an item from a hierarchical
* AJAX-expandable tree.
@ -95,7 +97,7 @@ class TreeDropdownField extends FormField {
* @param bool $showSearch enable the ability to search the tree by
* entering the text in the input field.
*/
public function __construct($name, $title = null, $sourceObject = 'Group', $keyField = 'ID',
public function __construct($name, $title = null, $sourceObject = 'SilverStripe\\Security\\Group', $keyField = 'ID',
$labelField = 'TreeTitle', $showSearch = true
) {
@ -120,6 +122,7 @@ class TreeDropdownField extends FormField {
* displays the whole tree.
*
* @param int $ID
* @return $this
*/
public function setTreeBaseID($ID) {
$this->baseID = (int) $ID;
@ -131,6 +134,7 @@ class TreeDropdownField extends FormField {
* displaying to the user.
*
* @param callback $callback
* @return $this
*/
public function setFilterFunction($callback) {
if(!is_callable($callback, true)) {
@ -145,6 +149,7 @@ class TreeDropdownField extends FormField {
* Set a callback used to disable checkboxes for some items in the tree
*
* @param callback $callback
* @return $this
*/
public function setDisableFunction($callback) {
if(!is_callable($callback, true)) {
@ -160,6 +165,7 @@ class TreeDropdownField extends FormField {
* applying the filter.
*
* @param callback $callback
* @return $this
*/
public function setSearchFunction($callback) {
if(!is_callable($callback, true)) {
@ -175,7 +181,8 @@ class TreeDropdownField extends FormField {
}
/**
* @param Boolean
* @param bool $bool
* @return $this
*/
public function setShowSearch($bool) {
$this->showSearch = $bool;
@ -183,12 +190,13 @@ class TreeDropdownField extends FormField {
}
/**
* @param $method The parameter to ChildrenMethod to use when calling Hierarchy->getChildrenAsUL in
* @param string $method The parameter to ChildrenMethod to use when calling Hierarchy->getChildrenAsUL in
* {@link Hierarchy}. The method specified determines the structure of the returned list. Use "ChildFolders"
* in place of the default to get a drop-down listing with only folders, i.e. not including the child elements in
* the currently selected folder. setNumChildrenMethod() should be used as well for proper functioning.
*
* See {@link Hierarchy} for a complete list of possible methods.
* @return $this
*/
public function setChildrenMethod($method) {
$this->childrenMethod = $method;
@ -196,9 +204,10 @@ class TreeDropdownField extends FormField {
}
/**
* @param $method The parameter to numChildrenMethod to use when calling Hierarchy->getChildrenAsUL in
* @param string $method The parameter to numChildrenMethod to use when calling Hierarchy->getChildrenAsUL in
* {@link Hierarchy}. Should be used in conjunction with setChildrenMethod().
*
* @return $this
*/
public function setNumChildrenMethod($method) {
$this->numChildrenMethod = $method;
@ -206,7 +215,8 @@ class TreeDropdownField extends FormField {
}
/**
* @return HTMLText
* @param array $properties
* @return DBHTMLText
*/
public function Field($properties = array()) {
Requirements::add_i18n_javascript(FRAMEWORK_DIR . '/client/lang');
@ -263,6 +273,7 @@ class TreeDropdownField extends FormField {
*
* @param SS_HTTPRequest $request
* @return string
* @throws Exception
*/
public function tree(SS_HTTPRequest $request) {
// Array sourceObject is an explicit list of values - construct a "flat tree"
@ -387,8 +398,8 @@ class TreeDropdownField extends FormField {
* Marking public function for the tree, which combines different filters sensibly.
* If a filter function has been set, that will be called. And if search text is set,
* filter on that too. Return true if all applicable conditions are true, false otherwise.
* @param $node
* @return unknown_type
* @param object $node
* @return mixed
*/
public function filterMarking($node) {
if ($this->filterCallback && !call_user_func($this->filterCallback, $node)) return false;
@ -409,7 +420,8 @@ class TreeDropdownField extends FormField {
}
/**
* @param String $field
* @param string $field
* @return $this
*/
public function setLabelField($field) {
$this->labelField = $field;
@ -424,7 +436,8 @@ class TreeDropdownField extends FormField {
}
/**
* @param String $field
* @param string $field
* @return $this
*/
public function setKeyField($field) {
$this->keyField = $field;
@ -439,7 +452,8 @@ class TreeDropdownField extends FormField {
}
/**
* @param String $field
* @param string $class
* @return $this
*/
public function setSourceObject($class) {
$this->sourceObject = $class;

10
forms/TreeMultiselectField.php
View File

@ -3,6 +3,8 @@
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DataObjectInterface;
use SilverStripe\ORM\FieldType\DBHTMLText;
/**
* This formfield represents many-many joins using a tree selector shown in a dropdown styled element
* which can be added to any form usually in the CMS.
@ -48,7 +50,7 @@ use SilverStripe\ORM\DataObjectInterface;
* @subpackage fields-relational
*/
class TreeMultiselectField extends TreeDropdownField {
public function __construct($name, $title=null, $sourceObject="Group", $keyField="ID", $labelField="Title") {
public function __construct($name, $title=null, $sourceObject="SilverStripe\\Security\\Group", $keyField="ID", $labelField="Title") {
parent::__construct($name, $title, $sourceObject, $keyField, $labelField);
$this->removeExtraClass('single');
$this->addExtraClass('multiple');
@ -88,9 +90,13 @@ class TreeMultiselectField extends TreeDropdownField {
return $record->$fieldName();
}
}
/**
* We overwrite the field attribute to add our hidden fields, as this
* formfield can contain multiple values.
*
* @param array $properties
* @return DBHTMLText
*/
public function Field($properties = array()) {
Requirements::add_i18n_javascript(FRAMEWORK_DIR . '/client/lang');
@ -146,6 +152,8 @@ class TreeMultiselectField extends TreeDropdownField {
* Save the results into the form
* Calls function $record->onChange($items) before saving to the assummed
* Component set.
*
* @param DataObjectInterface $record
*/
public function saveInto(DataObjectInterface $record) {
// Detect whether this field has actually been updated

24
forms/UploadField.php
View File

@ -9,6 +9,8 @@ use SilverStripe\ORM\DataObjectInterface;
use SilverStripe\ORM\RelationList;
use SilverStripe\ORM\UnsavedRelationList;
use SilverStripe\ORM\DataList;
use SilverStripe\Security\Permission;
/**
@ -220,7 +222,6 @@ class UploadField extends FileField {
* @param string $title The field label.
* @param SS_List $items If no items are defined, the field will try to auto-detect an existing relation on
* @link $record}, with the same name as the field name.
* @param Form $form Reference to the container form
*/
public function __construct($name, $title = null, SS_List $items = null) {
@ -248,7 +249,8 @@ class UploadField extends FileField {
/**
* Set name of template used for Buttons on each file (replace, edit, remove, delete) (without path or extension)
*
* @param string
* @param string $template
* @return $this
*/
public function setTemplateFileButtons($template) {
$this->templateFileButtons = $template;
@ -265,7 +267,8 @@ class UploadField extends FileField {
/**
* Set name of template used for the edit (inline & popup) of a file file (without path or extension)
*
* @param string
* @param string $template
* @return $this
*/
public function setTemplateFileEdit($template) {
$this->templateFileEdit = $template;
@ -328,7 +331,8 @@ class UploadField extends FileField {
}
/**
* @param String
* @param string $name
* @return $this
*/
public function setDisplayFolderName($name) {
$this->displayFolderName = $name;
@ -344,7 +348,9 @@ class UploadField extends FileField {
/**
* Force a record to be used as "Parent" for uploaded Files (eg a Page with a has_one to File)
*
* @param DataObject $record
* @return $this
*/
public function setRecord($record) {
$this->record = $record;
@ -389,6 +395,7 @@ class UploadField extends FileField {
* @param array|DataObject|SS_List $record Full source record, either as a DataObject,
* SS_List of items, or an array of submitted form data
* @return $this Self reference
* @throws ValidationException
*/
public function setValue($value, $record = null) {
@ -727,7 +734,7 @@ class UploadField extends FileField {
* Defaults to 'ss-uploadfield-uploadtemplate'
*
* @see javascript/UploadField_uploadtemplate.js
* @var string
* @return string
*/
public function getUploadTemplateName() {
return $this->getConfig('uploadTemplateName');
@ -748,7 +755,7 @@ class UploadField extends FileField {
* Defaults to 'ss-downloadfield-downloadtemplate'
*
* @see javascript/DownloadField_downloadtemplate.js
* @var string
* @return string
*/
public function getDownloadTemplateName() {
return $this->getConfig('downloadTemplateName');
@ -1295,6 +1302,7 @@ class UploadField extends FileField {
* Determines if a specified file exists
*
* @param SS_HTTPRequest $request
* @return SS_HTTPResponse
*/
public function fileexists(SS_HTTPRequest $request) {
// Assert that requested filename doesn't attempt to escape the directory
@ -1327,7 +1335,7 @@ class UploadField extends FileField {
* Gets the foreign class that needs to be created, or 'File' as default if there
* is no relationship, or it cannot be determined.
*
* @param $default Default value to return if no value could be calculated
* @param string $default Default value to return if no value could be calculated
* @return string Foreign class name.
*/
public function getRelationAutosetClass($default = 'File') {
@ -1605,7 +1613,7 @@ class UploadField_SelectHandler extends RequestHandler {
}
/**
* @param $folderID The ID of the folder to display.
* @param int $folderID The ID of the folder to display.
* @return FormField
*/
protected function getListField($folderID) {

29
forms/gridfield/GridFieldPrintButton.php
View File

@ -3,6 +3,9 @@
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\ORM\FieldType\DBHTMLText;
use SilverStripe\Security\Member;
/**
@ -81,10 +84,11 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
/**
* Handle the print action.
*
* @param GridField
* @param string
* @param array
* @param array
* @param GridField $gridField
* @param string $actionName
* @param array $arguments
* @param array $data
* @return DBHTMLText
*/
public function handleAction(GridField $gridField, $actionName, $arguments, $data) {
if($actionName == 'print') {
@ -106,7 +110,11 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
/**
* Handle the print, for both the action button and the URL
*/
*
* @param GridField $gridField
* @param SS_HTTPRequest $request
* @return DBHTMLText
*/
public function handlePrint($gridField, $request = null) {
set_time_limit(60);
Requirements::clear();
@ -172,8 +180,9 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
/**
* Export core.
*
* @param GridField
*/
* @param GridField $gridField
* @return ArrayData
*/
public function generatePrintData(GridField $gridField) {
$printColumns = $this->getPrintColumnsForGridField($gridField);
@ -234,7 +243,8 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
}
/**
* @param array
* @param array $cols
* @return $this
*/
public function setPrintColumns($cols) {
$this->printColumns = $cols;
@ -250,7 +260,8 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
}
/**
* @param boolean
* @param bool $bool
* @return $this
*/
public function setPrintHasHeader($bool) {
$this->printHasHeader = $bool;

5
main.php
View File

@ -2,6 +2,9 @@
use SilverStripe\ORM\DB;
use SilverStripe\ORM\DataModel;
use SilverStripe\Security\Security;
use SilverStripe\Security\Permission;
/************************************************************************************
************************************************************************************
@ -162,7 +165,7 @@ $chain
}
// Fail and redirect the user to the login page
$loginPage = Director::absoluteURL(Config::inst()->get('Security', 'login_url'));
$loginPage = Director::absoluteURL(Security::config()->login_url);
$loginPage .= "?BackURL=" . urlencode($_SERVER['REQUEST_URI']);
header('location: '.$loginPage, true, 302);
die;

3
tasks/CleanupTestDatabasesTask.php
View File

@ -1,4 +1,7 @@
<?php
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
/**
* Cleans up leftover databases from aborted test executions (starting with ss_tmpdb)
* Task is restricted to users with administrator rights or running through CLI.

6
tasks/EncryptAllPasswordsTask.php
View File

@ -1,6 +1,10 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
/**
* Encrypt all passwords
*
@ -37,7 +41,7 @@ class EncryptAllPasswordsTask extends BuildTask {
}
// Are there members with a clear text password?
$members = DataObject::get("Member")->where(array(
$members = Member::get()->where(array(
'"Member"."PasswordEncryption"' => 'none',
'"Member"."Password" IS NOT NULL'
));

46
tasks/RegenerateCachedImagesTask.php
View File

@ -1,46 +0,0 @@
<?php
use SilverStripe\ORM\DataObject;
/**
* Regenerate all cached images that have been created as the result of a manipulation method being called on a
* {@link Image} object
*
* @package framework
* @subpackage filesystem
*/
class RegenerateCachedImagesTask extends BuildTask {
protected $title = 'Regenerate Cached Images Task';
protected $description = 'Regenerate all cached images created as the result of an image manipulation';
/**
* Check that the user has appropriate permissions to execute this task
*/
public function init() {
if(!Director::is_cli() && !Director::isDev() && !Permission::check('ADMIN')) {
return Security::permissionFailure();
}
parent::init();
}
/**
* Actually regenerate all the images
*/
public function run($request) {
$processedImages = 0;
$regeneratedImages = 0;
if($images = DataObject::get('Image')) foreach($images as $image) {
if($generated = $image->regenerateFormattedImages()) {
$regeneratedImages += $generated;
}
$processedImages++;
}
echo "Regenerated $regeneratedImages cached images from $processedImages Image objects stored in the Database.";
}
}

3
tasks/i18nTextCollectorTask.php
View File

@ -1,4 +1,7 @@
<?php
use SilverStripe\Security\Permission;
use SilverStripe\Security\Security;
/**
* @package framework
* @subpackage tasks

14
tests/Bare.yml
View File

@ -1,14 +0,0 @@
Group:
admins:
Title: Administrators
Permission:
admin:
Code: ADMIN
Group: =>Group.admins
Member:
admin:
Email: admin
Password: password
Groups: =>Group.admins

4
tests/behat/features/bootstrap/FeatureContext.php
View File

@ -42,11 +42,11 @@ class FeatureContext extends SilverStripeContext {
// Use blueprints to set user name from identifier
$factory = $fixtureContext->getFixtureFactory();
$blueprint = \Injector::inst()->create('FixtureBlueprint', 'Member');
$blueprint = \Injector::inst()->create('FixtureBlueprint', 'SilverStripe\\Security\\Member');
$blueprint->addCallback('beforeCreate', function($identifier, &$data, &$fixtures) {
if(!isset($data['FirstName'])) $data['FirstName'] = $identifier;
});
$factory->define('Member', $blueprint);
$factory->define('SilverStripe\\Security\\Member', $blueprint);
}
public function setMinkParameters(array $parameters) {

22
tests/control/CMSProfileControllerTest.php
View File

@ -13,8 +13,8 @@ class CMSProfileControllerTest extends FunctionalTest {
public $autoFollowRedirection = false;
public function testMemberCantEditAnother() {
$member = $this->objFromFixture('Member', 'user1');
$anotherMember = $this->objFromFixture('Member', 'user2');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'user1');
$anotherMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'user2');
$this->session()->inst_set('loggedInAs', $member->ID);
$response = $this->post('admin/myprofile/EditForm', array(
@ -28,13 +28,13 @@ class CMSProfileControllerTest extends FunctionalTest {
'Password[_ConfirmPassword]' => 'password',
));
$anotherMember = $this->objFromFixture('Member', 'user2');
$anotherMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'user2');
$this->assertNotEquals($anotherMember->FirstName, 'JoeEdited', 'FirstName field stays the same');
}
public function testMemberEditsOwnProfile() {
$member = $this->objFromFixture('Member', 'user3');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'user3');
$this->session()->inst_set('loggedInAs', $member->ID);
$response = $this->post('admin/myprofile/EditForm', array(
@ -48,16 +48,16 @@ class CMSProfileControllerTest extends FunctionalTest {
'Password[_ConfirmPassword]' => 'password',
));
$member = $this->objFromFixture('Member', 'user3');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'user3');
$this->assertEquals('JoeEdited', $member->FirstName, 'FirstName field was changed');
}
public function testExtendedPermissionsStopEditingOwnProfile() {
$existingExtensions = Config::inst()->get('Member', 'extensions');
Config::inst()->update('Member', 'extensions', array('CMSProfileControllerTestExtension'));
$existingExtensions = Config::inst()->get('SilverStripe\\Security\\Member', 'extensions');
Config::inst()->update('SilverStripe\\Security\\Member', 'extensions', array('CMSProfileControllerTestExtension'));
$member = $this->objFromFixture('Member', 'user1');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'user1');
$this->session()->inst_set('loggedInAs', $member->ID);
$response = $this->post('admin/myprofile/EditForm', array(
@ -71,13 +71,13 @@ class CMSProfileControllerTest extends FunctionalTest {
'Password[_ConfirmPassword]' => 'password',
));
$member = $this->objFromFixture('Member', 'user1');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'user1');
$this->assertNotEquals($member->FirstName, 'JoeEdited',
'FirstName field was NOT changed because we modified canEdit');
Config::inst()->remove('Member', 'extensions');
Config::inst()->update('Member', 'extensions', $existingExtensions);
Config::inst()->remove('SilverStripe\\Security\\Member', 'extensions');
Config::inst()->update('SilverStripe\\Security\\Member', 'extensions', $existingExtensions);
}
}

20
tests/control/CMSProfileControllerTest.yml
View File

@ -1,4 +1,4 @@
Permission:
'SilverStripe\Security\Permission':
admin:
Code: ADMIN
cmsmain:
@ -8,31 +8,31 @@ Permission:
test:
Code: CMS_ACCESS_TestController
Group:
'SilverStripe\Security\Group':
admins:
Title: Administrators
Permissions: =>Permission.admin
Permissions: '=>SilverStripe\Security\Permission.admin'
cmsusers:
Title: CMS Users
Permissions: =>Permission.cmsmain, =>Permission.leftandmain
Permissions: '=>SilverStripe\Security\Permission.cmsmain, =>SilverStripe\Security\Permission.leftandmain'
test:
Title: Test group
Permissions: =>Permission.test
Permissions: '=>SilverStripe\Security\Permission.test'
Member:
'SilverStripe\Security\Member':
admin:
FirstName: Admin
Email: admin@user.com
Groups: =>Group.admins
Groups: '=>SilverStripe\Security\Group.admins'
user1:
FirstName: Joe
Email: user1@user.com
Groups: =>Group.cmsusers
Groups: '=>SilverStripe\Security\Group.cmsusers'
user2:
FirstName: Steve
Email: user2@user.com
Groups: =>Group.cmsusers
Groups: '=>SilverStripe\Security\Group.cmsusers'
user3:
FirstName: Files
Email: user3@example.com
Groups: =>Group.test
Groups: '=>SilverStripe\Security\Group.test'

2
tests/control/ControllerTest.php
View File

@ -57,7 +57,7 @@ class ControllerTest extends FunctionalTest {
}
public function testAllowedActions() {
$adminUser = $this->objFromFixture('Member', 'admin');
$adminUser = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$response = $this->get("ControllerTest_UnsecuredController/");
$this->assertEquals(200, $response->getStatusCode(),

22
tests/control/ControllerTest.yml
View File

@ -1,11 +1,11 @@
Permission:
admin:
Code: ADMIN
Group:
admins:
Code: admins
Permissions: =>Permission.admin
Member:
admin:
Email: admin@test.com
Groups: =>Group.admins
'SilverStripe\Security\Permission':
admin:
Code: ADMIN
'SilverStripe\Security\Group':
admins:
Code: admins
Permissions: '=>SilverStripe\Security\Permission.admin'
'SilverStripe\Security\Member':
admin:
Email: admin@test.com
Groups: '=>SilverStripe\Security\Group.admins'

2
tests/control/DirectorTest.php
View File

@ -394,7 +394,7 @@ class DirectorTest extends SapphireTest {
}
public function testForceSSLOnSubPagesPattern() {
$_SERVER['REQUEST_URI'] = Director::baseURL() . Config::inst()->get('Security', 'login_url');
$_SERVER['REQUEST_URI'] = Director::baseURL() . Config::inst()->get('SilverStripe\\Security\\Security', 'login_url');
$output = Director::forceSSL(array('/^Security/'));
$this->assertEquals($output, 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
}

2
tests/control/RequestHandlingTest.php
View File

@ -1,5 +1,7 @@
<?php
use SilverStripe\Security\SecurityToken;
/**
* Tests for RequestHandler and SS_HTTPRequest.
* We've set up a simple URL handling model based on

37
tests/core/manifest/NamespacedClassManifestTest.php
View File

@ -8,6 +8,10 @@
class NamespacedClassManifestTest extends SapphireTest {
protected $base;
/**
* @var SS_ClassManifest
*/
protected $manifest;
public function setUp() {
@ -28,13 +32,14 @@ class NamespacedClassManifestTest extends SapphireTest {
$tokens = token_get_all($file);
$parsedTokens = SS_ClassManifest::get_imported_namespace_parser()->findAll($tokens);
/** @skipUpgrade */
$expectedItems = array(
array('ModelAdmin'),
array('Controller', ' ', 'as', ' ', 'Cont'),
array(
'SS_HTTPRequest', ' ', 'as', ' ', 'Request', ',',
'SS_HTTPResponse', ' ', 'AS', ' ', 'Response', ',',
'PermissionProvider', ' ', 'AS', ' ', 'P',
'SS_HTTPResponse', ' ', 'as', ' ', 'Response', ',',
'SilverStripe', '\\', 'Security', '\\', 'PermissionProvider', ' ', 'as', ' ', 'P',
),
array('silverstripe', '\\', 'test', '\\', 'ClassA'),
array('\\', 'Object'),
@ -59,7 +64,7 @@ class NamespacedClassManifestTest extends SapphireTest {
'Cont' => 'Controller',
'Request' => 'SS_HTTPRequest',
'Response' => 'SS_HTTPResponse',
'P' => 'PermissionProvider',
'P' => 'SilverStripe\\Security\\PermissionProvider',
'silverstripe\test\ClassA',
'\Object',
);
@ -71,7 +76,7 @@ class NamespacedClassManifestTest extends SapphireTest {
}
public function testClassInfoIsCorrect() {
$this->assertContains('SilverStripe\Framework\Tests\ClassI', ClassInfo::implementorsOf('PermissionProvider'));
$this->assertContains('SilverStripe\Framework\Tests\ClassI', ClassInfo::implementorsOf('SilverStripe\\Security\\PermissionProvider'));
//because we're using a nested manifest we have to "coalesce" the descendants again to correctly populate the
// descendants of the core classes we want to test against - this is a limitation of the test manifest not
@ -83,20 +88,26 @@ class NamespacedClassManifestTest extends SapphireTest {
$this->assertContains('SilverStripe\Framework\Tests\ClassI', ClassInfo::subclassesFor('ModelAdmin'));
}
/**
* @skipUpgrade
*/
public function testFindClassOrInterfaceFromCandidateImports() {
$method = new ReflectionMethod($this->manifest, 'findClassOrInterfaceFromCandidateImports');
$method->setAccessible(true);
$this->assertTrue(ClassInfo::exists('silverstripe\test\ClassA'));
$this->assertEquals('PermissionProvider', $method->invokeArgs($this->manifest, array(
'\PermissionProvider',
'Test\Namespace',
array(
'TestOnly',
'Controller',
),
)));
$this->assertEquals(
'PermissionProvider',
$method->invokeArgs($this->manifest, [
'\PermissionProvider',
'Test\Namespace',
array(
'TestOnly',
'Controller',
),
])
);
$this->assertEquals('PermissionProvider', $method->invokeArgs($this->manifest, array(
'PermissionProvider',
@ -236,7 +247,7 @@ class NamespacedClassManifestTest extends SapphireTest {
'silverstripe\test\interfacea' => array('silverstripe\test\ClassE'),
'interfacea' => array('silverstripe\test\ClassF'),
'silverstripe\test\subtest\interfacea' => array('silverstripe\test\ClassG'),
'permissionprovider' => array('SilverStripe\Framework\Tests\ClassI'),
'silverstripe\security\permissionprovider' => array('SilverStripe\Framework\Tests\ClassI'),
);
$this->assertEquals($expect, $this->manifest->getImplementors());
}

3
tests/core/manifest/fixtures/namespaced_classmanifest/module/classes/ClassI.php
View File

@ -4,9 +4,10 @@ namespace SilverStripe\Framework\Tests;
//whitespace here is important for tests, please don't change it
use ModelAdmin;
use Controller as Cont ;
use SS_HTTPRequest as Request,SS_HTTPResponse AS Response, PermissionProvider AS P;
use SS_HTTPRequest as Request, SS_HTTPResponse as Response, SilverStripe\Security\PermissionProvider as P;
use silverstripe\test\ClassA;
use \Object;
class ClassI extends ModelAdmin implements P {
}

2
tests/filesystem/AssetControlExtensionTest.php
View File

@ -2,6 +2,8 @@
use SilverStripe\Filesystem\Storage\AssetStore;
use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
/**

12
tests/filesystem/FileTest.php
View File

@ -5,6 +5,8 @@ use SilverStripe\Filesystem\Storage\AssetStore;
use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\ValidationException;
use SilverStripe\Security\Member;
/**
@ -509,23 +511,23 @@ class FileTest extends SapphireTest {
$this->assertFalse($file->canEdit(), "Anonymous users can't edit files");
// Test permissionless user
$this->objFromFixture('Member', 'frontend')->logIn();
$this->objFromFixture('SilverStripe\\Security\\Member', 'frontend')->logIn();
$this->assertFalse($file->canEdit(), "Permissionless users can't edit files");
// Test global CMS section users
$this->objFromFixture('Member', 'cms')->logIn();
$this->objFromFixture('SilverStripe\\Security\\Member', 'cms')->logIn();
$this->assertTrue($file->canEdit(), "Users with all CMS section access can edit files");
// Test cms access users without file access
$this->objFromFixture('Member', 'security')->logIn();
$this->objFromFixture('SilverStripe\\Security\\Member', 'security')->logIn();
$this->assertFalse($file->canEdit(), "Security CMS users can't edit files");
// Test asset-admin user
$this->objFromFixture('Member', 'assetadmin')->logIn();
$this->objFromFixture('SilverStripe\\Security\\Member', 'assetadmin')->logIn();
$this->assertTrue($file->canEdit(), "Asset admin users can edit files");
// Test admin
$this->objFromFixture('Member', 'admin')->logIn();
$this->objFromFixture('SilverStripe\\Security\\Member', 'admin')->logIn();
$this->assertTrue($file->canEdit(), "Admins can edit files");
}

22
tests/filesystem/FileTest.yml
View File

@ -45,7 +45,7 @@ Image:
FileFilename: FileTest.png
FileHash: 55b443b60176235ef09801153cca4e6da7494a0c
Name: FileTest.png
Permission:
'SilverStripe\Security\Permission':
admin:
Code: ADMIN
cmsmain:
@ -54,31 +54,31 @@ Permission:
Code: CMS_ACCESS_AssetAdmin
securityadmin:
Code: CMS_ACCESS_SecurityAdmin
Group:
'SilverStripe\Security\Group':
admins:
Title: Administrators
Permissions: =>Permission.admin
Permissions: '=>SilverStripe\Security\Permission.admin'
cmsusers:
Title: 'CMS Users'
Permissions: =>Permission.cmsmain
Permissions: '=>SilverStripe\Security\Permission.cmsmain'
securityusers:
Title: 'Security Users'
Permissions: =>Permission.securityadmin
Permissions: '=>SilverStripe\Security\Permission.securityadmin'
assetusers:
Title: 'Asset Users'
Permissions: =>Permission.assetadmin
Member:
Permissions: '=>SilverStripe\Security\Permission.assetadmin'
'SilverStripe\Security\Member':
frontend:
Email: frontend@example.com
cms:
Email: cms@silverstripe.com
Groups: =>Group.cmsusers
Groups: '=>SilverStripe\Security\Group.cmsusers'
admin:
Email: admin@silverstripe.com
Groups: =>Group.admins
Groups: '=>SilverStripe\Security\Group.admins'
assetadmin:
Email: assetadmin@silverstripe.com
Groups: =>Group.assetusers
Groups: '=>SilverStripe\Security\Group.assetusers'
security:
Email: security@silverstripe.com
Groups: =>Group.securityusers
Groups: '=>SilverStripe\Security\Group.securityusers'

2
tests/forms/ConfirmedPasswordFieldTest.php
View File

@ -1,4 +1,6 @@
<?php
use SilverStripe\Security\Member;
/**
* @package framework
* @subpackage tests

2
tests/forms/FormScaffolderTest.php
View File

@ -2,6 +2,8 @@
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DataExtension;
use SilverStripe\Security\Member;
/**
* Tests for DataObject FormField scaffolding

7
tests/forms/FormTest.php
View File

@ -2,6 +2,9 @@
use SilverStripe\ORM\DataModel;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\SecurityToken;
use SilverStripe\Security\RandomGenerator;
/**
* @package framework
@ -387,12 +390,12 @@ class FormTest extends FunctionalTest {
SecurityToken::enable();
$form1 = $this->getStubForm();
$this->assertInstanceOf('SecurityToken', $form1->getSecurityToken());
$this->assertInstanceOf('SilverStripe\\Security\\SecurityToken', $form1->getSecurityToken());
SecurityToken::disable();
$form2 = $this->getStubForm();
$this->assertInstanceOf('NullSecurityToken', $form2->getSecurityToken());
$this->assertInstanceOf('SilverStripe\\Security\\NullSecurityToken', $form2->getSecurityToken());
SecurityToken::enable();
}

4
tests/forms/GridFieldTest.php
View File

@ -3,6 +3,8 @@
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\SS_List;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
class GridFieldTest extends SapphireTest {
/**
@ -75,7 +77,7 @@ class GridFieldTest extends SapphireTest {
*/
public function testGridFieldModelClass() {
$obj = new GridField('testfield', 'testfield', Member::get());
$this->assertEquals('Member', $obj->getModelClass(), 'Should return Member');
$this->assertEquals('SilverStripe\\Security\\Member', $obj->getModelClass(), 'Should return Member');
$obj->setModelClass('SilverStripe\\ORM\\DataModel');
$this->assertEquals('SilverStripe\\ORM\\DataModel', $obj->getModelClass(), 'Should return Member');
}

8
tests/forms/LookupFieldTest.php
View File

@ -66,11 +66,11 @@ class LookupFieldTest extends SapphireTest {
}
public function testArrayValueWithSqlMapSource() {
$member1 = $this->objFromFixture('Member', 'member1');
$member2 = $this->objFromFixture('Member', 'member2');
$member3 = $this->objFromFixture('Member', 'member3');
$member1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'member1');
$member2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'member2');
$member3 = $this->objFromFixture('SilverStripe\\Security\\Member', 'member3');
$source = DataObject::get('Member');
$source = DataObject::get('SilverStripe\\Security\\Member');
$f = new LookupField('test', 'test', $source->map('ID', 'FirstName'));
$f->setValue(array($member1->ID, $member2->ID));

2
tests/forms/LookupFieldTest.yml
View File

@ -1,4 +1,4 @@
Member:
'SilverStripe\Security\Member':
member1:
FirstName: member1
member2:

8
tests/forms/MemberDatetimeOptionsetFieldTest.php
View File

@ -45,7 +45,7 @@ class MemberDatetimeOptionsetFieldTest extends SapphireTest {
public function testDateFormatDefaultCheckedInFormField() {
Config::inst()->update('i18n', 'date_format', 'yyyy-MM-dd');
$field = $this->createDateFormatFieldForMember($this->objFromFixture('Member', 'noformatmember'));
$field = $this->createDateFormatFieldForMember($this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember'));
$field->setForm(new Form(new MemberDatetimeOptionsetFieldTest_Controller(), 'Form', new FieldList(),
new FieldList())); // fake form
$parser = new CSSContentParser($field->Field());
@ -55,7 +55,7 @@ class MemberDatetimeOptionsetFieldTest extends SapphireTest {
public function testTimeFormatDefaultCheckedInFormField() {
Config::inst()->update('i18n', 'time_format', 'h:mm:ss a');
$field = $this->createTimeFormatFieldForMember($this->objFromFixture('Member', 'noformatmember'));
$field = $this->createTimeFormatFieldForMember($this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember'));
$field->setForm(new Form(new MemberDatetimeOptionsetFieldTest_Controller(), 'Form', new FieldList(),
new FieldList())); // fake form
$parser = new CSSContentParser($field->Field());
@ -64,7 +64,7 @@ class MemberDatetimeOptionsetFieldTest extends SapphireTest {
}
public function testDateFormatChosenIsCheckedInFormField() {
$member = $this->objFromFixture('Member', 'noformatmember');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember');
$member->setField('DateFormat', 'MM/dd/yyyy');
$field = $this->createDateFormatFieldForMember($member);
$field->setForm(new Form(new MemberDatetimeOptionsetFieldTest_Controller(), 'Form', new FieldList(),
@ -75,7 +75,7 @@ class MemberDatetimeOptionsetFieldTest extends SapphireTest {
}
public function testDateFormatCustomFormatAppearsInCustomInputInField() {
$member = $this->objFromFixture('Member', 'noformatmember');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember');
$member->setField('DateFormat', 'dd MM yy');
$field = $this->createDateFormatFieldForMember($member);
$field->setForm(new Form(new MemberDatetimeOptionsetFieldTest_Controller(), 'Form', new FieldList(),

2
tests/forms/MemberDatetimeOptionsetFieldTest.yml
View File

@ -1,4 +1,4 @@
Member:
'SilverStripe\Security\Member':
noformatmember:
Email: noformat@test.com
delocalemember:

4
tests/forms/gridfield/GridFieldDataColumnsTest.php
View File

@ -1,4 +1,6 @@
<?php
use SilverStripe\Security\Member;
class GridFieldDataColumnsTest extends SapphireTest {
/**
@ -6,7 +8,7 @@ class GridFieldDataColumnsTest extends SapphireTest {
*/
public function testGridFieldGetDefaultDisplayFields() {
$obj = new GridField('testfield', 'testfield', Member::get());
$expected = singleton('Member')->summaryFields();
$expected = singleton('SilverStripe\\Security\\Member')->summaryFields();
$columns = $obj->getConfig()->getComponentByType('GridFieldDataColumns');
$this->assertEquals($expected, $columns->getDisplayFields($obj));
}

3
tests/forms/gridfield/GridFieldDeleteActionTest.php
View File

@ -2,6 +2,9 @@
use SilverStripe\ORM\DataList;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
use SilverStripe\Security\SecurityToken;
class GridFieldDeleteActionTest extends SapphireTest {

2
tests/forms/gridfield/GridFieldEditButtonTest.php
View File

@ -2,6 +2,8 @@
use SilverStripe\ORM\DataList;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
class GridFieldEditButtonTest extends SapphireTest {

6
tests/i18n/i18nTest.php
View File

@ -590,15 +590,15 @@ class i18nTest_DataObject extends DataObject implements TestOnly {
);
private static $has_one = array(
'HasOneRelation' => 'Member'
'HasOneRelation' => 'SilverStripe\\Security\\Member'
);
private static $has_many = array(
'HasManyRelation' => 'Member'
'HasManyRelation' => 'SilverStripe\\Security\\Member'
);
private static $many_many = array(
'ManyManyRelation' => 'Member'
'ManyManyRelation' => 'SilverStripe\\Security\\Member'
);
/**

2
tests/i18n/i18nTextCollectorTestMyObject.php
View File

@ -12,7 +12,7 @@ class i18nTextCollectorTestMyObject extends DataObject implements TestOnly {
);
private static $has_many = array(
'Relation' => 'Group'
'Relation' => 'SilverStripe\\Security\\Group'
);
private static $singular_name = "My Object";

2
tests/i18n/i18nTextCollectorTestMySubObject.php
View File

@ -9,7 +9,7 @@ class i18nTextCollectorTestMySubObject extends i18nTextCollectorTestMyObject imp
);
private static $has_many = array(
'SubRelation' => 'Group'
'SubRelation' => 'SilverStripe\\Security\\Group'
);
private static $singular_name = "My Sub Object";

2
tests/model/ChangeSetTest.php
View File

@ -4,6 +4,8 @@ use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\Versioning\ChangeSet;
use SilverStripe\ORM\Versioning\ChangeSetItem;
use SilverStripe\ORM\Versioning\Versioned;
use SilverStripe\Security\Permission;
/**
* Provides a set of targettable permissions for tested models

2
tests/model/ComponentSetTest.php
View File

@ -1,6 +1,8 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
/**
* @package framework
* @subpackage tests

2
tests/model/DBDateTest.php
View File

@ -253,7 +253,7 @@ class DBDateTest extends SapphireTest {
public function testFormatFromSettings() {
$memberID = $this->logInWithPermission();
$member = DataObject::get_by_id('Member', $memberID);
$member = DataObject::get_by_id('SilverStripe\\Security\\Member', $memberID);
$member->DateFormat = 'dd/MM/YYYY';
$member->write();

4
tests/model/DataExtensionTest.php
View File

@ -120,8 +120,8 @@ class DataExtensionTest extends SapphireTest {
// in SiteTree->can*() methods to test one single feature reliably with them
$obj = $this->objFromFixture('DataExtensionTest_MyObject', 'object1');
$websiteuser = $this->objFromFixture('Member', 'websiteuser');
$admin = $this->objFromFixture('Member', 'admin');
$websiteuser = $this->objFromFixture('SilverStripe\\Security\\Member', 'websiteuser');
$admin = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$this->assertFalse(
$obj->canOne($websiteuser),

42
tests/model/DataExtensionTest.yml
View File

@ -1,24 +1,24 @@
DataExtensionTest_RelatedObject:
obj1:
FieldOne: Obj1
obj2:
FieldOne: Obj2
Permission:
adminpermission:
Code: ADMIN
Group:
admingroup:
Permissions: =>Permission.adminpermission
Member:
admin:
Email: admin@test.com
Groups: =>Group.admingroup
websiteuser:
Email: websiteuser@test.com
obj1:
FieldOne: Obj1
obj2:
FieldOne: Obj2
'SilverStripe\Security\Permission':
adminpermission:
Code: ADMIN
'SilverStripe\Security\Group':
admingroup:
Permissions: '=>SilverStripe\Security\Permission.adminpermission'
'SilverStripe\Security\Member':
admin:
Email: admin@test.com
Groups: '=>SilverStripe\Security\Group.admingroup'
websiteuser:
Email: websiteuser@test.com
DataExtensionTest_Member:
member1:
Name: Sam
Website: http://www.example.org
member1:
Name: Sam
Website: http://www.example.org
DataExtensionTest_MyObject:
object1:
Title: Object 1
object1:
Title: Object 1

2
tests/model/DataObjectTest.php
View File

@ -7,6 +7,8 @@ use SilverStripe\ORM\DB;
use SilverStripe\ORM\Connect\MySQLDatabase;
use SilverStripe\ORM\DataExtension;
use SilverStripe\ORM\ValidationResult;
use SilverStripe\Security\Member;
/**

4
tests/model/DataQueryTest.php
View File

@ -43,12 +43,12 @@ class DataQueryTest extends SapphireTest {
* Test the leftJoin() and innerJoin method of the DataQuery object
*/
public function testJoins() {
$dq = new DataQuery('Member');
$dq = new DataQuery('SilverStripe\\Security\\Member');
$dq->innerJoin("Group_Members", "\"Group_Members\".\"MemberID\" = \"Member\".\"ID\"");
$this->assertSQLContains("INNER JOIN \"Group_Members\" ON \"Group_Members\".\"MemberID\" = \"Member\".\"ID\"",
$dq->sql($parameters));
$dq = new DataQuery('Member');
$dq = new DataQuery('SilverStripe\\Security\\Member');
$dq->leftJoin("Group_Members", "\"Group_Members\".\"MemberID\" = \"Member\".\"ID\"");
$this->assertSQLContains("LEFT JOIN \"Group_Members\" ON \"Group_Members\".\"MemberID\" = \"Member\".\"ID\"",
$dq->sql($parameters));

2
tests/model/DatabaseTest.php
View File

@ -4,6 +4,8 @@ use SilverStripe\ORM\DB;
use SilverStripe\ORM\Connect\MySQLDatabase;
use SilverStripe\ORM\Connect\MySQLSchemaManager;
use SilverStripe\ORM\DataObject;
use SilverStripe\MSSQL\MSSQLDatabase;
/**
* @package framework
* @subpackage Testing

2
tests/model/DbDatetimeTest.php
View File

@ -202,7 +202,7 @@ class DBDatetimeTest extends SapphireTest {
public function testFormatFromSettings() {
$memberID = $this->logInWithPermission();
$member = DataObject::get_by_id('Member', $memberID);
$member = DataObject::get_by_id('SilverStripe\\Security\\Member', $memberID);
$member->DateFormat = 'dd/MM/YYYY';
$member->TimeFormat = 'hh:mm:ss';
$member->write();

3
tests/model/SQLSelectTest.php
View File

@ -4,6 +4,9 @@ use SilverStripe\ORM\DB;
use SilverStripe\ORM\Connect\MySQLDatabase;
use SilverStripe\ORM\Queries\SQLSelect;
use SilverStripe\ORM\DataObject;
use SilverStripe\SQLite\SQLite3Database;
use SilverStripe\PostgreSQL\PostgreSQLDatabase;
/**
* @package framework

4
tests/security/BasicAuthTest.php
View File

@ -1,4 +1,8 @@
<?php
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;
use SilverStripe\Security\BasicAuth;
/**
* @package framework
* @subpackage tests

10
tests/security/BasicAuthTest.yml
View File

@ -1,11 +1,11 @@
Group:
'SilverStripe\Security\Group':
mygroup:
Code: mygroup
Member:
SilverStripe\Security\Member:
user-in-mygroup:
Email: user-in-mygroup@test.com
Password: test
Groups: =>Group.mygroup
Groups: '=>SilverStripe\Security\Group.mygroup'
user-without-groups:
Email: user-without-groups@test.com
Password: test
@ -13,7 +13,7 @@ Member:
Email: failedlogin@test.com
Password: Password
FailedLoginCount: 0
Permission:
'SilverStripe\Security\Permission':
mycode:
Code: MYCODE
Group: =>Group.mygroup
Group: '=>SilverStripe\Security\Group.mygroup'

3
tests/security/GroupCsvBulkLoaderTest.php
View File

@ -1,4 +1,7 @@
<?php
use SilverStripe\Security\GroupCsvBulkLoader;
use SilverStripe\Security\Group;
/**
* @package framework
* @subpackage tests

6
tests/security/GroupCsvBulkLoaderTest.yml
View File

@ -1,7 +1,7 @@
Permission:
'SilverStripe\Security\Permission':
permission1:
Code: CODE1
Group:
'SilverStripe\Security\Group':
existinggroup:
Code: existinggroup
Permissions: =>Permission.permission1
Permissions: '=>SilverStripe\Security\Permission.permission1'

33
tests/security/GroupTest.php
View File

@ -1,6 +1,9 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Group;
use SilverStripe\Security\Member;
/**
* @package framework
* @subpackage tests
@ -30,9 +33,9 @@ class GroupTest extends FunctionalTest {
public function testMemberGroupRelationForm() {
Session::set('loggedInAs', $this->idFromFixture('GroupTest_Member', 'admin'));
$adminGroup = $this->objFromFixture('Group', 'admingroup');
$parentGroup = $this->objFromFixture('Group', 'parentgroup');
$childGroup = $this->objFromFixture('Group', 'childgroup');
$adminGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'admingroup');
$parentGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'parentgroup');
$childGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'childgroup');
// Test single group relation through checkboxsetfield
$form = new GroupTest_MemberForm($this, 'Form');
@ -86,8 +89,8 @@ class GroupTest extends FunctionalTest {
}
public function testCollateAncestorIDs() {
$parentGroup = $this->objFromFixture('Group', 'parentgroup');
$childGroup = $this->objFromFixture('Group', 'childgroup');
$parentGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'parentgroup');
$childGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'childgroup');
$orphanGroup = new Group();
$orphanGroup->ParentID = 99999;
$orphanGroup->write();
@ -110,26 +113,26 @@ class GroupTest extends FunctionalTest {
}
public function testDelete() {
$group = $this->objFromFixture('Group', 'parentgroup');
$group = $this->objFromFixture('SilverStripe\\Security\\Group', 'parentgroup');
$groupID = $group->ID;
$childGroupID = $this->idFromFixture('Group', 'childgroup');
$childGroupID = $this->idFromFixture('SilverStripe\\Security\\Group', 'childgroup');
$group->delete();
$this->assertEquals(0, DataObject::get('Group', "\"ID\" = {$groupID}")->Count(),
$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\Group', "\"ID\" = {$groupID}")->Count(),
'Group is removed');
$this->assertEquals(0, DataObject::get('Permission', "\"GroupID\" = {$groupID}")->Count(),
$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\Permission', "\"GroupID\" = {$groupID}")->Count(),
'Permissions removed along with the group');
$this->assertEquals(0, DataObject::get('Group', "\"ParentID\" = {$groupID}")->Count(),
$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\Group', "\"ParentID\" = {$groupID}")->Count(),
'Child groups are removed');
$this->assertEquals(0, DataObject::get('Group', "\"ParentID\" = {$childGroupID}")->Count(),
$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\Group', "\"ParentID\" = {$childGroupID}")->Count(),
'Grandchild groups are removed');
}
public function testValidatesPrivilegeLevelOfParent() {
$nonAdminUser = $this->objFromFixture('GroupTest_Member', 'childgroupuser');
$adminUser = $this->objFromFixture('GroupTest_Member', 'admin');
$nonAdminGroup = $this->objFromFixture('Group', 'childgroup');
$adminGroup = $this->objFromFixture('Group', 'admingroup');
$nonAdminGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'childgroup');
$adminGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'admingroup');
$nonAdminValidateMethod = new ReflectionMethod($nonAdminGroup, 'validate');
$nonAdminValidateMethod->setAccessible(true);
@ -154,7 +157,7 @@ class GroupTest extends FunctionalTest {
$newlyAdminGroup = $nonAdminGroup;
$this->logInWithPermission('ADMIN');
$inheritedAdminGroup = $this->objFromFixture('Group', 'group1');
$inheritedAdminGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'group1');
$inheritedAdminMethod = new ReflectionMethod($inheritedAdminGroup, 'validate');
$inheritedAdminMethod->setAccessible(true);
$inheritedAdminGroup->ParentID = $adminGroup->ID;
@ -173,7 +176,7 @@ class GroupTest extends FunctionalTest {
class GroupTest_Member extends Member implements TestOnly {
public function getCMSFields() {
$groups = DataObject::get('Group');
$groups = DataObject::get('SilverStripe\\Security\\Group');
$groupsMap = ($groups) ? $groups->map() : false;
$fields = new FieldList(
new HiddenField('ID', 'ID'),

62
tests/security/GroupTest.yml
View File

@ -1,32 +1,32 @@
Group:
admingroup:
Code: admingroup
parentgroup:
Code: parentgroup
childgroup:
Code: childgroup
Parent: =>Group.parentgroup
grandchildgroup:
Code: grandchildgroup
Parent: =>Group.childgroup
group1:
Title: Group 1
group2:
Title: Group 2
'SilverStripe\Security\Group':
admingroup:
Code: admingroup
parentgroup:
Code: parentgroup
childgroup:
Code: childgroup
Parent: '=>SilverStripe\Security\Group.parentgroup'
grandchildgroup:
Code: grandchildgroup
Parent: '=>SilverStripe\Security\Group.childgroup'
group1:
Title: Group 1
group2:
Title: Group 2
GroupTest_Member:
admin:
FirstName: Admin
Groups: =>Group.admingroup
parentgroupuser:
FirstName: Parent Group User
Groups: =>Group.parentgroup
childgroupuser:
FirstName: Child Group User
Groups: =>Group.childgroup
allgroupuser:
FirstName: All Group User
Groups: =>Group.admingroup,=>Group.parentgroup,=>Group.childgroup
Permission:
admincode:
Code: ADMIN
Group: =>Group.admingroup
admin:
FirstName: Admin
Groups: '=>SilverStripe\Security\Group.admingroup'
parentgroupuser:
FirstName: Parent Group User
Groups: '=>SilverStripe\Security\Group.parentgroup'
childgroupuser:
FirstName: Child Group User
Groups: '=>SilverStripe\Security\Group.childgroup'
allgroupuser:
FirstName: All Group User
Groups: '=>SilverStripe\Security\Group.admingroup,=>SilverStripe\Security\Group.parentgroup,=>SilverStripe\Security\Group.childgroup'
'SilverStripe\Security\Permission':
admincode:
Code: ADMIN
Group: '=>SilverStripe\Security\Group.admingroup'

23
tests/security/MemberAuthenticatorTest.php
View File

@ -2,6 +2,12 @@
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\Security\Security;
use SilverStripe\Security\Member;
use SilverStripe\Security\MemberAuthenticator;
use SilverStripe\Security\MemberLoginForm;
use SilverStripe\Security\CMSMemberLoginForm;
/**
* @package framework
* @subpackage tests
@ -43,15 +49,18 @@ class MemberAuthenticatorTest extends SapphireTest {
);
MemberAuthenticator::authenticate($data);
$member = DataObject::get_by_id('Member', $member->ID);
$member = DataObject::get_by_id('SilverStripe\\Security\\Member', $member->ID);
$this->assertEquals($member->PasswordEncryption, "sha1_v2.4");
$result = $member->checkPassword('mypassword');
$this->assertTrue($result->valid());
}
public function testNoLegacyPasswordHashMigrationOnIncompatibleAlgorithm() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('crc32'=>array('PasswordEncryptor_PHPHash'=>'crc32')));
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
array('crc32' => array('SilverStripe\\Security\\PasswordEncryptor_PHPHash' => 'crc32'))
);
$field=Member::config()->unique_identifier_field;
$member = new Member();
@ -66,7 +75,7 @@ class MemberAuthenticatorTest extends SapphireTest {
);
MemberAuthenticator::authenticate($data);
$member = DataObject::get_by_id('Member', $member->ID);
$member = DataObject::get_by_id('SilverStripe\\Security\\Member', $member->ID);
$this->assertEquals($member->PasswordEncryption, "crc32");
$result = $member->checkPassword('mypassword');
$this->assertTrue($result->valid());
@ -77,7 +86,7 @@ class MemberAuthenticatorTest extends SapphireTest {
$origField = Member::config()->unique_identifier_field;
Member::config()->unique_identifier_field = 'Username';
$label=singleton('Member')->fieldLabel(Member::config()->unique_identifier_field);
$label=singleton('SilverStripe\\Security\\Member')->fieldLabel(Member::config()->unique_identifier_field);
$this->assertEquals($label, 'Username');
@ -170,8 +179,8 @@ class MemberAuthenticatorTest extends SapphireTest {
public function testDefaultAdminLockOut()
{
Config::inst()->update('Member', 'lock_out_after_incorrect_logins', 1);
Config::inst()->update('Member', 'lock_out_delay_mins', 10);
Config::inst()->update('SilverStripe\\Security\\Member', 'lock_out_after_incorrect_logins', 1);
Config::inst()->update('SilverStripe\\Security\\Member', 'lock_out_delay_mins', 10);
DBDatetime::set_mock_now('2016-04-18 00:00:00');
$controller = new Security();
$form = new Form($controller, 'Form', new FieldList(), new FieldList());

12
tests/security/MemberCsvBulkLoaderTest.php
View File

@ -1,6 +1,10 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\MemberCsvBulkLoader;
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;
/**
* @package framework
* @subpackage tests
@ -35,7 +39,7 @@ class MemberCsvBulkLoaderTest extends SapphireTest {
}
public function testAddToPredefinedGroups() {
$existinggroup = $this->objFromFixture('Group', 'existinggroup');
$existinggroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'existinggroup');
$loader = new MemberCsvBulkLoader();
$loader->setGroups(array($existinggroup));
@ -51,12 +55,12 @@ class MemberCsvBulkLoaderTest extends SapphireTest {
}
public function testAddToCsvColumnGroupsByCode() {
$existinggroup = $this->objFromFixture('Group', 'existinggroup');
$existinggroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'existinggroup');
$loader = new MemberCsvBulkLoader();
$results = $loader->load($this->getCurrentRelativePath() . '/MemberCsvBulkLoaderTest_withGroups.csv');
$newgroup = DataObject::get_one('Group', array(
$newgroup = DataObject::get_one('SilverStripe\\Security\\Group', array(
'"Group"."Code"' => 'newgroup'
));
$this->assertEquals($newgroup->Title, 'newgroup');
@ -78,7 +82,7 @@ class MemberCsvBulkLoaderTest extends SapphireTest {
$member = $results->Created()->First();
$memberID = $member->ID;
DataObject::flush_and_destroy_cache();
$member = DataObject::get_by_id('Member', $memberID);
$member = DataObject::get_by_id('SilverStripe\\Security\\Member', $memberID);
// TODO Direct getter doesn't work, wtf!
$this->assertEquals(Security::config()->password_encryption_algorithm, $member->getField('PasswordEncryption'));

4
tests/security/MemberCsvBulkLoaderTest.yml
View File

@ -1,7 +1,7 @@
Group:
'SilverStripe\Security\Group':
existinggroup:
Code: existinggroup
Member:
'SilverStripe\Security\Member':
existingauthor:
Email: existingauthor@test.com
FirstName: Existing Author

177
tests/security/MemberTest.php
View File

@ -4,6 +4,16 @@ use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DB;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\ORM\DataExtension;
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;
use SilverStripe\Security\MemberPassword;
use SilverStripe\Security\Group;
use SilverStripe\Security\Permission;
use SilverStripe\Security\PasswordEncryptor_Blowfish;
use SilverStripe\Security\RememberLoginHash;
use SilverStripe\Security\Member_Validator;
use SilverStripe\Security\PasswordValidator;
/**
* @package framework
@ -16,7 +26,7 @@ class MemberTest extends FunctionalTest {
protected $local = null;
protected $illegalExtensions = array(
'Member' => array(
'SilverStripe\\Security\\Member' => array(
// TODO Coupling with modules, this should be resolved by automatically
// removing all applied extensions before a unit test
'ForumRole',
@ -140,7 +150,7 @@ class MemberTest extends FunctionalTest {
}
public function testSetPassword() {
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$member->Password = "test1";
$member->write();
$result = $member->checkPassword('test1');
@ -151,7 +161,7 @@ class MemberTest extends FunctionalTest {
* Test that password changes are logged properly
*/
public function testPasswordChangeLogging() {
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$this->assertNotNull($member);
$member->Password = "test1";
$member->write();
@ -162,7 +172,7 @@ class MemberTest extends FunctionalTest {
$member->Password = "test3";
$member->write();
$passwords = DataObject::get("MemberPassword", "\"MemberID\" = $member->ID", "\"Created\" DESC, \"ID\" DESC")
$passwords = DataObject::get("SilverStripe\\Security\\MemberPassword", "\"MemberID\" = $member->ID", "\"Created\" DESC, \"ID\" DESC")
->getIterator();
$this->assertNotNull($passwords);
$passwords->rewind();
@ -191,11 +201,11 @@ class MemberTest extends FunctionalTest {
* Test that changed passwords will send an email
*/
public function testChangedPasswordEmaling() {
Config::inst()->update('Member', 'notify_password_change', true);
Config::inst()->update('SilverStripe\\Security\\Member', 'notify_password_change', true);
$this->clearEmails();
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$this->assertNotNull($member);
$valid = $member->changePassword('32asDF##$$%%');
$this->assertTrue($valid->valid());
@ -212,7 +222,7 @@ class MemberTest extends FunctionalTest {
$this->clearEmails();
$this->autoFollowRedirection = false;
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$this->assertNotNull($member);
// Initiate a password-reset
@ -236,7 +246,7 @@ class MemberTest extends FunctionalTest {
* - at least 7 characters long
*/
public function testValidatePassword() {
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$this->assertNotNull($member);
Member::set_password_validator(new MemberTest_PasswordValidator());
@ -320,7 +330,7 @@ class MemberTest extends FunctionalTest {
public function testPasswordExpirySetting() {
Member::config()->password_expiry_days = 90;
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$this->assertNotNull($member);
$valid = $member->changePassword("Xx?1234234");
$this->assertTrue($valid->valid());
@ -336,15 +346,15 @@ class MemberTest extends FunctionalTest {
}
public function testIsPasswordExpired() {
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$this->assertNotNull($member);
$this->assertFalse($member->isPasswordExpired());
$member = $this->objFromFixture('Member', 'noexpiry');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'noexpiry');
$member->PasswordExpiry = null;
$this->assertFalse($member->isPasswordExpired());
$member = $this->objFromFixture('Member', 'expiredpassword');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'expiredpassword');
$this->assertTrue($member->isPasswordExpired());
// Check the boundary conditions
@ -361,21 +371,21 @@ class MemberTest extends FunctionalTest {
public function testMemberWithNoDateFormatFallsbackToGlobalLocaleDefaultFormat() {
Config::inst()->update('i18n', 'date_format', 'yyyy-MM-dd');
Config::inst()->update('i18n', 'time_format', 'H:mm');
$member = $this->objFromFixture('Member', 'noformatmember');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember');
$this->assertEquals('yyyy-MM-dd', $member->DateFormat);
$this->assertEquals('H:mm', $member->TimeFormat);
}
public function testInGroups() {
$staffmember = $this->objFromFixture('Member', 'staffmember');
$managementmember = $this->objFromFixture('Member', 'managementmember');
$accountingmember = $this->objFromFixture('Member', 'accountingmember');
$ceomember = $this->objFromFixture('Member', 'ceomember');
$staffmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
$managementmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'managementmember');
$accountingmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'accountingmember');
$ceomember = $this->objFromFixture('SilverStripe\\Security\\Member', 'ceomember');
$staffgroup = $this->objFromFixture('Group', 'staffgroup');
$managementgroup = $this->objFromFixture('Group', 'managementgroup');
$accountinggroup = $this->objFromFixture('Group', 'accountinggroup');
$ceogroup = $this->objFromFixture('Group', 'ceogroup');
$staffgroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'staffgroup');
$managementgroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'managementgroup');
$accountinggroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'accountinggroup');
$ceogroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'ceogroup');
$this->assertTrue(
$staffmember->inGroups(array($staffgroup, $managementgroup)),
@ -392,8 +402,8 @@ class MemberTest extends FunctionalTest {
}
public function testAddToGroupByCode() {
$grouplessMember = $this->objFromFixture('Member', 'grouplessmember');
$memberlessGroup = $this->objFromFixture('Group','memberlessgroup');
$grouplessMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'grouplessmember');
$memberlessGroup = $this->objFromFixture('SilverStripe\\Security\\Group','memberlessgroup');
$this->assertFalse($grouplessMember->Groups()->exists());
$this->assertFalse($memberlessGroup->Members()->exists());
@ -406,7 +416,7 @@ class MemberTest extends FunctionalTest {
$grouplessMember->addToGroupByCode('somegroupthatwouldneverexist', 'New Group');
$this->assertEquals($grouplessMember->Groups()->Count(), 2);
$group = DataObject::get_one('Group', array(
$group = DataObject::get_one('SilverStripe\\Security\\Group', array(
'"Group"."Code"' => 'somegroupthatwouldneverexist'
));
$this->assertNotNull($group);
@ -416,8 +426,8 @@ class MemberTest extends FunctionalTest {
}
public function testRemoveFromGroupByCode() {
$grouplessMember = $this->objFromFixture('Member', 'grouplessmember');
$memberlessGroup = $this->objFromFixture('Group','memberlessgroup');
$grouplessMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'grouplessmember');
$memberlessGroup = $this->objFromFixture('SilverStripe\\Security\\Group','memberlessgroup');
$this->assertFalse($grouplessMember->Groups()->exists());
$this->assertFalse($memberlessGroup->Members()->exists());
@ -430,7 +440,7 @@ class MemberTest extends FunctionalTest {
$grouplessMember->addToGroupByCode('somegroupthatwouldneverexist', 'New Group');
$this->assertEquals($grouplessMember->Groups()->Count(), 2);
$group = DataObject::get_one('Group', "\"Code\" = 'somegroupthatwouldneverexist'");
$group = DataObject::get_one('SilverStripe\\Security\\Group', "\"Code\" = 'somegroupthatwouldneverexist'");
$this->assertNotNull($group);
$this->assertEquals($group->Code, 'somegroupthatwouldneverexist');
$this->assertEquals($group->Title, 'New Group');
@ -444,15 +454,15 @@ class MemberTest extends FunctionalTest {
}
public function testInGroup() {
$staffmember = $this->objFromFixture('Member', 'staffmember');
$managementmember = $this->objFromFixture('Member', 'managementmember');
$accountingmember = $this->objFromFixture('Member', 'accountingmember');
$ceomember = $this->objFromFixture('Member', 'ceomember');
$staffmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
$managementmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'managementmember');
$accountingmember = $this->objFromFixture('SilverStripe\\Security\\Member', 'accountingmember');
$ceomember = $this->objFromFixture('SilverStripe\\Security\\Member', 'ceomember');
$staffgroup = $this->objFromFixture('Group', 'staffgroup');
$managementgroup = $this->objFromFixture('Group', 'managementgroup');
$accountinggroup = $this->objFromFixture('Group', 'accountinggroup');
$ceogroup = $this->objFromFixture('Group', 'ceogroup');
$staffgroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'staffgroup');
$managementgroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'managementgroup');
$accountinggroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'accountinggroup');
$ceogroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'ceogroup');
$this->assertTrue(
$staffmember->inGroup($staffgroup),
@ -501,9 +511,9 @@ class MemberTest extends FunctionalTest {
* edit and delete their own record too.
*/
public function testCanManipulateOwnRecord() {
$extensions = $this->removeExtensions(Object::get_extensions('Member'));
$member = $this->objFromFixture('Member', 'test');
$member2 = $this->objFromFixture('Member', 'staffmember');
$extensions = $this->removeExtensions(Object::get_extensions('SilverStripe\\Security\\Member'));
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$member2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
$this->session()->inst_set('loggedInAs', null);
@ -529,9 +539,9 @@ class MemberTest extends FunctionalTest {
}
public function testAuthorisedMembersCanManipulateOthersRecords() {
$extensions = $this->removeExtensions(Object::get_extensions('Member'));
$member = $this->objFromFixture('Member', 'test');
$member2 = $this->objFromFixture('Member', 'staffmember');
$extensions = $this->removeExtensions(Object::get_extensions('SilverStripe\\Security\\Member'));
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$member2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
/* Group members with SecurityAdmin permissions can manipulate other records */
$this->session()->inst_set('loggedInAs', $member->ID);
@ -544,8 +554,8 @@ class MemberTest extends FunctionalTest {
}
public function testExtendedCan() {
$extensions = $this->removeExtensions(Object::get_extensions('Member'));
$member = $this->objFromFixture('Member', 'test');
$extensions = $this->removeExtensions(Object::get_extensions('SilverStripe\\Security\\Member'));
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
/* Normal behaviour is that you can't view a member unless canView() on an extension returns true */
$this->assertFalse($member->canView());
@ -554,7 +564,7 @@ class MemberTest extends FunctionalTest {
/* Apply a extension that allows viewing in any case (most likely the case for member profiles) */
Member::add_extension('MemberTest_ViewingAllowedExtension');
$member2 = $this->objFromFixture('Member', 'staffmember');
$member2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
$this->assertTrue($member2->canView());
$this->assertFalse($member2->canDelete());
@ -563,7 +573,7 @@ class MemberTest extends FunctionalTest {
/* Apply a extension that denies viewing of the Member */
Member::remove_extension('MemberTest_ViewingAllowedExtension');
Member::add_extension('MemberTest_ViewingDeniedExtension');
$member3 = $this->objFromFixture('Member', 'managementmember');
$member3 = $this->objFromFixture('SilverStripe\\Security\\Member', 'managementmember');
$this->assertFalse($member3->canView());
$this->assertFalse($member3->canDelete());
@ -572,7 +582,7 @@ class MemberTest extends FunctionalTest {
/* Apply a extension that allows viewing and editing but denies deletion */
Member::remove_extension('MemberTest_ViewingDeniedExtension');
Member::add_extension('MemberTest_EditingAllowedDeletingDeniedExtension');
$member4 = $this->objFromFixture('Member', 'accountingmember');
$member4 = $this->objFromFixture('SilverStripe\\Security\\Member', 'accountingmember');
$this->assertTrue($member4->canView());
$this->assertFalse($member4->canDelete());
@ -586,7 +596,7 @@ class MemberTest extends FunctionalTest {
* Tests for {@link Member::getName()} and {@link Member::setName()}
*/
public function testName() {
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$member->setName('Test Some User');
$this->assertEquals('Test Some User', $member->getName());
$member->setName('Test');
@ -597,10 +607,10 @@ class MemberTest extends FunctionalTest {
}
public function testMembersWithSecurityAdminAccessCantEditAdminsUnlessTheyreAdminsThemselves() {
$adminMember = $this->objFromFixture('Member', 'admin');
$otherAdminMember = $this->objFromFixture('Member', 'other-admin');
$securityAdminMember = $this->objFromFixture('Member', 'test');
$ceoMember = $this->objFromFixture('Member', 'ceomember');
$adminMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$otherAdminMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'other-admin');
$securityAdminMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$ceoMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'ceomember');
// Careful: Don't read as english language.
// More precisely this should read canBeEditedBy()
@ -615,9 +625,9 @@ class MemberTest extends FunctionalTest {
}
public function testOnChangeGroups() {
$staffGroup = $this->objFromFixture('Group', 'staffgroup');
$staffMember = $this->objFromFixture('Member', 'staffmember');
$adminMember = $this->objFromFixture('Member', 'admin');
$staffGroup = $this->objFromFixture('SilverStripe\\Security\\Group', 'staffgroup');
$staffMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
$adminMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$newAdminGroup = new Group(array('Title' => 'newadmin'));
$newAdminGroup->write();
Permission::grant($newAdminGroup->ID, 'ADMIN');
@ -654,8 +664,8 @@ class MemberTest extends FunctionalTest {
* Test Member_GroupSet::add
*/
public function testOnChangeGroupsByAdd() {
$staffMember = $this->objFromFixture('Member', 'staffmember');
$adminMember = $this->objFromFixture('Member', 'admin');
$staffMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
$adminMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
// Setup new admin group
$newAdminGroup = new Group(array('Title' => 'newadmin'));
@ -704,7 +714,7 @@ class MemberTest extends FunctionalTest {
* Test Member_GroupSet::add
*/
public function testOnChangeGroupsBySetIDList() {
$staffMember = $this->objFromFixture('Member', 'staffmember');
$staffMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'staffmember');
// Setup new admin group
$newAdminGroup = new Group(array('Title' => 'newadmin'));
@ -726,7 +736,7 @@ class MemberTest extends FunctionalTest {
public function testUpdateCMSFields() {
Member::add_extension('MemberTest_FieldsExtension');
$member = singleton('Member');
$member = singleton('SilverStripe\\Security\\Member');
$fields = $member->getCMSFields();
$this->assertNotNull($fields->dataFieldByName('Email'), 'Scaffolded fields are retained');
@ -748,11 +758,11 @@ class MemberTest extends FunctionalTest {
* Test that only admin members are returned
*/
public function testMap_in_groupsReturnsAdmins() {
$adminID = $this->objFromFixture('Group', 'admingroup')->ID;
$adminID = $this->objFromFixture('SilverStripe\\Security\\Group', 'admingroup')->ID;
$members = Member::map_in_groups($adminID)->toArray();
$admin = $this->objFromFixture('Member', 'admin');
$otherAdmin = $this->objFromFixture('Member', 'other-admin');
$admin = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$otherAdmin = $this->objFromFixture('SilverStripe\\Security\\Member', 'other-admin');
$this->assertTrue(in_array($admin->getTitle(), $members),
$admin->getTitle().' should be in the returned list.');
@ -822,7 +832,7 @@ class MemberTest extends FunctionalTest {
}
public function testRememberMeHashGeneration() {
$m1 = $this->objFromFixture('Member', 'grouplessmember');
$m1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'grouplessmember');
$m1->login(true);
$hashes = RememberLoginHash::get()->filter('MemberID', $m1->ID);
@ -833,9 +843,10 @@ class MemberTest extends FunctionalTest {
}
public function testRememberMeHashAutologin() {
$m1 = $this->objFromFixture('Member', 'noexpiry');
/** @var Member $m1 */
$m1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'noexpiry');
$m1->login(true);
$m1->logIn(true);
$firstHash = RememberLoginHash::get()->filter('MemberID', $m1->ID)->First();
$this->assertNotNull($firstHash);
@ -892,7 +903,7 @@ class MemberTest extends FunctionalTest {
array(
'Email' => $m1->Email,
'Password' => '1nitialPassword',
'AuthenticationMethod' => 'MemberAuthenticator',
'AuthenticationMethod' => 'SilverStripe\\Security\\MemberAuthenticator',
'action_dologin' => 'action_dologin'
),
null,
@ -907,7 +918,7 @@ class MemberTest extends FunctionalTest {
}
public function testExpiredRememberMeHashAutologin() {
$m1 = $this->objFromFixture('Member', 'noexpiry');
$m1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'noexpiry');
$m1->login(true);
$firstHash = RememberLoginHash::get()->filter('MemberID', $m1->ID)->First();
@ -962,7 +973,7 @@ class MemberTest extends FunctionalTest {
}
public function testRememberMeMultipleDevices() {
$m1 = $this->objFromFixture('Member', 'noexpiry');
$m1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'noexpiry');
// First device
$m1->login(true);
@ -1021,10 +1032,10 @@ class MemberTest extends FunctionalTest {
);
$this->assertContains($message, $response->getBody());
$logout_across_devices = Config::inst()->get('RememberLoginHash', 'logout_across_devices');
$logout_across_devices = Config::inst()->get('SilverStripe\\Security\\RememberLoginHash', 'logout_across_devices');
// Logging out from the second device - only one device being logged out
Config::inst()->update('RememberLoginHash', 'logout_across_devices', false);
Config::inst()->update('SilverStripe\\Security\\RememberLoginHash', 'logout_across_devices', false);
$response = $this->get(
'Security/logout',
$this->session(),
@ -1040,7 +1051,7 @@ class MemberTest extends FunctionalTest {
);
// Logging out from any device when all login hashes should be removed
Config::inst()->update('RememberLoginHash', 'logout_across_devices', true);
Config::inst()->update('SilverStripe\\Security\\RememberLoginHash', 'logout_across_devices', true);
$m1->login(true);
$response = $this->get('Security/logout', $this->session());
$this->assertEquals(
@ -1048,14 +1059,14 @@ class MemberTest extends FunctionalTest {
0
);
Config::inst()->update('RememberLoginHash', 'logout_across_devices', $logout_across_devices);
Config::inst()->update('SilverStripe\\Security\\RememberLoginHash', 'logout_across_devices', $logout_across_devices);
}
public function testCanDelete() {
$admin1 = $this->objFromFixture('Member', 'admin');
$admin2 = $this->objFromFixture('Member', 'other-admin');
$member1 = $this->objFromFixture('Member', 'grouplessmember');
$member2 = $this->objFromFixture('Member', 'noformatmember');
$admin1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$admin2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'other-admin');
$member1 = $this->objFromFixture('SilverStripe\\Security\\Member', 'grouplessmember');
$member2 = $this->objFromFixture('SilverStripe\\Security\\Member', 'noformatmember');
$this->assertTrue(
$admin1->canDelete($admin2),
@ -1083,9 +1094,9 @@ class MemberTest extends FunctionalTest {
$maxFailedLoginsAllowed = 3;
//set up the config variables to enable login lockouts
Config::nest();
Config::inst()->update('Member', 'lock_out_after_incorrect_logins', $maxFailedLoginsAllowed);
Config::inst()->update('SilverStripe\\Security\\Member', 'lock_out_after_incorrect_logins', $maxFailedLoginsAllowed);
$member = $this->objFromFixture('Member', 'test');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$failedLoginCount = $member->FailedLoginCount;
for ($i = 1; $i < $maxFailedLoginsAllowed; ++$i) {
@ -1107,9 +1118,9 @@ class MemberTest extends FunctionalTest {
public function testMemberValidator()
{
// clear custom requirements for this test
Config::inst()->update('Member_Validator', 'customRequired', null);
$memberA = $this->objFromFixture('Member', 'admin');
$memberB = $this->objFromFixture('Member', 'test');
Config::inst()->update('SilverStripe\\Security\\Member_Validator', 'customRequired', null);
$memberA = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$memberB = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
// create a blank form
$form = new MemberTest_ValidatorForm();
@ -1173,7 +1184,7 @@ class MemberTest extends FunctionalTest {
public function testMemberValidatorWithExtensions()
{
// clear custom requirements for this test
Config::inst()->update('Member_Validator', 'customRequired', null);
Config::inst()->update('SilverStripe\\Security\\Member_Validator', 'customRequired', null);
// create a blank form
$form = new MemberTest_ValidatorForm();
@ -1231,9 +1242,9 @@ class MemberTest extends FunctionalTest {
public function testCustomMemberValidator()
{
// clear custom requirements for this test
Config::inst()->update('Member_Validator', 'customRequired', null);
Config::inst()->update('SilverStripe\\Security\\Member_Validator', 'customRequired', null);
$member = $this->objFromFixture('Member', 'admin');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'admin');
$form = new MemberTest_ValidatorForm();
$form->loadDataFrom($member);

30
tests/security/MemberTest.yml
View File

@ -1,51 +1,51 @@
Permission:
'SilverStripe\Security\Permission':
admin:
Code: ADMIN
security-admin:
Code: CMS_ACCESS_SecurityAdmin
Group:
'SilverStripe\Security\Group':
admingroup:
Title: Admin
Code: admin
Permissions: =>Permission.admin
Permissions: '=>SilverStripe\Security\Permission.admin'
securityadminsgroup:
Title: securityadminsgroup
Code: securityadminsgroup
Permissions: =>Permission.security-admin
Permissions: '=>SilverStripe\Security\Permission.security-admin'
staffgroup:
Title: staffgroup
Code: staffgroup
managementgroup:
Title: managementgroup
Code: managementgroup
Parent: =>Group.staffgroup
Parent: '=>SilverStripe\Security\Group.staffgroup'
accountinggroup:
Title: accountinggroup
Code: accountinggroup
Parent: =>Group.staffgroup
Parent: '=>SilverStripe\Security\Group.staffgroup'
ceogroup:
Title: ceogroup
Code: ceogroup
Parent: =>Group.managementgroup
Parent: '=>SilverStripe\Security\Group.managementgroup'
memberlessgroup:
Title: Memberless Group
code: memberless
Member:
'SilverStripe\Security\Member':
admin:
FirstName: Admin
Email: admin@silverstripe.com
Groups: =>Group.admingroup
Groups: '=>SilverStripe\Security\Group.admingroup'
other-admin:
FirstName: OtherAdmin
Email: other-admin@silverstripe.com
Groups: =>Group.admingroup
Groups: '=>SilverStripe\Security\Group.admingroup'
test:
FirstName: Test
Surname: User
Email: testuser@example.com
Password: 1nitialPassword
PasswordExpiry: 2030-01-01
Groups: =>Group.securityadminsgroup
Groups: '=>SilverStripe\Security\Group.securityadminsgroup'
expiredpassword:
FirstName: Test
Surname: User
@ -59,16 +59,16 @@ Member:
Password: 1nitialPassword
staffmember:
Email: staffmember@test.com
Groups: =>Group.staffgroup
Groups: '=>SilverStripe\Security\Group.staffgroup'
managementmember:
Email: managementmember@test.com
Groups: =>Group.managementgroup
Groups: '=>SilverStripe\Security\Group.managementgroup'
accountingmember:
Email: accountingmember@test.com
Groups: =>Group.accountinggroup
Groups: '=>SilverStripe\Security\Group.accountinggroup'
ceomember:
Email: ceomember@test.com
Groups: =>Group.ceogroup
Groups: '=>SilverStripe\Security\Group.ceogroup'
grouplessmember:
FirstName: Groupless Member
noformatmember:

64
tests/security/PasswordEncryptorTest.php
View File

@ -1,4 +1,8 @@
<?php
use SilverStripe\Security\PasswordEncryptor_Blowfish;
use SilverStripe\Security\PasswordEncryptor;
class PasswordEncryptorTest extends SapphireTest {
/**
@ -19,22 +23,28 @@ class PasswordEncryptorTest extends SapphireTest {
}
public function testCreateForCode() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('test'=>array('PasswordEncryptorTest_TestEncryptor'=>null)));
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test' => ['PasswordEncryptorTest_TestEncryptor' => null]]
);
$e = PasswordEncryptor::create_for_algorithm('test');
$this->assertInstanceOf('PasswordEncryptorTest_TestEncryptor', $e );
}
/**
* @expectedException PasswordEncryptor_NotFoundException
* @expectedException SilverStripe\Security\PasswordEncryptor_NotFoundException
*/
public function testCreateForCodeNotFound() {
PasswordEncryptor::create_for_algorithm('unknown');
}
public function testRegister() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('test'=>array('PasswordEncryptorTest_TestEncryptor'=>null)));
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
array('test' => array('PasswordEncryptorTest_TestEncryptor' => null))
);
$encryptors = PasswordEncryptor::get_encryptors();
$this->assertContains('test', array_keys($encryptors));
$encryptor = $encryptors['test'];
@ -42,22 +52,31 @@ class PasswordEncryptorTest extends SapphireTest {
}
public function testUnregister() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('test'=>array('PasswordEncryptorTest_TestEncryptor'=>null)));
Config::inst()->remove('PasswordEncryptor', 'encryptors', 'test');
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
array('test' => array('PasswordEncryptorTest_TestEncryptor' => null))
);
Config::inst()->remove('SilverStripe\\Security\\PasswordEncryptor', 'encryptors', 'test');
$this->assertNotContains('test', array_keys(PasswordEncryptor::get_encryptors()));
}
public function testEncryptorPHPHashWithArguments() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('test_md5'=>array('PasswordEncryptor_PHPHash'=>'md5')));
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test_md5' => ['SilverStripe\\Security\\PasswordEncryptor_PHPHash'=>'md5']]
);
$e = PasswordEncryptor::create_for_algorithm('test_md5');
$this->assertEquals('md5', $e->getAlgorithm());
}
public function testEncryptorPHPHash() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('test_sha1'=>array('PasswordEncryptor_PHPHash'=>'sha1')));
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test_sha1' => ['SilverStripe\\Security\\PasswordEncryptor_PHPHash' => 'sha1']]
);
$e = PasswordEncryptor::create_for_algorithm('test_sha1');
$password = 'mypassword';
$salt = 'mysalt';
@ -68,8 +87,11 @@ class PasswordEncryptorTest extends SapphireTest {
}
public function testEncryptorBlowfish() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('test_blowfish'=>array('PasswordEncryptor_Blowfish'=>'')));
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test_blowfish' => ['SilverStripe\\Security\\PasswordEncryptor_Blowfish' => '']]
);
$e = PasswordEncryptor::create_for_algorithm('test_blowfish');
$password = 'mypassword';
@ -114,8 +136,11 @@ class PasswordEncryptorTest extends SapphireTest {
}
public function testEncryptorPHPHashCheck() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('test_sha1'=>array('PasswordEncryptor_PHPHash'=>'sha1')));
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test_sha1' => ['SilverStripe\\Security\\PasswordEncryptor_PHPHash' => 'sha1']]
);
$e = PasswordEncryptor::create_for_algorithm('test_sha1');
$this->assertTrue($e->check(sha1('mypassword'), 'mypassword'));
$this->assertFalse($e->check(sha1('mypassword'), 'mywrongpassword'));
@ -128,8 +153,11 @@ class PasswordEncryptorTest extends SapphireTest {
* php -r "echo(base_convert(sha1('mypassword'), 16, 36));"
*/
public function testEncryptorLegacyPHPHashCheck() {
Config::inst()->update('PasswordEncryptor', 'encryptors',
array('test_sha1legacy'=>array('PasswordEncryptor_LegacyPHPHash'=>'sha1')));
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test_sha1legacy' => ['SilverStripe\\Security\\PasswordEncryptor_LegacyPHPHash' => 'sha1']]
);
$e = PasswordEncryptor::create_for_algorithm('test_sha1legacy');
// precomputed hashes for 'mypassword' from different architectures
$amdHash = 'h1fj0a6m4o6k0sosks88oo08ko4gc4s';

3
tests/security/PasswordValidatorTest.php
View File

@ -1,4 +1,7 @@
<?php
use SilverStripe\Security\PasswordValidator;
use SilverStripe\Security\Member;
/**
* @package framework
* @subpackage tests

18
tests/security/PermissionCheckboxSetFieldTest.php
View File

@ -1,6 +1,8 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\PermissionCheckboxSetField;
/**
* @package framework
* @subpackage tests
@ -12,7 +14,7 @@ class PermissionCheckboxSetFieldTest extends SapphireTest {
$f = new PermissionCheckboxSetField(
'Permissions',
'Permissions',
'Permission',
'SilverStripe\\Security\\Permission',
'GroupID'
);
$f->setHiddenPermissions(
@ -27,19 +29,19 @@ class PermissionCheckboxSetFieldTest extends SapphireTest {
}
public function testSaveInto() {
$group = $this->objFromFixture('Group', 'group'); // tested group
$untouchable = $this->objFromFixture('Group', 'untouchable'); // group that should not change
$group = $this->objFromFixture('SilverStripe\\Security\\Group', 'group'); // tested group
$untouchable = $this->objFromFixture('SilverStripe\\Security\\Group', 'untouchable'); // group that should not change
$field = new PermissionCheckboxSetField(
'Permissions',
'Permissions',
'Permission',
'SilverStripe\\Security\\Permission',
'GroupID',
$group
);
// get the number of permissions before we start
$baseCount = DataObject::get('Permission')->Count();
$baseCount = DataObject::get('SilverStripe\\Security\\Permission')->Count();
// there are currently no permissions, save empty checkbox
$field->saveInto($group);
@ -51,7 +53,7 @@ class PermissionCheckboxSetFieldTest extends SapphireTest {
$this->assertEquals($untouchable->Permissions()->where("\"Code\"='ADMIN'")->Count(), 1,
'The other group has ADMIN permission');
$this->assertEquals(DataObject::get('Permission')->Count(), $baseCount, 'There are no orphaned permissions');
$this->assertEquals(DataObject::get('SilverStripe\\Security\\Permission')->Count(), $baseCount, 'There are no orphaned permissions');
// add some permissions
$field->setValue(array(
@ -74,7 +76,7 @@ class PermissionCheckboxSetFieldTest extends SapphireTest {
$this->assertEquals($untouchable->Permissions()->where("\"Code\"='ADMIN'")->Count(), 1,
'The other group has ADMIN permission');
$this->assertEquals(DataObject::get('Permission')->Count(), $baseCount+2,
$this->assertEquals(DataObject::get('SilverStripe\\Security\\Permission')->Count(), $baseCount+2,
'There are no orphaned permissions');
// remove permission
@ -95,7 +97,7 @@ class PermissionCheckboxSetFieldTest extends SapphireTest {
$this->assertEquals($untouchable->Permissions()->where("\"Code\"='ADMIN'")->Count(), 1,
'The other group has ADMIN permission');
$this->assertEquals(DataObject::get('Permission')->Count(), $baseCount+1,
$this->assertEquals(DataObject::get('SilverStripe\\Security\\Permission')->Count(), $baseCount+1,
'There are no orphaned permissions');
}
}

22
tests/security/PermissionCheckboxSetFieldTest.yml
View File

@ -1,11 +1,11 @@
Group:
group:
Code: group
untouchable:
Code: untouchable
Permission:
perm1:
Code: ADMIN
Group: =>Group.untouchable
perm2:
Code: NON-ADMIN
'SilverStripe\Security\Group':
group:
Code: group
untouchable:
Code: untouchable
'SilverStripe\Security\Permission':
perm1:
Code: ADMIN
Group: '=>SilverStripe\Security\Group.untouchable'
perm2:
Code: NON-ADMIN

8
tests/security/PermissionRoleTest.php
View File

@ -1,6 +1,8 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\PermissionRoleCode;
/**
* @package framework
* @subpackage tests
@ -9,13 +11,13 @@ class PermissionRoleTest extends FunctionalTest {
protected static $fixture_file = 'PermissionRoleTest.yml';
public function testDelete() {
$role = $this->objFromFixture('PermissionRole', 'role');
$role = $this->objFromFixture('SilverStripe\\Security\\PermissionRole', 'role');
$role->delete();
$this->assertEquals(0, DataObject::get('PermissionRole', "\"ID\"={$role->ID}")->count(),
$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\PermissionRole', "\"ID\"={$role->ID}")->count(),
'Role is removed');
$this->assertEquals(0, DataObject::get('PermissionRoleCode',"\"RoleID\"={$role->ID}")->count(),
$this->assertEquals(0, DataObject::get('SilverStripe\\Security\\PermissionRoleCode',"\"RoleID\"={$role->ID}")->count(),
'Permissions removed along with the role');
}

14
tests/security/PermissionRoleTest.yml
View File

@ -1,7 +1,7 @@
PermissionRole:
role:
Title: role
PermissionRoleCode:
code:
Code: ADMIN
Role: =>PermissionRole.role
'SilverStripe\Security\PermissionRole':
role:
Title: role
'SilverStripe\Security\PermissionRoleCode':
code:
Code: ADMIN
Role: '=>SilverStripe\Security\PermissionRole.role'

30
tests/security/PermissionTest.php
View File

@ -1,5 +1,9 @@
<?php
use SilverStripe\Security\Permission;
use SilverStripe\Security\Member;
use SilverStripe\Security\PermissionCheckboxSetField;
/**
* @package framework
* @subpackage tests
@ -19,12 +23,12 @@ class PermissionTest extends SapphireTest {
}
public function testDirectlyAppliedPermissions() {
$member = $this->objFromFixture('Member', 'author');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'author');
$this->assertTrue(Permission::checkMember($member, "SITETREE_VIEW_ALL"));
}
public function testCMSAccess() {
$members = Member::get()->byIDs($this->allFixtureIDs('Member'));
$members = Member::get()->byIDs($this->allFixtureIDs('SilverStripe\\Security\\Member'));
foreach ($members as $member) {
$this->assertTrue(Permission::checkMember($member, 'CMS_ACCESS'));
}
@ -41,7 +45,7 @@ class PermissionTest extends SapphireTest {
public function testLeftAndMainAccessAll() {
//add user and group
$member = $this->objFromFixture('Member', 'leftandmain');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'leftandmain');
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_MyAdmin"));
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin"));
@ -49,14 +53,14 @@ class PermissionTest extends SapphireTest {
}
public function testPermissionAreInheritedFromOneRole() {
$member = $this->objFromFixture('Member', 'author');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'author');
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_MyAdmin"));
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin"));
$this->assertFalse(Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin"));
}
public function testPermissionAreInheritedFromMultipleRoles() {
$member = $this->objFromFixture('Member', 'access');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'access');
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_MyAdmin"));
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_AssetAdmin"));
$this->assertTrue(Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin"));
@ -65,7 +69,7 @@ class PermissionTest extends SapphireTest {
}
public function testPermissionsForMember() {
$member = $this->objFromFixture('Member', 'access');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'access');
$permissions = Permission::permissions_for_member($member->ID);
$this->assertEquals(4, count($permissions));
$this->assertTrue(in_array('CMS_ACCESS_MyAdmin', $permissions));
@ -73,7 +77,7 @@ class PermissionTest extends SapphireTest {
$this->assertTrue(in_array('CMS_ACCESS_SecurityAdmin', $permissions));
$this->assertTrue(in_array('EDIT_PERMISSIONS', $permissions));
$group = $this->objFromFixture("Group", "access");
$group = $this->objFromFixture("SilverStripe\\Security\\Group", "access");
Permission::deny($group->ID, "CMS_ACCESS_MyAdmin");
$permissions = Permission::permissions_for_member($member->ID);
@ -82,7 +86,7 @@ class PermissionTest extends SapphireTest {
}
public function testRolesAndPermissionsFromParentGroupsAreInherited() {
$member = $this->objFromFixture('Member', 'globalauthor');
$member = $this->objFromFixture('SilverStripe\\Security\\Member', 'globalauthor');
// Check that permissions applied to the group are there
$this->assertTrue(Permission::checkMember($member, "SITETREE_EDIT_ALL"));
@ -101,8 +105,8 @@ class PermissionTest extends SapphireTest {
* Ensure the the get_*_by_permission functions are permission role aware
*/
public function testGettingMembersByPermission() {
$accessMember = $this->objFromFixture('Member', 'access');
$accessAuthor = $this->objFromFixture('Member', 'author');
$accessMember = $this->objFromFixture('SilverStripe\\Security\\Member', 'access');
$accessAuthor = $this->objFromFixture('SilverStripe\\Security\\Member', 'author');
$result = Permission::get_members_by_permission(array('CMS_ACCESS_SecurityAdmin'));
$resultIDs = $result ? $result->column() : array();
@ -114,14 +118,14 @@ class PermissionTest extends SapphireTest {
public function testHiddenPermissions(){
$permissionCheckboxSet = new PermissionCheckboxSetField('Permissions','Permissions','Permission','GroupID');
$permissionCheckboxSet = new PermissionCheckboxSetField('Permissions','Permissions','SilverStripe\\Security\\Permission','GroupID');
$this->assertContains('CMS_ACCESS_LeftAndMain', $permissionCheckboxSet->Field());
Config::inst()->update('Permission', 'hidden_permissions', array('CMS_ACCESS_LeftAndMain'));
Config::inst()->update('SilverStripe\\Security\\Permission', 'hidden_permissions', array('CMS_ACCESS_LeftAndMain'));
$this->assertNotContains('CMS_ACCESS_LeftAndMain', $permissionCheckboxSet->Field());
Config::inst()->remove('Permission', 'hidden_permissions');
Config::inst()->remove('SilverStripe\\Security\\Permission', 'hidden_permissions');
$this->assertContains('CMS_ACCESS_LeftAndMain', $permissionCheckboxSet->Field());
}

38
tests/security/PermissionTest.yml
View File

@ -1,25 +1,25 @@
PermissionRole:
'SilverStripe\Security\PermissionRole':
author:
Title: Author
access:
Title: Access Administrator
PermissionRoleCode:
'SilverStripe\Security\PermissionRoleCode':
author1:
Role: =>PermissionRole.author
Role: '=>SilverStripe\Security\PermissionRole.author'
Code: CMS_ACCESS_MyAdmin
author2:
Role: =>PermissionRole.author
Role: '=>SilverStripe\Security\PermissionRole.author'
Code: CMS_ACCESS_AssetAdmin
access1:
Role: =>PermissionRole.access
Role: '=>SilverStripe\Security\PermissionRole.access'
Code: CMS_ACCESS_SecurityAdmin
access2:
Role: =>PermissionRole.access
Role: '=>SilverStripe\Security\PermissionRole.access'
Code: EDIT_PERMISSIONS
Member:
'SilverStripe\Security\Member':
author:
FirstName: Test
Surname: Author
@ -34,30 +34,30 @@ Member:
Surname: AndMain
Email: leftandmain@example.com
Group:
'SilverStripe\Security\Group':
author:
Title: Authors
Members: =>Member.author
Roles: =>PermissionRole.author
Members: '=>SilverStripe\Security\Member.author'
Roles: '=>SilverStripe\Security\PermissionRole.author'
access:
Title: Access Administrators + Authors
Members: =>Member.access
Roles: =>PermissionRole.access,=>PermissionRole.author
Members: '=>SilverStripe\Security\Member.access'
Roles: '=>SilverStripe\Security\PermissionRole.access,=>SilverStripe\Security\PermissionRole.author'
globalauthor:
Parent: =>Group.author
Parent: '=>SilverStripe\Security\Group.author'
Title: Global Authors
Members: =>Member.globalauthor
Members: '=>SilverStripe\Security\Member.globalauthor'
leftandmain:
Title: LeftAndMain
Members: =>Member.leftandmain
Members: '=>SilverStripe\Security\Member.leftandmain'
Permission:
'SilverStripe\Security\Permission':
extra1:
Code: SITETREE_VIEW_ALL
Group: =>Group.author
Group: '=>SilverStripe\Security\Group.author'
globalauthor:
Code: SITETREE_EDIT_ALL
Group: =>Group.globalauthor
Group: '=>SilverStripe\Security\Group.globalauthor'
leftandmain:
Code: CMS_ACCESS_LeftAndMain
Group: =>Group.leftandmain
Group: '=>SilverStripe\Security\Group.leftandmain'

2
tests/security/RandomGeneratorTest.php
View File

@ -1,4 +1,6 @@
<?php
use SilverStripe\Security\RandomGenerator;
/**
* @package framework
* @subpackage tests

10
tests/security/SecurityDefaultAdminTest.php
View File

@ -1,4 +1,8 @@
<?php
use SilverStripe\Security\Security;
use SilverStripe\Security\Permission;
use SilverStripe\Security\Member;
class SecurityDefaultAdminTest extends SapphireTest {
protected $usesDatabase = true;
@ -49,7 +53,7 @@ class SecurityDefaultAdminTest extends SapphireTest {
$admin = Security::findAnAdministrator();
$this->assertInstanceOf('Member', $admin);
$this->assertInstanceOf('SilverStripe\\Security\\Member', $admin);
$this->assertTrue(Permission::checkMember($admin, 'ADMIN'));
$this->assertEquals($admin->Email, Security::default_admin_username());
$this->assertNull($admin->Password);
@ -64,7 +68,7 @@ class SecurityDefaultAdminTest extends SapphireTest {
$admin = Security::findAnAdministrator();
$this->assertInstanceOf('Member', $admin);
$this->assertInstanceOf('SilverStripe\\Security\\Member', $admin);
$this->assertTrue(Permission::checkMember($admin, 'ADMIN'));
// User should be blank
@ -78,7 +82,7 @@ class SecurityDefaultAdminTest extends SapphireTest {
$admin = Member::default_admin();
$this->assertInstanceOf('Member', $admin);
$this->assertInstanceOf('SilverStripe\\Security\\Member', $admin);
$this->assertTrue(Permission::checkMember($admin, 'ADMIN'));
$this->assertEquals($admin->Email, Security::default_admin_username());
$this->assertNull($admin->Password);

82
tests/security/SecurityTest.php
View File

@ -6,6 +6,11 @@ use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\ORM\FieldType\DBClassName;
use SilverStripe\ORM\DB;
use SilverStripe\Security\Authenticator;
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;
use SilverStripe\Security\Permission;
/**
@ -35,8 +40,8 @@ class SecurityTest extends FunctionalTest {
Authenticator::unregister($authenticator);
}
Authenticator::register('MemberAuthenticator');
Authenticator::set_default_authenticator('MemberAuthenticator');
Authenticator::register('SilverStripe\\Security\\MemberAuthenticator');
Authenticator::set_default_authenticator('SilverStripe\\Security\\MemberAuthenticator');
// And that the unique identified field is 'Email'
$this->priorUniqueIdentifierField = Member::config()->unique_identifier_field;
@ -50,8 +55,8 @@ class SecurityTest extends FunctionalTest {
// Restore selected authenticator
// MemberAuthenticator might not actually be present
if(!in_array('MemberAuthenticator', $this->priorAuthenticators)) {
Authenticator::unregister('MemberAuthenticator');
if(!in_array('SilverStripe\\Security\\MemberAuthenticator', $this->priorAuthenticators)) {
Authenticator::unregister('SilverStripe\\Security\\MemberAuthenticator');
}
foreach($this->priorAuthenticators as $authenticator) {
Authenticator::register($authenticator);
@ -71,7 +76,7 @@ class SecurityTest extends FunctionalTest {
$response = $this->get('SecurityTest_SecuredController');
$this->assertEquals(302, $response->getStatusCode());
$this->assertContains(
Config::inst()->get('Security', 'login_url'),
Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'),
$response->getHeader('Location')
);
@ -94,13 +99,13 @@ class SecurityTest extends FunctionalTest {
$this->assertEquals('Oops, not allowed', Session::get('Security.Message.message'));
// Test that config values are used correctly
Config::inst()->update('Security', 'default_message_set', 'stringvalue');
Config::inst()->update('SilverStripe\\Security\\Security', 'default_message_set', 'stringvalue');
Security::permissionFailure($controller);
$this->assertEquals('stringvalue', Session::get('Security.Message.message'),
'Default permission failure message value was not present');
Config::inst()->remove('Security', 'default_message_set');
Config::inst()->update('Security', 'default_message_set', array('default' => 'arrayvalue'));
Config::inst()->remove('SilverStripe\\Security\\Security', 'default_message_set');
Config::inst()->update('SilverStripe\\Security\\Security', 'default_message_set', array('default' => 'arrayvalue'));
Security::permissionFailure($controller);
$this->assertEquals('arrayvalue', Session::get('Security.Message.message'),
'Default permission failure message value was not present');
@ -110,7 +115,7 @@ class SecurityTest extends FunctionalTest {
// been fetched and output as part of it, so has been removed from the session
$this->logInWithPermission('EDITOR');
Config::inst()->update('Security', 'default_message_set',
Config::inst()->update('SilverStripe\\Security\\Security', 'default_message_set',
array('default' => 'default', 'alreadyLoggedIn' => 'You are already logged in!'));
Security::permissionFailure($controller);
$this->assertContains('You are already logged in!', $controller->getResponse()->getBody(),
@ -182,13 +187,13 @@ class SecurityTest extends FunctionalTest {
}
public function testLogInAsSomeoneElse() {
$member = DataObject::get_one('Member');
$member = DataObject::get_one('SilverStripe\\Security\\Member');
/* Log in with any user that we can find */
$this->session()->inst_set('loggedInAs', $member->ID);
/* View the Security/login page */
$response = $this->get(Config::inst()->get('Security', 'login_url'));
$response = $this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'));
$items = $this->cssParser()->getBySelector('#MemberLoginForm_LoginForm input.action');
@ -202,7 +207,7 @@ class SecurityTest extends FunctionalTest {
'MemberLoginForm_LoginForm',
null,
array(
'AuthenticationMethod' => 'MemberAuthenticator',
'AuthenticationMethod' => 'SilverStripe\\Security\\MemberAuthenticator',
'action_dologout' => 1,
)
);
@ -222,7 +227,7 @@ class SecurityTest extends FunctionalTest {
$this->autoFollowRedirection = true;
/* Attempt to get into the admin section */
$response = $this->get(Config::inst()->get('Security', 'login_url'));
$response = $this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'));
$items = $this->cssParser()->getBySelector('#MemberLoginForm_LoginForm input.text');
@ -239,7 +244,7 @@ class SecurityTest extends FunctionalTest {
// Test that username does not persist
$this->session()->inst_set('SessionForms.MemberLoginForm.Email', 'myuser@silverstripe.com');
Security::config()->remember_username = false;
$this->get(Config::inst()->get('Security', 'login_url'));
$this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'));
$items = $this
->cssParser()
->getBySelector('#MemberLoginForm_LoginForm #MemberLoginForm_LoginForm_Email');
@ -253,7 +258,7 @@ class SecurityTest extends FunctionalTest {
// Test that username does persist when necessary
$this->session()->inst_set('SessionForms.MemberLoginForm.Email', 'myuser@silverstripe.com');
Security::config()->remember_username = true;
$this->get(Config::inst()->get('Security', 'login_url'));
$this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'));
$items = $this
->cssParser()
->getBySelector('#MemberLoginForm_LoginForm #MemberLoginForm_LoginForm_Email');
@ -322,7 +327,7 @@ class SecurityTest extends FunctionalTest {
Controller::join_links(Director::absoluteBaseURL(), 'test/link'),
$goodResponse->getHeader('Location')
);
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs'));
/* EXPIRED PASSWORDS ARE SENT TO THE CHANGE PASSWORD FORM */
$expiredResponse = $this->doTestLoginForm('expired@silverstripe.com' , '1nitialPassword');
@ -331,7 +336,7 @@ class SecurityTest extends FunctionalTest {
Controller::join_links(Director::baseURL(), 'Security/changepassword'),
$expiredResponse->getHeader('Location')
);
$this->assertEquals($this->idFromFixture('Member', 'expiredpassword'),
$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'expiredpassword'),
$this->session()->inst_get('loggedInAs'));
// Make sure it redirects correctly after the password has been changed
@ -355,7 +360,7 @@ class SecurityTest extends FunctionalTest {
Controller::join_links(Director::absoluteBaseURL(), 'test/back'),
$changedResponse->getHeader('Location')
);
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs'));
// Check if we can login with the new password
$goodResponse = $this->doTestLoginForm('testuser@example.com' , 'changedPassword');
@ -364,11 +369,11 @@ class SecurityTest extends FunctionalTest {
Controller::join_links(Director::absoluteBaseURL(), 'test/link'),
$goodResponse->getHeader('Location')
);
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs'));
}
public function testChangePasswordFromLostPassword() {
$admin = $this->objFromFixture('Member', 'test');
$admin = $this->objFromFixture('SilverStripe\\Security\\Member', 'test');
$admin->FailedLoginCount = 99;
$admin->LockedOutUntil = DBDatetime::now()->Format('Y-m-d H:i:s');
$admin->write();
@ -382,7 +387,7 @@ class SecurityTest extends FunctionalTest {
$this->assertEmailSent('testuser@example.com');
// Load password link from email
$admin = DataObject::get_by_id('Member', $admin->ID);
$admin = DataObject::get_by_id('SilverStripe\\Security\\Member', $admin->ID);
$this->assertNotNull($admin->AutoLoginHash, 'Hash has been written after lost password');
// We don't have access to the token - generate a new token and hash pair.
@ -396,14 +401,14 @@ class SecurityTest extends FunctionalTest {
// Follow redirection to form without hash in GET parameter
$response = $this->get('Security/changepassword');
$changedResponse = $this->doTestChangepasswordForm('1nitialPassword', 'changedPassword');
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs'));
// Check if we can login with the new password
$goodResponse = $this->doTestLoginForm('testuser@example.com' , 'changedPassword');
$this->assertEquals(302, $goodResponse->getStatusCode());
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
$this->assertEquals($this->idFromFixture('SilverStripe\\Security\\Member', 'test'), $this->session()->inst_get('loggedInAs'));
$admin = DataObject::get_by_id('Member', $admin->ID, false);
$admin = DataObject::get_by_id('SilverStripe\\Security\\Member', $admin->ID, false);
$this->assertNull($admin->LockedOutUntil);
$this->assertEquals(0, $admin->FailedLoginCount);
}
@ -418,7 +423,7 @@ class SecurityTest extends FunctionalTest {
// Login with a wrong password for more than the defined threshold
for($i = 1; $i <= Member::config()->lock_out_after_incorrect_logins+1; $i++) {
$this->doTestLoginForm('testuser@example.com' , 'incorrectpassword');
$member = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
$member = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'test'));
if($i < Member::config()->lock_out_after_incorrect_logins) {
$this->assertNull(
@ -454,7 +459,7 @@ class SecurityTest extends FunctionalTest {
);
// (We fake this by re-setting LockedOutUntil)
$member = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
$member = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'test'));
$member->LockedOutUntil = date('Y-m-d H:i:s', time() - 30);
$member->write();
$this->doTestLoginForm('testuser@example.com' , '1nitialPassword');
@ -499,8 +504,8 @@ class SecurityTest extends FunctionalTest {
$this->doTestLoginForm('noexpiry@silverstripe.com' , 'incorrectpassword');
$this->doTestLoginForm('noexpiry@silverstripe.com' , 'incorrectpassword');
$member1 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
$member2 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'noexpiry'));
$member1 = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'test'));
$member2 = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'noexpiry'));
$this->assertNull($member1->LockedOutUntil);
$this->assertNull($member2->LockedOutUntil);
@ -509,11 +514,11 @@ class SecurityTest extends FunctionalTest {
// THIS SESSION
$this->doTestLoginForm('testuser@example.com' , 'incorrectpassword');
$member1 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'test'));
$member1 = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'test'));
$this->assertNotNull($member1->LockedOutUntil);
$this->doTestLoginForm('noexpiry@silverstripe.com' , 'incorrectpassword');
$member2 = DataObject::get_by_id("Member", $this->idFromFixture('Member', 'noexpiry'));
$member2 = DataObject::get_by_id("SilverStripe\\Security\\Member", $this->idFromFixture('SilverStripe\\Security\\Member', 'noexpiry'));
$this->assertNotNull($member2->LockedOutUntil);
}
@ -522,11 +527,11 @@ class SecurityTest extends FunctionalTest {
/* UNSUCCESSFUL ATTEMPTS WITH WRONG PASSWORD FOR EXISTING USER ARE LOGGED */
$this->doTestLoginForm('testuser@example.com', 'wrongpassword');
$attempt = DataObject::get_one('LoginAttempt', array(
$attempt = DataObject::get_one('SilverStripe\\Security\\LoginAttempt', array(
'"LoginAttempt"."Email"' => 'testuser@example.com'
));
$this->assertTrue(is_object($attempt));
$member = DataObject::get_one('Member', array(
$member = DataObject::get_one('SilverStripe\\Security\\Member', array(
'"Member"."Email"' => 'testuser@example.com'
));
$this->assertEquals($attempt->Status, 'Failure');
@ -535,7 +540,7 @@ class SecurityTest extends FunctionalTest {
/* UNSUCCESSFUL ATTEMPTS WITH NONEXISTING USER ARE LOGGED */
$this->doTestLoginForm('wronguser@silverstripe.com', 'wrongpassword');
$attempt = DataObject::get_one('LoginAttempt', array(
$attempt = DataObject::get_one('SilverStripe\\Security\\LoginAttempt', array(
'"LoginAttempt"."Email"' => 'wronguser@silverstripe.com'
));
$this->assertTrue(is_object($attempt));
@ -551,10 +556,10 @@ class SecurityTest extends FunctionalTest {
/* SUCCESSFUL ATTEMPTS ARE LOGGED */
$this->doTestLoginForm('testuser@example.com', '1nitialPassword');
$attempt = DataObject::get_one('LoginAttempt', array(
$attempt = DataObject::get_one('SilverStripe\\Security\\LoginAttempt', array(
'"LoginAttempt"."Email"' => 'testuser@example.com'
));
$member = DataObject::get_one('Member', array(
$member = DataObject::get_one('SilverStripe\\Security\\Member', array(
'"Member"."Email"' => 'testuser@example.com'
));
$this->assertTrue(is_object($attempt));
@ -571,6 +576,7 @@ class SecurityTest extends FunctionalTest {
// Assumption: The database has been built correctly by the test runner,
// and has all columns present in the ORM
/** @skipUpgrade */
DB::get_schema()->renameField('Member', 'Email', 'Email_renamed');
// Email column is now missing, which means we're not ready to do permission checks
@ -588,9 +594,9 @@ class SecurityTest extends FunctionalTest {
* Helper method for the tests above
*/
public function doTestLoginForm($email, $password, $backURL = 'test/link') {
$this->get(Config::inst()->get('Security', 'logout_url'));
$this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'logout_url'));
$this->session()->inst_set('BackURL', $backURL);
$this->get(Config::inst()->get('Security', 'login_url'));
$this->get(Config::inst()->get('SilverStripe\\Security\\Security', 'login_url'));
return $this->submitForm(
"MemberLoginForm_LoginForm",
@ -598,7 +604,7 @@ class SecurityTest extends FunctionalTest {
array(
'Email' => $email,
'Password' => $password,
'AuthenticationMethod' => 'MemberAuthenticator',
'AuthenticationMethod' => 'SilverStripe\\Security\\MemberAuthenticator',
'action_dologin' => 1,
)
);

4
tests/security/SecurityTokenTest.php
View File

@ -1,4 +1,6 @@
<?php
use SilverStripe\Security\SecurityToken;
/**
* @package framework
* @subpackage tests
@ -41,7 +43,7 @@ class SecurityTokenTest extends SapphireTest {
public function testInst() {
$inst1 = SecurityToken::inst();
$this->assertInstanceOf('SecurityToken', $inst1);
$this->assertInstanceOf('SilverStripe\\Security\\SecurityToken', $inst1);
}
public function testInstReturnsSingleton() {

4
tests/tasks/EncryptAllPasswordsTaskTest.php
View File

@ -1,6 +1,8 @@
<?php
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
/**
* @package framework
* @subpackage tests
@ -15,7 +17,7 @@ class EncryptAllPasswordsTaskTest extends SapphireTest {
$t = new EncryptAllPasswordsTask();
$t->run(null);
$m = DataObject::get_by_id('Member', $m->ID);
$m = DataObject::get_by_id('SilverStripe\\Security\\Member', $m->ID);
$this->assertEquals($m->PasswordEncryption, 'blowfish');
$this->assertNotEquals($m->Password, 'plain');
$result = $m->checkPassword('plain');

4
tests/view/SSViewerTest.php
View File

@ -2,6 +2,10 @@
use SilverStripe\ORM\ArrayList;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
use SilverStripe\Security\SecurityToken;
use SilverStripe\Security\Permission;
class SSViewerTest extends SapphireTest {

2
view/SSViewer.php
View File

@ -2,6 +2,8 @@
use SilverStripe\ORM\FieldType\DBField;
use SilverStripe\Security\Permission;
/**