diff --git a/admin/client/dist/js/bundle.js b/admin/client/dist/js/bundle.js index 8b204c5ba..1919c3898 100644 --- a/admin/client/dist/js/bundle.js +++ b/admin/client/dist/js/bundle.js @@ -1,6 +1,6 @@ webpackJsonp([5],[function(e,t,n){"use strict" -n(2),n(3),n(6),n(19),n(25),n(27),n(29),n(31),n(34),n(105),n(112),n(116),n(126),n(127),n(128),n(129),n(130),n(131),n(133),n(136),n(138),n(141),n(144),n(146),n(148),n(150),n(151),n(160),n(161),n(163),n(164), -n(165),n(166),n(167),n(168),n(169),n(170),n(171),n(172),n(173),n(174),n(175),n(178),n(180),n(181),n(182),n(183),n(187),n(188),n(189),n(190),n(191),n(188),n(183),n(194),n(195),n(197),n(198)},,function(e,t){ +n(2),n(3),n(6),n(19),n(25),n(27),n(29),n(31),n(34),n(105),n(113),n(117),n(127),n(128),n(129),n(130),n(131),n(132),n(134),n(137),n(139),n(142),n(145),n(147),n(149),n(151),n(152),n(161),n(162),n(164),n(165), +n(166),n(167),n(168),n(169),n(170),n(171),n(172),n(173),n(174),n(175),n(176),n(179),n(181),n(182),n(183),n(184),n(188),n(189),n(190),n(191),n(192),n(189),n(184),n(195),n(196),n(198),n(199)},,function(e,t){ "use strict" function n(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}Object.defineProperty(t,"__esModule",{value:!0}) var i=function(){function e(e,t){for(var n=0;n",'"',"`"," ","\r","\n","\t"],h=["{","}","|","\\","^","`"].concat(p),m=["'"].concat(h),g=["%","/","?",";","#"].concat(m),v=["/","?","#"],y=255,b=/^[+a-z0-9A-Z_-]{0,63}$/,_=/^([+a-z0-9A-Z_-]{0,63})(.*)$/,w={ -javascript:!0,"javascript:":!0},C={javascript:!0,"javascript:":!0},T={http:!0,https:!0,ftp:!0,gopher:!0,file:!0,"http:":!0,"https:":!0,"ftp:":!0,"gopher:":!0,"file:":!0},E=n(157) +javascript:!0,"javascript:":!0},C={javascript:!0,"javascript:":!0},T={http:!0,https:!0,ftp:!0,gopher:!0,file:!0,"http:":!0,"https:":!0,"ftp:":!0,"gopher:":!0,"file:":!0},E=n(158) i.prototype.parse=function(e,t,n){if(!u.isString(e))throw new TypeError("Parameter 'url' must be a string, not "+typeof e) var i=e.indexOf("?"),r=i!==-1&&i'):this.parent().append('') }}),e(".preview-device-outer").entwine({onclick:function L(){this.parent(".preview__device").toggleClass("rotate")}})})},function(e,t,n){(function(e){"use strict" -function t(e){return e&&e.__esModule?e:{"default":e}}var i=n(1),r=t(i),o=n(114),a=t(o) +function t(e){return e&&e.__esModule?e:{"default":e}}var i=n(1),r=t(i),o=n(115),a=t(o) r["default"].entwine("ss.tree",function(t){t("#Form_BatchActionsForm").entwine({Actions:[],getTree:function n(){return t(".cms-tree")},fromTree:{oncheck_node:function i(e,t){this.serializeFromTree()},onuncheck_node:function r(e,t){ this.serializeFromTree()}},onmatch:function o(){var e=this e.getTree().bind("load_node.jstree",function(t,n){e.refreshSelected()})},onunmatch:function s(){var e=this @@ -1587,7 +1592,7 @@ this.addClass("description-toggle-enabled"),n.on("click",function(){i[e?"hide":" function i(e){return e&&e.__esModule?e:{"default":e}}var r=n(1),o=i(r) o["default"].entwine("ss",function(e){e(".TreeDropdownField").entwine({"from .cms-container form":{onaftersubmitform:function t(e){this.find(".tree-holder").empty(),this._super()}}})})},function(e,t,n){ "use strict" -function i(e){return e&&e.__esModule?e:{"default":e}}var r=n(1),o=i(r),a=n(5),s=i(a),l=n(176),u=i(l),c=n(107),d=n(177),f=i(d) +function i(e){return e&&e.__esModule?e:{"default":e}}var r=n(1),o=i(r),a=n(5),s=i(a),l=n(177),u=i(l),c=n(107),d=n(178),f=i(d) o["default"].entwine("ss",function(e){e(".cms-content-actions .add-to-campaign-action,#add-to-campaign__action").entwine({onclick:function t(){var t=e("#add-to-campaign__dialog-wrapper") return t.length||(t=e('
'),e("body").append(t)),t.open(),!1}}),e("#add-to-campaign__dialog-wrapper").entwine({onunmatch:function n(){this._clearModal()},open:function i(){ this._renderModal(!0)},close:function r(){this._renderModal(!1)},_renderModal:function o(t){var n=this,i=function h(){return n.close()},r=function m(){return n._handleSubmitModal.apply(n,arguments)},o=e("form.cms-edit-form :input[name=ID]").val(),a=window.ss.store,l="SilverStripe\\CMS\\Controllers\\CMSPageEditController",d=a.getState().config.sections[l],p=d.form.AddToCampaignForm.schemaUrl+"/"+o @@ -1597,7 +1602,7 @@ u["default"].render(s["default"].createElement(c.Provider,{store:a},s["default"] responseClassGood:"modal__response modal__response--good"})),this[0])},_clearModal:function a(){u["default"].unmountComponentAtNode(this[0])},_handleSubmitModal:function l(e,t,n){return n()}})})},,function(e,t){ e.exports=FormBuilderModal},function(e,t,n){"use strict" function i(e){return e&&e.__esModule?e:{"default":e}}var r=n(1),o=i(r) -n(163),n(179) +n(164),n(180) var a=function s(e){var t=(0,o["default"])((0,o["default"])(this).contents()).find(".message") if(t&&t.html()){var n=(0,o["default"])(window.parent.document).find("#Form_EditForm_Members").get(0) n&&n.refresh() @@ -1625,7 +1630,7 @@ e(this).prop("checked","checked")}):t.each(function(){e(this).prop("checked",e(t })}})})},function(e,t,n){"use strict" function i(e){return e&&e.__esModule?e:{"default":e}}var r=n(1),o=i(r) -n(163),o["default"].entwine("ss",function(e){e(".cms-content-tools #Form_SearchForm").entwine({onsubmit:function t(e){this.trigger("beforeSubmit")}}),e(".importSpec").entwine({onmatch:function n(){this.find("div.details").hide(), +n(164),o["default"].entwine("ss",function(e){e(".cms-content-tools #Form_SearchForm").entwine({onsubmit:function t(e){this.trigger("beforeSubmit")}}),e(".importSpec").entwine({onmatch:function n(){this.find("div.details").hide(), this.find("a.detailsLink").click(function(){return e("#"+e(this).attr("href").replace(/.*#/,"")).slideToggle(),!1}),this._super()},onunmatch:function i(){this._super()}})})},function(e,t,n){"use strict" @@ -1640,8 +1645,8 @@ t.toggleClass("active"),t.find(".toggle-content").css("minHeight",n)}})},functio function i(e){return e&&e.__esModule?e:{"default":e}}var r=n(1),o=i(r);(0,o["default"])(document).on("click",".confirmedpassword .showOnClick a",function(){var e=(0,o["default"])(".showOnClickContainer",(0, o["default"])(this).parent()) return e.toggle("fast",function(){e.find('input[type="hidden"]').val(e.is(":visible")?1:0)}),!1})},function(e,t,n){"use strict" -function i(e){return e&&e.__esModule?e:{"default":e}}var r=n(1),o=i(r),a=n(114),s=i(a) -window.tmpl=n(184),n(185),n(186),o["default"].widget("blueimpUIX.fileupload",o["default"].blueimpUI.fileupload,{_initTemplates:function l(){this.options.templateContainer=document.createElement(this._files.prop("nodeName")), +function i(e){return e&&e.__esModule?e:{"default":e}}var r=n(1),o=i(r),a=n(115),s=i(a) +window.tmpl=n(185),n(186),n(187),o["default"].widget("blueimpUIX.fileupload",o["default"].blueimpUI.fileupload,{_initTemplates:function l(){this.options.templateContainer=document.createElement(this._files.prop("nodeName")), this.options.uploadTemplate=window.tmpl(this.options.uploadTemplateName),this.options.downloadTemplate=window.tmpl(this.options.downloadTemplateName)},_enableFileInputButton:function u(){o["default"].blueimpUI.fileupload.prototype._enableFileInputButton.call(this), this.element.find(".ss-uploadfield-addfile").show()},_disableFileInputButton:function c(){o["default"].blueimpUI.fileupload.prototype._disableFileInputButton.call(this),this.element.find(".ss-uploadfield-addfile").hide() @@ -1751,22 +1756,22 @@ t.length&&t.removeClass("selected") var n=e.nextAll("li.selected") n.length&&n.removeClass("selected"),(0,o["default"])(this).focus()})})},function(e,t,n){"use strict" function i(e){return e&&e.__esModule?e:{"default":e}}var r=n(1),o=i(r) -n(162),o["default"].fn.extend({ssDatepicker:function a(e){return(0,o["default"])(this).each(function(){if(!((0,o["default"])(this).prop("disabled")||(0,o["default"])(this).prop("readonly")||(0,o["default"])(this).data("datepicker"))){ +n(163),o["default"].fn.extend({ssDatepicker:function a(e){return(0,o["default"])(this).each(function(){if(!((0,o["default"])(this).prop("disabled")||(0,o["default"])(this).prop("readonly")||(0,o["default"])(this).data("datepicker"))){ (0,o["default"])(this).siblings("button").addClass("ui-icon ui-icon-calendar") var t=(0,o["default"])(this).closest(".field.date"),n=o["default"].extend(e||{},(0,o["default"])(this).data(),(0,o["default"])(this).data("jqueryuiconfig"),{}) n.showcalendar&&(n.locale&&o["default"].datepicker.regional[n.locale]&&(n=o["default"].extend(n,o["default"].datepicker.regional[n.locale],{})),n.min&&(n.minDate=o["default"].datepicker.parseDate("yy-mm-dd",n.min)), n.max&&(n.maxDate=o["default"].datepicker.parseDate("yy-mm-dd",n.max)),n.dateFormat=n.jquerydateformat,(0,o["default"])(this).datepicker(n))}})}}),(0,o["default"])(document).on("click",".field.date input.text,input.text.date",function(){ (0,o["default"])(this).ssDatepicker(),(0,o["default"])(this).data("datepicker")&&(0,o["default"])(this).datepicker("show")})},function(e,t,n){"use strict" function i(e){return e&&e.__esModule?e:{"default":e}}var r=n(1),o=i(r) -n(162),o["default"].entwine("ss",function(e){e(".ss-toggle").entwine({onadd:function t(){this._super(),this.accordion({heightStyle:"content",collapsible:!0,active:!this.hasClass("ss-toggle-start-closed")&&0 +n(163),o["default"].entwine("ss",function(e){e(".ss-toggle").entwine({onadd:function t(){this._super(),this.accordion({heightStyle:"content",collapsible:!0,active:!this.hasClass("ss-toggle-start-closed")&&0 })},onremove:function n(){this.data("accordion")&&this.accordion("destroy"),this._super()},getTabSet:function i(){return this.closest(".ss-tabset")},fromTabSet:{ontabsshow:function r(){this.accordion("resize") }}})})},function(e,t,n){"use strict" function i(e){return e&&e.__esModule?e:{"default":e}}var r=n(1),o=i(r) o["default"].entwine("ss",function(e){e(".memberdatetimeoptionset").entwine({onmatch:function t(){this.find(".toggle-content").hide(),this._super()}}),e(".memberdatetimeoptionset .toggle").entwine({onclick:function n(t){ return e(this).closest(".form__field-description").parent().find(".toggle-content").toggle(),!1}})})},function(e,t,n){(function(e){"use strict" -function t(e){return e&&e.__esModule?e:{"default":e}}var i=n(1),r=t(i),o=n(114),a=t(o) -n(192),n(193),r["default"].entwine("ss",function(t){var n,i +function t(e){return e&&e.__esModule?e:{"default":e}}var i=n(1),r=t(i),o=n(115),a=t(o) +n(193),n(194),r["default"].entwine("ss",function(t){var n,i t(window).bind("resize.treedropdownfield",function(){var e=function a(){t(".TreeDropdownField").closePanel()} if(t.browser.msie&&parseInt(t.browser.version,10)<9){var r=t(window).width(),o=t(window).height() r==n&&o==i||(n=r,i=o,e())}else e()}) @@ -1834,7 +1839,7 @@ onadd:function M(){this._super(),this.bind("change.TreeDropdownField",function() },,,function(module,exports,__webpack_require__){"use strict" function _interopRequireDefault(e){return e&&e.__esModule?e:{"default":e}}var _extends=Object.assign||function(e){for(var t=1;t=0&&0===window.sessionStorage.length)return throw n}}function a(t){var e=void 0 try{e=window.sessionStorage.getItem(i(t))}catch(n){if(n.name===d)return null}if(e)try{return JSON.parse(e)}catch(n){}return null}e.__esModule=!0,e.saveState=o,e.readState=a -var s=n(204),l=r(s),u="@@History/",c=["QuotaExceededError","QUOTA_EXCEEDED_ERR"],d="SecurityError"},function(t,e,n){"use strict" +var s=n(205),l=r(s),u="@@History/",c=["QuotaExceededError","QUOTA_EXCEEDED_ERR"],d="SecurityError"},function(t,e,n){"use strict" function r(t){return t&&t.__esModule?t:{"default":t}}function i(t){function e(t){return l.canUseDOM?void 0:s["default"](!1),n.listen(t)}var n=d["default"](o({getUserConfirmation:u.getUserConfirmation},t,{ go:u.go})) return o({},n,{listen:e})}e.__esModule=!0 var o=Object.assign||function(t){for(var e=1;e0&&"number"!=typeof t[0])) }function o(t,e,n){var o,c @@ -3447,7 +3447,7 @@ for(o=0;o=0;o--)if(d[o]!=f[o])return!1 for(o=d.length-1;o>=0;o--)if(c=d[o],!u(t[c],e[c],n))return!1 -return typeof t==typeof e}var a=Array.prototype.slice,s=n(211),l=n(212),u=t.exports=function(t,e,n){return n||(n={}),t===e||(t instanceof Date&&e instanceof Date?t.getTime()===e.getTime():!t||!e||"object"!=typeof t&&"object"!=typeof e?n.strict?t===e:t==e:o(t,e,n)) +return typeof t==typeof e}var a=Array.prototype.slice,s=n(212),l=n(213),u=t.exports=function(t,e,n){return n||(n={}),t===e||(t instanceof Date&&e instanceof Date?t.getTime()===e.getTime():!t||!e||"object"!=typeof t&&"object"!=typeof e?n.strict?t===e:t==e:o(t,e,n)) }},function(t,e){function n(t){var e=[] for(var n in t)e.push(n) @@ -3467,15 +3467,15 @@ function r(t){return t&&t.__esModule?t:{"default":t}}function i(){var t=argument var i=t.pathname||"/",a=t.search||"",s=t.hash||"",c=t.state||null return{pathname:i,search:a,hash:s,state:c,action:e,key:n}}e.__esModule=!0 var o=Object.assign||function(t){for(var e=1;e=0:t===e}e.__esModule=!0 -var o=n(1073),a=r(o),s=n(1027),l=r(s),u=n(1028),c=r(u),d=n(1064),f=r(d),p=n(989),h=r(p),m=n(1125),v=r(m),g=n(5),y=r(g),_=n(176),b=r(_),x=n(1104),w=r(x),k=n(1205),C=r(k),j=n(1082),T=r(j),E=y["default"].PropTypes.oneOf(["click","hover","focus"]),S=(0, +var o=n(1073),a=r(o),s=n(1027),l=r(s),u=n(1028),c=r(u),d=n(1064),f=r(d),p=n(989),h=r(p),m=n(1125),v=r(m),g=n(5),y=r(g),_=n(177),b=r(_),x=n(1104),w=r(x),k=n(1205),C=r(k),j=n(1082),T=r(j),E=y["default"].PropTypes.oneOf(["click","hover","focus"]),S=(0, h["default"])({},C["default"].propTypes,{trigger:y["default"].PropTypes.oneOfType([E,y["default"].PropTypes.arrayOf(E)]),delay:y["default"].PropTypes.number,delayShow:y["default"].PropTypes.number,delayHide:y["default"].PropTypes.number, defaultOverlayShown:y["default"].PropTypes.bool,overlay:y["default"].PropTypes.node.isRequired,onBlur:y["default"].PropTypes.func,onClick:y["default"].PropTypes.func,onFocus:y["default"].PropTypes.func, onMouseOut:y["default"].PropTypes.func,onMouseOver:y["default"].PropTypes.func,target:y["default"].PropTypes.oneOf([null]),onHide:y["default"].PropTypes.oneOf([null]),show:y["default"].PropTypes.oneOf([null]) diff --git a/admin/client/src/components/FormAlert/FormAlert.js b/admin/client/src/components/FormAlert/FormAlert.js index 7181e6a0b..3cbe5407d 100644 --- a/admin/client/src/components/FormAlert/FormAlert.js +++ b/admin/client/src/components/FormAlert/FormAlert.js @@ -36,6 +36,7 @@ class FormAlert extends SilverStripeComponent { * @returns {string} can be the following values "success", "warning", "danger", "info" */ getMessageStyle() { + // See ValidationResult::TYPE_ constant definitions in PHP. switch (this.props.type) { case 'good': case 'success': diff --git a/admin/client/src/components/FormBuilder/FormBuilder.js b/admin/client/src/components/FormBuilder/FormBuilder.js index 6835e50a2..76864e514 100644 --- a/admin/client/src/components/FormBuilder/FormBuilder.js +++ b/admin/client/src/components/FormBuilder/FormBuilder.js @@ -103,8 +103,9 @@ class FormBuilder extends SilverStripeComponent { const dataWithAction = Object.assign({}, data, { [action]: 1, }); + const requestedSchema = this.props.responseRequestedSchema.join(); const headers = { - 'X-Formschema-Request': 'state,schema', + 'X-Formschema-Request': requestedSchema, 'X-Requested-With': 'XMLHttpRequest', }; @@ -383,6 +384,9 @@ const basePropTypes = { submitting: PropTypes.bool, baseFormComponent: PropTypes.func.isRequired, baseFieldComponent: PropTypes.func.isRequired, + responseRequestedSchema: PropTypes.arrayOf(PropTypes.oneOf([ + 'schema', 'state', 'errors', 'auto', + ])), }; FormBuilder.propTypes = Object.assign({}, basePropTypes, { @@ -390,5 +394,9 @@ FormBuilder.propTypes = Object.assign({}, basePropTypes, { schema: schemaPropType.isRequired, }); +FormBuilder.defaultProps = { + responseRequestedSchema: ['auto'], +}; + export { basePropTypes, schemaPropType }; export default FormBuilder; diff --git a/admin/client/src/components/FormBuilder/README.md b/admin/client/src/components/FormBuilder/README.md index c8fe175ea..f060ae66d 100644 --- a/admin/client/src/components/FormBuilder/README.md +++ b/admin/client/src/components/FormBuilder/README.md @@ -38,6 +38,25 @@ If you want to load the schema from a server via XHR, use the * `touchOnChange` (bool): See [redux-form](http://redux-form.com/6.0.5/docs/api/ReduxForm.md/) * `persistentSubmitErrors` (bool): See [redux-form](http://redux-form.com/6.0.5/docs/api/ReduxForm.md/) * `validate` (function): See [redux-form](http://redux-form.com/6.0.5/docs/api/ReduxForm.md/) + * `responseRequestedSchema` (array): This allows you to customise the response requested from the server + on submit. See below on "Handling submissions". + +## Handling submissions + +The `responseRequestedSchema` property will control the value of the 'X-Formschema-Request' header, which +in turn communicates to PHP the kind of response react would like. Your form should only specify the +bare minimum that it requires, as each header will represent additional overhead on all XHR requests. + +This is an array which may be any combination of the below values: + +* `schema`: The schema is requested on submit +* `state`: The state is requested on submit. Note that this may also include form errors. +* `errors`: The list of validation errors is returned in case of error. +* `auto`: (default) Conditionally return `errors` if there are errors, or `state` if there are none. + +Note that these are only the requested header values; The PHP submission method may choose to ignore +these values, and return any combination of the above. Typically the only time this requested value +is respected is when handled by the default validation error handler (LeftAndMain::getSchemaResponse) ## Schema Structure diff --git a/admin/client/src/containers/FormBuilderLoader/FormBuilderLoader.js b/admin/client/src/containers/FormBuilderLoader/FormBuilderLoader.js index 0f4e91479..4100cef50 100644 --- a/admin/client/src/containers/FormBuilderLoader/FormBuilderLoader.js +++ b/admin/client/src/containers/FormBuilderLoader/FormBuilderLoader.js @@ -2,6 +2,7 @@ import React, { PropTypes, Component } from 'react'; import { connect } from 'react-redux'; import { bindActionCreators } from 'redux'; import fetch from 'isomorphic-fetch'; +import deepFreeze from 'deep-freeze-strict'; import { Field as ReduxFormField, reduxForm, @@ -20,6 +21,7 @@ class FormBuilderLoader extends Component { this.handleSubmit = this.handleSubmit.bind(this); this.clearSchema = this.clearSchema.bind(this); + this.reduceSchemaErrors = this.reduceSchemaErrors.bind(this); } componentDidMount() { @@ -90,10 +92,13 @@ class FormBuilderLoader extends Component { return promise .then(formSchema => { - if (formSchema) { - this.props.schemaActions.setSchema(this.props.schemaUrl, formSchema); + let schema = formSchema; + if (schema) { + // Strip errors out of schema response in preparation for setSchema and SubmissionError + schema = this.reduceSchemaErrors(schema); + this.props.schemaActions.setSchema(this.props.schemaUrl, schema); } - return formSchema; + return schema; }) // TODO Suggest storing messages in a separate redux store rather than throw an error // ref: https://github.com/erikras/redux-form/issues/94#issuecomment-143398399 @@ -110,27 +115,40 @@ class FormBuilderLoader extends Component { }); } - overrideStateData(state) { - if (!this.props.stateOverrides || !state) { - return state; + /** + * Given a submitted schema, ensure that any errors property is merged safely into + * the state. + * + * @param {Object} schema - New schema result + * @return {Object} + */ + reduceSchemaErrors(schema) { + // Skip if there are no errors + if (!schema.errors) { + return schema; } - const fieldOverrides = this.props.stateOverrides.fields; - let fields = state.fields; - if (fieldOverrides && fields) { - fields = fields.map((field) => { - const fieldOverride = fieldOverrides.find((override) => override.name === field.name); - if (!fieldOverride) { - return field; - } - // need to be recursive for the unknown-sized "data" properly - return merge.recursive(true, field, fieldOverride); - }); + + // Inherit state from current schema if not being assigned in this request + let reduced = Object.assign({}, schema); + if (!reduced.state) { + reduced = Object.assign({}, reduced, { state: this.props.schema.state }); } - return Object.assign({}, - state, - this.props.stateOverrides, - { fields } - ); + + // Modify state.fields and replace state.messages + reduced = Object.assign({}, reduced, { + state: Object.assign({}, reduced.state, { + // Replace message property for each field + fields: reduced.state.fields.map((field) => Object.assign({}, field, { + message: schema.errors.find((error) => error.field === field.name), + })), + // Non-field messages + messages: schema.errors.filter((error) => !error.field), + }), + }); + + // Can be safely discarded + delete reduced.errors; + return deepFreeze(reduced); } /** @@ -173,6 +191,7 @@ class FormBuilderLoader extends Component { * @return {Object} Promise from the AJAX request. */ fetch(schema = true, state = true) { + // Note: `errors` is only valid for submissions, not schema requests, so omitted here const headerValues = []; if (schema) { diff --git a/admin/client/src/state/schema/SchemaReducer.js b/admin/client/src/state/schema/SchemaReducer.js index 6816c05b0..b0bd8225a 100644 --- a/admin/client/src/state/schema/SchemaReducer.js +++ b/admin/client/src/state/schema/SchemaReducer.js @@ -8,11 +8,7 @@ export default function schemaReducer(state = initialState, action = null) { case ACTION_TYPES.SET_SCHEMA: { return deepFreeze(Object.assign({}, state, { - [action.payload.id]: Object.assign({}, state[action.payload.id], { - id: action.payload.id, - schema: action.payload.schema, - state: action.payload.state, - }), + [action.payload.id]: Object.assign({}, state[action.payload.id], action.payload), })); } diff --git a/admin/code/CampaignAdmin.php b/admin/code/CampaignAdmin.php index edfaddf21..88a6b836c 100644 --- a/admin/code/CampaignAdmin.php +++ b/admin/code/CampaignAdmin.php @@ -10,7 +10,9 @@ use SilverStripe\Forms\HiddenField; use SilverStripe\Forms\FormAction; use SilverStripe\Forms\FieldList; use SilverStripe\Forms\Form; +use SilverStripe\Forms\RequiredFields; use SilverStripe\ORM\SS_List; +use SilverStripe\ORM\ValidationResult; use SilverStripe\ORM\Versioning\ChangeSet; use SilverStripe\ORM\Versioning\ChangeSetItem; use SilverStripe\ORM\DataObject; @@ -437,19 +439,22 @@ class CampaignAdmin extends LeftAndMain implements PermissionProvider { ->setIcon('save'), FormAction::create('cancel', _t('LeftAndMain.CANCEL', 'Cancel')) ->setUseButtonTag(true) - ) + ), + new RequiredFields('Name') ); // Load into form if($id && $record) { $form->loadDataFrom($record); } - $form->getValidator()->addRequiredField('Name'); // Configure form to respond to validation errors with form schema // if requested via react. - $form->setValidationResponseCallback(function() use ($form, $record) { - $schemaId = Controller::join_links($this->Link('schema/DetailEditForm'), $record->exists() ? $record->ID : ''); - return $this->getSchemaResponse($form, $schemaId); + $form->setValidationResponseCallback(function(ValidationResult $errors) use ($form, $record) { + $schemaId = Controller::join_links( + $this->Link('schema/DetailEditForm'), + $record->isInDB() ? $record->ID : '' + ); + return $this->getSchemaResponse($schemaId, $form, $errors); }); return $form; diff --git a/admin/code/LeftAndMain.php b/admin/code/LeftAndMain.php index 0a2ba44a0..c35eec5b8 100644 --- a/admin/code/LeftAndMain.php +++ b/admin/code/LeftAndMain.php @@ -35,6 +35,7 @@ use SilverStripe\i18n\i18n; use SilverStripe\ORM\FieldType\DBHTMLText; use SilverStripe\ORM\Hierarchy\Hierarchy; use SilverStripe\ORM\SS_List; +use SilverStripe\ORM\ValidationResult; use SilverStripe\ORM\Versioning\Versioned; use SilverStripe\ORM\DataModel; use SilverStripe\ORM\ValidationException; @@ -55,18 +56,20 @@ use InvalidArgumentException; use SilverStripe\SiteConfig\SiteConfig; - /** * LeftAndMain is the parent class of all the two-pane views in the CMS. * If you are wanting to add more areas to the CMS, you can do it by subclassing LeftAndMain. * * This is essentially an abstract class which should be subclassed. * See {@link CMSMain} for a good example. - * - * @property FormSchema $schema */ class LeftAndMain extends Controller implements PermissionProvider { + /** + * Form schema header identifier + */ + const SCHEMA_HEADER = 'X-Formschema-Request'; + /** * Enable front-end debugging (increases verbosity) in dev mode. * Will be ignored in live environments. @@ -156,9 +159,16 @@ class LeftAndMain extends Controller implements PermissionProvider { ]; private static $dependencies = [ - 'schema' => '%$FormSchema' + 'FormSchema' => '%$FormSchema' ]; + /** + * Current form schema helper + * + * @var FormSchema + */ + protected $schema = null; + /** * Assign themes to use for cms * @@ -296,6 +306,26 @@ class LeftAndMain extends Controller implements PermissionProvider { ]; } + /** + * Get form schema helper + * + * @return FormSchema + */ + public function getFormSchema() { + return $this->schema; + } + + /** + * Set form schema helper for this controller + * + * @param FormSchema $schema + * @return $this + */ + public function setFormSchema(FormSchema $schema) { + $this->schema = $schema; + return $this; + } + /** * Gets a JSON schema representing the current edit form. * @@ -305,7 +335,6 @@ class LeftAndMain extends Controller implements PermissionProvider { * @return HTTPResponse */ public function schema($request) { - $response = $this->getResponse(); $formName = $request->param('FormName'); $itemID = $request->param('ItemID'); @@ -322,72 +351,43 @@ class LeftAndMain extends Controller implements PermissionProvider { } $form = $this->{"get{$formName}"}($itemID); - - $response->addHeader('Content-Type', 'application/json'); - $response->setBody(Convert::raw2json($this->getSchemaForForm($form))); - - return $response; + $schemaID = $request->getURL(); + return $this->getSchemaResponse($schemaID, $form); } + /** + * Check if the current request has a X-Formschema-Request header set. + * Used by conditional logic that responds to validation results + * + * @return bool + */ + protected function getSchemaRequested() { + $parts = $this->getRequest()->getHeader(static::SCHEMA_HEADER); + return !empty($parts); + } + /** - * Given a form, generate a response containing the requested form - * schema if X-Formschema-Request header is set. + * Generate schema for the given form based on the X-Formschema-Request header value * - * @param Form $form - * @param String $id Optional, will default to the current request URL + * @param string $schemaID ID for this schema. Required. + * @param Form $form Required for 'state' or 'schema' response + * @param ValidationResult $errors Required for 'error' response + * @param array $extraData Any extra data to be merged with the schema response * @return HTTPResponse */ - protected function getSchemaResponse($form, $id = null) { - $request = $this->getRequest(); - if($request->getHeader('X-Formschema-Request')) { - $data = $this->getSchemaForForm($form, $id); - $response = new HTTPResponse(Convert::raw2json($data)); - $response->addHeader('Content-Type', 'application/json'); + protected function getSchemaResponse($schemaID, $form = null, ValidationResult $errors = null, $extraData = []) { + $parts = $this->getRequest()->getHeader(static::SCHEMA_HEADER); + $data = $this + ->getFormSchema() + ->getMultipartSchema($parts, $schemaID, $form, $errors); - // Clear non-schema form validation / data / message - // since it does not need to be redirected - $form->clearMessage(); - return $response; - } - return null; - } + if ($extraData) { + $data = array_merge($data, $extraData); + } - /** - * Returns a representation of the provided {@link Form} as structured data, - * based on the request data. - * - * @param Form $form - * @param String $id Optional, will default to the current request URL - * @return array - */ - protected function getSchemaForForm(Form $form, $id = null) { - $request = $this->getRequest(); - $id = $id ? $id : $request->getURL(); - $return = null; - - // Valid values for the "X-Formschema-Request" header are "schema" and "state". - // If either of these values are set they will be stored in the $schemaParst array - // and used to construct the response body. - if ($schemaHeader = $request->getHeader('X-Formschema-Request')) { - $schemaParts = array_filter(explode(',', $schemaHeader), function($value) { - $validHeaderValues = ['schema', 'state']; - return in_array(trim($value), $validHeaderValues); - }); - } else { - $schemaParts = ['schema']; - } - - $return = ['id' => $id]; - - if (in_array('schema', $schemaParts)) { - $return['schema'] = $this->schema->getSchema($form); - } - - if (in_array('state', $schemaParts)) { - $return['state'] = $this->schema->getState($form); - } - - return $return; + $response = new HTTPResponse(Convert::raw2json($data)); + $response->addHeader('Content-Type', 'application/json'); + return $response; } /** @@ -1304,14 +1304,12 @@ class LeftAndMain extends Controller implements PermissionProvider { $this->setCurrentPageID($record->ID); $message = _t('LeftAndMain.SAVEDUP', 'Saved.'); - if($request->getHeader('X-Formschema-Request')) { + if($this->getSchemaRequested()) { $schemaId = Controller::join_links($this->Link('schema/DetailEditForm'), $id); // Ensure that newly created records have all their data loaded back into the form. $form->loadDataFrom($record); $form->setMessage($message, 'good'); - $data = $this->getSchemaForForm($form, $schemaId); - $response = new HTTPResponse(Convert::raw2json($data)); - $response->addHeader('Content-Type', 'application/json'); + $response = $this->getSchemaResponse($schemaId, $form); } else { $response = $this->getResponseNegotiator()->respond($request); } @@ -1580,10 +1578,9 @@ class LeftAndMain extends Controller implements PermissionProvider { $form->loadDataFrom($record); $form->setTemplate($this->getTemplatesWithSuffix('_EditForm')); $form->setAttribute('data-pjax-fragment', 'CurrentForm'); - $form->setValidationResponseCallback(function() use ($negotiator, $form) { + $form->setValidationResponseCallback(function(ValidationResult $errors) use ($negotiator, $form) { $request = $this->getRequest(); if($request->isAjax() && $negotiator) { - $form->setupFormErrors(); $result = $form->forTemplate(); return $negotiator->respond($request, array( diff --git a/docs/en/02_Developer_Guides/03_Forms/01_Validation.md b/docs/en/02_Developer_Guides/03_Forms/01_Validation.md index 8d5321506..cb939f3f9 100644 --- a/docs/en/02_Developer_Guides/03_Forms/01_Validation.md +++ b/docs/en/02_Developer_Guides/03_Forms/01_Validation.md @@ -65,7 +65,8 @@ the `setValue` method. :::php public function validate($validator) { - if($this->value == 10) { + if($this->Value() == 10) { + $validator->validationError($this->Name(), 'This value cannot be 10'); return false; } @@ -73,7 +74,7 @@ the `setValue` method. } The `validate` method should return `true` if the value passes any validation and `false` if SilverStripe should trigger -a validation error on the page. +a validation error on the page. In addition a useful error message must be set on the given validator.
You can also override the entire `Form` validation by subclassing `Form` and defining a `validate` method on the form. @@ -141,7 +142,7 @@ reusable and would not be possible within the `CMS` or other automated `UI` but } public function doSubmitForm($data, $form) { - // At this point, RequiredFields->validate() will have been called already, + // At this point, RequiredFields->isValid() will have been called already, // so we can assume that the values exist. Say we want to make sure that email hasn't already been used. $check = Member::get()->filter('Email', $data['Email'])->first(); @@ -214,7 +215,36 @@ classes added to each input. For Parsley we can structure the form like. An alternative (or additional) approach to validation is to place it directly on the database model. SilverStripe provides a [api:DataObject::validate()] method to validate data at the model level. See -[Data Model Validation](../model/validation). +[Data Model Validation](../model/validation). + +## Form action validation + +At times it's not possible for all validation or recoverable errors to be pre-determined in advance of form +submission, such as those generated by the form [api:Validator] object. Sometimes errors may occur within form +action methods, and it is necessary to display errors on the form after initial validation has been performed. + +In this case you may throw a [api:ValidationException] object within your handler, optionally passing it an +error message, or a [api:ValidationResult] object containing the list of errors you wish to display. + +E.g. + + + :::php + class MyController extends Controller + { + public function doSave($data, $form) { + $success = $this->sendEmail($data); + + // Example error handling + if (!$success) { + throw new ValidationException('Sorry, we could not email to that address'); + } + + // If success + return $this->redirect($this->Link('success')); + } + } + ### Validation in the CMS diff --git a/docs/en/04_Changelogs/4.0.0.md b/docs/en/04_Changelogs/4.0.0.md index 287e27dcd..dc815af9d 100644 --- a/docs/en/04_Changelogs/4.0.0.md +++ b/docs/en/04_Changelogs/4.0.0.md @@ -1095,6 +1095,50 @@ Some methods on `Requirements` have had their method signatures changed: A new config `Requirements_Backend.combine_in_dev` has been added in order to allow combined files to be forced on during development. If this is off, combined files is only enabled in live environments. +Form validation has been refactored significantly. A new `FormMessage` trait has been created to +handle field-level and form-level messages. This has the following properties: + +* `setMessage` to assign a message, type, and cast +* `getMessage` retrieves the message string +* `getMessageType` retrieves the message type (E.g. error, good, info) +* `getMessageCast` retrieves the cast type +* `getMessageCastingHelper` retrieves the DBField cast to use for the appropriate message cast +* `getSchemaMessage` encodes this message for form schema use in ReactJS. + +`Form` methods have been changed: + +* `validate` is replaced with `validationResult` instead, which returns a `ValidationResult` instance. + This is no longer automatically persisted in the state by default, unless a redirection occurs. + You can also save any response in the state by manually invoking `saveFormState` inside a custom + validation response handler. +* `setupFormErrors` renamed to `restoreFormState` +* `resetValidation` renamed to `clearFormState` +* `loadMessagesFrom` method created to load a ValidationResult into a form. +* `setMessage`. third parameter is now $cast type +* `messageForForm` removed. Use `setMessage` or `sessionMessage` instead. +* `getSessionValidationResult` / `setSessionValidationResult` used to get / set session errors +* `getSessionData` / `setSessionData` used to get / set field values cached in the session +* `getAjaxErrorResponse` and `getRedirectReferer` created to simplify `getValidationErrorResponse` +* `addErrorMessage` removed. Users can either use `sessionMessage` or `sessionError` to add a + form level message, throw a ValidationException during submission, or add a custom validator. + +`Validator` methods have changed: + +* `validate` method now returns a `ValidationResult` instance. +* `requireField` method removed. Use `RequiredFields` subclass instead. + +`ValidationResult` now has these methods: + +* `serialize` / `unserialize` for saving within session state +* `messageList` renamed to `getMessages` +* `error` method replaced with `addMessage` / `addError` / `addFieldMessage` / `addFieldError` +* `valid` renamed to `isValid` + +`ValidationException` has these changes: + +* `$message` second constructor parameter is removed. Constructor only accepts `$result`, + which may be a string, and optional `$code` + #### Template and Form Removed API * Removed `TabularStyle` @@ -1103,12 +1147,24 @@ forced on during development. If this is off, combined files is only enabled in * `getTabPathRewrites` * `setTabPathRewrites` * `rewriteTabPath` -* Removed `Form` methods: +* Removed `Form` methods (see above for replacements): * `transformTo` * `callfieldmethod` * `single_field_required` * `current_action` * `set_current_action` + * `setupFormErrors` + * `resetValidation` + * `messageForForm` + * `addErrorMessage` +* Removed `Validator::requireField()` method. +* Removed `ValidationResult` (see above for replacements): + * `messageList` + * `codeList` + * `message` + * `starredList` + * `error` + * `valid` * Removed `ReportAdminForm.ss` template * `FormField::dontEscape()` has been removed. Escaping is now managed on a class by class basis. * Removed `PermissionCheckboxSetField::getAssignedPermissionCodes()` (never implemented) diff --git a/docs/en/05_Contributing/01_Code.md b/docs/en/05_Contributing/01_Code.md index 4f3c85bc3..7ae9e60f3 100644 --- a/docs/en/05_Contributing/01_Code.md +++ b/docs/en/05_Contributing/01_Code.md @@ -84,9 +84,9 @@ Each release is labeled in the format `$MAJOR`.`$MINOR`.`$PATCH`. For example, 3 * `$MAJOR` version is incremented if any backwards incompatible changes are introduced to the public API. * `$MINOR` version is incremented if new, backwards compatible **functionality** is introduced to the public API or - improvements are introduced within the private code. + improvements are introduced within the private code. * `$PATCH` version is incremented if only backwards compatible **bug fixes** are introduced. A bug fix is defined as - an internal change that fixes incorrect behavior. + an internal change that fixes incorrect behavior. **Public API** refers to any aspect of the system that has been designed to be used by SilverStripe modules & site developers. In SilverStripe 3, because we haven't been clear, in principle we have to treat every public or protected method as *potentially* part of the public API, but sometimes it comes to a judgement call about how likely it is that a given method will have been used in a particular way. If we were strict about never changing publicly exposed behaviour, it would be difficult to fix any bug whatsoever, which isn't in the interests of our user community. diff --git a/src/Assets/Storage/DBFile.php b/src/Assets/Storage/DBFile.php index 4e40cd5de..acbec88fb 100644 --- a/src/Assets/Storage/DBFile.php +++ b/src/Assets/Storage/DBFile.php @@ -12,7 +12,6 @@ use SilverStripe\ORM\ValidationResult; use SilverStripe\ORM\ValidationException; use SilverStripe\ORM\FieldType\DBComposite; use SilverStripe\Security\Permission; -use SilverStripe\Core\Convert; /** * Represents a file reference stored in a database @@ -455,7 +454,7 @@ class DBFile extends DBComposite implements AssetContainer, Thumbnail { $result = new ValidationResult(); $this->validate($result, $filename); - if (!$result->valid()) { + if (!$result->isValid()) { throw new ValidationException($result); } } @@ -477,19 +476,8 @@ class DBFile extends DBComposite implements AssetContainer, Thumbnail return true; } - // Check allowed extensions - $extensions = $this->getAllowedExtensions(); - if (empty($extensions)) { - $extensions = File::config()->allowed_extensions; - } - sort($extensions); - $message = _t( - 'File.INVALIDEXTENSION', - 'Extension is not allowed (valid: {extensions})', - 'Argument 1: Comma-separated list of valid extensions', - array('extensions' => wordwrap(implode(', ', $extensions))) - ); - $result->error($message); + $message = _t('File.INVALIDEXTENSIONSHORT', 'Extension is not allowed'); + $result->addError($message); return false; } diff --git a/src/Dev/FunctionalTest.php b/src/Dev/FunctionalTest.php index 5bf88278e..d96f716de 100644 --- a/src/Dev/FunctionalTest.php +++ b/src/Dev/FunctionalTest.php @@ -261,10 +261,10 @@ class FunctionalTest extends SapphireTest * * @param string $selector A basic CSS selector, e.g. 'li.jobs h3' * @param array|string $expectedMatches The content of at least one of the matched tags + * @param string $message * @throws PHPUnit_Framework_AssertionFailedError - * @return boolean */ - public function assertPartialMatchBySelector($selector, $expectedMatches) + public function assertPartialMatchBySelector($selector, $expectedMatches, $message = null) { if (is_string($expectedMatches)) { $expectedMatches = array($expectedMatches); @@ -275,21 +275,18 @@ class FunctionalTest extends SapphireTest $actuals = array(); if ($items) { foreach ($items as $item) { - $actuals[trim(preg_replace("/[ \n\r\t]+/", " ", $item. ''))] = true; + $actuals[trim(preg_replace('/\s+/', ' ', (string)$item))] = true; } } - foreach ($expectedMatches as $match) { - $this->assertTrue( - isset($actuals[$match]), - "Failed asserting the CSS selector '$selector' has a partial match to the expected elements:\n'" - . implode("'\n'", $expectedMatches) . "'\n\n" - . "Instead the following elements were found:\n'" . implode("'\n'", array_keys($actuals)) . "'" - ); - return false; - } + $message = $message ?: + "Failed asserting the CSS selector '$selector' has a partial match to the expected elements:\n'" + . implode("'\n'", $expectedMatches) . "'\n\n" + . "Instead the following elements were found:\n'" . implode("'\n'", array_keys($actuals)) . "'"; - return true; + foreach ($expectedMatches as $match) { + $this->assertTrue(isset($actuals[$match]), $message); + } } /** @@ -301,10 +298,10 @@ class FunctionalTest extends SapphireTest * * @param string $selector A basic CSS selector, e.g. 'li.jobs h3' * @param array|string $expectedMatches The content of *all* matching tags as an array + * @param string $message * @throws PHPUnit_Framework_AssertionFailedError - * @return boolean */ - public function assertExactMatchBySelector($selector, $expectedMatches) + public function assertExactMatchBySelector($selector, $expectedMatches, $message = null) { if (is_string($expectedMatches)) { $expectedMatches = array($expectedMatches); @@ -315,18 +312,16 @@ class FunctionalTest extends SapphireTest $actuals = array(); if ($items) { foreach ($items as $item) { - $actuals[] = trim(preg_replace("/[ \n\r\t]+/", " ", $item. '')); + $actuals[] = trim(preg_replace('/\s+/', ' ', (string)$item)); } } - $this->assertTrue( - $expectedMatches == $actuals, - "Failed asserting the CSS selector '$selector' has an exact match to the expected elements:\n'" + $message = $message ?: + "Failed asserting the CSS selector '$selector' has an exact match to the expected elements:\n'" . implode("'\n'", $expectedMatches) . "'\n\n" - . "Instead the following elements were found:\n'" . implode("'\n'", $actuals) . "'" - ); + . "Instead the following elements were found:\n'" . implode("'\n'", $actuals) . "'"; - return true; + $this->assertTrue($expectedMatches == $actuals, $message); } /** @@ -338,10 +333,10 @@ class FunctionalTest extends SapphireTest * * @param string $selector A basic CSS selector, e.g. 'li.jobs h3' * @param array|string $expectedMatches The content of at least one of the matched tags + * @param string $message * @throws PHPUnit_Framework_AssertionFailedError - * @return boolean */ - public function assertPartialHTMLMatchBySelector($selector, $expectedMatches) + public function assertPartialHTMLMatchBySelector($selector, $expectedMatches, $message = null) { if (is_string($expectedMatches)) { $expectedMatches = array($expectedMatches); @@ -357,16 +352,14 @@ class FunctionalTest extends SapphireTest } } - foreach ($expectedMatches as $match) { - $this->assertTrue( - isset($actuals[$match]), + $message = $message ?: "Failed asserting the CSS selector '$selector' has a partial match to the expected elements:\n'" . implode("'\n'", $expectedMatches) . "'\n\n" - . "Instead the following elements were found:\n'" . implode("'\n'", array_keys($actuals)) . "'" - ); - } + . "Instead the following elements were found:\n'" . implode("'\n'", array_keys($actuals)) . "'"; - return true; + foreach ($expectedMatches as $match) { + $this->assertTrue(isset($actuals[$match]), $message); + } } /** @@ -378,9 +371,10 @@ class FunctionalTest extends SapphireTest * * @param string $selector A basic CSS selector, e.g. 'li.jobs h3' * @param array|string $expectedMatches The content of *all* matched tags as an array + * @param string $message * @throws PHPUnit_Framework_AssertionFailedError */ - public function assertExactHTMLMatchBySelector($selector, $expectedMatches) + public function assertExactHTMLMatchBySelector($selector, $expectedMatches, $message = null) { $items = $this->cssParser()->getBySelector($selector); @@ -392,12 +386,12 @@ class FunctionalTest extends SapphireTest } } - $this->assertTrue( - $expectedMatches == $actuals, + $message = $message ?: "Failed asserting the CSS selector '$selector' has an exact match to the expected elements:\n'" . implode("'\n'", $expectedMatches) . "'\n\n" - . "Instead the following elements were found:\n'" . implode("'\n'", $actuals) . "'" - ); + . "Instead the following elements were found:\n'" . implode("'\n'", $actuals) . "'"; + + $this->assertTrue($expectedMatches == $actuals, $message); } /** diff --git a/src/Forms/ConfirmedPasswordField.php b/src/Forms/ConfirmedPasswordField.php index 464cdc7b2..68c1a92a5 100644 --- a/src/Forms/ConfirmedPasswordField.php +++ b/src/Forms/ConfirmedPasswordField.php @@ -519,7 +519,7 @@ class ConfirmedPasswordField extends FormField // With a valid user and password, check the password is correct $checkResult = $member->checkPassword($this->currentPasswordValue); - if (!$checkResult->valid()) { + if (!$checkResult->isValid()) { $validator->validationError( $name, _t( diff --git a/src/Forms/FieldGroup.php b/src/Forms/FieldGroup.php index f1c99cde2..5a29c06cc 100644 --- a/src/Forms/FieldGroup.php +++ b/src/Forms/FieldGroup.php @@ -3,6 +3,7 @@ namespace SilverStripe\Forms; use InvalidArgumentException; +use SilverStripe\ORM\ValidationResult; /** * Lets you include a nested group of fields inside a template. @@ -147,34 +148,48 @@ class FieldGroup extends CompositeField /** * @return string */ - public function Message() + public function getMessage() { - $fs = array(); - $this->collateDataFields($fs); + $dataFields = array(); + $this->collateDataFields($dataFields); - foreach ($fs as $subfield) { - if ($m = $subfield->Message()) { - $message[] = rtrim($m, "."); + /** @var FormField $subfield */ + $messages = []; + foreach ($dataFields as $subfield) { + $message = $subfield->obj('Message')->forTemplate(); + if ($message) { + $messages[] = rtrim($message, "."); } } - return (isset($message)) ? implode(", ", $message) . "." : ""; + if (!$messages) { + return null; + } + + return implode(", ", $messages) . "."; } /** * @return string */ - public function MessageType() + public function getMessageType() { - $fs = array(); - $this->collateDataFields($fs); + $dataFields = array(); + $this->collateDataFields($dataFields); - foreach ($fs as $subfield) { - if ($m = $subfield->MessageType()) { - $MessageType[] = $m; + /** @var FormField $subfield */ + foreach ($dataFields as $subfield) { + $type = $subfield->getMessageType(); + if ($type) { + return $type; } } - return (isset($MessageType)) ? implode(". ", $MessageType) : ""; + return null; + } + + public function getMessageCast() + { + return ValidationResult::CAST_HTML; } } diff --git a/src/Forms/Form.php b/src/Forms/Form.php index 5dc7266d1..c2735f4e7 100644 --- a/src/Forms/Form.php +++ b/src/Forms/Form.php @@ -2,7 +2,6 @@ namespace SilverStripe\Forms; -use InvalidArgumentException; use SilverStripe\Control\HTTPRequest; use SilverStripe\Control\HTTPResponse_Exception; use SilverStripe\Core\Convert; @@ -15,10 +14,11 @@ use SilverStripe\Control\HTTP; use SilverStripe\Control\RequestHandler; use SilverStripe\Dev\Deprecation; use SilverStripe\ORM\DataObject; -use SilverStripe\ORM\FieldType\DBField; use SilverStripe\ORM\DataObjectInterface; use SilverStripe\ORM\FieldType\DBHTMLText; use SilverStripe\ORM\SS_List; +use SilverStripe\ORM\ValidationException; +use SilverStripe\ORM\ValidationResult; use SilverStripe\Security\SecurityToken; use SilverStripe\Security\NullSecurityToken; use SilverStripe\View\SSViewer; @@ -66,8 +66,16 @@ use SilverStripe\View\SSViewer; */ class Form extends RequestHandler { + use FormMessage; + /** + * Form submission data is URL encoded + */ const ENC_TYPE_URLENCODED = 'application/x-www-form-urlencoded'; + + /** + * Form submission data is multipart form + */ const ENC_TYPE_MULTIPART = 'multipart/form-data'; /** @@ -164,16 +172,6 @@ class Form extends RequestHandler */ protected $buttonClickedFunc; - /** - * @var string|null - */ - protected $message; - - /** - * @var string|null - */ - protected $messageType; - /** * Should we redirect the user back down to the * the form on validation errors rather then just the page @@ -228,8 +226,6 @@ class Form extends RequestHandler private static $casting = array( 'AttributesHTML' => 'HTMLFragment', 'FormAttributes' => 'HTMLFragment', - 'MessageType' => 'Text', - 'Message' => 'HTMLFragment', 'FormName' => 'Text', 'Legend' => 'HTMLFragment', ); @@ -285,7 +281,7 @@ class Form extends RequestHandler $this->validator->setForm($this); // Form error controls - $this->setupFormErrors(); + $this->restoreFormState(); // Check if CSRF protection is enabled, either on the parent controller or from the default setting. Note that // method_exists() is used as some controllers (e.g. GroupTest) do not always extend from Object. @@ -312,40 +308,151 @@ class Form extends RequestHandler ); /** - * Set up current form errors in session to - * the current form if appropriate. - * + * Load form state from session state * @return $this */ - public function setupFormErrors() + public function restoreFormState() { - $errorInfo = Session::get("FormInfo.{$this->FormName()}"); + // Restore messages + $result = $this->getSessionValidationResult(); + if (isset($result)) { + $this->loadMessagesFrom($result); + } - if (isset($errorInfo['errors']) && is_array($errorInfo['errors'])) { - foreach ($errorInfo['errors'] as $error) { - $field = $this->fields->dataFieldByName($error['fieldName']); + // load data in from previous submission upon error + $data = $this->getSessionData(); + if (isset($data)) { + $this->loadDataFrom($data); + } + return $this; + } - if (!$field) { - $errorInfo['message'] = $error['message']; - $errorInfo['type'] = $error['messageType']; + /** + * Flush persistant form state details + */ + public function clearFormState() + { + Session::clear("FormInfo.{$this->FormName()}.result"); + Session::clear("FormInfo.{$this->FormName()}.data"); + } + + /** + * Return any form data stored in the session + * + * @return array + */ + public function getSessionData() + { + return Session::get("FormInfo.{$this->FormName()}.data"); + } + + /** + * Store the given form data in the session + * + * @param array $data + */ + public function setSessionData($data) + { + Session::set("FormInfo.{$this->FormName()}.data", $data); + } + + /** + * Return any ValidationResult instance stored for this object + * + * @return ValidationResult The ValidationResult object stored in the session + */ + public function getSessionValidationResult() + { + $resultData = Session::get("FormInfo.{$this->FormName()}.result"); + if (isset($resultData)) { + return unserialize($resultData); + } + return null; + } + + /** + * Sets the ValidationResult in the session to be used with the next view of this form. + * @param ValidationResult $result The result to save + * @param bool $combineWithExisting If true, then this will be added to the existing result. + */ + public function setSessionValidationResult(ValidationResult $result, $combineWithExisting = false) + { + // Combine with existing result + if ($combineWithExisting) { + $existingResult = $this->getSessionValidationResult(); + if ($existingResult) { + if ($result) { + $existingResult->combineAnd($result); } else { - $field->setError($error['message'], $error['messageType']); + $result = $existingResult; } } + } - // load data in from previous submission upon error - if (isset($errorInfo['data'])) { - $this->loadDataFrom($errorInfo['data']); + // Serialise + $resultData = $result ? serialize($result) : null; + Session::set("FormInfo.{$this->FormName()}.result", $resultData); + } + + public function clearMessage() + { + $this->setMessage(null); + $this->clearFormState(); + } + + /** + * Populate this form with messages from the given ValidationResult. + * Note: This will not clear any pre-existing messages + * + * @param ValidationResult $result + * @return $this + */ + public function loadMessagesFrom($result) + { + // Set message on either a field or the parent form + foreach ($result->getMessages() as $message) { + $fieldName = $message['fieldName']; + if ($fieldName) { + $owner = $this->fields->dataFieldByName($fieldName) ?: $this; + } else { + $owner = $this; } + $owner->setMessage($message['message'], $message['messageType'], $message['messageCast']); } - - if (isset($errorInfo['message']) && isset($errorInfo['type'])) { - $this->setMessage($errorInfo['message'], $errorInfo['type']); - } - return $this; } + /** + * Set message on a given field name. This message will not persist via redirect. + * + * @param string $fieldName + * @param string $message + * @param string $messageType + * @param string $messageCast + * @return $this + */ + public function setFieldMessage( + $fieldName, + $message, + $messageType = ValidationResult::TYPE_ERROR, + $messageCast = ValidationResult::CAST_TEXT + ) { + $field = $this->fields->dataFieldByName($fieldName); + if ($field) { + $field->setMessage($message, $messageType, $messageCast); + } + return $this; + } + + public function castingHelper($field) + { + // Override casting for field message + if (strcasecmp($field, 'Message') === 0 && ($helper = $this->getMessageCastingHelper())) { + return $helper; + } + return parent::castingHelper($field); + } + /** * set up the default classes for the form. This is done on construct so that the default classes can be removed * after instantiation @@ -367,6 +474,7 @@ class Form extends RequestHandler * if the form is valid. * * @param HTTPRequest $request + * @return HTTPResponse * @throws HTTPResponse_Exception */ public function httpSubmission($request) @@ -393,6 +501,7 @@ class Form extends RequestHandler $this->loadDataFrom($vars, true, $allowedFields); // Protection against CSRF attacks + // @todo Move this to SecurityTokenField::validate() $token = $this->getSecurityToken(); if (! $token->checkRequest($request)) { $securityID = $token->getName(); @@ -404,14 +513,16 @@ class Form extends RequestHandler )); } else { // Clear invalid token on refresh + $this->clearFormState(); $data = $this->getData(); unset($data[$securityID]); - Session::set("FormInfo.{$this->FormName()}.data", $data); - Session::set("FormInfo.{$this->FormName()}.errors", array()); - $this->sessionMessage( - _t("Form.CSRF_EXPIRED_MESSAGE", "Your session has expired. Please re-submit the form."), - "warning" - ); + $this->setSessionData($data); + $this->sessionError(_t( + "Form.CSRF_EXPIRED_MESSAGE", + "Your session has expired. Please re-submit the form." + )); + + // Return the user return $this->controller->redirectBack(); } } @@ -466,38 +577,34 @@ class Form extends RequestHandler sprintf('Action "%s" not allowed on form (Name: "%s")', $funcName, $this->name) ); } - // TODO : Once we switch to a stricter policy regarding allowed_actions (meaning actions must be set - // explicitly in allowed_actions in order to run) - // Uncomment the following for checking security against running actions on form fields - /* else { - // Try to find a field that has the action, and allows it - $fieldsHaveMethod = false; - foreach ($this->Fields() as $field){ - if ($field->hasMethod($funcName) && $field->checkAccessAction($funcName)) { - $fieldsHaveMethod = true; - } - } - if (!$fieldsHaveMethod) { - return $this->httpError( - 403, - sprintf('Action "%s" not allowed on any fields of form (Name: "%s")', $funcName, $this->Name()) - ); - } - }*/ - // Validate the form - if (!$this->validate()) { - return $this->getValidationErrorResponse(); - } + // Action handlers may throw ValidationExceptions. + try { + // Or we can use the Valiator attached to the form + $result = $this->validationResult(); + if (!$result->isValid()) { + return $this->getValidationErrorResponse($result); + } - // First, try a handler method on the controller (has been checked for allowed_actions above already) - if ($this->controller->hasMethod($funcName)) { - return $this->controller->$funcName($vars, $this, $request); - // Otherwise, try a handler method on the form object. - } elseif ($this->hasMethod($funcName)) { - return $this->$funcName($vars, $this, $request); - } elseif ($field = $this->checkFieldsForAction($this->Fields(), $funcName)) { - return $field->$funcName($vars, $this, $request); + // First, try a handler method on the controller (has been checked for allowed_actions above already) + if ($this->controller->hasMethod($funcName)) { + return $this->controller->$funcName($vars, $this, $request); + } + + // Otherwise, try a handler method on the form object. + if ($this->hasMethod($funcName)) { + return $this->$funcName($vars, $this, $request); + } + + // Check for inline actions + if ($field = $this->checkFieldsForAction($this->Fields(), $funcName)) { + return $field->$funcName($vars, $this, $request); + } + } catch (ValidationException $e) { + // The ValdiationResult contains all the relevant metadata + $result = $e->getResult(); + $this->loadMessagesFrom($result); + return $this->getValidationErrorResponse($result); } return $this->httpError(404); @@ -520,7 +627,7 @@ class Form extends RequestHandler } } - // Always allow actions on fields + // Always allow actions on fields $field = $this->checkFieldsForAction($this->Fields(), $action); if ($field && $field->checkAccessAction($action)) { return true; @@ -562,45 +669,77 @@ class Form extends RequestHandler * Behaviour can be influenced by setting {@link $redirectToFormOnValidationError}, * and can be overruled by setting {@link $validationResponseCallback}. * - * @return HTTPResponse|string + * @param ValidationResult $result + * @return HTTPResponse */ - protected function getValidationErrorResponse() + protected function getValidationErrorResponse(ValidationResult $result) { + // Check for custom handling mechanism $callback = $this->getValidationResponseCallback(); - if ($callback && $callbackResponse = $callback()) { + if ($callback && $callbackResponse = call_user_func($callback, $result)) { return $callbackResponse; } - $request = $this->getRequest(); - if ($request->isAjax()) { - // Special case for legacy Validator.js implementation - // (assumes eval'ed javascript collected through FormResponse) - $acceptType = $request->getHeader('Accept'); - if (strpos($acceptType, 'application/json') !== false) { - // Send validation errors back as JSON with a flag at the start - $response = new HTTPResponse(Convert::array2json($this->validator->getErrors())); - $response->addHeader('Content-Type', 'application/json'); - } else { - $this->setupFormErrors(); - // Send the newly rendered form tag as HTML - $response = new HTTPResponse($this->forTemplate()); - $response->addHeader('Content-Type', 'text/html'); - } - - return $response; - } else { - if ($this->getRedirectToFormOnValidationError()) { - if ($pageURL = $request->getHeader('Referer')) { - if (Director::is_site_url($pageURL)) { - // Remove existing pragmas - $pageURL = preg_replace('/(#.*)/', '', $pageURL); - $pageURL = Director::absoluteURL($pageURL, true); - return $this->controller->redirect($pageURL . '#' . $this->FormName()); - } - } - } - return $this->controller->redirectBack(); + // Check if handling via ajax + if ($this->getRequest()->isAjax()) { + return $this->getAjaxErrorResponse($result); } + + // Prior to redirection, persist this result in session to re-display on redirect + $this->setSessionValidationResult($result); + $this->setSessionData($this->getData()); + + // Determine redirection method + if ($this->getRedirectToFormOnValidationError() && ($pageURL = $this->getRedirectReferer())) { + return $this->controller->redirect($pageURL . '#' . $this->FormName()); + } + return $this->controller->redirectBack(); + } + + /** + * Build HTTP error response for ajax requests + * + * @internal called from {@see Form::getValidationErrorResponse} + * @param ValidationResult $result + * @return HTTPResponse + */ + protected function getAjaxErrorResponse(ValidationResult $result) + { + // Ajax form submissions accept json encoded errors by default + $acceptType = $this->getRequest()->getHeader('Accept'); + if (strpos($acceptType, 'application/json') !== false) { + // Send validation errors back as JSON with a flag at the start + $response = new HTTPResponse(Convert::array2json($result->getMessages())); + $response->addHeader('Content-Type', 'application/json'); + return $response; + } + + // Send the newly rendered form tag as HTML + $this->loadMessagesFrom($result); + $response = new HTTPResponse($this->forTemplate()); + $response->addHeader('Content-Type', 'text/html'); + return $response; + } + + /** + * Get referrer to redirect back to and safely validates it + * + * @internal called from {@see Form::getValidationErrorResponse} + * @return string|null + */ + protected function getRedirectReferer() + { + $pageURL = $this->getRequest()->getHeader('Referer'); + if (!$pageURL) { + return null; + } + if (!Director::is_site_url($pageURL)) { + return null; + } + + // Remove existing pragmas + $pageURL = preg_replace('/(#.*)/', '', $pageURL); + return Director::absoluteURL($pageURL); } /** @@ -681,23 +820,6 @@ class Form extends RequestHandler return $this->redirectToFormOnValidationError; } - /** - * Add a plain text error message to a field on this form. It will be saved into the session - * and used the next time this form is displayed. - * @param string $fieldName - * @param string $message - * @param string $messageType - * @param bool $escapeHtml - */ - public function addErrorMessage($fieldName, $message, $messageType, $escapeHtml = true) - { - Session::add_to_array("FormInfo.{$this->FormName()}.errors", array( - 'fieldName' => $fieldName, - 'message' => $escapeHtml ? Convert::raw2xml($message) : $message, - 'messageType' => $messageType, - )); - } - /** * @param FormTransformation $trans */ @@ -1013,9 +1135,9 @@ class Form extends RequestHandler /** * Set the target of this form to any value - useful for opening the form contents in a new window or refreshing * another frame - * + * * @param string|FormTemplateHelper - */ + */ public function setTemplateHelper($helper) { $this->templateHelper = $helper; @@ -1342,101 +1464,36 @@ class Form extends RequestHandler return new Form_FieldMap($this); } - /** - * The next functions store and modify the forms - * message attributes. messages are stored in session under - * $_SESSION[formname][message]; - * - * @return string - */ - public function Message() - { - $this->getMessageFromSession(); - - return $this->message; - } - - /** - * @return string - */ - public function MessageType() - { - $this->getMessageFromSession(); - - return $this->messageType; - } - - /** - * @return string - */ - protected function getMessageFromSession() - { - if ($this->message || $this->messageType) { - return $this->message; - } else { - $this->message = Session::get("FormInfo.{$this->FormName()}.formError.message"); - $this->messageType = Session::get("FormInfo.{$this->FormName()}.formError.type"); - - return $this->message; - } - } - - /** - * Set a status message for the form. - * - * @param string $message the text of the message - * @param string $type Should be set to good, bad, or warning. - * @param boolean $escapeHtml Automatically sanitize the message. Set to FALSE if the message contains HTML. - * In that case, you might want to use {@link Convert::raw2xml()} to escape any - * user supplied data in the message. - * @return $this - */ - public function setMessage($message, $type, $escapeHtml = true) - { - $this->message = ($escapeHtml) ? Convert::raw2xml($message) : $message; - $this->messageType = $type; - return $this; - } - /** * Set a message to the session, for display next time this form is shown. * * @param string $message the text of the message * @param string $type Should be set to good, bad, or warning. - * @param boolean $escapeHtml Automatically sanitize the message. Set to FALSE if the message contains HTML. - * In that case, you might want to use {@link Convert::raw2xml()} to escape any - * user supplied data in the message. + * @param string|bool $cast Cast type; One of the CAST_ constant definitions. + * Bool values will be treated as plain text flag. */ - public function sessionMessage($message, $type, $escapeHtml = true) + public function sessionMessage($message, $type = ValidationResult::TYPE_ERROR, $cast = ValidationResult::CAST_TEXT) { - Session::set( - "FormInfo.{$this->FormName()}.formError.message", - $escapeHtml ? Convert::raw2xml($message) : $message - ); - Session::set("FormInfo.{$this->FormName()}.formError.type", $type); + $this->setMessage($message, $type, $cast); + $result = $this->getSessionValidationResult() ?: ValidationResult::create(); + $result->addMessage($message, $type, null, $cast); + $this->setSessionValidationResult($result); } - public static function messageForForm($formName, $message, $type, $escapeHtml = true) + /** + * Set an error to the session, for display next time this form is shown. + * + * @param string $message the text of the message + * @param string $type Should be set to good, bad, or warning. + * @param string|bool $cast Cast type; One of the CAST_ constant definitions. + * Bool values will be treated as plain text flag. + */ + public function sessionError($message, $type = ValidationResult::TYPE_ERROR, $cast = ValidationResult::CAST_TEXT) { - Session::set( - "FormInfo.{$formName}.formError.message", - $escapeHtml ? Convert::raw2xml($message) : $message - ); - Session::set("FormInfo.{$formName}.formError.type", $type); - } - - public function clearMessage() - { - $this->message = null; - Session::clear("FormInfo.{$this->FormName()}.errors"); - Session::clear("FormInfo.{$this->FormName()}.formError"); - Session::clear("FormInfo.{$this->FormName()}.data"); - } - - public function resetValidation() - { - Session::clear("FormInfo.{$this->FormName()}.errors"); - Session::clear("FormInfo.{$this->FormName()}.data"); + $this->setMessage($message, $type, $cast); + $result = $this->getSessionValidationResult() ?: ValidationResult::create(); + $result->addError($message, $type, null, $cast); + $this->setSessionValidationResult($result); } /** @@ -1464,52 +1521,37 @@ class Form extends RequestHandler /** * Processing that occurs before a form is executed. * + * This includes form validation, if it fails, we throw a ValidationException + * * This includes form validation, if it fails, we redirect back * to the form with appropriate error messages. * Always return true if the current form action is exempt from validation * * Triggered through {@link httpSubmission()}. * + * * Note that CSRF protection takes place in {@link httpSubmission()}, * if it fails the form data will never reach this method. * - * @return boolean + * @return ValidationResult */ - public function validate() + public function validationResult() { + // Opportunity to invalidate via validator $action = $this->buttonClicked(); if ($action && $this->actionIsValidationExempt($action)) { - return true; + return ValidationResult::create(); } + // Invoke validator if ($this->validator) { - $errors = $this->validator->validate(); - - if ($errors) { - // Load errors into session and post back - $data = $this->getData(); - - // Encode validation messages as XML before saving into session state - // As per Form::addErrorMessage() - $errors = array_map(function ($error) { - // Encode message as XML by default - if ($error['message'] instanceof DBField) { - $error['message'] = $error['message']->forTemplate(); - ; - } else { - $error['message'] = Convert::raw2xml($error['message']); - } - return $error; - }, $errors); - - Session::set("FormInfo.{$this->FormName()}.errors", $errors); - Session::set("FormInfo.{$this->FormName()}.data", $data); - - return false; - } + $result = $this->validator->validate(); + $this->loadMessagesFrom($result); + return $result; } - return true; + // Successful result + return ValidationResult::create(); } const MERGE_DEFAULT = 0; @@ -1559,7 +1601,7 @@ class Form extends RequestHandler * * @param array $fieldList An optional list of fields to process. This can be useful when you have a * form that has some fields that save to one object, and some that save to another. - * @return Form + * @return $this */ public function loadDataFrom($data, $mergeStrategy = 0, $fieldList = null) { @@ -1582,65 +1624,67 @@ class Form extends RequestHandler // dont include fields without data $dataFields = $this->Fields()->dataFields(); - if ($dataFields) { - foreach ($dataFields as $field) { - $name = $field->getName(); - - // Skip fields that have been excluded - if ($fieldList && !in_array($name, $fieldList)) { - continue; - } - - // First check looks for (fieldname)_unchanged, an indicator that we shouldn't overwrite the field value - if (is_array($data) && isset($data[$name . '_unchanged'])) { - continue; - } - - // Does this property exist on $data? - $exists = false; - // The value from $data for this field - $val = null; - - if (is_object($data)) { - $exists = ( - isset($data->$name) || - $data->hasMethod($name) || - ($data->hasMethod('hasField') && $data->hasField($name)) - ); - - if ($exists) { - $val = $data->__get($name); - } - } elseif (is_array($data)) { - if (array_key_exists($name, $data)) { - $exists = true; - $val = $data[$name]; - } // If field is in array-notation we need to access nested data - elseif (strpos($name, '[')) { - // First encode data using PHP's method of converting nested arrays to form data - $flatData = urldecode(http_build_query($data)); - // Then pull the value out from that flattened string - preg_match('/' . addcslashes($name, '[]') . '=([^&]*)/', $flatData, $matches); - - if (isset($matches[1])) { - $exists = true; - $val = $matches[1]; - } - } - } - - // save to the field if either a value is given, or loading of blank/undefined values is forced - if ($exists) { - if ($val != false || ($mergeStrategy & self::MERGE_IGNORE_FALSEISH) != self::MERGE_IGNORE_FALSEISH) { - // pass original data as well so composite fields can act on the additional information - $field->setValue($val, $data); - } - } elseif (($mergeStrategy & self::MERGE_CLEAR_MISSING) == self::MERGE_CLEAR_MISSING) { - $field->setValue($val, $data); - } - } + if (!$dataFields) { + return $this; } + /** @var FormField $field */ + foreach ($dataFields as $field) { + $name = $field->getName(); + + // Skip fields that have been excluded + if ($fieldList && !in_array($name, $fieldList)) { + continue; + } + + // First check looks for (fieldname)_unchanged, an indicator that we shouldn't overwrite the field value + if (is_array($data) && isset($data[$name . '_unchanged'])) { + continue; + } + + // Does this property exist on $data? + $exists = false; + // The value from $data for this field + $val = null; + + if (is_object($data)) { + $exists = ( + isset($data->$name) || + $data->hasMethod($name) || + ($data->hasMethod('hasField') && $data->hasField($name)) + ); + + if ($exists) { + $val = $data->__get($name); + } + } elseif (is_array($data)) { + if (array_key_exists($name, $data)) { + $exists = true; + $val = $data[$name]; + } // If field is in array-notation we need to access nested data + elseif (strpos($name, '[')) { + // First encode data using PHP's method of converting nested arrays to form data + $flatData = urldecode(http_build_query($data)); + // Then pull the value out from that flattened string + preg_match('/' . addcslashes($name, '[]') . '=([^&]*)/', $flatData, $matches); + + if (isset($matches[1])) { + $exists = true; + $val = $matches[1]; + } + } + } + + // save to the field if either a value is given, or loading of blank/undefined values is forced + if ($exists) { + if ($val != false || ($mergeStrategy & self::MERGE_IGNORE_FALSEISH) != self::MERGE_IGNORE_FALSEISH) { + // pass original data as well so composite fields can act on the additional information + $field->setValue($val, $data); + } + } elseif (($mergeStrategy & self::MERGE_CLEAR_MISSING) == self::MERGE_CLEAR_MISSING) { + $field->setValue($val, $data); + } + } return $this; } @@ -1658,19 +1702,17 @@ class Form extends RequestHandler $lastField = null; if ($dataFields) { foreach ($dataFields as $field) { - // Skip fields that have been excluded + // Skip fields that have been excluded if ($fieldList && is_array($fieldList) && !in_array($field->getName(), $fieldList)) { continue; } - $saveMethod = "save{$field->getName()}"; - if ($field->getName() == "ClassName") { $lastField = $field; } elseif ($dataObject->hasMethod($saveMethod)) { - $dataObject->$saveMethod( $field->dataValue()); - } elseif ($field->getName() != "ID") { + $dataObject->$saveMethod($field->dataValue()); + } elseif ($field->getName() !== "ID") { $field->saveInto($dataObject); } } @@ -1927,7 +1969,7 @@ class Form extends RequestHandler * be added by delimiting a string with spaces. * * @param string $class A string containing a classname or several class - * names delimited by a single space. + * names delimited by a single space. * @return $this */ public function addExtraClass($class) @@ -1969,7 +2011,7 @@ class Form extends RequestHandler if ($this->validator) { /** @skipUpgrade */ - $result .= '

' . _t('Form.VALIDATOR', 'Validator') . '

' . $this->validator->debug(); + $result .= '

'._t('Form.VALIDATOR', 'Validator').'

' . $this->validator->debug(); } return $result; diff --git a/src/Forms/FormField.php b/src/Forms/FormField.php index c2a1a3c26..572cecf83 100644 --- a/src/Forms/FormField.php +++ b/src/Forms/FormField.php @@ -40,6 +40,7 @@ use SilverStripe\View\SSViewer; */ class FormField extends RequestHandler { + use FormMessage; /** @see $schemaDataType */ const SCHEMA_DATA_TYPE_STRING = 'String'; @@ -103,16 +104,6 @@ class FormField extends RequestHandler */ protected $value; - /** - * @var string - */ - protected $message; - - /** - * @var string - */ - protected $messageType; - /** * @var string */ @@ -274,8 +265,6 @@ class FormField extends RequestHandler 'HolderID' => 'Text', 'Title' => 'Text', 'RightTitle' => 'Text', - 'MessageType' => 'Text', - 'Message' => 'HTMLFragment', 'Description' => 'HTMLFragment', ); @@ -456,32 +445,6 @@ class FormField extends RequestHandler return $this->name; } - /** - * Returns the field message, used by form validation. - * - * Use {@link setError()} to set this property. - * - * @return string - */ - public function Message() - { - return $this->message; - } - - /** - * Returns the field message type. - * - * Arbitrary value which is mostly used for CSS classes in the rendered HTML, e.g "required". - * - * Use {@link setError()} to set this property. - * - * @return string - */ - public function MessageType() - { - return $this->messageType; - } - /** * Returns the field value. * @@ -613,8 +576,8 @@ class FormField extends RequestHandler // e.g. red borders on input tags. // // CSS class needs to be different from the one rendered through {@link FieldHolder()}. - if ($this->Message()) { - $classes[] .= 'holder-' . $this->MessageType(); + if ($this->getMessage()) { + $classes[] .= 'holder-' . $this->getMessageType(); } return implode(' ', $classes); @@ -871,22 +834,13 @@ class FormField extends RequestHandler return $form->getSecurityToken()->isEnabled(); } - /** - * Sets the error message to be displayed on the form field. - * - * Allows HTML content, so remember to use Convert::raw2xml(). - * - * @param string $message - * @param string $messageType - * - * @return $this - */ - public function setError($message, $messageType) + public function castingHelper($field) { - $this->message = $message; - $this->messageType = $messageType; - - return $this; + // Override casting for field message + if (strcasecmp($field, 'Message') === 0 && ($helper = $this->getMessageCastingHelper())) { + return $helper; + } + return parent::castingHelper($field); } /** @@ -1211,12 +1165,12 @@ class FormField extends RequestHandler */ public function performReadonlyTransformation() { - $readonlyClassName = $this->class . '_Readonly'; + $readonlyClassName = static::class . '_Readonly'; if (ClassInfo::exists($readonlyClassName)) { $clone = $this->castedCopy($readonlyClassName); } else { - $clone = $this->castedCopy('SilverStripe\\Forms\\ReadonlyField'); + $clone = $this->castedCopy(ReadonlyField::class); } $clone->setReadonly(true); @@ -1606,17 +1560,10 @@ class FormField extends RequestHandler 'name' => $this->getName(), 'id' => $this->ID(), 'value' => $this->Value(), - 'message' => null, + 'message' => $this->getSchemaMessage(), 'data' => [], ]; - if ($message = $this->Message()) { - $state['message'] = [ - 'value' => ['html' => $message], - 'type' => $this->MessageType(), - ]; - } - return $state; } diff --git a/src/Forms/FormMessage.php b/src/Forms/FormMessage.php new file mode 100644 index 000000000..3fd5c56e2 --- /dev/null +++ b/src/Forms/FormMessage.php @@ -0,0 +1,132 @@ +message; + } + + /** + * Returns the field message type. + * + * Arbitrary value which is mostly used for CSS classes in the rendered HTML, e.g "required". + * + * Use {@link setError()} to set this property. + * + * @return string + */ + public function getMessageType() + { + return $this->messageType; + } + + /** + * Casting type for this message. Will be 'text' or 'html' + * + * @return string + */ + public function getMessageCast() + { + return $this->messageCast; + } + + /** + * Sets the error message to be displayed on the form field. + * + * Allows HTML content, so remember to use Convert::raw2xml(). + * + * @param string $message Message string + * @param string $messageType Message type + * @param string $messageCast + * @return $this + */ + public function setMessage( + $message, + $messageType = ValidationResult::TYPE_ERROR, + $messageCast = ValidationResult::CAST_TEXT + ) { + if (!in_array($messageCast, [ValidationResult::CAST_TEXT, ValidationResult::CAST_HTML])) { + throw new InvalidArgumentException("Invalid message cast type"); + } + $this->message = $message; + $this->messageType = $messageType; + $this->messageCast = $messageCast; + return $this; + } + + /** + * Get casting helper for message cast, or null if not known + * + * @return string + */ + protected function getMessageCastingHelper() + { + switch ($this->getMessageCast()) { + case ValidationResult::CAST_TEXT: + return 'Text'; + case ValidationResult::CAST_HTML: + return 'HTMLFragment'; + default: + return null; + } + } + + /** + * Get form schema encoded message + * + * @return array|null Message in array format, or null if no message + */ + public function getSchemaMessage() + { + $message = $this->getMessage(); + if (!$message) { + return null; + } + // Form schema messages treat simple strings as plain text, so nest for html messages + if ($this->getMessageCast() === ValidationResult::CAST_HTML) { + $message = ['html' => $message]; + } + return [ + 'value' => $message, + 'type' => $this->getMessageType(), + ]; + } +} diff --git a/src/Forms/GridField/GridFieldDeleteAction.php b/src/Forms/GridField/GridFieldDeleteAction.php index cf226be28..3f8ff1cd6 100644 --- a/src/Forms/GridField/GridFieldDeleteAction.php +++ b/src/Forms/GridField/GridFieldDeleteAction.php @@ -169,8 +169,7 @@ class GridFieldDeleteAction implements GridField_ColumnProvider, GridField_Actio if ($actionName == 'deleterecord') { if (!$item->canDelete()) { throw new ValidationException( - _t('GridFieldAction_Delete.DeletePermissionsFailure', "No delete permissions"), - 0 + _t('GridFieldAction_Delete.DeletePermissionsFailure', "No delete permissions") ); } @@ -178,8 +177,7 @@ class GridFieldDeleteAction implements GridField_ColumnProvider, GridField_Actio } else { if (!$item->canEdit()) { throw new ValidationException( - _t('GridFieldAction_Delete.EditPermissionsFailure', "No permission to unlink record"), - 0 + _t('GridFieldAction_Delete.EditPermissionsFailure', "No permission to unlink record") ); } diff --git a/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php b/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php index 5a64f0702..e512de18d 100644 --- a/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php +++ b/src/Forms/GridField/GridFieldDetailForm_ItemRequest.php @@ -4,11 +4,9 @@ namespace SilverStripe\Forms\GridField; use SilverStripe\Admin\LeftAndMain; use SilverStripe\Control\Controller; -use SilverStripe\Control\PjaxResponseNegotiator; use SilverStripe\Control\RequestHandler; use SilverStripe\Control\HTTPRequest; use SilverStripe\Control\HTTPResponse; -use SilverStripe\Control\HTTPResponse_Exception; use SilverStripe\Forms\FieldList; use SilverStripe\Forms\Form; use SilverStripe\Forms\FormAction; @@ -20,6 +18,7 @@ use SilverStripe\ORM\HasManyList; use SilverStripe\ORM\ManyManyList; use SilverStripe\ORM\SS_List; use SilverStripe\ORM\ValidationException; +use SilverStripe\ORM\ValidationResult; use SilverStripe\View\ArrayData; use SilverStripe\View\SSViewer; @@ -117,7 +116,7 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler $form->makeReadonly(); $data = new ArrayData(array( - 'Backlink' => $controller->Link(), + 'Backlink' => $controller->Link(), 'ItemEditForm' => $form )); $return = $data->renderWith($this->getTemplates()); @@ -399,11 +398,7 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler } // Save from form data - try { - $this->saveFormIntoRecord($data, $form); - } catch (ValidationException $e) { - return $this->generateValidationResponse($form, $e); - } + $this->saveFormIntoRecord($data, $form); $link = '"' . htmlspecialchars($this->record->Title, ENT_QUOTES) @@ -417,7 +412,7 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler ) ); - $form->sessionMessage($message, 'good', false); + $form->sessionMessage($message, 'good', ValidationResult::CAST_HTML); // Redirect after save return $this->redirectAfterSave($isNewRecord); @@ -478,62 +473,29 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler } // Save form and any extra saved data into this dataobject - $form->saveInto($this->record); - $this->record->write(); + $form->saveInto($this->record); + $this->record->write(); $extraData = $this->getExtraSavedData($this->record, $list); - $list->add($this->record, $extraData); + $list->add($this->record, $extraData); return $this->record; } - /** - * Generate a response object for a form validation error - * - * @param Form $form The source form - * @param ValidationException $e The validation error message - * @return HTTPResponse - * @throws HTTPResponse_Exception - */ - protected function generateValidationResponse($form, $e) - { - $controller = $this->getToplevelController(); - - $form->sessionMessage($e->getResult()->message(), 'bad', false); - $responseNegotiator = new PjaxResponseNegotiator(array( - 'CurrentForm' => function () use (&$form) { - return $form->forTemplate(); - }, - 'default' => function () use (&$controller) { - return $controller->redirectBack(); - } - )); - if ($controller->getRequest()->isAjax()) { - $controller->getRequest()->addHeader('X-Pjax', 'CurrentForm'); - } - return $responseNegotiator->respond($controller->getRequest()); - } - /** * @param array $data * @param Form $form * @return HTTPResponse + * @throws ValidationException */ public function doDelete($data, $form) { $title = $this->record->Title; - try { - if (!$this->record->canDelete()) { - throw new ValidationException( - _t('GridFieldDetailForm.DeletePermissionsFailure', "No delete permissions"), - 0 - ); - } - - $this->record->delete(); - } catch (ValidationException $e) { - $form->sessionMessage($e->getResult()->message(), 'bad', false); - return $this->getToplevelController()->redirectBack(); + if (!$this->record->canDelete()) { + throw new ValidationException( + _t('GridFieldDetailForm.DeletePermissionsFailure', "No delete permissions") + ); } + $this->record->delete(); $message = sprintf( _t('GridFieldDetailForm.Deleted', 'Deleted %s %s'), @@ -544,9 +506,9 @@ class GridFieldDetailForm_ItemRequest extends RequestHandler $toplevelController = $this->getToplevelController(); if ($toplevelController && $toplevelController instanceof LeftAndMain) { $backForm = $toplevelController->getEditForm(); - $backForm->sessionMessage($message, 'good', false); + $backForm->sessionMessage($message, 'good', ValidationResult::CAST_HTML); } else { - $form->sessionMessage($message, 'good', false); + $form->sessionMessage($message, 'good', ValidationResult::CAST_HTML); } //when an item is deleted, redirect to the parent controller diff --git a/src/Forms/RequiredFields.php b/src/Forms/RequiredFields.php index b19789e44..7f7f4d4d9 100644 --- a/src/Forms/RequiredFields.php +++ b/src/Forms/RequiredFields.php @@ -15,8 +15,12 @@ use SilverStripe\ORM\ArrayLib; class RequiredFields extends Validator { + /** + * List of required fields + * + * @var array + */ protected $required; - protected $useLabels = true; /** * Pass each field to be validated as a seperate argument to the constructor @@ -84,56 +88,58 @@ class RequiredFields extends Validator $valid = ($field->validate($this) && $valid); } - if ($this->required) { - foreach ($this->required as $fieldName) { - if (!$fieldName) { - continue; - } + if (!$this->required) { + return $valid; + } - if ($fieldName instanceof FormField) { - $formField = $fieldName; - $fieldName = $fieldName->getName(); + foreach ($this->required as $fieldName) { + if (!$fieldName) { + continue; + } + + if ($fieldName instanceof FormField) { + $formField = $fieldName; + $fieldName = $fieldName->getName(); + } else { + $formField = $fields->dataFieldByName($fieldName); + } + + // submitted data for file upload fields come back as an array + $value = isset($data[$fieldName]) ? $data[$fieldName] : null; + + if (is_array($value)) { + if ($formField instanceof FileField && isset($value['error']) && $value['error']) { + $error = true; } else { - $formField = $fields->dataFieldByName($fieldName); + $error = (count($value)) ? false : true; } + } else { + // assume a string or integer + $error = (strlen($value)) ? false : true; + } - // submitted data for file upload fields come back as an array - $value = isset($data[$fieldName]) ? $data[$fieldName] : null; - - if (is_array($value)) { - if ($formField instanceof FileField && isset($value['error']) && $value['error']) { - $error = true; - } else { - $error = (count($value)) ? false : true; - } - } else { - // assume a string or integer - $error = (strlen($value)) ? false : true; - } - - if ($formField && $error) { - $errorMessage = _t( - 'Form.FIELDISREQUIRED', - '{name} is required', - array( - 'name' => strip_tags( - '"' . ($formField->Title() ? $formField->Title() : $fieldName) . '"' - ) + if ($formField && $error) { + $errorMessage = _t( + 'Form.FIELDISREQUIRED', + '{name} is required', + array( + 'name' => strip_tags( + '"' . ($formField->Title() ? $formField->Title() : $fieldName) . '"' ) - ); + ) + ); - if ($msg = $formField->getCustomValidationMessage()) { - $errorMessage = $msg; - } - - $this->validationError( - $fieldName, - $errorMessage, - "required" - ); - - $valid = false; + if ($msg = $formField->getCustomValidationMessage()) { + $errorMessage = $msg; } + + $this->validationError( + $fieldName, + $errorMessage, + "required" + ); + + $valid = false; } } diff --git a/src/Forms/Schema/FormSchema.php b/src/Forms/Schema/FormSchema.php index 1080907c2..9eb9d6c42 100644 --- a/src/Forms/Schema/FormSchema.php +++ b/src/Forms/Schema/FormSchema.php @@ -2,10 +2,12 @@ namespace SilverStripe\Forms\Schema; -use SilverStripe\Control\Session; +use InvalidArgumentException; +use SilverStripe\Control\HTTPRequest; use SilverStripe\Forms\CompositeField; use SilverStripe\Forms\Form; use SilverStripe\Forms\FormField; +use SilverStripe\ORM\ValidationResult; /** * Represents a {@link Form} as structured data which allows a frontend library to render it. @@ -14,6 +16,69 @@ use SilverStripe\Forms\FormField; */ class FormSchema { + /** + * Request the schema part + */ + const PART_SCHEMA = 'schema'; + + /** + * Request the state part + */ + const PART_STATE = 'state'; + + /** + * Request the errors from a {@see ValidationResult} + */ + const PART_ERRORS = 'errors'; + + /** + * Request errors if invalid, or state if valid + */ + const PART_AUTO = 'auto'; + + /** + * Returns a representation of the provided {@link Form} as structured data, + * based on the request data. + * + * @param array|string $schemaParts Array or list of requested parts. + * @param string $schemaID ID for this schema. Required. + * @param Form $form Required for 'state' or 'schema' response + * @param ValidationResult $result Required for 'error' response + * @return array + */ + public function getMultipartSchema($schemaParts, $schemaID, Form $form = null, ValidationResult $result = null) + { + if (!is_array($schemaParts)) { + $schemaParts = preg_split('#\s*,\s*#', $schemaParts) ?: []; + } + $wantSchema = in_array('schema', $schemaParts); + $wantState = in_array('state', $schemaParts); + $wantErrors = in_array('errors', $schemaParts); + $auto = in_array('auto', $schemaParts); + + // Require ID + if (empty($schemaID)) { + throw new InvalidArgumentException("schemaID is required"); + } + $return = ['id' => $schemaID]; + + // Default to schema if not set + if ($form && ($wantSchema || empty($schemaParts))) { + $return['schema'] = $this->getSchema($form); + } + + // Return 'state' if requested, or if there are errors and 'auto' + if ($form && ($wantState || ($auto && !$result))) { + $return['state'] = $this->getState($form); + } + + // Return errors if 'errors' or 'auto' + if ($result && ($wantErrors || $auto)) { + $return['errors'] = $this->getErrors($result); + } + + return $return; + } /** * Gets the schema for this form as a nested array. @@ -55,18 +120,9 @@ class FormSchema */ public function getState(Form $form) { - // Ensure that session errors are populated within form field messages - $form->setupFormErrors(); - - // @todo - Replace with ValidationResult handling - // Currently tri-state; null (unsubmitted), true (submitted-valid), false (submitted-invalid) - $errors = Session::get("FormInfo.{$form->FormName()}.errors"); - $valid = isset($errors) ? empty($errors) : null; - $state = [ 'id' => $form->FormName(), 'fields' => [], - 'valid' => $valid, 'messages' => [], ]; @@ -76,17 +132,46 @@ class FormSchema $this->getFieldStates($form->Actions()) ); - if ($message = $form->Message()) { - $state['messages'][] = [ - // TODO Make form / field messages not always stored as html - 'value' => ['html' => $message], - 'type' => $form->MessageType(), - ]; + if ($message = $form->getSchemaMessage()) { + $state['messages'][] = $message; } return $state; } + /** + * @param ValidationResult $result + * @return array List of errors + */ + public function getErrors(ValidationResult $result) + { + $messages = []; + foreach ($result->getMessages() as $message) { + $messages[] = $this->getSchemaForMessage($message); + } + return $messages; + } + + /** + * Return form schema for encoded validation message + * + * @param array $message Internal ValidationResult format for this message + * @return array Form schema format for this message + */ + protected function getSchemaForMessage($message) + { + // Form schema messages treat simple strings as plain text, so nest for html messages + $value = $message['message']; + if ($message['messageCast'] === ValidationResult::CAST_HTML) { + $value = ['html' => $message]; + } + return [ + 'value' => $value, + 'type' => $message['messageType'], + 'field' => empty($message['fieldName']) ? null : $message['fieldName'], + ]; + } + protected function getFieldStates($fields) { $states = []; diff --git a/src/Forms/Validator.php b/src/Forms/Validator.php index 1f47da950..f14de905e 100644 --- a/src/Forms/Validator.php +++ b/src/Forms/Validator.php @@ -3,6 +3,7 @@ namespace SilverStripe\Forms; use SilverStripe\Core\Object; +use SilverStripe\ORM\ValidationResult; /** * This validation class handles all form and custom form validation through the use of Required @@ -12,40 +13,42 @@ use SilverStripe\Core\Object; abstract class Validator extends Object { + public function __construct() + { + parent::__construct(); + $this->resetResult(); + } + /** * @var Form $form */ protected $form; /** - * @var array $errors + * @var ValidationResult $result */ - protected $errors; + protected $result; /** * @param Form $form - * * @return $this */ public function setForm($form) { $this->form = $form; - return $this; } /** * Returns any errors there may be. * - * @return null|array + * @return ValidationResult */ public function validate() { - $this->errors = null; - + $this->resetResult(); $this->php($this->form->getData()); - - return $this->errors; + return $this->result; } /** @@ -55,17 +58,22 @@ abstract class Validator extends Object * * See {@link getErrors()} for details. * - * @param string $fieldName - * @param string $errorMessage - * @param string $errorMessageType + * @param string $fieldName Field name for this error + * @param string $message The message string + * @param string $messageType The type of message: e.g. "bad", "warning", "good", or "required". Passed as a CSS + * class to the form, so other values can be used if desired. + * @param string|bool $cast Cast type; One of the CAST_ constant definitions. + * Bool values will be treated as plain text flag. + * @return $this */ - public function validationError($fieldName, $errorMessage, $errorMessageType = '') - { - $this->errors[] = array( - 'fieldName' => $fieldName, - 'message' => $errorMessage, - 'messageType' => $errorMessageType, - ); + public function validationError( + $fieldName, + $message, + $messageType = ValidationResult::TYPE_ERROR, + $cast = ValidationResult::CAST_TEXT + ) { + $this->result->addFieldError($fieldName, $message, $messageType, null, $cast); + return $this; } /** @@ -77,6 +85,7 @@ abstract class Validator extends Object * 'fieldName' => '[form field name]', * 'message' => '[validation error message]', * 'messageType' => '[bad|message|validation|required]', + * 'messageCast' => '[text|html]' * ) * * @@ -84,32 +93,20 @@ abstract class Validator extends Object */ public function getErrors() { - return $this->errors; + if ($this->result) { + return $this->result->getMessages(); + } + return null; } /** - * @param string $fieldName - * @param array $data + * Get last validation result + * + * @return ValidationResult */ - public function requireField($fieldName, $data) + public function getResult() { - if (is_array($data[$fieldName]) && count($data[$fieldName])) { - foreach ($data[$fieldName] as $componentKey => $componentValue) { - if (!strlen($componentValue)) { - $this->validationError( - $fieldName, - sprintf('%s %s is required', $fieldName, $componentKey), - 'required' - ); - } - } - } elseif (!strlen($data[$fieldName])) { - $this->validationError( - $fieldName, - sprintf('%s is required', $fieldName), - 'required' - ); - } + return $this->result; } /** @@ -131,4 +128,15 @@ abstract class Validator extends Object * @return mixed */ abstract public function php($data); + + /** + * Clear current result + * + * @return $this + */ + protected function resetResult() + { + $this->result = ValidationResult::create(); + return $this; + } } diff --git a/src/ORM/DataObject.php b/src/ORM/DataObject.php index bcb4938bc..52e86c2b4 100644 --- a/src/ORM/DataObject.php +++ b/src/ORM/DataObject.php @@ -459,7 +459,7 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity } if ($sourceObject->manyMany()) { foreach ($sourceObject->manyMany() as $name => $type) { - //many_many include belongs_many_many + //many_many include belongs_many_many $this->duplicateRelations($sourceObject, $destinationObject, $name); } } @@ -1139,11 +1139,11 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity if ($defaults) { foreach ($defaults as $fieldName => $fieldValue) { - // SRM 2007-03-06: Stricter check + // SRM 2007-03-06: Stricter check if (!isset($this->$fieldName) || $this->$fieldName === null) { $this->$fieldName = $fieldValue; } - // Set many-many defaults with an array of ids + // Set many-many defaults with an array of ids if (is_array($fieldValue) && $this->getSchema()->manyManyComponent(static::class, $fieldName)) { /** @var ManyManyList $manyManyJoin */ $manyManyJoin = $this->$fieldName(); @@ -1170,19 +1170,14 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity if ($this->ObsoleteClassName) { return new ValidationException( "Object is of class '{$this->ObsoleteClassName}' which doesn't exist - ". - "you need to change the ClassName before you can write it", - E_USER_WARNING + "you need to change the ClassName before you can write it" ); } if ($this->config()->get('validation_enabled')) { $result = $this->validate(); - if (!$result->valid()) { - return new ValidationException( - $result, - $result->message(), - E_USER_WARNING - ); + if (!$result->isValid()) { + return new ValidationException($result); } } return null; @@ -2356,7 +2351,7 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity 'before' => array_key_exists($name, $this->original) ? $this->original[$name] : null, 'after' => array_key_exists($name, $this->record) ? $this->record[$name] : null, 'level' => $level - ); + ); } } @@ -3382,7 +3377,7 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity } $types = array( 'db' => (array)Config::inst()->get($ancestorClass, 'db', Config::UNINHERITED) - ); + ); if ($includerelations) { $types['has_one'] = (array)Config::inst()->get($ancestorClass, 'has_one', Config::UNINHERITED); $types['has_many'] = (array)Config::inst()->get($ancestorClass, 'has_many', Config::UNINHERITED); diff --git a/src/ORM/Hierarchy/Hierarchy.php b/src/ORM/Hierarchy/Hierarchy.php index a9ba40d07..44539193e 100644 --- a/src/ORM/Hierarchy/Hierarchy.php +++ b/src/ORM/Hierarchy/Hierarchy.php @@ -112,13 +112,14 @@ class Hierarchy extends DataExtension while ($node) { if ($node->ParentID==$this->owner->ID) { // Hierarchy is looping. - $validationResult->error( + $validationResult->addError( _t( 'Hierarchy.InfiniteLoopNotAllowed', 'Infinite loop found within the "{type}" hierarchy. Please change the parent to resolve this', 'First argument is the class that makes up the hierarchy.', array('type' => $this->owner->class) ), + 'bad', 'INFINITE_LOOP' ); break; diff --git a/src/ORM/ValidationException.php b/src/ORM/ValidationException.php index 15db5eeb4..235e69fc6 100644 --- a/src/ORM/ValidationException.php +++ b/src/ORM/ValidationException.php @@ -3,6 +3,8 @@ namespace SilverStripe\ORM; use Exception; +use InvalidArgumentException; +use SilverStripe\Core\Injector\Injectable; /** * Exception thrown by {@link DataObject}::write if validation fails. By throwing an @@ -11,6 +13,7 @@ use Exception; */ class ValidationException extends Exception { + use Injectable; /** * The contained ValidationResult related to this error @@ -23,32 +26,40 @@ class ValidationException extends Exception * Construct a new ValidationException with an optional ValidationResult object * * @param ValidationResult|string $result The ValidationResult containing the - * failed result. Can be substituted with an error message instead if no - * ValidationResult exists. - * @param string|integer $message The error message. If $result was given the - * message string rather than a ValidationResult object then this will have - * the error code number. - * @param integer $code The error code number, if not given in the second parameter + * failed result, or error message to build error from + * @param integer $code The error code number */ - public function __construct($result = null, $message = null, $code = 0) + public function __construct($result = null, $code = 0) { - - // Check arguments - if (!($result instanceof ValidationResult)) { - // Shift parameters if no ValidationResult is given - $code = $message; - $message = $result; - - // Infer ValidationResult from parameters - $result = new ValidationResult(false, $message); - } elseif (empty($message)) { - // Infer message if not given - $message = $result->message(); + // Catch legacy behaviour where second argument was not code + if ($code && !is_numeric($code)) { + throw new InvalidArgumentException("Code must be numeric"); } - // Construct - $this->result = $result; - parent::__construct($message, $code); + // Set default message and result + $exceptionMessage = _t("ValidationException.DEFAULT_ERROR", "Validation error"); + if (!$result) { + $result = $exceptionMessage; + } + + // Check result type + if ($result instanceof ValidationResult) { + $this->result = $result; + // Pick first message + foreach ($result->getMessages() as $message) { + $exceptionMessage = $message['message']; + break; + } + } elseif (is_string($result)) { + $this->result = ValidationResult::create()->addError($result); + $exceptionMessage = $result; + } else { + throw new InvalidArgumentException( + "ValidationExceptions must be passed a ValdiationResult, a string, or nothing at all" + ); + } + + parent::__construct($exceptionMessage, $code); } /** diff --git a/src/ORM/ValidationResult.php b/src/ORM/ValidationResult.php index 4a9207063..539da29b0 100644 --- a/src/ORM/ValidationResult.php +++ b/src/ORM/ValidationResult.php @@ -2,60 +2,179 @@ namespace SilverStripe\ORM; -use SilverStripe\Core\Object; +use InvalidArgumentException; +use Serializable; +use SilverStripe\Core\Convert; +use SilverStripe\Core\Injector\Injectable; +use SilverStripe\Dev\Deprecation; /** * A class that combined as a boolean result with an optional list of error messages. * This is used for returning validation results from validators + * + * Each message can have a code or field which will uniquely identify that message. However, + * messages can be stored without a field or message as an "overall" message. */ -class ValidationResult extends Object +class ValidationResult implements Serializable { - /** - * @var bool - is the result valid or not - */ - protected $isValid; - + use Injectable; /** - * @var array of errors + * Standard "error" type */ - protected $errorList = array(); + const TYPE_ERROR = 'error'; + + /** + * Standard "good" message type + */ + const TYPE_GOOD = 'good'; + + /** + * Non-error message type. + */ + const TYPE_INFO = 'info'; + + /** + * Warning message type + */ + const TYPE_WARNING = 'warning'; + + /** + * Message type is html + */ + const CAST_HTML = 'html'; + + /** + * Message type is plain text + */ + const CAST_TEXT = 'text'; + + /** + * Is the result valid or not. + * Note that there can be non-error messages in the list. + * + * @var bool + */ + protected $isValid = true; + + /** + * List of messages + * + * @var array + */ + protected $messages = array(); /** * Create a new ValidationResult. * By default, it is a successful result. Call $this->error() to record errors. - * @param bool $valid - * @param string|null $message */ - public function __construct($valid = true, $message = null) + public function __construct() { - $this->isValid = $valid; - if ($message) { - $this->errorList[] = $message; + if (func_num_args() > 0) { + Deprecation::notice('3.2', '$valid parameter is deprecated please addError to mark the result as invalid', false); + $this->isValid = func_get_arg(0); + } + if (func_num_args() > 1) { + Deprecation::notice('3.2', '$message parameter is deprecated please use addMessage or addError instead', false); + $this->addError(func_get_arg(1)); } - parent::__construct(); } /** * Record an error against this validation result, - * @param string $message The validation error message - * @param string $code An optional error code string, that can be accessed with {@link $this->codeList()}. + * + * @param string $message The message string. + * @param string $messageType Passed as a CSS class to the form, so other values can be used if desired. + * Standard types are defined by the TYPE_ constant definitions. + * @param string $code A codename for this error. Only one message per codename will be added. + * This can be usedful for ensuring no duplicate messages + * @param string|bool $cast Cast type; One of the CAST_ constant definitions. + * Bool values will be treated as plain text flag. * @return $this */ - public function error($message, $code = null) + public function addError($message, $messageType = self::TYPE_ERROR, $code = null, $cast = self::CAST_TEXT) { + return $this->addFieldError(null, $message, $messageType, $code, $cast); + } + + /** + * Record an error against this validation result, + * + * @param string $fieldName The field to link the message to. If omitted; a form-wide message is assumed. + * @param string $message The message string. + * @param string $messageType The type of message: e.g. "bad", "warning", "good", or "required". Passed as a CSS + * class to the form, so other values can be used if desired. + * @param string $code A codename for this error. Only one message per codename will be added. + * This can be usedful for ensuring no duplicate messages + * @param string|bool $cast Cast type; One of the CAST_ constant definitions. + * Bool values will be treated as plain text flag. + * @return $this + */ + public function addFieldError( + $fieldName, + $message, + $messageType = self::TYPE_ERROR, + $code = null, + $cast = self::CAST_TEXT + ) { $this->isValid = false; + return $this->addFieldMessage($fieldName, $message, $messageType, $code, $cast); + } + + /** + * Add a message to this ValidationResult without necessarily marking it as an error + * + * @param string $message The message string. + * @param string $messageType The type of message: e.g. "bad", "warning", "good", or "required". Passed as a CSS + * class to the form, so other values can be used if desired. + * @param string $code A codename for this error. Only one message per codename will be added. + * This can be usedful for ensuring no duplicate messages + * @param string|bool $cast Cast type; One of the CAST_ constant definitions. + * Bool values will be treated as plain text flag. + * @return $this + */ + public function addMessage($message, $messageType = self::TYPE_ERROR, $code = null, $cast = self::CAST_TEXT) + { + return $this->addFieldMessage(null, $message, $messageType, $code, $cast); + } + + /** + * Add a message to this ValidationResult without necessarily marking it as an error + * + * @param string $fieldName The field to link the message to. If omitted; a form-wide message is assumed. + * @param string $message The message string. + * @param string $messageType The type of message: e.g. "bad", "warning", "good", or "required". Passed as a CSS + * class to the form, so other values can be used if desired. + * @param string $code A codename for this error. Only one message per codename will be added. + * This can be usedful for ensuring no duplicate messages + * @param string|bool $cast Cast type; One of the CAST_ constant definitions. + * Bool values will be treated as plain text flag. + * @return $this + */ + public function addFieldMessage( + $fieldName, + $message, + $messageType = self::TYPE_ERROR, + $code = null, + $cast = self::CAST_TEXT + ) { + if ($code && is_numeric($code)) { + throw new InvalidArgumentException("Don't use a numeric code '$code'. Use a string."); + } + if (is_bool($cast)) { + $cast = $cast ? self::CAST_TEXT : self::CAST_HTML; + } + $metadata = array( + 'message' => $message, + 'fieldName' => $fieldName, + 'messageType' => $messageType, + 'messageCast' => $cast, + ); if ($code) { - if (!is_numeric($code)) { - $this->errorList[$code] = $message; - } else { - user_error("ValidationResult::error() - Don't use a numeric code '$code'. Use a string." - . "I'm going to ignore it.", E_USER_WARNING); - $this->errorList[$code] = $message; - } + $this->messages[$code] = $metadata; } else { - $this->errorList[] = $message; + $this->messages[] = $metadata; } return $this; @@ -65,51 +184,19 @@ class ValidationResult extends Object * Returns true if the result is valid. * @return boolean */ - public function valid() + public function isValid() { return $this->isValid; } /** - * Get an array of errors - * @return array + * Return the full error meta-data, suitable for combining with another ValidationResult. + * + * @return array Array of messages, where each item is an array of data for that message. */ - public function messageList() + public function getMessages() { - return $this->errorList; - } - - /** - * Get an array of error codes - * @return array - */ - public function codeList() - { - $codeList = array(); - foreach ($this->errorList as $k => $v) { - if (!is_numeric($k)) { - $codeList[] = $k; - } - } - return $codeList; - } - - /** - * Get the error message as a string. - * @return string - */ - public function message() - { - return implode("; ", $this->errorList); - } - - /** - * Get a starred list of all messages - * @return string - */ - public function starredList() - { - return " * " . implode("\n * ", $this->errorList); + return $this->messages; } /** @@ -122,9 +209,28 @@ class ValidationResult extends Object */ public function combineAnd(ValidationResult $other) { - $this->isValid = $this->isValid && $other->valid(); - $this->errorList = array_merge($this->errorList, $other->messageList()); - + $this->isValid = $this->isValid && $other->isValid(); + $this->messages = array_merge($this->messages, $other->getMessages()); return $this; } + + /** + * String representation of object + * + * @return string the string representation of the object or null + */ + public function serialize() + { + return json_encode([$this->messages, $this->isValid]); + } + + /** + * Constructs the object + * + * @param string $serialized + */ + public function unserialize($serialized) + { + list($this->messages, $this->isValid) = json_decode($serialized, true); + } } diff --git a/src/ORM/Versioning/VersionedGridFieldItemRequest.php b/src/ORM/Versioning/VersionedGridFieldItemRequest.php index ba6f0b7f0..cb0d473c5 100644 --- a/src/ORM/Versioning/VersionedGridFieldItemRequest.php +++ b/src/ORM/Versioning/VersionedGridFieldItemRequest.php @@ -8,7 +8,7 @@ use SilverStripe\Forms\Form; use SilverStripe\Forms\FormAction; use SilverStripe\Forms\GridField\GridFieldDetailForm_ItemRequest; use SilverStripe\ORM\DataObject; -use SilverStripe\ORM\ValidationException; +use SilverStripe\ORM\ValidationResult; /** * Provides versioned dataobject support to {@see GridFieldDetailForm_ItemRequest} @@ -25,7 +25,7 @@ class VersionedGridFieldItemRequest extends GridFieldDetailForm_ItemRequest // Check if record is versionable /** @var Versioned|DataObject $record */ $record = $this->getRecord(); - if (!$record || !$record->has_extension('SilverStripe\ORM\Versioning\Versioned')) { + if (!$record || !$record->has_extension(Versioned::class)) { return $actions; } @@ -100,12 +100,7 @@ class VersionedGridFieldItemRequest extends GridFieldDetailForm_ItemRequest // Record name before it's deleted $title = $record->Title; - - try { $record->doArchive(); - } catch (ValidationException $e) { - return $this->generateValidationResponse($form, $e); - } $message = sprintf( _t('VersionedGridFieldItemRequest.Archived', 'Archived %s %s'), @@ -139,15 +134,9 @@ class VersionedGridFieldItemRequest extends GridFieldDetailForm_ItemRequest return $this->httpError(403); } - // Save from form data - try { // Initial save and reload $record = $this->saveFormIntoRecord($data, $form); $record->publishRecursive(); - } catch (ValidationException $e) { - return $this->generateValidationResponse($form, $e); - } - $editURL = $this->Link('edit'); $xmlTitle = Convert::raw2xml($record->Title); $link = "{$xmlTitle}"; @@ -181,12 +170,7 @@ class VersionedGridFieldItemRequest extends GridFieldDetailForm_ItemRequest // Record name before it's deleted $title = $record->Title; - - try { $record->doUnpublish(); - } catch (ValidationException $e) { - return $this->generateValidationResponse($form, $e); - } $message = sprintf( _t('VersionedGridFieldItemRequest.Unpublished', 'Unpublished %s %s'), @@ -205,11 +189,12 @@ class VersionedGridFieldItemRequest extends GridFieldDetailForm_ItemRequest */ protected function setFormMessage($form, $message) { - $form->sessionMessage($message, 'good', false); + $form->sessionMessage($message, 'good', ValidationResult::CAST_HTML); $controller = $this->getToplevelController(); if ($controller->hasMethod('getEditForm')) { + /** @var Form $backForm */ $backForm = $controller->getEditForm(); - $backForm->sessionMessage($message, 'good', false); + $backForm->sessionMessage($message, 'good', ValidationResult::CAST_HTML); } } } diff --git a/src/Security/CMSMemberLoginForm.php b/src/Security/CMSMemberLoginForm.php index 9ccea8b7a..b1b8d063d 100644 --- a/src/Security/CMSMemberLoginForm.php +++ b/src/Security/CMSMemberLoginForm.php @@ -124,12 +124,13 @@ class CMSMemberLoginForm extends LoginForm /** * Redirect the user to the change password form. * + * @skipUpgrade * @return HTTPResponse */ protected function redirectToChangePassword() { // Since this form is loaded via an iframe, this redirect must be performed via javascript - $changePasswordForm = new ChangePasswordForm($this->controller, 'SilverStripe\\Security\\ChangePasswordForm'); + $changePasswordForm = new ChangePasswordForm($this->controller, 'ChangePasswordForm'); $changePasswordForm->sessionMessage( _t('Member.PASSWORDEXPIRED', 'Your password has expired. Please choose a new one.'), 'good' diff --git a/src/Security/ChangePasswordForm.php b/src/Security/ChangePasswordForm.php index 872128980..c18233bf2 100644 --- a/src/Security/ChangePasswordForm.php +++ b/src/Security/ChangePasswordForm.php @@ -14,6 +14,7 @@ use SilverStripe\Forms\PasswordField; use SilverStripe\Forms\FormAction; use SilverStripe\Forms\HiddenField; use SilverStripe\Forms\Form; +use SilverStripe\ORM\ValidationResult; /** * Standard Change Password Form @@ -64,7 +65,6 @@ class ChangePasswordForm extends Form parent::__construct($controller, $name, $fields, $actions); } - /** * Change the password * @@ -75,7 +75,7 @@ class ChangePasswordForm extends Form { if ($member = Member::currentUser()) { // The user was logged in, check the current password - if (empty($data['OldPassword']) || !$member->checkPassword($data['OldPassword'])->valid()) { + if (empty($data['OldPassword']) || !$member->checkPassword($data['OldPassword'])->isValid()) { $this->clearMessage(); $this->sessionMessage( _t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"), @@ -108,60 +108,52 @@ class ChangePasswordForm extends Form // redirect back to the form, instead of using redirectBack() which could send the user elsewhere. return $this->controller->redirect($this->controller->Link('changepassword')); - } elseif ($data['NewPassword1'] == $data['NewPassword2']) { - $isValid = $member->changePassword($data['NewPassword1']); - if ($isValid->valid()) { - // Clear locked out status - $member->LockedOutUntil = null; - $member->FailedLoginCount = null; - $member->write(); + } - if ($member->canLogIn()->valid()) { - $member->logIn(); - } - - // TODO Add confirmation message to login redirect - Session::clear('AutoLoginHash'); - - if (!empty($_REQUEST['BackURL']) - // absolute redirection URLs may cause spoofing - && Director::is_site_url($_REQUEST['BackURL']) - ) { - $url = Director::absoluteURL($_REQUEST['BackURL']); - return $this->controller->redirect($url); - } else { - // Redirect to default location - the login form saying "You are logged in as..." - $redirectURL = HTTP::setGetVar( - 'BackURL', - Director::absoluteBaseURL(), - $this->controller->Link('login') - ); - return $this->controller->redirect($redirectURL); - } - } else { - $this->clearMessage(); - $this->sessionMessage( - _t( - 'Member.INVALIDNEWPASSWORD', - "We couldn't accept that password: {password}", - array('password' => nl2br("\n".Convert::raw2xml($isValid->starredList()))) - ), - "bad", - false - ); - - // redirect back to the form, instead of using redirectBack() which could send the user elsewhere. - return $this->controller->redirect($this->controller->Link('changepassword')); - } - } else { + // Fail if passwords do not match + if ($data['NewPassword1'] !== $data['NewPassword2']) { $this->clearMessage(); $this->sessionMessage( _t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"), "bad" ); - // redirect back to the form, instead of using redirectBack() which could send the user elsewhere. return $this->controller->redirect($this->controller->Link('changepassword')); } + + // Check if the new password is accepted + $validationResult = $member->changePassword($data['NewPassword1']); + if (!$validationResult->isValid()) { + $this->setSessionValidationResult($validationResult); + return $this->controller->redirect($this->controller->Link('changepassword')); + } + + // Clear locked out status + $member->LockedOutUntil = null; + $member->FailedLoginCount = null; + $member->write(); + + if ($member->canLogIn()->isValid()) { + $member->logIn(); + } + + // TODO Add confirmation message to login redirect + Session::clear('AutoLoginHash'); + + if (!empty($_REQUEST['BackURL']) + // absolute redirection URLs may cause spoofing + && Director::is_site_url($_REQUEST['BackURL']) + ) { + $url = Director::absoluteURL($_REQUEST['BackURL']); + return $this->controller->redirect($url); + } else { + // Redirect to default location - the login form saying "You are logged in as..." + $redirectURL = HTTP::setGetVar( + 'BackURL', + Director::absoluteBaseURL(), + $this->controller->Link('login') + ); + return $this->controller->redirect($redirectURL); + } } } diff --git a/src/Security/Group.php b/src/Security/Group.php index 52059d00b..288fd6b71 100755 --- a/src/Security/Group.php +++ b/src/Security/Group.php @@ -428,7 +428,7 @@ class Group extends DataObject ->column('Code'); $privilegedCodes = Config::inst()->get('SilverStripe\\Security\\Permission', 'privileged_permissions'); if (array_intersect($inheritedCodes, $privilegedCodes)) { - $result->error(sprintf( + $result->addError(sprintf( _t( 'Group.HierarchyPermsError', 'Can\'t assign parent group "%s" with privileged permissions (requires ADMIN access)' diff --git a/src/Security/Member.php b/src/Security/Member.php index cc1097881..8b89f0b5b 100644 --- a/src/Security/Member.php +++ b/src/Security/Member.php @@ -275,7 +275,7 @@ class Member extends DataObject implements TemplateGlobalProvider if (!Security::has_default_admin()) { return null; } - + // Find or create ADMIN group Group::singleton()->requireDefaultRecords(); $adminGroup = Permission::get_groups_by_permission('ADMIN')->first(); @@ -310,7 +310,7 @@ class Member extends DataObject implements TemplateGlobalProvider /** * Check if the passed password matches the stored one (if the member is not locked out). * - * @param string $password + * @param string $password * @return ValidationResult */ public function checkPassword($password) @@ -318,7 +318,7 @@ class Member extends DataObject implements TemplateGlobalProvider $result = $this->canLogIn(); // Short-circuit the result upon failure, no further checks needed. - if (!$result->valid()) { + if (!$result->isValid()) { return $result; } @@ -329,13 +329,13 @@ class Member extends DataObject implements TemplateGlobalProvider // Check a password is set on this member if (empty($this->Password) && $this->exists()) { - $result->error(_t('Member.NoPassword', 'There is no password on this member.')); + $result->addError(_t('Member.NoPassword', 'There is no password on this member.')); return $result; } $e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption); if (!$e->check($this->Password, $password, $this->Salt, $this)) { - $result->error(_t( + $result->addError(_t( 'Member.ERRORWRONGCRED', 'The provided details don\'t seem to be correct. Please try again.' )); @@ -368,7 +368,7 @@ class Member extends DataObject implements TemplateGlobalProvider $result = ValidationResult::create(); if ($this->isLockedOut()) { - $result->error( + $result->addError( _t( 'Member.ERRORLOCKEDOUT2', 'Your account has been temporarily disabled because of too many failed attempts at ' . @@ -499,7 +499,7 @@ class Member extends DataObject implements TemplateGlobalProvider // Clear the incorrect log-in count $this->registerSuccessfulLogin(); - $this->LockedOutUntil = null; + $this->LockedOutUntil = null; $this->regenerateTempID(); @@ -938,7 +938,7 @@ class Member extends DataObject implements TemplateGlobalProvider $existingRecord = DataObject::get_one('SilverStripe\\Security\\Member', $filter); if ($existingRecord) { - throw new ValidationException(ValidationResult::create(false, _t( + throw new ValidationException(_t( 'Member.ValidationIdentifierFailed', 'Can\'t overwrite existing member #{id} with identical identifier ({name} = {value}))', 'Values in brackets show "fieldname = value", usually denoting an existing email address', @@ -947,7 +947,7 @@ class Member extends DataObject implements TemplateGlobalProvider 'name' => $identifierField, 'value' => $this->$identifierField ) - ))); + )); } } @@ -1055,9 +1055,9 @@ class Member extends DataObject implements TemplateGlobalProvider } // If there are no admin groups in this set then it's ok - $adminGroups = Permission::get_groups_by_permission('ADMIN'); - $adminGroupIDs = ($adminGroups) ? $adminGroups->column('ID') : array(); - return count(array_intersect($ids, $adminGroupIDs)) == 0; + $adminGroups = Permission::get_groups_by_permission('ADMIN'); + $adminGroupIDs = ($adminGroups) ? $adminGroups->column('ID') : array(); + return count(array_intersect($ids, $adminGroupIDs)) == 0; } @@ -1231,7 +1231,7 @@ class Member extends DataObject implements TemplateGlobalProvider ]; } - $columnsWithTablename = array(); + $columnsWithTablename = array(); foreach ($format['columns'] as $column) { $columnsWithTablename[] = static::getSchema()->sqlColumnForField(__CLASS__, $column); } @@ -1757,7 +1757,7 @@ class Member extends DataObject implements TemplateGlobalProvider $this->Password = $password; $valid = $this->validate(); - if ($valid->valid()) { + if ($valid->isValid()) { $this->AutoLoginHash = null; $this->write(); } diff --git a/src/Security/MemberAuthenticator.php b/src/Security/MemberAuthenticator.php index 75b953a9a..bd7d2a66e 100644 --- a/src/Security/MemberAuthenticator.php +++ b/src/Security/MemberAuthenticator.php @@ -81,9 +81,9 @@ class MemberAuthenticator extends Authenticator // Validate against member if possible if ($member && !$asDefaultAdmin) { $result = $member->checkPassword($data['Password']); - $success = $result->valid(); + $success = $result->isValid(); } else { - $result = new ValidationResult(false, _t('Member.ERRORWRONGCRED')); + $result = ValidationResult::create()->addError(_t('Member.ERRORWRONGCRED')); } // Emit failure to member and form (if available) @@ -92,7 +92,7 @@ class MemberAuthenticator extends Authenticator $member->registerFailedLogin(); } if ($form) { - $form->sessionMessage($result->message(), 'bad'); + $form->setSessionValidationResult($result, true); } } else { if ($member) { diff --git a/src/Security/MemberLoginForm.php b/src/Security/MemberLoginForm.php index 8307f3bee..2912b0135 100644 --- a/src/Security/MemberLoginForm.php +++ b/src/Security/MemberLoginForm.php @@ -8,6 +8,7 @@ use SilverStripe\Control\Director; use SilverStripe\Control\Session; use SilverStripe\Control\Controller; use SilverStripe\Control\Email\Email; +use SilverStripe\Dev\Debug; use SilverStripe\Forms\HiddenField; use SilverStripe\Forms\FieldList; use SilverStripe\Forms\FormAction; @@ -16,6 +17,7 @@ use SilverStripe\Forms\PasswordField; use SilverStripe\Forms\CheckboxField; use SilverStripe\Forms\LiteralField; use SilverStripe\Forms\RequiredFields; +use SilverStripe\ORM\ValidationResult; use SilverStripe\View\Requirements; /** @@ -160,19 +162,18 @@ JS; Requirements::customScript($js, 'MemberLoginFormFieldFocus'); } - /** - * Get message from session - */ - protected function getMessageFromSession() + public function restoreFormState() { + parent::restoreFormState(); $forceMessage = Session::get('MemberLoginForm.force_message'); if (($member = Member::currentUser()) && !$forceMessage) { - $this->message = _t( + $message = _t( 'Member.LOGGEDINAS', "You're logged in as {name}.", array('name' => $member->{$this->loggedInAsField}) ); + $this->setMessage($message, ValidationResult::TYPE_INFO); } // Reset forced message @@ -180,7 +181,7 @@ JS; Session::set('MemberLoginForm.force_message', false); } - return parent::getMessageFromSession(); + return $this; } @@ -283,11 +284,8 @@ JS; $member->logIn(); } - Session::set( - 'Security.Message.message', - _t('Member.WELCOMEBACK', "Welcome Back, {firstname}", array('firstname' => $firstname)) - ); - Session::set("Security.Message.type", "good"); + $message = _t('Member.WELCOMEBACK', "Welcome Back, {firstname}", array('firstname' => $firstname)); + Security::setLoginMessage($message, ValidationResult::TYPE_GOOD); } return Controller::curr()->redirectBack(); } diff --git a/src/Security/PasswordValidator.php b/src/Security/PasswordValidator.php index e4e94577f..66b54b2ff 100644 --- a/src/Security/PasswordValidator.php +++ b/src/Security/PasswordValidator.php @@ -80,7 +80,7 @@ class PasswordValidator extends Object if ($this->minLength) { if (strlen($password) < $this->minLength) { - $valid->error( + $valid->addError( sprintf( _t( 'PasswordValidator.TOOSHORT', @@ -88,6 +88,7 @@ class PasswordValidator extends Object ), $this->minLength ), + 'bad', 'TOO_SHORT' ); } @@ -109,7 +110,7 @@ class PasswordValidator extends Object } if ($score < $this->minScore) { - $valid->error( + $valid->addError( sprintf( _t( 'PasswordValidator.LOWCHARSTRENGTH', @@ -117,6 +118,7 @@ class PasswordValidator extends Object ), implode(', ', $missedTests) ), + 'bad', 'LOW_CHARACTER_STRENGTH' ); } @@ -130,11 +132,12 @@ class PasswordValidator extends Object /** @var MemberPassword $previousPassword */ foreach ($previousPasswords as $previousPassword) { if ($previousPassword->checkPassword($password)) { - $valid->error( + $valid->addError( _t( 'PasswordValidator.PREVPASSWORD', 'You\'ve already used that password in the past, please choose a new password' ), + 'bad', 'PREVIOUS_PASSWORD' ); break; diff --git a/src/Security/PermissionRoleCode.php b/src/Security/PermissionRoleCode.php index 7500bc256..febc99b28 100644 --- a/src/Security/PermissionRoleCode.php +++ b/src/Security/PermissionRoleCode.php @@ -33,7 +33,7 @@ class PermissionRoleCode extends DataObject && in_array($this->Code, $privilegedCodes) && !Permission::check('ADMIN') ) { - $result->error(sprintf( + $result->addError(sprintf( _t( 'PermissionRoleCode.PermsError', 'Can\'t assign code "%s" with privileged permissions (requires ADMIN access)' diff --git a/src/Security/Security.php b/src/Security/Security.php index 62cf606ed..09d480a70 100644 --- a/src/Security/Security.php +++ b/src/Security/Security.php @@ -21,6 +21,7 @@ use SilverStripe\ORM\ArrayList; use SilverStripe\ORM\DataObject; use SilverStripe\ORM\DB; use SilverStripe\ORM\FieldType\DBField; +use SilverStripe\ORM\ValidationResult; use SilverStripe\View\ArrayData; use SilverStripe\View\SSViewer; use SilverStripe\View\TemplateGlobalProvider; @@ -324,7 +325,7 @@ class Security extends Controller implements TemplateGlobalProvider // Somewhat hackish way to render a login form with an error message. $me = new Security(); $form = $me->LoginForm(); - $form->sessionMessage($message, 'warning'); + $form->sessionMessage($message, ValidationResult::TYPE_WARNING); Session::set('MemberLoginForm.force_message', 1); $loginResponse = $me->login(); if ($loginResponse instanceof HTTPResponse) { @@ -340,8 +341,7 @@ class Security extends Controller implements TemplateGlobalProvider $message = $messageSet['default']; } - Session::set("Security.Message.message", $message); - Session::set("Security.Message.type", 'warning'); + static::setLoginMessage($message, ValidationResult::TYPE_WARNING); Session::set("BackURL", $_SERVER['REQUEST_URI']); @@ -349,10 +349,10 @@ class Security extends Controller implements TemplateGlobalProvider // Audit logging hook $controller->extend('permissionDenied', $member); - return $controller->redirect( - Config::inst()->get('SilverStripe\\Security\\Security', 'login_url') - . "?BackURL=" . urlencode($_SERVER['REQUEST_URI']) - ); + return $controller->redirect(Controller::join_links( + static::config()->get('login_url'), + "?BackURL=" . urlencode($_SERVER['REQUEST_URI']) + )); } protected function init() @@ -559,11 +559,36 @@ class Security extends Controller implements TemplateGlobalProvider } $messageType = Session::get('Security.Message.type'); - if ($messageType === 'bad') { - return "

$message

"; - } else { - return "

$message

"; + $messageCast = Session::get('Security.Message.cast'); + if ($messageCast !== ValidationResult::CAST_HTML) { + $message = Convert::raw2xml($message); } + return sprintf('

%s

', Convert::raw2att($messageType), $message); + } + + /** + * Set the next message to display for the security login page. Defaults to warning + * + * @param string $message Message + * @param string $messageType Message type. One of ValidationResult::TYPE_* + * @param string $messageCast Message cast. One of ValidationResult::CAST_* + */ + public static function setLoginMessage( + $message, + $messageType = ValidationResult::TYPE_WARNING, + $messageCast = ValidationResult::CAST_TEXT + ) { + Session::set("Security.Message.message", $message); + Session::set("Security.Message.type", $messageType); + Session::set("Security.Message.cast", $messageCast); + } + + /** + * Clear login message + */ + public static function clearLoginMessage() + { + Session::clear("Security.Message"); } @@ -603,7 +628,7 @@ class Security extends Controller implements TemplateGlobalProvider $message = $this->getLoginMessage($messageType); // We've displayed the message in the form output, so reset it for the next run. - Session::clear('Security.Message'); + static::clearLoginMessage(); // only display tabs when more than one authenticator is provided // to save bandwidth and reduce the amount of custom styling needed diff --git a/tests/behat/features/login.feature b/tests/behat/features/login.feature index 4598330da..7f8716b1a 100644 --- a/tests/behat/features/login.feature +++ b/tests/behat/features/login.feature @@ -6,7 +6,7 @@ Feature: Log in Scenario: Bad login Given I log in with "bad@example.com" and "badpassword" - Then I will see a "bad" log-in message + Then I will see a "error" log-in message Scenario: Valid login Given I am logged in with "ADMIN" permissions diff --git a/tests/php/Assets/FileTest.php b/tests/php/Assets/FileTest.php index d39e16942..355190ae0 100644 --- a/tests/php/Assets/FileTest.php +++ b/tests/php/Assets/FileTest.php @@ -2,6 +2,7 @@ namespace SilverStripe\Assets\Tests; +use SilverStripe\Assets\Image; use SilverStripe\Assets\Storage\AssetStore; use SilverStripe\Assets\Tests\FileTest\MyCustomFile; use SilverStripe\ORM\ValidationException; @@ -178,22 +179,21 @@ class FileTest extends SapphireTest { // Invalid ext $file->Name = 'asdf.php'; - $v = $file->validate(); - $this->assertFalse($v->valid()); - $this->assertContains('Extension is not allowed', $v->message()); + $result = $file->validate(); + $this->assertFalse($result->isValid()); + $messages = $result->getMessages(); + $this->assertEquals(1, count($messages)); + $this->assertEquals('Extension is not allowed', $messages[0]['message']); // Valid ext $file->Name = 'asdf.txt'; - $v = $file->validate(); - $this->assertTrue($v->valid()); + $result = $file->validate(); + $this->assertTrue($result->isValid()); // Capital extension is valid as well $file->Name = 'asdf.TXT'; - $v = $file->validate(); - $this->assertTrue($v->valid()); - - Config::inst()->remove(File::class, 'allowed_extensions'); - Config::inst()->update(File::class, 'allowed_extensions', $orig); + $result = $file->validate(); + $this->assertTrue($result->isValid()); } public function testAppCategory() { @@ -372,7 +372,7 @@ class FileTest extends SapphireTest { public function testNameAndTitleGeneration() { // When name is assigned, title is automatically assigned - $file = $this->objFromFixture('SilverStripe\\Assets\\Image', 'setfromname'); + $file = $this->objFromFixture(Image::class, 'setfromname'); $this->assertEquals('FileTest', $file->Title); } @@ -386,13 +386,13 @@ class FileTest extends SapphireTest { } public function testFileType() { - $file = $this->objFromFixture('SilverStripe\\Assets\\Image', 'gif'); + $file = $this->objFromFixture(Image::class, 'gif'); $this->assertEquals("GIF image - good for diagrams", $file->FileType); $file = $this->objFromFixture(File::class, 'pdf'); $this->assertEquals("Adobe Acrobat PDF file", $file->FileType); - $file = $this->objFromFixture('SilverStripe\\Assets\\Image', 'gifupper'); + $file = $this->objFromFixture(Image::class, 'gifupper'); $this->assertEquals("GIF image - good for diagrams", $file->FileType); /* Only a few file types are given special descriptions; the rest are unknown */ @@ -450,7 +450,7 @@ class FileTest extends SapphireTest { $newTitle = "FileTest-folder-renamed"; //rename a folder's title - $folderID = $this->objFromFixture("SilverStripe\\Assets\\Folder","folder2")->ID; + $folderID = $this->objFromFixture(Folder::class,"folder2")->ID; $folder = DataObject::get_by_id(Folder::class,$folderID); $folder->Title = $newTitle; $folder->write(); @@ -508,30 +508,30 @@ class FileTest extends SapphireTest { } public function testCanEdit() { - $file = $this->objFromFixture('SilverStripe\\Assets\\Image', 'gif'); + $file = $this->objFromFixture(Image::class, 'gif'); // Test anonymous permissions Session::set('loggedInAs', null); $this->assertFalse($file->canEdit(), "Anonymous users can't edit files"); // Test permissionless user - $this->objFromFixture('SilverStripe\\Security\\Member', 'frontend')->logIn(); + $this->objFromFixture(Member::class, 'frontend')->logIn(); $this->assertFalse($file->canEdit(), "Permissionless users can't edit files"); // Test global CMS section users - $this->objFromFixture('SilverStripe\\Security\\Member', 'cms')->logIn(); + $this->objFromFixture(Member::class, 'cms')->logIn(); $this->assertTrue($file->canEdit(), "Users with all CMS section access can edit files"); // Test cms access users without file access - $this->objFromFixture('SilverStripe\\Security\\Member', 'security')->logIn(); + $this->objFromFixture(Member::class, 'security')->logIn(); $this->assertFalse($file->canEdit(), "Security CMS users can't edit files"); // Test asset-admin user - $this->objFromFixture('SilverStripe\\Security\\Member', 'assetadmin')->logIn(); + $this->objFromFixture(Member::class, 'assetadmin')->logIn(); $this->assertTrue($file->canEdit(), "Asset admin users can edit files"); // Test admin - $this->objFromFixture('SilverStripe\\Security\\Member', 'admin')->logIn(); + $this->objFromFixture(Member::class, 'admin')->logIn(); $this->assertTrue($file->canEdit(), "Admins can edit files"); } diff --git a/tests/php/Assets/UploadTest/Validator.php b/tests/php/Assets/UploadTest/Validator.php index 15494a817..cc27ef1af 100644 --- a/tests/php/Assets/UploadTest/Validator.php +++ b/tests/php/Assets/UploadTest/Validator.php @@ -35,10 +35,7 @@ class Validator extends Upload_Validator implements TestOnly // extension validation if(!$this->isValidExtension()) { - $this->errors[] = _t( - 'File.INVALIDEXTENSION_SHORT', - 'Extension is not allowed' - ); + $this->errors[] = _t('File.INVALIDEXTENSIONSHORT', 'Extension is not allowed'); return false; } diff --git a/tests/php/Forms/AssetFieldTest.php b/tests/php/Forms/AssetFieldTest.php index 8dbdb9248..33c953a54 100644 --- a/tests/php/Forms/AssetFieldTest.php +++ b/tests/php/Forms/AssetFieldTest.php @@ -346,7 +346,7 @@ class AssetFieldTest extends FunctionalTest { $form = new TestForm(); $form->loadDataFrom($data, true); - if($form->validate()) { + if($form->validationResult()->isValid()) { $record = $form->getRecord(); $form->saveInto($record); $record->write(); diff --git a/tests/php/Forms/EmailFieldTest/TestValidator.php b/tests/php/Forms/EmailFieldTest/TestValidator.php index a1127356c..c139c9d97 100644 --- a/tests/php/Forms/EmailFieldTest/TestValidator.php +++ b/tests/php/Forms/EmailFieldTest/TestValidator.php @@ -4,11 +4,13 @@ namespace SilverStripe\Forms\Tests\EmailFieldTest; use Exception; use SilverStripe\Forms\Validator; +use SilverStripe\ORM\ValidationResult; class TestValidator extends Validator { - public function validationError($fieldName, $message, $messageType = '') - { + public function validationError( + $fieldName, $message, $messageType = ValidationResult::TYPE_ERROR, $cast = ValidationResult::CAST_TEXT + ) { throw new Exception($message); } diff --git a/tests/php/Forms/FieldGroupTest.php b/tests/php/Forms/FieldGroupTest.php index d06eca30c..b3947ded0 100644 --- a/tests/php/Forms/FieldGroupTest.php +++ b/tests/php/Forms/FieldGroupTest.php @@ -18,11 +18,11 @@ class FieldGroupTest extends SapphireTest { ) ); - $textField->setError('Test error message', 'warning'); - $emailField->setError('Test error message', 'error'); + $textField->setMessage('Test error message', 'error'); + $emailField->setMessage('Test error warning', 'warning'); - $this->assertEquals('Test error message, Test error message.', $fieldGroup->Message()); - $this->assertEquals('warning. error', $fieldGroup->MessageType()); + $this->assertEquals('Test error message, Test error warning.', $fieldGroup->getMessage()); + $this->assertEquals('error', $fieldGroup->getMessageType()); } } diff --git a/tests/php/Forms/FileFieldTest.php b/tests/php/Forms/FileFieldTest.php index ecd981608..193b0d27c 100644 --- a/tests/php/Forms/FileFieldTest.php +++ b/tests/php/Forms/FileFieldTest.php @@ -33,9 +33,7 @@ class FileFieldTest extends FunctionalTest { ); $fileField->setValue($fileFieldValue); - $this->assertTrue( - $form->validate() - ); + $this->assertTrue($form->validationResult()->isValid()); } /** @@ -63,7 +61,7 @@ class FileFieldTest extends FunctionalTest { $fileField->setValue($fileFieldValue); $this->assertFalse( - $form->validate(), + $form->validationResult()->isValid(), 'An error occured when uploading a file, but the validator returned true' ); @@ -72,7 +70,7 @@ class FileFieldTest extends FunctionalTest { $fileField->setValue($fileFieldValue); $this->assertFalse( - $form->validate(), + $form->validationResult()->isValid(), 'An empty array was passed as parameter for an uploaded file, but the validator returned true' ); @@ -81,7 +79,7 @@ class FileFieldTest extends FunctionalTest { $fileField->setValue($fileFieldValue); $this->assertFalse( - $form->validate(), + $form->validationResult()->isValid(), 'A null value was passed as parameter for an uploaded file, but the validator returned true' ); } diff --git a/tests/php/Forms/FormFieldTest.php b/tests/php/Forms/FormFieldTest.php index 27d81fc6c..2b85ff2be 100644 --- a/tests/php/Forms/FormFieldTest.php +++ b/tests/php/Forms/FormFieldTest.php @@ -332,11 +332,10 @@ class FormFieldTest extends SapphireTest { $field = new FormField('MyField', 'My Field'); $validator = new RequiredFields('MyField'); $form = new Form(new Controller(), 'TestForm', new FieldList($field), new FieldList(), $validator); - $form->validate(); - $form->setupFormErrors(); + $form->validationResult(); $schema = $field->getSchemaState(); $this->assertEquals( - ['html' => '"My Field" is required'], + '"My Field" is required', $schema['message']['value'] ); } diff --git a/tests/php/Forms/FormSchemaTest.php b/tests/php/Forms/FormSchemaTest.php index edda487ff..71c706af4 100644 --- a/tests/php/Forms/FormSchemaTest.php +++ b/tests/php/Forms/FormSchemaTest.php @@ -77,7 +77,6 @@ class FormSchemaTest extends SapphireTest { 'name' => 'SecurityID', ] ], - 'valid' => null, 'messages' => [], ]; @@ -104,10 +103,9 @@ class FormSchemaTest extends SapphireTest { ] ], 'messages' => [[ - 'value' => ['html' => 'All saved'], - 'type' => 'good' + 'value' => 'All saved', + 'type' => 'good' ]], - 'valid' => null, ]; $state = $formSchema->getState($form); @@ -123,7 +121,7 @@ class FormSchemaTest extends SapphireTest { $form->loadDataFrom([ 'Title' => null, ]); - $this->assertFalse($form->validate()); + $this->assertFalse($form->validationResult()->isValid()); $formSchema = new FormSchema(); $expected = [ 'id' => 'Form_TestForm', @@ -132,7 +130,7 @@ class FormSchemaTest extends SapphireTest { 'id' => 'Form_TestForm_Title', 'value' => null, 'message' => [ - 'value' => ['html' => '"Title" is required'], + 'value' => '"Title" is required', 'type' => 'required' ], 'data' => [], @@ -146,7 +144,6 @@ class FormSchemaTest extends SapphireTest { 'name' => 'SecurityID', ] ], - 'valid' => false, 'messages' => [] ]; @@ -165,7 +162,7 @@ class FormSchemaTest extends SapphireTest { ->setIcon('save'), (new FormAction("cancel", "Cancel")) ->setUseButtonTag(true), - new PopoverField("More options", [ + $pop = new PopoverField("More options", [ new FormAction("publish", "Publish record"), new FormAction("archive", "Archive"), ]) diff --git a/tests/php/Forms/FormTest.php b/tests/php/Forms/FormTest.php index dcee988f9..88965431a 100644 --- a/tests/php/Forms/FormTest.php +++ b/tests/php/Forms/FormTest.php @@ -7,7 +7,8 @@ use SilverStripe\Forms\Tests\FormTest\ControllerWithSecurityToken; use SilverStripe\Forms\Tests\FormTest\ControllerWithStrictPostCheck; use SilverStripe\Forms\Tests\FormTest\Player; use SilverStripe\Forms\Tests\FormTest\Team; -use SilverStripe\ORM\DataModel; +use SilverStripe\ORM\ValidationResult; +use SilverStripe\Security\NullSecurityToken; use SilverStripe\Security\SecurityToken; use SilverStripe\Security\RandomGenerator; use SilverStripe\Dev\CSSContentParser; @@ -255,7 +256,7 @@ class FormTest extends FunctionalTest { $form->saveInto($object); $playersIds = $object->Players()->getIDList(); - $this->assertTrue($form->validate()); + $this->assertTrue($form->validationResult()->isValid()); $this->assertEquals( $playersIds, array(), @@ -420,7 +421,7 @@ class FormTest extends FunctionalTest { public function testSessionSuccessMessage() { $this->get('FormTest_Controller'); - $response = $this->post( + $this->post( 'FormTest_Controller/Form', array( 'Email' => 'test@test.com', @@ -436,16 +437,44 @@ class FormTest extends FunctionalTest { ); } + public function testValidationException() { + $this->get('FormTest_Controller'); + + $this->post( + 'FormTest_Controller/Form', + array( + 'Email' => 'test@test.com', + 'SomeRequiredField' => 'test', + 'action_doTriggerException' => 1, + ) + ); + $this->assertPartialMatchBySelector( + '#Form_Form_Email_Holder span.message', + array( + 'Error on Email field' + ), + 'Formfield validation shows note on field if invalid' + ); + $this->assertPartialMatchBySelector( + '#Form_Form_error', + array( + 'Error at top of form' + ), + 'Required fields show a notification on field when left blank' + ); + + } + public function testGloballyDisabledSecurityTokenInheritsToNewForm() { SecurityToken::enable(); $form1 = $this->getStubForm(); - $this->assertInstanceOf('SilverStripe\\Security\\SecurityToken', $form1->getSecurityToken()); + $this->assertInstanceOf(SecurityToken::class, $form1->getSecurityToken()); SecurityToken::disable(); $form2 = $this->getStubForm(); - $this->assertInstanceOf('SilverStripe\\Security\\NullSecurityToken', $form2->getSecurityToken()); + $this->assertInstanceOf(NullSecurityToken::class, $form2->getSecurityToken()); SecurityToken::enable(); } @@ -472,7 +501,7 @@ class FormTest extends FunctionalTest { SecurityToken::enable(); $expectedToken = SecurityToken::inst()->getValue(); - $response = $this->get('FormTest_ControllerWithSecurityToken'); + $this->get('FormTest_ControllerWithSecurityToken'); // can't use submitForm() as it'll automatically insert SecurityID into the POST data $response = $this->post( 'FormTest_ControllerWithSecurityToken/Form', @@ -490,7 +519,7 @@ class FormTest extends FunctionalTest { $this->assertNotEquals($invalidToken, $expectedToken); // Test token with request - $response = $this->get('FormTest_ControllerWithSecurityToken'); + $this->get('FormTest_ControllerWithSecurityToken'); $response = $this->post( 'FormTest_ControllerWithSecurityToken/Form', array( @@ -513,7 +542,7 @@ class FormTest extends FunctionalTest { $attrs = $matched[0]->attributes(); $this->assertEquals('test@test.com', (string)$attrs['value'], 'Submitted data is preserved'); - $response = $this->get('FormTest_ControllerWithSecurityToken'); + $this->get('FormTest_ControllerWithSecurityToken'); $tokenEls = $this->cssParser()->getBySelector('#Form_Form_SecurityID'); $this->assertEquals( 1, @@ -533,13 +562,13 @@ class FormTest extends FunctionalTest { } public function testStrictFormMethodChecking() { - $response = $this->get('FormTest_ControllerWithStrictPostCheck'); + $this->get('FormTest_ControllerWithStrictPostCheck'); $response = $this->get( 'FormTest_ControllerWithStrictPostCheck/Form/?Email=test@test.com&action_doSubmit=1' ); $this->assertEquals(405, $response->getStatusCode(), 'Submission fails with wrong method'); - $response = $this->get('FormTest_ControllerWithStrictPostCheck'); + $this->get('FormTest_ControllerWithStrictPostCheck'); $response = $this->post( 'FormTest_ControllerWithStrictPostCheck/Form', array( @@ -756,8 +785,7 @@ class FormTest extends FunctionalTest { function testMessageEscapeHtml() { $form = $this->getStubForm(); - $form->getController()->handleRequest(new HTTPRequest('GET', '/'), DataModel::inst()); // stub out request - $form->sessionMessage('Escaped HTML', 'good', true); + $form->setMessage('Escaped HTML', 'good', ValidationResult::CAST_TEXT); $parser = new CSSContentParser($form->forTemplate()); $messageEls = $parser->getBySelector('.message'); $this->assertContains( @@ -766,8 +794,7 @@ class FormTest extends FunctionalTest { ); $form = $this->getStubForm(); - $form->getController()->handleRequest(new HTTPRequest('GET', '/'), DataModel::inst()); // stub out request - $form->sessionMessage('Unescaped HTML', 'good', false); + $form->setMessage('Unescaped HTML', 'good', ValidationResult::CAST_HTML); $parser = new CSSContentParser($form->forTemplate()); $messageEls = $parser->getBySelector('.message'); $this->assertContains( @@ -776,11 +803,9 @@ class FormTest extends FunctionalTest { ); } - function testFieldMessageEscapeHtml() { + public function testFieldMessageEscapeHtml() { $form = $this->getStubForm(); - $form->getController()->handleRequest(new HTTPRequest('GET', '/'), DataModel::inst()); // stub out request - $form->addErrorMessage('key1', 'Escaped HTML', 'good', true); - $form->setupFormErrors(); + $form->Fields()->dataFieldByName('key1')->setMessage('Escaped HTML', 'good'); $parser = new CSSContentParser($result = $form->forTemplate()); $messageEls = $parser->getBySelector('#Form_Form_key1_Holder .message'); $this->assertContains( @@ -788,10 +813,12 @@ class FormTest extends FunctionalTest { $messageEls[0]->asXML() ); + // Test with HTML $form = $this->getStubForm(); - $form->getController()->handleRequest(new HTTPRequest('GET', '/'), DataModel::inst()); // stub out request - $form->addErrorMessage('key1', 'Unescaped HTML', 'good', false); - $form->setupFormErrors(); + $form + ->Fields() + ->dataFieldByName('key1') + ->setMessage('Unescaped HTML', 'good', ValidationResult::CAST_HTML); $parser = new CSSContentParser($form->forTemplate()); $messageEls = $parser->getBySelector('#Form_Form_key1_Holder .message'); $this->assertContains( diff --git a/tests/php/Forms/FormTest/Team.php b/tests/php/Forms/FormTest/Team.php index 000b23fcb..8f87c5b8e 100644 --- a/tests/php/Forms/FormTest/Team.php +++ b/tests/php/Forms/FormTest/Team.php @@ -4,9 +4,12 @@ namespace SilverStripe\Forms\Tests\FormTest; use SilverStripe\Dev\TestOnly; use SilverStripe\ORM\DataObject; +use SilverStripe\ORM\ManyManyList; /** * @skipUpgrade + * + * @method ManyManyList Players() */ class Team extends DataObject implements TestOnly { diff --git a/tests/php/Forms/FormTest/TestController.php b/tests/php/Forms/FormTest/TestController.php index 7b890021f..57e823f94 100644 --- a/tests/php/Forms/FormTest/TestController.php +++ b/tests/php/Forms/FormTest/TestController.php @@ -12,6 +12,8 @@ use SilverStripe\Forms\FormAction; use SilverStripe\Forms\NumericField; use SilverStripe\Forms\RequiredFields; use SilverStripe\Forms\TextField; +use SilverStripe\ORM\ValidationException; +use SilverStripe\ORM\ValidationResult; use SilverStripe\View\SSViewer; /** @@ -54,6 +56,7 @@ class TestController extends Controller implements TestOnly ), new FieldList( FormAction::create('doSubmit'), + FormAction::create('doTriggerException'), FormAction::create('doSubmitValidationExempt'), FormAction::create('doSubmitActionExempt') ->setValidationExempt(true) @@ -75,6 +78,13 @@ class TestController extends Controller implements TestOnly return $this->redirectBack(); } + public function doTriggerException($data, $form, $request) { + $result = new ValidationResult(); + $result->addFieldError('Email', 'Error on Email field'); + $result->addError('Error at top of form'); + throw new ValidationException($result); + } + public function doSubmitValidationExempt($data, $form, $request) { $form->sessionMessage('Validation skipped', 'good'); diff --git a/tests/php/Forms/OptionsetFieldTest.php b/tests/php/Forms/OptionsetFieldTest.php index c7b8ca515..4ba2fce26 100644 --- a/tests/php/Forms/OptionsetFieldTest.php +++ b/tests/php/Forms/OptionsetFieldTest.php @@ -54,7 +54,7 @@ class OptionsetFieldTest extends SapphireTest { $this->assertTrue($field->validate($validator)); // ... but should not pass "RequiredFields" validation - $this->assertFalse($form->validate()); + $this->assertFalse($form->validationResult()->isValid()); //disabled items shouldn't validate $field->setDisabledItems(array('Five')); diff --git a/tests/php/Forms/UploadFieldTest.php b/tests/php/Forms/UploadFieldTest.php index 70e9ccf41..6ae38ff72 100644 --- a/tests/php/Forms/UploadFieldTest.php +++ b/tests/php/Forms/UploadFieldTest.php @@ -937,7 +937,7 @@ class UploadFieldTest extends FunctionalTest { $form = new UploadFieldTest\UploadFieldTestForm(); $form->loadDataFrom($data, true); - if($form->validate()) { + if($form->validationResult()->isValid()) { $record = $form->getRecord(); $form->saveInto($record); $record->write(); diff --git a/tests/php/ORM/DataObjectTest.php b/tests/php/ORM/DataObjectTest.php index 945ec3edc..4c326b55f 100644 --- a/tests/php/ORM/DataObjectTest.php +++ b/tests/php/ORM/DataObjectTest.php @@ -13,14 +13,10 @@ use SilverStripe\ORM\Connect\MySQLDatabase; use SilverStripe\ORM\FieldType\DBPolymorphicForeignKey; use SilverStripe\ORM\FieldType\DBVarchar; use SilverStripe\ORM\ManyManyList; -use SilverStripe\ORM\Tests\ManyManyListTest\Category; -use SilverStripe\ORM\Tests\ManyManyListTest\ExtraFieldsObject; -use SilverStripe\ORM\Tests\ManyManyListTest\Product; use SilverStripe\ORM\ValidationException; use SilverStripe\View\ViewableData; use stdClass; use ReflectionException; -use ReflectionMethod; use InvalidArgumentException; class DataObjectTest extends SapphireTest { @@ -1055,7 +1051,6 @@ class DataObjectTest extends SapphireTest { public function testWritingInvalidDataObjectThrowsException() { $validatedObject = new DataObjectTest\ValidatedObject(); - $this->setExpectedException(ValidationException::class); $validatedObject->write(); } @@ -1181,12 +1176,6 @@ class DataObjectTest extends SapphireTest { ); } - protected function makeAccessible($object, $method) { - $reflectionMethod = new ReflectionMethod($object, $method); - $reflectionMethod->setAccessible(true); - return $reflectionMethod; - } - public function testValidateModelDefinitionsFailsWithArray() { Config::inst()->update(DataObjectTest\Team::class, 'has_one', array('NotValid' => array('NoArraysAllowed'))); $this->setExpectedException(InvalidArgumentException::class); @@ -1762,6 +1751,6 @@ class DataObjectTest extends SapphireTest { $staff->Salary = PHP_INT_MAX; $staff->write(); $this->assertEquals(PHP_INT_MAX, DataObjectTest\Staff::get()->byID($staff->ID)->Salary); - } +} } diff --git a/tests/php/ORM/DataObjectTest/ValidatedObject.php b/tests/php/ORM/DataObjectTest/ValidatedObject.php index 55c52a0d7..4778d1718 100644 --- a/tests/php/ORM/DataObjectTest/ValidatedObject.php +++ b/tests/php/ORM/DataObjectTest/ValidatedObject.php @@ -16,10 +16,10 @@ class ValidatedObject extends DataObject implements TestOnly public function validate() { - if (!empty($this->Name)) { - return new ValidationResult(); - } else { - return new ValidationResult(false, "This object needs a name. Otherwise it will have an identity crisis!"); + $result = ValidationResult::create(); + if (empty($this->Name)) { + $result->addError("This object needs a name. Otherwise it will have an identity crisis!"); } + return $result; } } diff --git a/tests/php/ORM/HierarchyTest.php b/tests/php/ORM/HierarchyTest.php index 6866c0912..8ac1bef11 100644 --- a/tests/php/ORM/HierarchyTest.php +++ b/tests/php/ORM/HierarchyTest.php @@ -184,7 +184,7 @@ class HierarchyTest extends SapphireTest { } /** - * @covers SilverStripe\ORM\Hierarchy\Hierarchy::markChildren() + * @covers \SilverStripe\ORM\Hierarchy\Hierarchy::markChildren() */ public function testMarkChildrenDoesntUnmarkPreviouslyMarked() { $obj3 = $this->objFromFixture(HierarchyTest\TestObject::class, 'obj3'); diff --git a/tests/php/ORM/ValidationExceptionTest.php b/tests/php/ORM/ValidationExceptionTest.php index efe51e6a5..0fdeee0ab 100644 --- a/tests/php/ORM/ValidationExceptionTest.php +++ b/tests/php/ORM/ValidationExceptionTest.php @@ -12,14 +12,20 @@ class ValidationExceptionTest extends SapphireTest * Test that ValidationResult object can correctly populate a ValidationException */ public function testCreateFromValidationResult() { + $result = new ValidationResult(); + $result->addError('Not a valid result'); - $result = new ValidationResult(false, 'Not a valid result'); $exception = new ValidationException($result); $this->assertEquals(0, $exception->getCode()); $this->assertEquals('Not a valid result', $exception->getMessage()); - $this->assertEquals(false, $exception->getResult()->valid()); - $this->assertEquals('Not a valid result', $exception->getResult()->message()); + $this->assertFalse($exception->getResult()->isValid()); + $this->assertContains([ + 'message' => 'Not a valid result', + 'messageCast' => ValidationResult::CAST_TEXT, + 'messageType' => ValidationResult::TYPE_ERROR, + 'fieldName' => null, + ], $exception->getResult()->getMessages()); } @@ -29,14 +35,26 @@ class ValidationExceptionTest extends SapphireTest */ public function testCreateFromComplexValidationResult() { $result = new ValidationResult(); - $result->error('Invalid type') - ->error('Out of kiwis'); + $result + ->addError('Invalid type') + ->addError('Out of kiwis'); $exception = new ValidationException($result); $this->assertEquals(0, $exception->getCode()); - $this->assertEquals('Invalid type; Out of kiwis', $exception->getMessage()); - $this->assertEquals(false, $exception->getResult()->valid()); - $this->assertEquals('Invalid type; Out of kiwis', $exception->getResult()->message()); + $this->assertEquals('Invalid type', $exception->getMessage()); + $this->assertEquals(false, $exception->getResult()->isValid()); + $this->assertContains([ + 'message' => 'Invalid type', + 'messageCast' => ValidationResult::CAST_TEXT, + 'messageType' => ValidationResult::TYPE_ERROR, + 'fieldName' => null, + ], $exception->getResult()->getMessages()); + $this->assertContains([ + 'message' => 'Out of kiwis', + 'messageCast' => ValidationResult::CAST_TEXT, + 'messageType' => ValidationResult::TYPE_ERROR, + 'fieldName' => null, + ], $exception->getResult()->getMessages()); } /** @@ -48,40 +66,40 @@ class ValidationExceptionTest extends SapphireTest $this->assertEquals(E_USER_ERROR, $exception->getCode()); $this->assertEquals('Error inferred from message', $exception->getMessage()); - $this->assertEquals(false, $exception->getResult()->valid()); - $this->assertEquals('Error inferred from message', $exception->getResult()->message()); + $this->assertFalse($exception->getResult()->isValid()); + $this->assertContains([ + 'message' => 'Error inferred from message', + 'messageCast' => ValidationResult::CAST_TEXT, + 'messageType' => ValidationResult::TYPE_ERROR, + 'fieldName' => null, + ], $exception->getResult()->getMessages()); } - /** - * Test that ValidationException can be created with both a ValidationResult - * and a custom message - */ - public function testCreateWithValidationResultAndMessage() { - $result = new ValidationResult(false, 'Incorrect placement of cutlery'); - $exception = new ValidationException($result, 'An error has occurred', E_USER_WARNING); - - $this->assertEquals(E_USER_WARNING, $exception->getCode()); - $this->assertEquals('An error has occurred', $exception->getMessage()); - $this->assertEquals(false, $exception->getResult()->valid()); - $this->assertEquals('Incorrect placement of cutlery', $exception->getResult()->message()); - } - - /** * Test that ValidationException can be created with both a ValidationResult * and a custom message */ public function testCreateWithComplexValidationResultAndMessage() { $result = new ValidationResult(); - $result->error('A spork is not a knife') - ->error('A knife is not a back scratcher'); - $exception = new ValidationException($result, 'An error has occurred', E_USER_WARNING); + $result->addError('A spork is not a knife') + ->addError('A knife is not a back scratcher'); + $exception = new ValidationException($result, E_USER_WARNING); $this->assertEquals(E_USER_WARNING, $exception->getCode()); - $this->assertEquals('An error has occurred', $exception->getMessage()); - $this->assertEquals(false, $exception->getResult()->valid()); - $this->assertEquals('A spork is not a knife; A knife is not a back scratcher', - $exception->getResult()->message()); + $this->assertEquals('A spork is not a knife', $exception->getMessage()); + $this->assertEquals(false, $exception->getResult()->isValid()); + $this->assertContains([ + 'message' => 'A spork is not a knife', + 'messageCast' => ValidationResult::CAST_TEXT, + 'messageType' => ValidationResult::TYPE_ERROR, + 'fieldName' => null, + ], $exception->getResult()->getMessages()); + $this->assertContains([ + 'message' => 'A knife is not a back scratcher', + 'messageCast' => ValidationResult::CAST_TEXT, + 'messageType' => ValidationResult::TYPE_ERROR, + 'fieldName' => null, + ], $exception->getResult()->getMessages()); } /** @@ -91,20 +109,73 @@ class ValidationExceptionTest extends SapphireTest $result = new ValidationResult(); $anotherresult = new ValidationResult(); $yetanotherresult = new ValidationResult(); - $anotherresult->error("Eat with your mouth closed", "EATING101"); - $yetanotherresult->error("You didn't wash your hands", "BECLEAN"); + $anotherresult->addError("Eat with your mouth closed", 'bad', "EATING101"); + $yetanotherresult->addError("You didn't wash your hands", 'bad', "BECLEAN", false); - $this->assertTrue($result->valid()); - $this->assertFalse($anotherresult->valid()); - $this->assertFalse($yetanotherresult->valid()); + $this->assertTrue($result->isValid()); + $this->assertFalse($anotherresult->isValid()); + $this->assertFalse($yetanotherresult->isValid()); $result->combineAnd($anotherresult) ->combineAnd($yetanotherresult); - $this->assertFalse($result->valid()); - $this->assertEquals(array( - "EATING101" => "Eat with your mouth closed", - "BECLEAN" => "You didn't wash your hands" - ),$result->messageList()); + $this->assertFalse($result->isValid()); + $this->assertEquals( + [ + 'EATING101' => [ + 'message' => 'Eat with your mouth closed', + 'messageType' => 'bad', + 'messageCast' => ValidationResult::CAST_TEXT, + 'fieldName' => null, + ], + 'BECLEAN' => [ + 'message' => 'You didn\'t wash your hands', + 'messageType' => 'bad', + 'messageCast' => ValidationResult::CAST_HTML, + 'fieldName' => null, + ], + ], + $result->getMessages() + ); + } + + /** + * Test that a ValidationException created with no contained ValidationResult + * will correctly populate itself with an inferred version + */ + public function testValidationResultAddMethods() { + $result = new ValidationResult(); + $result->addMessage('A spork is not a knife', 'bad'); + $result->addError('A knife is not a back scratcher'); + $result->addFieldMessage('Title', 'Title is good', 'good'); + $result->addFieldError('Content', 'Content is bad', 'bad'); + + + $this->assertEquals([ + [ + 'fieldName' => null, + 'message' => 'A spork is not a knife', + 'messageType' => 'bad', + 'messageCast' => ValidationResult::CAST_TEXT, + ], + [ + 'fieldName' => null, + 'message' => 'A knife is not a back scratcher', + 'messageType' => 'error', + 'messageCast' => ValidationResult::CAST_TEXT, + ], + [ + 'fieldName' => 'Title', + 'message' => 'Title is good', + 'messageType' => 'good', + 'messageCast' => ValidationResult::CAST_TEXT, + ], + [ + 'fieldName' => 'Content', + 'message' => 'Content is bad', + 'messageType' => 'bad', + 'messageCast' => ValidationResult::CAST_TEXT, + ] + ], $result->getMessages()); } } diff --git a/tests/php/ORM/ValidationResultTest.php b/tests/php/ORM/ValidationResultTest.php new file mode 100644 index 000000000..ad187ff05 --- /dev/null +++ b/tests/php/ORM/ValidationResultTest.php @@ -0,0 +1,35 @@ +addError("Error", ValidationResult::TYPE_ERROR, null, ValidationResult::CAST_HTML); + $result->addMessage("Message", ValidationResult::TYPE_GOOD); + $serialised = serialize($result); + + /** @var ValidationResult $result2 */ + $result2 = unserialize($serialised); + $this->assertEquals([ + [ + 'message' => 'Error', + 'fieldName' => null, + 'messageCast' => ValidationResult::CAST_HTML, + 'messageType' => ValidationResult::TYPE_ERROR, + ], + [ + 'message' => 'Message', + 'fieldName' => null, + 'messageCast' => ValidationResult::CAST_TEXT, + 'messageType' => ValidationResult::TYPE_GOOD, + ] + ], $result2->getMessages()); + $this->assertFalse($result2->isValid()); + } +} diff --git a/tests/php/Security/GroupTest.php b/tests/php/Security/GroupTest.php index 52c953ab9..626a8ac60 100644 --- a/tests/php/Security/GroupTest.php +++ b/tests/php/Security/GroupTest.php @@ -2,12 +2,13 @@ namespace SilverStripe\Security\Tests; +use SilverStripe\Control\Controller; use SilverStripe\ORM\DataObject; use SilverStripe\Security\Group; use SilverStripe\Dev\FunctionalTest; use SilverStripe\Control\Session; +use SilverStripe\Security\Permission; use SilverStripe\Security\Tests\GroupTest\TestMember; -use ReflectionMethod; class GroupTest extends FunctionalTest { @@ -35,16 +36,17 @@ class GroupTest extends FunctionalTest { $this->assertNull($g3->Code, 'Default title doesnt trigger attribute setting'); } + /** + * @skipUpgrade + */ public function testMemberGroupRelationForm() { Session::set('loggedInAs', $this->idFromFixture(TestMember::class, 'admin')); $adminGroup = $this->objFromFixture(Group::class, 'admingroup'); $parentGroup = $this->objFromFixture(Group::class, 'parentgroup'); - $childGroup = $this->objFromFixture(Group::class, 'childgroup'); // Test single group relation through checkboxsetfield - /** @skipUpgrade */ - $form = new GroupTest\MemberForm($this, 'Form'); + $form = new GroupTest\MemberForm(new Controller(), 'Form'); $member = $this->objFromFixture(TestMember::class, 'admin'); $form->loadDataFrom($member); $checkboxSetField = $form->Fields()->fieldByName('Groups'); @@ -75,9 +77,6 @@ class GroupTest extends FunctionalTest { "Removing a previously added toplevel group works" ); $this->assertContains($adminGroup->ID, $updatedGroups->column('ID')); - - // Test adding child group - } public function testUnsavedGroups() { @@ -124,55 +123,47 @@ class GroupTest extends FunctionalTest { $childGroupID = $this->idFromFixture(Group::class, 'childgroup'); $group->delete(); - $this->assertEquals(0, DataObject::get(Group::class, "\"ID\" = {$groupID}")->Count(), + $this->assertEquals(0, DataObject::get(Group::class, "\"ID\" = {$groupID}")->count(), 'Group is removed'); - $this->assertEquals(0, DataObject::get('SilverStripe\\Security\\Permission', "\"GroupID\" = {$groupID}")->Count(), + $this->assertEquals(0, DataObject::get(Permission::class, "\"GroupID\" = {$groupID}")->count(), 'Permissions removed along with the group'); - $this->assertEquals(0, DataObject::get(Group::class, "\"ParentID\" = {$groupID}")->Count(), + $this->assertEquals(0, DataObject::get(Group::class, "\"ParentID\" = {$groupID}")->count(), 'Child groups are removed'); - $this->assertEquals(0, DataObject::get(Group::class, "\"ParentID\" = {$childGroupID}")->Count(), + $this->assertEquals(0, DataObject::get(Group::class, "\"ParentID\" = {$childGroupID}")->count(), 'Grandchild groups are removed'); } public function testValidatesPrivilegeLevelOfParent() { - $nonAdminUser = $this->objFromFixture(TestMember::class, 'childgroupuser'); - $adminUser = $this->objFromFixture(TestMember::class, 'admin'); $nonAdminGroup = $this->objFromFixture(Group::class, 'childgroup'); $adminGroup = $this->objFromFixture(Group::class, 'admingroup'); - $nonAdminValidateMethod = new ReflectionMethod($nonAdminGroup, 'validate'); - $nonAdminValidateMethod->setAccessible(true); - // Making admin group parent of a non-admin group, effectively expanding is privileges $nonAdminGroup->ParentID = $adminGroup->ID; $this->logInWithPermission('APPLY_ROLES'); - $result = $nonAdminValidateMethod->invoke($nonAdminGroup); + $result = $nonAdminGroup->validate(); $this->assertFalse( - $result->valid(), + $result->isValid(), 'Members with only APPLY_ROLES can\'t assign parent groups with direct ADMIN permissions' ); $this->logInWithPermission('ADMIN'); - $result = $nonAdminValidateMethod->invoke($nonAdminGroup); + $result = $nonAdminGroup->validate(); $this->assertTrue( - $result->valid(), + $result->isValid(), 'Members with ADMIN can assign parent groups with direct ADMIN permissions' ); $nonAdminGroup->write(); - $newlyAdminGroup = $nonAdminGroup; $this->logInWithPermission('ADMIN'); $inheritedAdminGroup = $this->objFromFixture(Group::class, 'group1'); - $inheritedAdminMethod = new ReflectionMethod($inheritedAdminGroup, 'validate'); - $inheritedAdminMethod->setAccessible(true); $inheritedAdminGroup->ParentID = $adminGroup->ID; $inheritedAdminGroup->write(); // only works with ADMIN login $this->logInWithPermission('APPLY_ROLES'); - $result = $inheritedAdminMethod->invoke($nonAdminGroup); + $result = $nonAdminGroup->validate(); $this->assertFalse( - $result->valid(), + $result->isValid(), 'Members with only APPLY_ROLES can\'t assign parent groups with inherited ADMIN permission' ); } diff --git a/tests/php/Security/MemberAuthenticatorTest.php b/tests/php/Security/MemberAuthenticatorTest.php index 75c8c0199..0e3949ee4 100644 --- a/tests/php/Security/MemberAuthenticatorTest.php +++ b/tests/php/Security/MemberAuthenticatorTest.php @@ -4,6 +4,7 @@ namespace SilverStripe\Security\Tests; use SilverStripe\ORM\DataObject; use SilverStripe\ORM\FieldType\DBDatetime; +use SilverStripe\ORM\ValidationResult; use SilverStripe\Security\PasswordEncryptor; use SilverStripe\Security\PasswordEncryptor_PHPHash; use SilverStripe\Security\Security; @@ -53,10 +54,11 @@ class MemberAuthenticatorTest extends SapphireTest { ); MemberAuthenticator::authenticate($data); - $member = DataObject::get_by_id(Member::class, $member->ID); + /** @var Member $member */ + $member = DataObject::get_by_id(Member::class, $member->ID); $this->assertEquals($member->PasswordEncryption, "sha1_v2.4"); $result = $member->checkPassword('mypassword'); - $this->assertTrue($result->valid()); + $this->assertTrue($result->isValid()); } public function testNoLegacyPasswordHashMigrationOnIncompatibleAlgorithm() { @@ -82,7 +84,7 @@ class MemberAuthenticatorTest extends SapphireTest { $member = DataObject::get_by_id(Member::class, $member->ID); $this->assertEquals($member->PasswordEncryption, "crc32"); $result = $member->checkPassword('mypassword'); - $this->assertTrue($result->valid()); + $this->assertTrue($result->isValid()); } public function testCustomIdentifierField(){ @@ -139,9 +141,10 @@ class MemberAuthenticatorTest extends SapphireTest { 'tempid' => $tempID, 'Password' => 'mypassword' ), $form); + $form->restoreFormState(); $this->assertNotEmpty($result); $this->assertEquals($result->ID, $member->ID); - $this->assertEmpty($form->Message()); + $this->assertEmpty($form->getMessage()); // Test incorrect login $form->clearMessage(); @@ -149,9 +152,11 @@ class MemberAuthenticatorTest extends SapphireTest { 'tempid' => $tempID, 'Password' => 'notmypassword' ), $form); + $form->restoreFormState(); $this->assertEmpty($result); - $this->assertEquals('The provided details don't seem to be correct. Please try again.', $form->Message()); - $this->assertEquals('bad', $form->MessageType()); + $this->assertEquals(_t('Member.ERRORWRONGCRED'), $form->getMessage()); + $this->assertEquals(ValidationResult::TYPE_ERROR, $form->getMessageType()); + $this->assertEquals(ValidationResult::CAST_TEXT, $form->getMessageCast()); } /** @@ -168,9 +173,10 @@ class MemberAuthenticatorTest extends SapphireTest { 'Email' => 'admin', 'Password' => 'password' ), $form); + $form->restoreFormState(); $this->assertNotEmpty($result); $this->assertEquals($result->Email, Security::default_admin_username()); - $this->assertEmpty($form->Message()); + $this->assertEmpty($form->getMessage()); // Test incorrect login $form->clearMessage(); @@ -178,9 +184,14 @@ class MemberAuthenticatorTest extends SapphireTest { 'Email' => 'admin', 'Password' => 'notmypassword' ), $form); + $form->restoreFormState(); $this->assertEmpty($result); - $this->assertEquals('The provided details don't seem to be correct. Please try again.', $form->Message()); - $this->assertEquals('bad', $form->MessageType()); + $this->assertEquals( + 'The provided details don\'t seem to be correct. Please try again.', + $form->getMessage() + ); + $this->assertEquals(ValidationResult::TYPE_ERROR, $form->getMessageType()); + $this->assertEquals(ValidationResult::CAST_TEXT, $form->getMessageCast()); } public function testDefaultAdminLockOut() diff --git a/tests/php/Security/MemberCsvBulkLoaderTest.php b/tests/php/Security/MemberCsvBulkLoaderTest.php index f6948bcb7..8464164fd 100644 --- a/tests/php/Security/MemberCsvBulkLoaderTest.php +++ b/tests/php/Security/MemberCsvBulkLoaderTest.php @@ -87,6 +87,6 @@ class MemberCsvBulkLoaderTest extends SapphireTest { // TODO Direct getter doesn't work, wtf! $this->assertEquals(Security::config()->password_encryption_algorithm, $member->getField('PasswordEncryption')); $result = $member->checkPassword('mypassword'); - $this->assertTrue($result->valid()); + $this->assertTrue($result->isValid()); } } diff --git a/tests/php/Security/MemberTest.php b/tests/php/Security/MemberTest.php index 0d026ea5e..de61b4878 100644 --- a/tests/php/Security/MemberTest.php +++ b/tests/php/Security/MemberTest.php @@ -2,6 +2,7 @@ namespace SilverStripe\Security\Tests; +use SilverStripe\Core\Convert; use SilverStripe\Core\Object; use SilverStripe\Dev\FunctionalTest; use SilverStripe\Control\Cookie; @@ -131,7 +132,7 @@ class MemberTest extends FunctionalTest { 'sha1_v2.4' ); $result = $member->checkPassword('mynewpassword'); - $this->assertTrue($result->valid()); + $this->assertTrue($result->isValid()); Security::config()->password_encryption_algorithm = $origAlgo; } @@ -150,7 +151,7 @@ class MemberTest extends FunctionalTest { 'sha1_v2.4' ); $result = $member->checkPassword(''); - $this->assertTrue($result->valid()); + $this->assertTrue($result->isValid()); } public function testSetPassword() { @@ -158,7 +159,7 @@ class MemberTest extends FunctionalTest { $member->Password = "test1"; $member->write(); $result = $member->checkPassword('test1'); - $this->assertTrue($result->valid()); + $this->assertTrue($result->isValid()); } /** @@ -212,7 +213,7 @@ class MemberTest extends FunctionalTest { $member = $this->objFromFixture(Member::class, 'test'); $this->assertNotNull($member); $valid = $member->changePassword('32asDF##$$%%'); - $this->assertTrue($valid->valid()); + $this->assertTrue($valid->isValid()); $this->assertEmailSent('testuser@example.com', null, 'Your password has been changed', '/testuser@example\.com/'); @@ -250,80 +251,81 @@ class MemberTest extends FunctionalTest { * - at least 7 characters long */ public function testValidatePassword() { - $member = $this->objFromFixture(Member::class, 'test'); + /** @var Member $member */ + $member = $this->objFromFixture(Member::class, 'test'); $this->assertNotNull($member); Member::set_password_validator(new MemberTest\TestPasswordValidator()); // BAD PASSWORDS - $valid = $member->changePassword('shorty'); - $this->assertFalse($valid->valid()); - $this->assertContains("TOO_SHORT", $valid->codeList()); + $result = $member->changePassword('shorty'); + $this->assertFalse($result->isValid()); + $this->assertArrayHasKey("TOO_SHORT", $result->getMessages()); - $valid = $member->changePassword('longone'); - $this->assertNotContains("TOO_SHORT", $valid->codeList()); - $this->assertContains("LOW_CHARACTER_STRENGTH", $valid->codeList()); - $this->assertFalse($valid->valid()); + $result = $member->changePassword('longone'); + $this->assertArrayNotHasKey("TOO_SHORT", $result->getMessages()); + $this->assertArrayHasKey("LOW_CHARACTER_STRENGTH", $result->getMessages()); + $this->assertFalse($result->isValid()); - $valid = $member->changePassword('w1thNumb3rs'); - $this->assertNotContains("LOW_CHARACTER_STRENGTH", $valid->codeList()); - $this->assertTrue($valid->valid()); + $result = $member->changePassword('w1thNumb3rs'); + $this->assertArrayNotHasKey("LOW_CHARACTER_STRENGTH", $result->getMessages()); + $this->assertTrue($result->isValid()); // Clear out the MemberPassword table to ensure that the system functions properly in that situation DB::query("DELETE FROM \"MemberPassword\""); // GOOD PASSWORDS - $valid = $member->changePassword('withSym###Ls'); - $this->assertNotContains("LOW_CHARACTER_STRENGTH", $valid->codeList()); - $this->assertTrue($valid->valid()); + $result = $member->changePassword('withSym###Ls'); + $this->assertArrayNotHasKey("LOW_CHARACTER_STRENGTH", $result->getMessages()); + $this->assertTrue($result->isValid()); - $valid = $member->changePassword('withSym###Ls2'); - $this->assertTrue($valid->valid()); + $result = $member->changePassword('withSym###Ls2'); + $this->assertTrue($result->isValid()); - $valid = $member->changePassword('withSym###Ls3'); - $this->assertTrue($valid->valid()); + $result = $member->changePassword('withSym###Ls3'); + $this->assertTrue($result->isValid()); - $valid = $member->changePassword('withSym###Ls4'); - $this->assertTrue($valid->valid()); + $result = $member->changePassword('withSym###Ls4'); + $this->assertTrue($result->isValid()); - $valid = $member->changePassword('withSym###Ls5'); - $this->assertTrue($valid->valid()); + $result = $member->changePassword('withSym###Ls5'); + $this->assertTrue($result->isValid()); - $valid = $member->changePassword('withSym###Ls6'); - $this->assertTrue($valid->valid()); + $result = $member->changePassword('withSym###Ls6'); + $this->assertTrue($result->isValid()); - $valid = $member->changePassword('withSym###Ls7'); - $this->assertTrue($valid->valid()); + $result = $member->changePassword('withSym###Ls7'); + $this->assertTrue($result->isValid()); // CAN'T USE PASSWORDS 2-7, but I can use pasword 1 - $valid = $member->changePassword('withSym###Ls2'); - $this->assertFalse($valid->valid()); - $this->assertContains("PREVIOUS_PASSWORD", $valid->codeList()); + $result = $member->changePassword('withSym###Ls2'); + $this->assertFalse($result->isValid()); + $this->assertArrayHasKey("PREVIOUS_PASSWORD", $result->getMessages()); - $valid = $member->changePassword('withSym###Ls5'); - $this->assertFalse($valid->valid()); - $this->assertContains("PREVIOUS_PASSWORD", $valid->codeList()); + $result = $member->changePassword('withSym###Ls5'); + $this->assertFalse($result->isValid()); + $this->assertArrayHasKey("PREVIOUS_PASSWORD", $result->getMessages()); - $valid = $member->changePassword('withSym###Ls7'); - $this->assertFalse($valid->valid()); - $this->assertContains("PREVIOUS_PASSWORD", $valid->codeList()); + $result = $member->changePassword('withSym###Ls7'); + $this->assertFalse($result->isValid()); + $this->assertArrayHasKey("PREVIOUS_PASSWORD", $result->getMessages()); - $valid = $member->changePassword('withSym###Ls'); - $this->assertTrue($valid->valid()); + $result = $member->changePassword('withSym###Ls'); + $this->assertTrue($result->isValid()); // HAVING DONE THAT, PASSWORD 2 is now available from the list - $valid = $member->changePassword('withSym###Ls2'); - $this->assertTrue($valid->valid()); + $result = $member->changePassword('withSym###Ls2'); + $this->assertTrue($result->isValid()); - $valid = $member->changePassword('withSym###Ls3'); - $this->assertTrue($valid->valid()); + $result = $member->changePassword('withSym###Ls3'); + $this->assertTrue($result->isValid()); - $valid = $member->changePassword('withSym###Ls4'); - $this->assertTrue($valid->valid()); + $result = $member->changePassword('withSym###Ls4'); + $this->assertTrue($result->isValid()); Member::set_password_validator(null); } @@ -337,14 +339,14 @@ class MemberTest extends FunctionalTest { $member = $this->objFromFixture(Member::class, 'test'); $this->assertNotNull($member); $valid = $member->changePassword("Xx?1234234"); - $this->assertTrue($valid->valid()); + $this->assertTrue($valid->isValid()); $expiryDate = date('Y-m-d', time() + 90*86400); $this->assertEquals($expiryDate, $member->PasswordExpiry); Member::config()->password_expiry_days = null; $valid = $member->changePassword("Xx?1234235"); - $this->assertTrue($valid->valid()); + $this->assertTrue($valid->isValid()); $this->assertNull($member->PasswordExpiry); } @@ -870,11 +872,11 @@ class MemberTest extends FunctionalTest { 'alc_device' => $firstHash->DeviceID ) ); - $message = _t( + $message = Convert::raw2xml(_t( 'Member.LOGGEDINAS', "You're logged in as {name}.", array('name' => $m1->FirstName) - ); + )); $this->assertContains($message, $response->getBody()); $this->session()->inst_set('loggedInAs', null); @@ -924,9 +926,9 @@ class MemberTest extends FunctionalTest { } public function testExpiredRememberMeHashAutologin() { + /** @var Member $m1 */ $m1 = $this->objFromFixture(Member::class, 'noexpiry'); - - $m1->login(true); + $m1->logIn(true); $firstHash = RememberLoginHash::get()->filter('MemberID', $m1->ID)->first(); $this->assertNotNull($firstHash); @@ -936,7 +938,7 @@ class MemberTest extends FunctionalTest { $firstHash->ExpiryDate = '2000-01-01 00:00:00'; $firstHash->write(); - DBDateTime::set_mock_now('1999-12-31 23:59:59'); + DBDatetime::set_mock_now('1999-12-31 23:59:59'); $response = $this->get( 'Security/login', @@ -947,11 +949,11 @@ class MemberTest extends FunctionalTest { 'alc_device' => $firstHash->DeviceID ) ); - $message = _t( + $message = Convert::raw2xml(_t( 'Member.LOGGEDINAS', "You're logged in as {name}.", array('name' => $m1->FirstName) - ); + )); $this->assertContains($message, $response->getBody()); $this->session()->inst_set('loggedInAs', null); @@ -1017,11 +1019,11 @@ class MemberTest extends FunctionalTest { 'alc_device' => $firstHash->DeviceID ) ); - $message = _t( + $message = Convert::raw2xml(_t( 'Member.LOGGEDINAS', "You're logged in as {name}.", array('name' => $m1->FirstName) - ); + )); $this->assertContains($message, $response->getBody()); $this->session()->inst_set('loggedInAs', null); diff --git a/tests/php/Security/PasswordValidatorTest.php b/tests/php/Security/PasswordValidatorTest.php index ce9e5a334..7211c5047 100644 --- a/tests/php/Security/PasswordValidatorTest.php +++ b/tests/php/Security/PasswordValidatorTest.php @@ -11,10 +11,10 @@ class PasswordValidatorTest extends SapphireTest { public function testValidate() { $v = new PasswordValidator(); $r = $v->validate('', new Member()); - $this->assertTrue($r->valid(), 'Empty password is valid by default'); + $this->assertTrue($r->isValid(), 'Empty password is valid by default'); $r = $v->validate('mypassword', new Member()); - $this->assertTrue($r->valid(), 'Non-Empty password is valid by default'); + $this->assertTrue($r->isValid(), 'Non-Empty password is valid by default'); } public function testValidateMinLength() { @@ -22,11 +22,11 @@ class PasswordValidatorTest extends SapphireTest { $v->minLength(4); $r = $v->validate('123', new Member()); - $this->assertFalse($r->valid(), 'Password too short'); + $this->assertFalse($r->isValid(), 'Password too short'); $v->minLength(4); $r = $v->validate('1234', new Member()); - $this->assertTrue($r->valid(), 'Password long enough'); + $this->assertTrue($r->isValid(), 'Password long enough'); } public function testValidateMinScore() { @@ -34,10 +34,10 @@ class PasswordValidatorTest extends SapphireTest { $v->characterStrength(3, array("lowercase", "uppercase", "digits", "punctuation")); $r = $v->validate('aA', new Member()); - $this->assertFalse($r->valid(), 'Passing too few tests'); + $this->assertFalse($r->isValid(), 'Passing too few tests'); $r = $v->validate('aA1', new Member()); - $this->assertTrue($r->valid(), 'Passing enough tests'); + $this->assertTrue($r->isValid(), 'Passing enough tests'); } public function testHistoricalPasswordCount() { diff --git a/tests/php/Security/PermissionRoleTest.php b/tests/php/Security/PermissionRoleTest.php index 247fb2613..81b7bcc7c 100644 --- a/tests/php/Security/PermissionRoleTest.php +++ b/tests/php/Security/PermissionRoleTest.php @@ -6,7 +6,6 @@ use SilverStripe\ORM\DataObject; use SilverStripe\Security\PermissionRole; use SilverStripe\Security\PermissionRoleCode; use SilverStripe\Dev\FunctionalTest; -use ReflectionMethod; class PermissionRoleTest extends FunctionalTest { protected static $fixture_file = 'PermissionRoleTest.yml'; @@ -24,31 +23,26 @@ class PermissionRoleTest extends FunctionalTest { public function testValidatesPrivilegedPermissions() { $nonAdminCode = new PermissionRoleCode(array('Code' => 'CMS_ACCESS_CMSMain')); - $nonAdminValidateMethod = new ReflectionMethod($nonAdminCode, 'validate'); - $nonAdminValidateMethod->setAccessible(true); - $adminCode = new PermissionRoleCode(array('Code' => 'ADMIN')); - $adminValidateMethod = new ReflectionMethod($adminCode, 'validate'); - $adminValidateMethod->setAccessible(true); $this->logInWithPermission('APPLY_ROLES'); - $result = $nonAdminValidateMethod->invoke($nonAdminCode); + $result = $nonAdminCode->validate(); $this->assertTrue( - $result->valid(), + $result->isValid(), 'Members with only APPLY_ROLES can create non-privileged permission role codes' ); $this->logInWithPermission('APPLY_ROLES'); - $result = $adminValidateMethod->invoke($adminCode); + $result = $adminCode->validate(); $this->assertFalse( - $result->valid(), + $result->isValid(), 'Members with only APPLY_ROLES can\'t create privileged permission role codes' ); $this->logInWithPermission('ADMIN'); - $result = $adminValidateMethod->invoke($adminCode); + $result = $adminCode->validate(); $this->assertTrue( - $result->valid(), + $result->isValid(), 'Members with ADMIN can create privileged permission role codes' ); } diff --git a/tests/php/Security/SecurityTest.php b/tests/php/Security/SecurityTest.php index 57ae66d2d..c4bb31220 100644 --- a/tests/php/Security/SecurityTest.php +++ b/tests/php/Security/SecurityTest.php @@ -6,6 +6,7 @@ use SilverStripe\ORM\DataObject; use SilverStripe\ORM\FieldType\DBDatetime; use SilverStripe\ORM\FieldType\DBClassName; use SilverStripe\ORM\DB; +use SilverStripe\ORM\ValidationResult; use SilverStripe\Security\Authenticator; use SilverStripe\Security\LoginAttempt; use SilverStripe\Security\Member; @@ -444,7 +445,10 @@ class SecurityTest extends FunctionalTest { $member->LockedOutUntil, 'User does not have a lockout time set if under threshold for failed attempts' ); - $this->assertContains($this->loginErrorMessage(), Convert::raw2xml(_t('Member.ERRORWRONGCRED'))); + $this->assertHasMessage(_t( + 'Member.ERRORWRONGCRED', + 'The provided details don\'t seem to be correct. Please try again.' + )); } else { // Fuzzy matching for time to avoid side effects from slow running tests $this->assertGreaterThan( @@ -462,7 +466,7 @@ class SecurityTest extends FunctionalTest { array('count' => Member::config()->lock_out_delay_mins) ); if($i > Member::config()->lock_out_after_incorrect_logins) { - $this->assertContains($msg, $this->loginErrorMessage()); + $this->assertHasMessage($msg); } } @@ -491,9 +495,8 @@ class SecurityTest extends FunctionalTest { $this->doTestLoginForm('testuser@example.com' , 'incorrectpassword'); } $this->assertNull($this->session()->inst_get('loggedInAs')); - $this->assertContains( - $this->loginErrorMessage(), - Convert::raw2xml(_t('Member.ERRORWRONGCRED')), + $this->assertHasMessage( + _t('Member.ERRORWRONGCRED','The provided details don\'t seem to be correct. Please try again.'), 'The user can retry with a wrong password after the lockout expires' ); @@ -560,9 +563,7 @@ class SecurityTest extends FunctionalTest { $this->assertTrue(is_object($attempt)); $this->assertEquals($attempt->Status, 'Failure'); $this->assertEquals($attempt->Email, 'wronguser@silverstripe.com'); - $this->assertNotNull( - $this->loginErrorMessage(), 'An invalid email returns a message.' - ); + $this->assertNotEmpty($this->getValidationResult()->getMessages(), 'An invalid email returns a message.'); } public function testSuccessfulLoginAttempts() { @@ -640,11 +641,35 @@ class SecurityTest extends FunctionalTest { ); } - /** - * Get the error message on the login form - */ - public function loginErrorMessage() { - return $this->session()->inst_get('FormInfo.MemberLoginForm_LoginForm.formError.message'); - } + /** + * Assert this message is in the current login form errors + * + * @param string $expected + * @param string $errorMessage + */ + protected function assertHasMessage($expected, $errorMessage = null) { + $messages = []; + $result = $this->getValidationResult(); + if ($result) { + foreach($result->getMessages() as $message) { + $messages[] = $message['message']; + } + } + $this->assertContains($expected, $messages, $errorMessage); + } + + /** + * Get validation result from last login form submission + * + * @return ValidationResult + */ + protected function getValidationResult() { + $result = $this->session()->inst_get('FormInfo.MemberLoginForm_LoginForm.result'); + if ($result) { + /** @var ValidationResult $resultObj */ + return unserialize($result); + } + return null; + } }