tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #7414 from open-sausages/pulls/4.0/basic-auth-var

Browse Source 
BUG Restore SS_USE_BASIC_AUTH env var
This commit is contained in:
Chris Joe 2017-10-02 15:11:19 +13:00 committed by GitHub
commit b219e40ff7
1 changed files with 35 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
src/Security/BasicAuth.php
View File

@ -8,9 +8,8 @@ use SilverStripe\Control\HTTPRequest;
use SilverStripe\Control\HTTPResponse; use SilverStripe\Control\HTTPResponse;
use SilverStripe\Control\HTTPResponse_Exception; use SilverStripe\Control\HTTPResponse_Exception;
use SilverStripe\Core\Config\Configurable; use SilverStripe\Core\Config\Configurable;
use SilverStripe\Dev\Debug;
use SilverStripe\Security\MemberAuthenticator\MemberAuthenticator;
use SilverStripe\ORM\Connect\DatabaseException; use SilverStripe\ORM\Connect\DatabaseException;
use SilverStripe\Security\MemberAuthenticator\MemberAuthenticator;
/** /**
* Provides an interface to HTTP basic authentication. * Provides an interface to HTTP basic authentication.
@ -25,6 +24,16 @@ class BasicAuth
{ {
use Configurable; use Configurable;
/**
* Env var to set to enable basic auth
*/
const USE_BASIC_AUTH = 'SS_USE_BASIC_AUTH';
/**
* Default permission code
*/
const AUTH_PERMISSION = 'ADMIN';
/** /**
* @config * @config
* @var Boolean Flag set by {@link self::protect_entire_site()} * @var Boolean Flag set by {@link self::protect_entire_site()}
@ -179,10 +188,10 @@ class BasicAuth
* regular log-in form. This can be useful for test sites, where you want to hide the site * regular log-in form. This can be useful for test sites, where you want to hide the site
* away from prying eyes, but still be able to test the regular log-in features of the site. * away from prying eyes, but still be able to test the regular log-in features of the site.
* *
* If you are including conf/ConfigureFromEnv.php in your _config.php file, you can also enable * You can also enable this feature by adding this line to your .env. Set this to a permission
* this feature by adding this line to your .env: * code you wish to require.
* *
* SS_USE_BASIC_AUTH=1 * SS_USE_BASIC_AUTH=ADMIN
* *
* @param boolean $protect Set this to false to disable protection. * @param boolean $protect Set this to false to disable protection.
* @param string $code {@link Permission} code that is required from the user. * @param string $code {@link Permission} code that is required from the user.
@ -190,7 +199,7 @@ class BasicAuth
* of the permission codes a user has. * of the permission codes a user has.
* @param string $message * @param string $message
*/ */
public static function protect_entire_site($protect = true, $code = 'ADMIN', $message = null) public static function protect_entire_site($protect = true, $code = self::AUTH_PERMISSION, $message = null)
{ {
static::config() static::config()
->set('entire_site_protected', $protect) ->set('entire_site_protected', $protect)
@ -211,13 +220,27 @@ class BasicAuth
{ {
$config = static::config(); $config = static::config();
$request = Controller::curr()->getRequest(); $request = Controller::curr()->getRequest();
// Check if site is protected
if ($config->get('entire_site_protected')) { if ($config->get('entire_site_protected')) {
static::requireLogin( $permissionCode = $config->get('entire_site_protected_code');
$request, } elseif (getenv(self::USE_BASIC_AUTH)) {
$config->get('entire_site_protected_message'), // Convert legacy 1 / true to ADMIN permissions
$config->get('entire_site_protected_code'), $permissionCode = getenv(self::USE_BASIC_AUTH);
false if (!is_string($permissionCode) || is_numeric($permissionCode)) {
); $permissionCode = self::AUTH_PERMISSION;
}
} else {
// Not enabled
return;
} }
// Require login
static::requireLogin(
$request,
$config->get('entire_site_protected_message'),
$permissionCode,
false
);
} }
} }