diff --git a/control/Session.php b/control/Session.php index e40018a4f..a4ad854f0 100644 --- a/control/Session.php +++ b/control/Session.php @@ -145,15 +145,7 @@ class Session { if($data instanceof Session) $data = $data->inst_getAll(); $this->data = $data; - - if (isset($this->data['HTTP_USER_AGENT'])) { - if ($this->data['HTTP_USER_AGENT'] != $this->userAgent()) { - // Funny business detected! - $this->inst_clearAll(); - $this->inst_destroy(); - $this->inst_start(); - } - } + $this->expireIfInvalid(); } /** @@ -392,6 +384,9 @@ class Session { $this->data = isset($_SESSION) ? $_SESSION : array(); } + // Ensure session is validated on start + $this->expireIfInvalid(); + // Modify the timeout behaviour so it's the *inactive* time before the session expires. // By default it's the total session lifetime if($timeout && !headers_sent()) { @@ -631,4 +626,31 @@ class Session { Deprecation::notice('4.0', 'Use the "Session.timeout" config setting instead'); return Config::inst()->get('Session', 'timeout'); } + + /** + * Validate the user agent against the current data, resetting the + * current session if a mismatch is detected. + * + * @deprecated 3.0..4.0 Removed in 4.0 + * @return bool If user agent has been set against this session, returns + * the valid state of this session as either true or false. If the agent + * isn't set it is assumed valid and returns true. + */ + private function expireIfInvalid() { + // If not set, indeterminable; Assume true as safe default + if (!isset($this->data['HTTP_USER_AGENT'])) { + return true; + } + + // Agents match, deterministically true + if ($this->data['HTTP_USER_AGENT'] === $this->userAgent()) { + return true; + } + + // Funny business detected! + $this->inst_clearAll(); + $this->inst_destroy(); + $this->inst_start(); + return false; + } } diff --git a/dev/CSVParser.php b/dev/CSVParser.php index 158d9d863..4c1fdf3ba 100644 --- a/dev/CSVParser.php +++ b/dev/CSVParser.php @@ -247,7 +247,9 @@ class CSVParser extends Object implements Iterator { array($this->enclosure, $this->delimiter), $value ); - + // Trim leading tab + // [SS-2017-007] Ensure all cells with leading [@=+] have a leading tab + $value = ltrim($value, "\t"); if(array_key_exists($i, $this->headerRow)) { if($this->headerRow[$i]) { $row[$this->headerRow[$i]] = $value; diff --git a/docs/en/04_Changelogs/rc/3.5.6-rc1.md b/docs/en/04_Changelogs/rc/3.5.6-rc1.md new file mode 100644 index 000000000..765adb95c --- /dev/null +++ b/docs/en/04_Changelogs/rc/3.5.6-rc1.md @@ -0,0 +1,31 @@ +# 3.5.6-rc1 + + + +## Change Log + +### Security + + * 2017-11-30 [6ba00e829]() Prevent disclosure of sensitive information via LoginAttempt (Damian Mooyman) - See [ss-2017-009](http://www.silverstripe.org/download/security-releases/ss-2017-009) + * 2017-11-30 [25e276cf3]() user agent invalidation on session startup (Damian Mooyman) - See [ss-2017-006](http://www.silverstripe.org/download/security-releases/ss-2017-006) + * 2017-11-29 [22ccf3e2f]() Ensure xls formulae are safely sanitised on output (Damian Mooyman) - See [ss-2017-007](http://www.silverstripe.org/download/security-releases/ss-2017-007) + +### Bugfixes + + * 2017-11-30 [84d7afb34]() Use baseDataClass for allVersions as with other methods (Daniel Hensby) + * 2017-11-24 [09a003bc1]() deprecated usage of getMock in unit tests (Daniel Hensby) + * 2017-11-23 [2ad3cc07d]() Update meber passwordencryption to default on password change (Daniel Hensby) + * 2017-11-16 [dda14e895]() HTTP::get_mime_type with uppercase filenames. (Roman Schmid) + * 2017-11-16 [52f0eadd3]() for #7606: Ensure the object we're handling is actually an Image instance before calling methods specific to that class (e.g. in case of using SVG's in <img> tag which may be File instances). (Patrick Nelson) + * 2017-11-15 [ce3fd370f]() ManyMany link table joined with LEFT JOIN (Daniel Hensby) + * 2017-11-09 [1053de7ec]() Don't redirect in force_redirect() in CLI (Damian Mooyman) + * 2017-10-25 [cbac37559]() Helpful warning when phpunit bootstrap appears misconfigured (Daniel Hensby) + * 2017-10-25 [32cef975e]() Use self::inst() for Injector/Config nest methods (Daniel Hensby) + * 2017-10-19 [a73d5b41](https://github.com/silverstripe/silverstripe-cms/commit/a73d5b4177be445128a6fa42e20dd8df13eaf554) revert to this button after archiving (Christopher Joe) + * 2017-10-12 [fd39faee](https://github.com/silverstripe/silverstripe-cms/commit/fd39faeefd5241cf96313e968142183de767c51b) UploadField overwriteWarning isn't working in AssetAdmin (Jason) + * 2017-10-09 [264cec123]() Dont use var_export for cache key generation as it fails on circular references (Daniel Hensby) + * 2017-10-04 [24e190ea](https://github.com/silverstripe/silverstripe-cms/commit/24e190ea8265d16445a3210f7b06de191e474004) TreeDropdownField showing broken page icons (fixes silverstripe/silverstripe-framework#7420) (Loz Calver) + * 2017-09-12 [0aac4ddb](https://github.com/silverstripe/silverstripe-cms/commit/0aac4ddb7ecf0f17eda8add235017c10c9f57255) Default LoginForm generated from default_authenticator (Daniel Hensby) + * 2017-08-13 [2f579b64c]() Files without extensions (folders) do not have a trailing period added (Robbie Averill) + * 2017-07-04 [00f1ad5d6]() Fixes #7116 Improves server requirements docs viz: OpCaches. (Russell Michell) + * 2016-03-20 [805c38f10]() don't try and switch out of context of the tab system (Stevie Mayhew) diff --git a/forms/gridfield/GridFieldExportButton.php b/forms/gridfield/GridFieldExportButton.php index 30df9f01f..9c865b6a1 100644 --- a/forms/gridfield/GridFieldExportButton.php +++ b/forms/gridfield/GridFieldExportButton.php @@ -30,6 +30,15 @@ class GridFieldExportButton implements GridField_HTMLProvider, GridField_ActionP */ protected $targetFragment; + /** + * Set to true to disable XLS sanitisation + * [SS-2017-007] Ensure all cells with leading [@=+] have a leading tab + * + * @config + * @var bool + */ + private static $xls_export_disabled = false; + /** * @param string $targetFragment The HTML fragment to write the button into * @param array $exportColumns The columns to include in the export @@ -91,12 +100,12 @@ class GridFieldExportButton implements GridField_HTMLProvider, GridField_ActionP return SS_HTTPRequest::send_file($fileData, $fileName, 'text/csv'); } } - + /** * Return the columns to export - * - * @param GridField $gridField - * + * + * @param GridField $gridField + * * @return array */ protected function getExportColumnsForGridField(GridField $gridField) { @@ -174,6 +183,13 @@ class GridFieldExportButton implements GridField_HTMLProvider, GridField_ActionP } $value = str_replace(array("\r", "\n"), "\n", $value); + + // [SS-2017-007] Sanitise XLS executable column values with a leading tab + if (!Config::inst()->get(get_class($this), 'xls_export_disabled') + && preg_match('/^[-@=+].*/', $value) + ) { + $value = "\t" . $value; + } $columnData[] = '"' . str_replace('"', '""', $value) . '"'; } diff --git a/security/LoginAttempt.php b/security/LoginAttempt.php index 4da1e2440..ec5c19ca2 100644 --- a/security/LoginAttempt.php +++ b/security/LoginAttempt.php @@ -12,18 +12,20 @@ * @package framework * @subpackage security * - * @property string Email Email address used for login attempt - * @property string Status Status of the login attempt, either 'Success' or 'Failure' - * @property string IP IP address of user attempting to login + * @property string $Email Email address used for login attempt. @deprecated 3.0...5.0 + * @property string $EmailHashed sha1 hashed Email address used for login attempt + * @property string $Status Status of the login attempt, either 'Success' or 'Failure' + * @property string $IP IP address of user attempting to login * - * @property int MemberID ID of the Member, only if Member with Email exists + * @property int $MemberID ID of the Member, only if Member with Email exists * * @method Member Member() Member object of the user trying to log in, only if Member with Email exists */ class LoginAttempt extends DataObject { private static $db = array( - 'Email' => 'Varchar(255)', + 'Email' => 'Varchar(255)', // Remove in 5.0 + 'EmailHashed' => 'Varchar(255)', 'Status' => "Enum('Success,Failure')", 'IP' => 'Varchar(255)', ); @@ -32,24 +34,38 @@ class LoginAttempt extends DataObject { 'Member' => 'Member', // only linked if the member actually exists ); - private static $has_many = array(); - - private static $many_many = array(); - - private static $belongs_many_many = array(); - - /** - * - * @param boolean $includerelations a boolean value to indicate if the labels returned include relation fields - * - */ public function fieldLabels($includerelations = true) { $labels = parent::fieldLabels($includerelations); $labels['Email'] = _t('LoginAttempt.Email', 'Email Address'); + $labels['EmailHashed'] = _t('LoginAttempt.EmailHashed', 'Email Address (hashed)'); $labels['Status'] = _t('LoginAttempt.Status', 'Status'); $labels['IP'] = _t('LoginAttempt.IP', 'IP Address'); return $labels; } + /** + * Set email used for this attempt + * + * @param string $email + * @return $this + */ + public function setEmail($email) { + // Store hashed email only + $this->EmailHashed = sha1($email); + return $this; + } + + /** + * Get all login attempts for the given email address + * + * @param string $email + * @return DataList + */ + public static function getByEmail($email) { + return static::get()->filterAny(array( + 'Email' => $email, + 'EmailHashed' => sha1($email), + )); + } } diff --git a/security/Member.php b/security/Member.php index 36f6f2f9b..149a461bb 100644 --- a/security/Member.php +++ b/security/Member.php @@ -404,10 +404,10 @@ class Member extends DataObject implements TemplateGlobalProvider { } elseif ($this->config()->lock_out_after_incorrect_logins <= 0) { $state = false; } else { - - $attempts = LoginAttempt::get()->filter($filter = array( - 'Email' => $this->{static::config()->unique_identifier_field}, - ))->sort('Created', 'DESC')->limit($this->config()->lock_out_after_incorrect_logins); + $email = $this->{static::config()->unique_identifier_field}; + $attempts = LoginAttempt::getByEmail($email) + ->sort('Created', 'DESC') + ->limit($this->config()->lock_out_after_incorrect_logins); if ($attempts->count() < $this->config()->lock_out_after_incorrect_logins) { $state = false; diff --git a/security/Member.php.orig b/security/Member.php.orig new file mode 100644 index 000000000..10cb8a632 --- /dev/null +++ b/security/Member.php.orig @@ -0,0 +1,2045 @@ + 'Varchar', + 'Surname' => 'Varchar', + 'Email' => 'Varchar(254)', // See RFC 5321, Section 4.5.3.1.3. (256 minus the < and > character) + 'TempIDHash' => 'Varchar(160)', // Temporary id used for cms re-authentication + 'TempIDExpired' => 'SS_Datetime', // Expiry of temp login + 'Password' => 'Varchar(160)', + 'RememberLoginToken' => 'Varchar(160)', // Note: this currently holds a hash, not a token. + 'NumVisit' => 'Int', // @deprecated 4.0 + 'LastVisited' => 'SS_Datetime', // @deprecated 4.0 + 'AutoLoginHash' => 'Varchar(160)', // Used to auto-login the user on password reset + 'AutoLoginExpired' => 'SS_Datetime', + // This is an arbitrary code pointing to a PasswordEncryptor instance, + // not an actual encryption algorithm. + // Warning: Never change this field after its the first password hashing without + // providing a new cleartext password as well. + 'PasswordEncryption' => "Varchar(50)", + 'Salt' => 'Varchar(50)', + 'PasswordExpiry' => 'Date', + 'LockedOutUntil' => 'SS_Datetime', + 'Locale' => 'Varchar(6)', + // handled in registerFailedLogin(), only used if $lock_out_after_incorrect_logins is set + 'FailedLoginCount' => 'Int', + // In ISO format + 'DateFormat' => 'Varchar(30)', + 'TimeFormat' => 'Varchar(30)', + ); + + private static $belongs_many_many = array( + 'Groups' => 'Group', + ); + + private static $has_one = array(); + + private static $has_many = array( + 'LoggedPasswords' => 'MemberPassword', + ); + + private static $many_many = array(); + + private static $many_many_extraFields = array(); + + private static $default_sort = '"Surname", "FirstName"'; + + private static $indexes = array( + 'Email' => true, + //Removed due to duplicate null values causing MSSQL problems + //'AutoLoginHash' => Array('type'=>'unique', 'value'=>'AutoLoginHash', 'ignoreNulls'=>true) + ); + + /** + * @config + * @var boolean + */ + private static $notify_password_change = false; + + /** + * Flag whether or not member visits should be logged (count only) + * + * @deprecated 4.0 + * @var bool + * @config + */ + private static $log_last_visited = true; + + /** + * Flag whether we should count number of visits + * + * @deprecated 4.0 + * @var bool + * @config + */ + private static $log_num_visits = true; + + /** + * All searchable database columns + * in this object, currently queried + * with a "column LIKE '%keywords%' + * statement. + * + * @var array + * @todo Generic implementation of $searchable_fields on DataObject, + * with definition for different searching algorithms + * (LIKE, FULLTEXT) and default FormFields to construct a searchform. + */ + private static $searchable_fields = array( + 'FirstName', + 'Surname', + 'Email', + ); + + /** + * @config + * @var array + */ + private static $summary_fields = array( + 'FirstName', + 'Surname', + 'Email', + ); + + /** + * @config + * @var array + */ + private static $casting = array( + 'Name' => 'Varchar', + ); + + /** + * Internal-use only fields + * + * @config + * @var array + */ + private static $hidden_fields = array( + 'RememberLoginToken', + 'AutoLoginHash', + 'AutoLoginExpired', + 'PasswordEncryption', + 'PasswordExpiry', + 'LockedOutUntil', + 'TempIDHash', + 'TempIDExpired', + 'Salt', + 'NumVisit', // @deprecated 4.0 + ); + + /** + * @config + * @var Array See {@link set_title_columns()} + */ + private static $title_format = null; + + /** + * The unique field used to identify this member. + * By default, it's "Email", but another common + * field could be Username. + * + * @config + * @var string + */ + private static $unique_identifier_field = 'Email'; + + /** + * @config + * {@link PasswordValidator} object for validating user's password + */ + private static $password_validator = null; + + /** + * @config + * The number of days that a password should be valid for. + * By default, this is null, which means that passwords never expire + */ + private static $password_expiry_days = null; + + /** + * @config + * @var Int Number of incorrect logins after which + * the user is blocked from further attempts for the timespan + * defined in {@link $lock_out_delay_mins}. + */ + private static $lock_out_after_incorrect_logins = 10; + + /** + * @config + * @var integer Minutes of enforced lockout after incorrect password attempts. + * Only applies if {@link $lock_out_after_incorrect_logins} greater than 0. + */ + private static $lock_out_delay_mins = 15; + + /** + * @config + * @var String If this is set, then a session cookie with the given name will be set on log-in, + * and cleared on logout. + */ + private static $login_marker_cookie = null; + + /** + * Indicates that when a {@link Member} logs in, Member:session_regenerate_id() + * should be called as a security precaution. + * + * This doesn't always work, especially if you're trying to set session cookies + * across an entire site using the domain parameter to session_set_cookie_params() + * + * @config + * @var boolean + */ + private static $session_regenerate_id = true; + + + /** + * Default lifetime of temporary ids. + * + * This is the period within which a user can be re-authenticated within the CMS by entering only their password + * and without losing their workspace. + * + * Any session expiration outside of this time will require them to login from the frontend using their full + * username and password. + * + * Defaults to 72 hours. Set to zero to disable expiration. + * + * @config + * @var int Lifetime in seconds + */ + private static $temp_id_lifetime = 259200; + + /** + * @deprecated 4.0 Use the "Member.session_regenerate_id" config setting instead + */ + public static function set_session_regenerate_id($bool) { + Deprecation::notice('4.0', 'Use the "Member.session_regenerate_id" config setting instead'); + self::config()->session_regenerate_id = $bool; + } + + /** + * Ensure the locale is set to something sensible by default. + */ + public function populateDefaults() { + parent::populateDefaults(); + $this->Locale = i18n::get_closest_translation(i18n::get_locale()); + } + + public function requireDefaultRecords() { + parent::requireDefaultRecords(); + // Default groups should've been built by Group->requireDefaultRecords() already + static::default_admin(); + } + + /** + * Get the default admin record if it exists, or creates it otherwise if enabled + * + * @return Member + */ + public static function default_admin() { + // Check if set + if(!Security::has_default_admin()) return null; + + // Find or create ADMIN group + singleton('Group')->requireDefaultRecords(); + $adminGroup = Permission::get_groups_by_permission('ADMIN')->First(); + + // Find member + $admin = Member::get() + ->filter('Email', Security::default_admin_username()) + ->first(); + if(!$admin) { + // 'Password' is not set to avoid creating + // persistent logins in the database. See Security::setDefaultAdmin(). + // Set 'Email' to identify this as the default admin + $admin = Member::create(); + $admin->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin'); + $admin->Email = Security::default_admin_username(); + $admin->write(); + } + + // Ensure this user is in the admin group + if(!$admin->inGroup($adminGroup)) { + // Add member to group instead of adding group to member + // This bypasses the privilege escallation code in Member_GroupSet + $adminGroup + ->DirectMembers() + ->add($admin); + } + + return $admin; + } + + /** + * If this is called, then a session cookie will be set to "1" whenever a user + * logs in. This lets 3rd party tools, such as apache's mod_rewrite, detect + * whether a user is logged in or not and alter behaviour accordingly. + * + * One known use of this is to bypass static caching for logged in users. This is + * done by putting this into _config.php + * 
+	 * Member::set_login_marker_cookie("SS_LOGGED_IN");
+	 *
+ * + * And then adding this condition to each of the rewrite rules that make use of + * the static cache. + * 
+	 * RewriteCond %{HTTP_COOKIE} !SS_LOGGED_IN=1
+	 *
+ * + * @deprecated 4.0 Use the "Member.login_marker_cookie" config setting instead + * @param $cookieName string The name of the cookie to set. + */ + public static function set_login_marker_cookie($cookieName) { + Deprecation::notice('4.0', 'Use the "Member.login_marker_cookie" config setting instead'); + self::config()->login_marker_cookie = $cookieName; + } + + /** + * Check if the passed password matches the stored one (if the member is not locked out). + * + * @param string $password + * @return ValidationResult + */ + public function checkPassword($password) { + $result = $this->canLogIn(); + + // Short-circuit the result upon failure, no further checks needed. + if (!$result->valid()) { + return $result; + } + + // Allow default admin to login as self + if($this->isDefaultAdmin() && Security::check_default_admin($this->Email, $password)) { + return $result; + } + + // Check a password is set on this member + if(empty($this->Password) && $this->exists()) { + $result->error(_t('Member.NoPassword','There is no password on this member.')); + return $result; + } + + $e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption); + if(!$e->check($this->Password, $password, $this->Salt, $this)) { + $result->error(_t ( + 'Member.ERRORWRONGCRED', + 'The provided details don\'t seem to be correct. Please try again.' + )); + } + + return $result; + } + + /** + * Check if this user is the currently configured default admin + * + * @return bool + */ + public function isDefaultAdmin() { + return Security::has_default_admin() + && $this->Email === Security::default_admin_username(); + } + + /** + * Returns a valid {@link ValidationResult} if this member can currently log in, or an invalid + * one with error messages to display if the member is locked out. + * + * You can hook into this with a "canLogIn" method on an attached extension. + * + * @return ValidationResult + */ + public function canLogIn() { + $result = ValidationResult::create(); + + if($this->isLockedOut()) { + $result->error( + _t( + 'Member.ERRORLOCKEDOUT2', + 'Your account has been temporarily disabled because of too many failed attempts at ' . + 'logging in. Please try again in {count} minutes.', + null, + array('count' => $this->config()->lock_out_delay_mins) + ) + ); + } + + $this->extend('canLogIn', $result); + return $result; + } + + /** + * Returns true if this user is locked out + */ + public function isLockedOut() { + $state = true; + if ($this->LockedOutUntil && $this->dbObject('LockedOutUntil')->InFuture()) { + $state = true; + } elseif ($this->config()->lock_out_after_incorrect_logins <= 0) { + $state = false; + } else { + +<<<<<<< HEAD + $attempts = LoginAttempt::get()->filter($filter = array( + 'Email' => $this->{static::config()->unique_identifier_field}, + ))->sort('Created', 'DESC')->limit($this->config()->lock_out_after_incorrect_logins); +======= + $email = $this->{static::config()->unique_identifier_field}; + $attempts = LoginAttempt::getByEmail($email) + ->sort('Created', 'DESC') + ->limit($this->config()->lock_out_after_incorrect_logins); +>>>>>>> silverstripe-security/3.5 + + if ($attempts->count() < $this->config()->lock_out_after_incorrect_logins) { + $state = false; + } else { + + $success = false; + foreach ($attempts as $attempt) { + if ($attempt->Status === 'Success') { + $success = true; + $state = false; + break; + } + } + + if (!$success) { + $lockedOutUntil = $attempts->first()->dbObject('Created')->Format('U') + + ($this->config()->lock_out_delay_mins * 60); + if (SS_Datetime::now()->Format('U') < $lockedOutUntil) { + $state = true; + } else { + $state = false; + } + } + } + } + + $this->extend('updateIsLockedOut', $state); + return $state; + } + + /** + * Regenerate the session_id. + * This wrapper is here to make it easier to disable calls to session_regenerate_id(), should you need to. + * They have caused problems in certain + * quirky problems (such as using the Windmill 0.3.6 proxy). + */ + public static function session_regenerate_id() { + if(!self::config()->session_regenerate_id) return; + + // This can be called via CLI during testing. + if(Director::is_cli()) return; + + $file = ''; + $line = ''; + + // @ is to supress win32 warnings/notices when session wasn't cleaned up properly + // There's nothing we can do about this, because it's an operating system function! + if(!headers_sent($file, $line)) @session_regenerate_id(true); + } + + /** + * Get the field used for uniquely identifying a member + * in the database. {@see Member::$unique_identifier_field} + * + * @deprecated 4.0 Use the "Member.unique_identifier_field" config setting instead + * @return string + */ + public static function get_unique_identifier_field() { + Deprecation::notice('4.0', 'Use the "Member.unique_identifier_field" config setting instead'); + return Member::config()->unique_identifier_field; + } + + /** + * Set the field used for uniquely identifying a member + * in the database. {@see Member::$unique_identifier_field} + * + * @deprecated 4.0 Use the "Member.unique_identifier_field" config setting instead + * @param $field The field name to set as the unique field + */ + public static function set_unique_identifier_field($field) { + Deprecation::notice('4.0', 'Use the "Member.unique_identifier_field" config setting instead'); + Member::config()->unique_identifier_field = $field; + } + + /** + * Set a {@link PasswordValidator} object to use to validate member's passwords. + */ + public static function set_password_validator($pv) { + self::$password_validator = $pv; + } + + /** + * Returns the current {@link PasswordValidator} + */ + public static function password_validator() { + return self::$password_validator; + } + + /** + * Set the number of days that a password should be valid for. + * Set to null (the default) to have passwords never expire. + * + * @deprecated 4.0 Use the "Member.password_expiry_days" config setting instead + */ + public static function set_password_expiry($days) { + Deprecation::notice('4.0', 'Use the "Member.password_expiry_days" config setting instead'); + self::config()->password_expiry_days = $days; + } + + /** + * Configure the security system to lock users out after this many incorrect logins + * + * @deprecated 4.0 Use the "Member.lock_out_after_incorrect_logins" config setting instead + */ + public static function lock_out_after_incorrect_logins($numLogins) { + Deprecation::notice('4.0', 'Use the "Member.lock_out_after_incorrect_logins" config setting instead'); + self::config()->lock_out_after_incorrect_logins = $numLogins; + } + + + public function isPasswordExpired() { + if(!$this->PasswordExpiry) return false; + return strtotime(date('Y-m-d')) >= strtotime($this->PasswordExpiry); + } + + /** + * Logs this member in + * + * @param bool $remember If set to TRUE, the member will be logged in automatically the next time. + */ + public function logIn($remember = false) { + $this->extend('beforeMemberLoggedIn'); + + self::session_regenerate_id(); + + Session::set("loggedInAs", $this->ID); + // This lets apache rules detect whether the user has logged in + if(Member::config()->login_marker_cookie) Cookie::set(Member::config()->login_marker_cookie, 1, 0); + + $this->addVisit(); + + // Only set the cookie if autologin is enabled + if($remember && Security::config()->autologin_enabled) { + // Store the hash and give the client the cookie with the token. + $generator = new RandomGenerator(); + $token = $generator->randomToken('sha1'); + $hash = $this->encryptWithUserSettings($token); + $this->RememberLoginToken = $hash; + Cookie::set('alc_enc', $this->ID . ':' . $token, 90, null, null, null, true); + } else { + $this->RememberLoginToken = null; + Cookie::force_expiry('alc_enc'); + } + + // Clear the incorrect log-in count + $this->registerSuccessfulLogin(); + + // Don't set column if its not built yet (the login might be precursor to a /dev/build...) + if(array_key_exists('LockedOutUntil', DB::field_list('Member'))) { + $this->LockedOutUntil = null; + } + + $this->regenerateTempID(); + + $this->write(); + + // Audit logging hook + $this->extend('memberLoggedIn'); + } + + /** + * @deprecated 4.0 + */ + public function addVisit() { + if($this->config()->log_num_visits) { + Deprecation::notice( + '4.0', + 'Member::$NumVisit is deprecated. From 4.0 onwards you should implement this as a custom extension' + ); + $this->NumVisit++; + } + } + + /** + * Trigger regeneration of TempID. + * + * This should be performed any time the user presents their normal identification (normally Email) + * and is successfully authenticated. + */ + public function regenerateTempID() { + $generator = new RandomGenerator(); + $this->TempIDHash = $generator->randomToken('sha1'); + $this->TempIDExpired = self::config()->temp_id_lifetime + ? date('Y-m-d H:i:s', strtotime(SS_Datetime::now()->getValue()) + self::config()->temp_id_lifetime) + : null; + $this->write(); + } + + /** + * Check if the member ID logged in session actually + * has a database record of the same ID. If there is + * no logged in user, FALSE is returned anyway. + * + * @return boolean TRUE record found FALSE no record found + */ + public static function logged_in_session_exists() { + if($id = Member::currentUserID()) { + if($member = DataObject::get_by_id('Member', $id)) { + if($member->exists()) return true; + } + } + + return false; + } + + /** + * Log the user in if the "remember login" cookie is set + * + * The remember login token will be changed on every successful + * auto-login. + */ + public static function autoLogin() { + // Don't bother trying this multiple times + self::$_already_tried_to_auto_log_in = true; + + if(!Security::config()->autologin_enabled + || strpos(Cookie::get('alc_enc'), ':') === false + || Session::get("loggedInAs") + || !Security::database_is_ready() + ) { + return; + } + + list($uid, $token) = explode(':', Cookie::get('alc_enc'), 2); + + if (!$uid || !$token) { + return; + } + + $member = DataObject::get_by_id("Member", $uid); + + // check if autologin token matches + if($member) { + $hash = $member->encryptWithUserSettings($token); + if(!$member->RememberLoginToken || $member->RememberLoginToken !== $hash) { + $member = null; + } + } + + if($member) { + self::session_regenerate_id(); + Session::set("loggedInAs", $member->ID); + // This lets apache rules detect whether the user has logged in + if(Member::config()->login_marker_cookie) { + Cookie::set(Member::config()->login_marker_cookie, 1, 0, null, null, false, true); + } + + $generator = new RandomGenerator(); + $token = $generator->randomToken('sha1'); + $hash = $member->encryptWithUserSettings($token); + $member->RememberLoginToken = $hash; + Cookie::set('alc_enc', $member->ID . ':' . $token, 90, null, null, false, true); + + $member->addVisit(); + $member->write(); + + // Audit logging hook + $member->extend('memberAutoLoggedIn'); + } + } + + /** + * Logs this member out. + */ + public function logOut() { + $this->extend('beforeMemberLoggedOut'); + + Session::clear("loggedInAs"); + if(Member::config()->login_marker_cookie) Cookie::set(Member::config()->login_marker_cookie, null, 0); + + Session::destroy(); + + $this->extend('memberLoggedOut'); + + $this->RememberLoginToken = null; + Cookie::force_expiry('alc_enc'); + + // Switch back to live in order to avoid infinite loops when + // redirecting to the login screen (if this login screen is versioned) + Session::clear('readingMode'); + + $this->write(); + + // Audit logging hook + $this->extend('memberLoggedOut'); + } + + /** + * Utility for generating secure password hashes for this member. + */ + public function encryptWithUserSettings($string) { + if (!$string) return null; + + // If the algorithm or salt is not available, it means we are operating + // on legacy account with unhashed password. Do not hash the string. + if (!$this->PasswordEncryption) { + return $string; + } + + // We assume we have PasswordEncryption and Salt available here. + $e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption); + return $e->encrypt($string, $this->Salt); + + } + + /** + * Generate an auto login token which can be used to reset the password, + * at the same time hashing it and storing in the database. + * + * @param int $lifetime The lifetime of the auto login hash in days (by default 2 days) + * + * @returns string Token that should be passed to the client (but NOT persisted). + * + * @todo Make it possible to handle database errors such as a "duplicate key" error + */ + public function generateAutologinTokenAndStoreHash($lifetime = 2) { + do { + $generator = new RandomGenerator(); + $token = $generator->randomToken(); + $hash = $this->encryptWithUserSettings($token); + } while(DataObject::get_one('Member', array( + '"Member"."AutoLoginHash"' => $hash + ))); + + $this->AutoLoginHash = $hash; + $this->AutoLoginExpired = date('Y-m-d H:i:s', time() + (86400 * $lifetime)); + + $this->write(); + + return $token; + } + + /** + * Check the token against the member. + * + * @param string $autologinToken + * + * @returns bool Is token valid? + */ + public function validateAutoLoginToken($autologinToken) { + $hash = $this->encryptWithUserSettings($autologinToken); + $member = self::member_from_autologinhash($hash, false); + return (bool)$member; + } + + /** + * Return the member for the auto login hash + * + * @param string $hash The hash key + * @param bool $login Should the member be logged in? + * + * @return Member the matching member, if valid + * @return Member + */ + public static function member_from_autologinhash($hash, $login = false) { + + $nowExpression = DB::get_conn()->now(); + $member = DataObject::get_one('Member', array( + "\"Member\".\"AutoLoginHash\"" => $hash, + "\"Member\".\"AutoLoginExpired\" > $nowExpression" // NOW() can't be parameterised + )); + + if($login && $member) $member->logIn(); + + return $member; + } + + /** + * Find a member record with the given TempIDHash value + * + * @param string $tempid + * @return Member + */ + public static function member_from_tempid($tempid) { + $members = Member::get() + ->filter('TempIDHash', $tempid); + + // Exclude expired + if(static::config()->temp_id_lifetime) { + $members = $members->filter('TempIDExpired:GreaterThan', SS_Datetime::now()->getValue()); + } + + return $members->first(); + } + + /** + * Returns the fields for the member form - used in the registration/profile module. + * It should return fields that are editable by the admin and the logged-in user. + * + * @return FieldList Returns a {@link FieldList} containing the fields for + * the member form. + */ + public function getMemberFormFields() { + $fields = parent::getFrontendFields(); + + $fields->replaceField('Password', $this->getMemberPasswordField()); + + $fields->replaceField('Locale', new DropdownField ( + 'Locale', + $this->fieldLabel('Locale'), + i18n::get_existing_translations() + )); + + $fields->removeByName(static::config()->hidden_fields); + $fields->removeByName('LastVisited'); + $fields->removeByName('FailedLoginCount'); + + + $this->extend('updateMemberFormFields', $fields); + return $fields; + } + + /** + * Builds "Change / Create Password" field for this member + * + * @return ConfirmedPasswordField + */ + public function getMemberPasswordField() { + $editingPassword = $this->isInDB(); + $label = $editingPassword + ? _t('Member.EDIT_PASSWORD', 'New Password') + : $this->fieldLabel('Password'); + /** @var ConfirmedPasswordField $password */ + $password = ConfirmedPasswordField::create( + 'Password', + $label, + null, + null, + $editingPassword + ); + + // If editing own password, require confirmation of existing + if($editingPassword && $this->ID == Member::currentUserID()) { + $password->setRequireExistingPassword(true); + } + + $password->setCanBeEmpty(true); + $this->extend('updateMemberPasswordField', $password); + return $password; + } + + + /** + * Returns the {@link RequiredFields} instance for the Member object. This + * Validator is used when saving a {@link CMSProfileController} or added to + * any form responsible for saving a users data. + * + * To customize the required fields, add a {@link DataExtension} to member + * calling the `updateValidator()` method. + * + * @return Member_Validator + */ + public function getValidator() { + $validator = Injector::inst()->create('Member_Validator'); + $validator->setForMember($this); + $this->extend('updateValidator', $validator); + + return $validator; + } + + + /** + * Returns the current logged in user + * + * @return Member|null + */ + public static function currentUser() { + $id = Member::currentUserID(); + + if($id) { + return DataObject::get_by_id('Member', $id) ?: null; + } + } + + /** + * Get the ID of the current logged in user + * + * @return int Returns the ID of the current logged in user or 0. + */ + public static function currentUserID() { + $id = Session::get("loggedInAs"); + if(!$id && !self::$_already_tried_to_auto_log_in) { + self::autoLogin(); + $id = Session::get("loggedInAs"); + } + + return is_numeric($id) ? $id : 0; + } + private static $_already_tried_to_auto_log_in = false; + + + /* + * Generate a random password, with randomiser to kick in if there's no words file on the + * filesystem. + * + * @return string Returns a random password. + */ + public static function create_new_password() { + $words = Config::inst()->get('Security', 'word_list'); + + if($words && file_exists($words)) { + $words = file($words); + + list($usec, $sec) = explode(' ', microtime()); + srand($sec + ((float) $usec * 100000)); + + $word = trim($words[rand(0,sizeof($words)-1)]); + $number = rand(10,999); + + return $word . $number; + } else { + $random = rand(); + $string = md5($random); + $output = substr($string, 0, 8); + return $output; + } + } + + /** + * Event handler called before writing to the database. + */ + public function onBeforeWrite() { + if($this->SetPassword) $this->Password = $this->SetPassword; + + // If a member with the same "unique identifier" already exists with a different ID, don't allow merging. + // Note: This does not a full replacement for safeguards in the controller layer (e.g. in a registration form), + // but rather a last line of defense against data inconsistencies. + $identifierField = Member::config()->unique_identifier_field; + if($this->$identifierField) { + + // Note: Same logic as Member_Validator class + $filter = array("\"$identifierField\"" => $this->$identifierField); + if($this->ID) { + $filter[] = array('"Member"."ID" <> ?' => $this->ID); + } + $existingRecord = DataObject::get_one('Member', $filter); + + if($existingRecord) { + throw new ValidationException(ValidationResult::create(false, _t( + 'Member.ValidationIdentifierFailed', + 'Can\'t overwrite existing member #{id} with identical identifier ({name} = {value}))', + 'Values in brackets show "fieldname = value", usually denoting an existing email address', + array( + 'id' => $existingRecord->ID, + 'name' => $identifierField, + 'value' => $this->$identifierField + ) + ))); + } + } + + // We don't send emails out on dev/tests sites to prevent accidentally spamming users. + // However, if TestMailer is in use this isn't a risk. + if( + (Director::isLive() || Email::mailer() instanceof TestMailer) + && $this->isChanged('Password') + && $this->record['Password'] + && $this->config()->notify_password_change + ) { + $e = Member_ChangePasswordEmail::create(); + $e->populateTemplate($this); + $e->setTo($this->Email); + $e->send(); + } + + // The test on $this->ID is used for when records are initially created. + // Note that this only works with cleartext passwords, as we can't rehash + // existing passwords. + if((!$this->ID && $this->Password) || $this->isChanged('Password')) { + //reset salt so that it gets regenerated - this will invalidate any persistant login cookies + // or other information encrypted with this Member's settings (see self::encryptWithUserSettings) + $this->Salt = ''; + // Password was changed: encrypt the password according the settings + $encryption_details = Security::encrypt_password( + $this->Password, // this is assumed to be cleartext + $this->Salt, + $this->isChanged('PasswordEncryption') ? $this->PasswordEncryption : null, + $this + ); + + // Overwrite the Password property with the hashed value + $this->Password = $encryption_details['password']; + $this->Salt = $encryption_details['salt']; + $this->PasswordEncryption = $encryption_details['algorithm']; + + // If we haven't manually set a password expiry + if(!$this->isChanged('PasswordExpiry')) { + // then set it for us + if(self::config()->password_expiry_days) { + $this->PasswordExpiry = date('Y-m-d', time() + 86400 * self::config()->password_expiry_days); + } else { + $this->PasswordExpiry = null; + } + } + } + + // save locale + if(!$this->Locale) { + $this->Locale = i18n::get_locale(); + } + + parent::onBeforeWrite(); + } + + public function onAfterWrite() { + parent::onAfterWrite(); + + Permission::flush_permission_cache(); + + if($this->isChanged('Password')) { + MemberPassword::log($this); + } + } + + public function onAfterDelete() { + parent::onAfterDelete(); + + //prevent orphaned records remaining in the DB + $this->deletePasswordLogs(); + } + + /** + * Delete the MemberPassword objects that are associated to this user + * + * @return self + */ + protected function deletePasswordLogs() { + foreach ($this->LoggedPasswords() as $password) { + $password->delete(); + $password->destroy(); + } + return $this; + } + + /** + * Filter out admin groups to avoid privilege escalation, + * If any admin groups are requested, deny the whole save operation. + * + * @param Array $ids Database IDs of Group records + * @return boolean True if the change can be accepted + */ + public function onChangeGroups($ids) { + // unless the current user is an admin already OR the logged in user is an admin + if(Permission::check('ADMIN') || Permission::checkMember($this, 'ADMIN')) { + return true; + } + + // If there are no admin groups in this set then it's ok + $adminGroups = Permission::get_groups_by_permission('ADMIN'); + $adminGroupIDs = ($adminGroups) ? $adminGroups->column('ID') : array(); + return count(array_intersect($ids, $adminGroupIDs)) == 0; + } + + + /** + * Check if the member is in one of the given groups. + * + * @param array|SS_List $groups Collection of {@link Group} DataObjects to check + * @param boolean $strict Only determine direct group membership if set to true (Default: false) + * @return bool Returns TRUE if the member is in one of the given groups, otherwise FALSE. + */ + public function inGroups($groups, $strict = false) { + if($groups) foreach($groups as $group) { + if($this->inGroup($group, $strict)) return true; + } + + return false; + } + + + /** + * Check if the member is in the given group or any parent groups. + * + * @param int|Group|string $group Group instance, Group Code or ID + * @param boolean $strict Only determine direct group membership if set to TRUE (Default: FALSE) + * @return bool Returns TRUE if the member is in the given group, otherwise FALSE. + */ + public function inGroup($group, $strict = false) { + if(is_numeric($group)) { + $groupCheckObj = DataObject::get_by_id('Group', $group); + } elseif(is_string($group)) { + $groupCheckObj = DataObject::get_one('Group', array( + '"Group"."Code"' => $group + )); + } elseif($group instanceof Group) { + $groupCheckObj = $group; + } else { + user_error('Member::inGroup(): Wrong format for $group parameter', E_USER_ERROR); + } + + if(!$groupCheckObj) return false; + + $groupCandidateObjs = ($strict) ? $this->getManyManyComponents("Groups") : $this->Groups(); + if($groupCandidateObjs) foreach($groupCandidateObjs as $groupCandidateObj) { + if($groupCandidateObj->ID == $groupCheckObj->ID) return true; + } + + return false; + } + + /** + * Adds the member to a group. This will create the group if the given + * group code does not return a valid group object. + * + * @param string $groupcode + * @param string Title of the group + */ + public function addToGroupByCode($groupcode, $title = "") { + $group = DataObject::get_one('Group', array( + '"Group"."Code"' => $groupcode + )); + + if($group) { + $this->Groups()->add($group); + } else { + if(!$title) $title = $groupcode; + + $group = new Group(); + $group->Code = $groupcode; + $group->Title = $title; + $group->write(); + + $this->Groups()->add($group); + } + } + + /** + * Removes a member from a group. + * + * @param string $groupcode + */ + public function removeFromGroupByCode($groupcode) { + $group = Group::get()->filter(array('Code' => $groupcode))->first(); + + if($group) { + $this->Groups()->remove($group); + } + } + + /** + * @param Array $columns Column names on the Member record to show in {@link getTitle()}. + * @param String $sep Separator + */ + public static function set_title_columns($columns, $sep = ' ') { + if (!is_array($columns)) $columns = array($columns); + self::config()->title_format = array('columns' => $columns, 'sep' => $sep); + } + + //------------------- HELPER METHODS -----------------------------------// + + /** + * Get the complete name of the member, by default in the format ", ". + * Falls back to showing either field on its own. + * + * You can overload this getter with {@link set_title_format()} + * and {@link set_title_sql()}. + * + * @return string Returns the first- and surname of the member. If the ID + * of the member is equal 0, only the surname is returned. + */ + public function getTitle() { + $format = $this->config()->title_format; + if ($format) { + $values = array(); + foreach($format['columns'] as $col) { + $values[] = $this->getField($col); + } + return join($format['sep'], $values); + } + if($this->getField('ID') === 0) + return $this->getField('Surname'); + else{ + if($this->getField('Surname') && $this->getField('FirstName')){ + return $this->getField('Surname') . ', ' . $this->getField('FirstName'); + }elseif($this->getField('Surname')){ + return $this->getField('Surname'); + }elseif($this->getField('FirstName')){ + return $this->getField('FirstName'); + }else{ + return null; + } + } + } + + /** + * Return a SQL CONCAT() fragment suitable for a SELECT statement. + * Useful for custom queries which assume a certain member title format. + * + * @param String $tableName + * @return String SQL + */ + public static function get_title_sql($tableName = 'Member') { + // This should be abstracted to SSDatabase concatOperator or similar. + $op = (DB::get_conn() instanceof MSSQLDatabase) ? " + " : " || "; + + $format = self::config()->title_format; + if ($format) { + $columnsWithTablename = array(); + foreach($format['columns'] as $column) { + $columnsWithTablename[] = "\"$tableName\".\"$column\""; + } + + return "(".join(" $op '".$format['sep']."' $op ", $columnsWithTablename).")"; + } else { + return "(\"$tableName\".\"Surname\" $op ' ' $op \"$tableName\".\"FirstName\")"; + } + } + + + /** + * Get the complete name of the member + * + * @return string Returns the first- and surname of the member. + */ + public function getName() { + return ($this->Surname) ? trim($this->FirstName . ' ' . $this->Surname) : $this->FirstName; + } + + + /** + * Set first- and surname + * + * This method assumes that the last part of the name is the surname, e.g. + * A B C will result in firstname A B and surname C + * + * @param string $name The name + */ + public function setName($name) { + $nameParts = explode(' ', $name); + $this->Surname = array_pop($nameParts); + $this->FirstName = join(' ', $nameParts); + } + + + /** + * Alias for {@link setName} + * + * @param string $name The name + * @see setName() + */ + public function splitName($name) { + return $this->setName($name); + } + + /** + * Override the default getter for DateFormat so the + * default format for the user's locale is used + * if the user has not defined their own. + * + * @return string ISO date format + */ + public function getDateFormat() { + if($this->getField('DateFormat')) { + return $this->getField('DateFormat'); + } else { + return Config::inst()->get('i18n', 'date_format'); + } + } + + /** + * Override the default getter for TimeFormat so the + * default format for the user's locale is used + * if the user has not defined their own. + * + * @return string ISO date format + */ + public function getTimeFormat() { + if($this->getField('TimeFormat')) { + return $this->getField('TimeFormat'); + } else { + return Config::inst()->get('i18n', 'time_format'); + } + } + + //---------------------------------------------------------------------// + + + /** + * Get a "many-to-many" map that holds for all members their group memberships, + * including any parent groups where membership is implied. + * Use {@link DirectGroups()} to only retrieve the group relations without inheritance. + * + * @todo Push all this logic into Member_GroupSet's getIterator()? + * @return Member_Groupset + */ + public function Groups() { + $groups = Member_GroupSet::create('Group', 'Group_Members', 'GroupID', 'MemberID'); + $groups = $groups->forForeignID($this->ID); + + $this->extend('updateGroups', $groups); + + return $groups; + } + + /** + * @return ManyManyList + */ + public function DirectGroups() { + return $this->getManyManyComponents('Groups'); + } + + /** + * Get a member SQLMap of members in specific groups + * + * If no $groups is passed, all members will be returned + * + * @param mixed $groups - takes a SS_List, an array or a single Group.ID + * @return SQLMap Returns an SQLMap that returns all Member data. + * @see map() + */ + public static function map_in_groups($groups = null) { + $groupIDList = array(); + + if($groups instanceof SS_List) { + foreach( $groups as $group ) { + $groupIDList[] = $group->ID; + } + } elseif(is_array($groups)) { + $groupIDList = $groups; + } elseif($groups) { + $groupIDList[] = $groups; + } + + // No groups, return all Members + if(!$groupIDList) { + return Member::get()->sort(array('Surname'=>'ASC', 'FirstName'=>'ASC'))->map(); + } + + $membersList = new ArrayList(); + // This is a bit ineffective, but follow the ORM style + foreach(Group::get()->byIDs($groupIDList) as $group) { + $membersList->merge($group->Members()); + } + + $membersList->removeDuplicates('ID'); + return $membersList->map(); + } + + + /** + * Get a map of all members in the groups given that have CMS permissions + * + * If no groups are passed, all groups with CMS permissions will be used. + * + * @param array $groups Groups to consider or NULL to use all groups with + * CMS permissions. + * @return SS_Map Returns a map of all members in the groups given that + * have CMS permissions. + */ + public static function mapInCMSGroups($groups = null) { + if(!$groups || $groups->Count() == 0) { + $perms = array('ADMIN', 'CMS_ACCESS_AssetAdmin'); + + if(class_exists('CMSMain')) { + $cmsPerms = singleton('CMSMain')->providePermissions(); + } else { + $cmsPerms = singleton('LeftAndMain')->providePermissions(); + } + + if(!empty($cmsPerms)) { + $perms = array_unique(array_merge($perms, array_keys($cmsPerms))); + } + + $permsClause = DB::placeholders($perms); + $groups = DataObject::get('Group') + ->innerJoin("Permission", '"Permission"."GroupID" = "Group"."ID"') + ->where(array( + "\"Permission\".\"Code\" IN ($permsClause)" => $perms + )); + } + + $groupIDList = array(); + + if(is_a($groups, 'SS_List')) { + foreach($groups as $group) { + $groupIDList[] = $group->ID; + } + } elseif(is_array($groups)) { + $groupIDList = $groups; + } + + $members = Member::get() + ->innerJoin("Group_Members", '"Group_Members"."MemberID" = "Member"."ID"') + ->innerJoin("Group", '"Group"."ID" = "Group_Members"."GroupID"'); + if($groupIDList) { + $groupClause = DB::placeholders($groupIDList); + $members = $members->where(array( + "\"Group\".\"ID\" IN ($groupClause)" => $groupIDList + )); + } + + return $members->sort('"Member"."Surname", "Member"."FirstName"')->map(); + } + + + /** + * Get the groups in which the member is NOT in + * + * When passed an array of groups, and a component set of groups, this + * function will return the array of groups the member is NOT in. + * + * @param array $groupList An array of group code names. + * @param array $memberGroups A component set of groups (if set to NULL, + * $this->groups() will be used) + * @return array Groups in which the member is NOT in. + */ + public function memberNotInGroups($groupList, $memberGroups = null){ + if(!$memberGroups) $memberGroups = $this->Groups(); + + foreach($memberGroups as $group) { + if(in_array($group->Code, $groupList)) { + $index = array_search($group->Code, $groupList); + unset($groupList[$index]); + } + } + + return $groupList; + } + + + /** + * Return a {@link FieldList} of fields that would appropriate for editing + * this member. + * + * @return FieldList Return a FieldList of fields that would appropriate for + * editing this member. + */ + public function getCMSFields() { + require_once 'Zend/Date.php'; + + $self = $this; + $this->beforeUpdateCMSFields(function(FieldList $fields) use ($self) { + /** @var FieldList $mainFields */ + $mainFields = $fields->fieldByName("Root")->fieldByName("Main")->getChildren(); + + // Build change password field + $mainFields->replaceField('Password', $self->getMemberPasswordField()); + + $mainFields->replaceField('Locale', new DropdownField( + "Locale", + _t('Member.INTERFACELANG', "Interface Language", 'Language of the CMS'), + i18n::get_existing_translations() + )); + + $mainFields->removeByName($self->config()->hidden_fields); + + // make sure that the "LastVisited" field exists + // it may have been removed using $self->config()->hidden_fields + if($mainFields->fieldByName("LastVisited")){ + $mainFields->makeFieldReadonly('LastVisited'); + } + + if( ! $self->config()->lock_out_after_incorrect_logins) { + $mainFields->removeByName('FailedLoginCount'); + } + + + // Groups relation will get us into logical conflicts because + // Members are displayed within group edit form in SecurityAdmin + $fields->removeByName('Groups'); + + // Members shouldn't be able to directly view/edit logged passwords + $fields->removeByName('LoggedPasswords'); + + if(Permission::check('EDIT_PERMISSIONS')) { + $groupsMap = array(); + foreach(Group::get() as $group) { + // Listboxfield values are escaped, use ASCII char instead of » + $groupsMap[$group->ID] = $group->getBreadcrumbs(' > '); + } + asort($groupsMap); + $fields->addFieldToTab('Root.Main', + ListboxField::create('DirectGroups', singleton('Group')->i18n_plural_name()) + ->setMultiple(true) + ->setSource($groupsMap) + ->setAttribute( + 'data-placeholder', + _t('Member.ADDGROUP', 'Add group', 'Placeholder text for a dropdown') + ) + ); + + + // Add permission field (readonly to avoid complicated group assignment logic). + // This should only be available for existing records, as new records start + // with no permissions until they have a group assignment anyway. + if($self->ID) { + $permissionsField = new PermissionCheckboxSetField_Readonly( + 'Permissions', + false, + 'Permission', + 'GroupID', + // we don't want parent relationships, they're automatically resolved in the field + $self->getManyManyComponents('Groups') + ); + $fields->findOrMakeTab('Root.Permissions', singleton('Permission')->i18n_plural_name()); + $fields->addFieldToTab('Root.Permissions', $permissionsField); + } + } + + $permissionsTab = $fields->fieldByName("Root")->fieldByName('Permissions'); + if($permissionsTab) $permissionsTab->addExtraClass('readonly'); + + $defaultDateFormat = Zend_Locale_Format::getDateFormat(new Zend_Locale($self->Locale)); + $dateFormatMap = array( + 'MMM d, yyyy' => Zend_Date::now()->toString('MMM d, yyyy'), + 'yyyy/MM/dd' => Zend_Date::now()->toString('yyyy/MM/dd'), + 'MM/dd/yyyy' => Zend_Date::now()->toString('MM/dd/yyyy'), + 'dd/MM/yyyy' => Zend_Date::now()->toString('dd/MM/yyyy'), + ); + $dateFormatMap[$defaultDateFormat] = Zend_Date::now()->toString($defaultDateFormat) + . sprintf(' (%s)', _t('Member.DefaultDateTime', 'default')); + $mainFields->push( + $dateFormatField = new MemberDatetimeOptionsetField( + 'DateFormat', + $self->fieldLabel('DateFormat'), + $dateFormatMap + ) + ); + $dateFormatField->setValue($self->DateFormat); + + $defaultTimeFormat = Zend_Locale_Format::getTimeFormat(new Zend_Locale($self->Locale)); + $timeFormatMap = array( + 'h:mm a' => Zend_Date::now()->toString('h:mm a'), + 'H:mm' => Zend_Date::now()->toString('H:mm'), + ); + $timeFormatMap[$defaultTimeFormat] = Zend_Date::now()->toString($defaultTimeFormat) + . sprintf(' (%s)', _t('Member.DefaultDateTime', 'default')); + $mainFields->push( + $timeFormatField = new MemberDatetimeOptionsetField( + 'TimeFormat', + $self->fieldLabel('TimeFormat'), + $timeFormatMap + ) + ); + $timeFormatField->setValue($self->TimeFormat); + }); + + return parent::getCMSFields(); + } + + /** + * + * @param boolean $includerelations a boolean value to indicate if the labels returned include relation fields + * + */ + public function fieldLabels($includerelations = true) { + $labels = parent::fieldLabels($includerelations); + + $labels['FirstName'] = _t('Member.FIRSTNAME', 'First Name'); + $labels['Surname'] = _t('Member.SURNAME', 'Surname'); + $labels['Email'] = _t('Member.EMAIL', 'Email'); + $labels['Password'] = _t('Member.db_Password', 'Password'); + $labels['NumVisit'] = _t('Member.db_NumVisit', 'Number of Visits'); + $labels['LastVisited'] = _t('Member.db_LastVisited', 'Last Visited Date'); + $labels['PasswordExpiry'] = _t('Member.db_PasswordExpiry', 'Password Expiry Date', 'Password expiry date'); + $labels['LockedOutUntil'] = _t('Member.db_LockedOutUntil', 'Locked out until', 'Security related date'); + $labels['Locale'] = _t('Member.db_Locale', 'Interface Locale'); + $labels['DateFormat'] = _t('Member.DATEFORMAT', 'Date format'); + $labels['TimeFormat'] = _t('Member.TIMEFORMAT', 'Time format'); + if($includerelations){ + $labels['Groups'] = _t('Member.belongs_many_many_Groups', 'Groups', + 'Security Groups this member belongs to'); + } + return $labels; + } + + /** + * Users can view their own record. + * Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions. + * This is likely to be customized for social sites etc. with a looser permission model. + */ + public function canView($member = null) { + if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) $member = Member::currentUser(); + + // extended access checks + $results = $this->extend('canView', $member); + if($results && is_array($results)) { + if(!min($results)) return false; + else return true; + } + + // members can usually edit their own record + if($member && $this->ID == $member->ID) return true; + + if( + Permission::checkMember($member, 'ADMIN') + || Permission::checkMember($member, 'CMS_ACCESS_SecurityAdmin') + ) { + return true; + } + + return false; + } + + /** + * Users can edit their own record. + * Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions + */ + public function canEdit($member = null) { + if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) $member = Member::currentUser(); + + // extended access checks + $results = $this->extend('canEdit', $member); + if($results && is_array($results)) { + if(!min($results)) return false; + else return true; + } + + // No member found + if(!($member && $member->exists())) return false; + + // If the requesting member is not an admin, but has access to manage members, + // they still can't edit other members with ADMIN permission. + // This is a bit weak, strictly speaking they shouldn't be allowed to + // perform any action that could change the password on a member + // with "higher" permissions than himself, but thats hard to determine. + if(!Permission::checkMember($member, 'ADMIN') && Permission::checkMember($this, 'ADMIN')) return false; + + return $this->canView($member); + } + + /** + * Users can edit their own record. + * Otherwise they'll need ADMIN or CMS_ACCESS_SecurityAdmin permissions + */ + public function canDelete($member = null) { + if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) $member = Member::currentUser(); + + // extended access checks + $results = $this->extend('canDelete', $member); + if($results && is_array($results)) { + if(!min($results)) return false; + else return true; + } + + // No member found + if(!($member && $member->exists())) return false; + + // Members are not allowed to remove themselves, + // since it would create inconsistencies in the admin UIs. + if($this->ID && $member->ID == $this->ID) return false; + + return $this->canEdit($member); + } + + + /** + * Validate this member object. + */ + public function validate() { + $valid = parent::validate(); + + if(!$this->ID || $this->isChanged('Password')) { + if($this->Password && self::$password_validator) { + $valid->combineAnd(self::$password_validator->validate($this->Password, $this)); + } + } + + if((!$this->ID && $this->SetPassword) || $this->isChanged('SetPassword')) { + if($this->SetPassword && self::$password_validator) { + $valid->combineAnd(self::$password_validator->validate($this->SetPassword, $this)); + } + } + + return $valid; + } + + /** + * Change password. This will cause rehashing according to + * the `PasswordEncryption` property. + * + * @param String $password Cleartext password + */ + public function changePassword($password) { + $this->Password = $password; + $valid = $this->validate(); + + if($valid->valid()) { + $this->AutoLoginHash = null; + $this->write(); + } + + return $valid; + } + + /** + * Tell this member that someone made a failed attempt at logging in as them. + * This can be used to lock the user out temporarily if too many failed attempts are made. + */ + public function registerFailedLogin() { + if(self::config()->lock_out_after_incorrect_logins) { + // Keep a tally of the number of failed log-ins so that we can lock people out + ++$this->FailedLoginCount; + + if($this->FailedLoginCount >= self::config()->lock_out_after_incorrect_logins) { + $lockoutMins = self::config()->lock_out_delay_mins; + $this->LockedOutUntil = date('Y-m-d H:i:s', SS_Datetime::now()->Format('U') + $lockoutMins*60); + $this->FailedLoginCount = 0; + } + } + $this->extend('registerFailedLogin'); + $this->write(); + } + + /** + * Tell this member that a successful login has been made + */ + public function registerSuccessfulLogin() { + if(self::config()->lock_out_after_incorrect_logins) { + // Forgive all past login failures + $this->FailedLoginCount = 0; + $this->LockedOutUntil = null; + $this->write(); + } + $this->extend('onAfterRegisterSuccessfulLogin'); + } + /** + * Get the HtmlEditorConfig for this user to be used in the CMS. + * This is set by the group. If multiple configurations are set, + * the one with the highest priority wins. + * + * @return string + */ + public function getHtmlEditorConfigForCMS() { + $currentName = ''; + $currentPriority = 0; + + foreach($this->Groups() as $group) { + $configName = $group->HtmlEditorConfig; + if($configName) { + $config = HtmlEditorConfig::get($group->HtmlEditorConfig); + if($config && $config->getOption('priority') > $currentPriority) { + $currentName = $configName; + $currentPriority = $config->getOption('priority'); + } + } + } + + // If can't find a suitable editor, just default to cms + return $currentName ? $currentName : 'cms'; + } + + public static function get_template_global_variables() { + return array( + 'CurrentMember' => 'currentUser', + 'currentUser', + ); + } +} + +/** + * Represents a set of Groups attached to a member. + * Handles the hierarchy logic. + * @package framework + * @subpackage security + */ +class Member_GroupSet extends ManyManyList { + + protected function linkJoinTable() { + // Do not join the table directly + if($this->extraFields) { + user_error('Member_GroupSet does not support many_many_extraFields', E_USER_ERROR); + } + } + + /** + * Link this group set to a specific member. + * + * Recursively selects all groups applied to this member, as well as any + * parent groups of any applied groups + * + * @param array|integer $id (optional) An ID or an array of IDs - if not provided, will use the current + * ids as per getForeignID + * @return array Condition In array(SQL => parameters format) + */ + public function foreignIDFilter($id = null) { + if ($id === null) $id = $this->getForeignID(); + + // Find directly applied groups + $manyManyFilter = parent::foreignIDFilter($id); + $query = new SQLQuery('"Group_Members"."GroupID"', '"Group_Members"', $manyManyFilter); + $groupIDs = $query->execute()->column(); + + // Get all ancestors, iteratively merging these into the master set + $allGroupIDs = array(); + while($groupIDs) { + $allGroupIDs = array_merge($allGroupIDs, $groupIDs); + $groupIDs = DataObject::get("Group")->byIDs($groupIDs)->column("ParentID"); + $groupIDs = array_filter($groupIDs); + } + + // Add a filter to this DataList + if(!empty($allGroupIDs)) { + $allGroupIDsPlaceholders = DB::placeholders($allGroupIDs); + return array("\"Group\".\"ID\" IN ($allGroupIDsPlaceholders)" => $allGroupIDs); + } else { + return array('"Group"."ID"' => 0); + } + } + + public function foreignIDWriteFilter($id = null) { + // Use the ManyManyList::foreignIDFilter rather than the one + // in this class, otherwise we end up selecting all inherited groups + return parent::foreignIDFilter($id); + } + + public function add($item, $extraFields = null) { + // Get Group.ID + $itemID = null; + if(is_numeric($item)) { + $itemID = $item; + } else if($item instanceof Group) { + $itemID = $item->ID; + } + + // Check if this group is allowed to be added + if($this->canAddGroups(array($itemID))) { + parent::add($item, $extraFields); + } + } + + /** + * Determine if the following groups IDs can be added + * + * @param array $itemIDs + * @return boolean + */ + protected function canAddGroups($itemIDs) { + if(empty($itemIDs)) { + return true; + } + $member = $this->getMember(); + return empty($member) || $member->onChangeGroups($itemIDs); + } + + /** + * Get foreign member record for this relation + * + * @return Member + */ + protected function getMember() { + $id = $this->getForeignID(); + if($id) { + return DataObject::get_by_id('Member', $id); + } + } +} + +/** + * Class used as template to send an email saying that the password has been + * changed. + * + * @package framework + * @subpackage security + */ +class Member_ChangePasswordEmail extends Email { + + protected $from = ''; // setting a blank from address uses the site's default administrator email + protected $subject = ''; + protected $ss_template = 'ChangePasswordEmail'; + + public function __construct() { + parent::__construct(); + + $this->subject = _t('Member.SUBJECTPASSWORDCHANGED', "Your password has been changed", 'Email subject'); + } +} + + + +/** + * Class used as template to send the forgot password email + * + * @package framework + * @subpackage security + */ +class Member_ForgotPasswordEmail extends Email { + protected $from = ''; // setting a blank from address uses the site's default administrator email + protected $subject = ''; + protected $ss_template = 'ForgotPasswordEmail'; + + public function __construct() { + parent::__construct(); + + $this->subject = _t('Member.SUBJECTPASSWORDRESET', "Your password reset link", 'Email subject'); + } +} + +/** + * Member Validator + * + * Custom validation for the Member object can be achieved either through an + * {@link DataExtension} on the Member_Validator object or, by specifying a subclass of + * {@link Member_Validator} through the {@link Injector} API. + * The Validator can also be modified by adding an Extension to Member and implement the + * updateValidator hook. + * {@see Member::getValidator()} + * + * Additional required fields can also be set via config API, eg. + * + * Member_Validator: + * customRequired: + * - Surname + * + * + * @package framework + * @subpackage security + */ +class Member_Validator extends RequiredFields +{ + /** + * Fields that are required by this validator + * @config + * @var array + */ + protected $customRequired = array( + 'FirstName', + 'Email' + ); + + /** + * Determine what member this validator is meant for + * @var Member + */ + protected $forMember = null; + + /** + * Constructor + */ + public function __construct() { + $required = func_get_args(); + + if(isset($required[0]) && is_array($required[0])) { + $required = $required[0]; + } + + $required = array_merge($required, $this->customRequired); + + // check for config API values and merge them in + $config = $this->config()->customRequired; + if(is_array($config)){ + $required = array_merge($required, $config); + } + + parent::__construct(array_unique($required)); + } + + /** + * Get the member this validator applies to. + * @return Member + */ + public function getForMember() + { + return $this->forMember; + } + + /** + * Set the Member this validator applies to. + * @param Member $value + * @return $this + */ + public function setForMember(Member $value) + { + $this->forMember = $value; + return $this; + } + + /** + * Check if the submitted member data is valid (server-side) + * + * Check if a member with that email doesn't already exist, or if it does + * that it is this member. + * + * @param array $data Submitted data + * @return bool Returns TRUE if the submitted data is valid, otherwise + * FALSE. + */ + public function php($data) + { + $valid = parent::php($data); + + $identifierField = (string)Member::config()->unique_identifier_field; + + // Only validate identifier field if it's actually set. This could be the case if + // somebody removes `Email` from the list of required fields. + if(isset($data[$identifierField])){ + $id = isset($data['ID']) ? (int)$data['ID'] : 0; + if(!$id && ($ctrl = $this->form->getController())){ + // get the record when within GridField (Member editing page in CMS) + if($ctrl instanceof GridFieldDetailForm_ItemRequest && $record = $ctrl->getRecord()){ + $id = $record->ID; + } + } + + // If there's no ID passed via controller or form-data, use the assigned member (if available) + if(!$id && ($member = $this->getForMember())){ + $id = $member->exists() ? $member->ID : 0; + } + + // set the found ID to the data array, so that extensions can also use it + $data['ID'] = $id; + + $members = Member::get()->filter($identifierField, $data[$identifierField]); + if($id) { + $members = $members->exclude('ID', $id); + } + + if($members->count() > 0) { + $this->validationError( + $identifierField, + _t( + 'Member.VALIDATIONMEMBEREXISTS', + 'A member already exists with the same {identifier}', + array('identifier' => Member::singleton()->fieldLabel($identifierField)) + ), + 'required' + ); + $valid = false; + } + } + + + // Execute the validators on the extensions + $results = $this->extend('updatePHP', $data, $this->form); + $results[] = $valid; + return min($results); + } +} diff --git a/tests/control/SessionTest.php b/tests/control/SessionTest.php index 1b5c5ee45..3b54f6200 100644 --- a/tests/control/SessionTest.php +++ b/tests/control/SessionTest.php @@ -97,15 +97,27 @@ class SessionTest extends SapphireTest { $_SERVER['HTTP_USER_AGENT'] = 'Test Agent'; // Generate our session + /** @var Session $s */ $s = Injector::inst()->create('Session', array()); $s->inst_set('val', 123); $s->inst_finalize(); + $data = $s->inst_getAll(); // Change our UA $_SERVER['HTTP_USER_AGENT'] = 'Fake Agent'; - // Verify the new session reset our values - $s2 = Injector::inst()->create('Session', $s); + // Verify the new session reset our values (passed by constructor) + /** @var Session $s2 */ + $s2 = Injector::inst()->create('Session', $data); $this->assertNotEquals($s2->inst_get('val'), 123); + + // Verify a started session resets our values (initiated by $_SESSION object) + /** @var Session $s3 */ + $s3 = Injector::inst()->create('Session', []); + foreach ($data as $key => $value) { + $s3->inst_set($key, $value); + } + $s3->inst_start(); + $this->assertNotEquals($s3->inst_get('val'), 123); } } diff --git a/tests/dev/CSVParserTest.php b/tests/dev/CSVParserTest.php index c895b2f8b..512717521 100644 --- a/tests/dev/CSVParserTest.php +++ b/tests/dev/CSVParserTest.php @@ -21,16 +21,18 @@ class CSVParserTest extends SapphireTest { $registered[] = $record['IsRegistered']; } - $this->assertEquals(array('John','Jane','Jamie','Järg'), $firstNames); + $this->assertEquals(array('John','Jane','Jamie','Järg','Jacob'), $firstNames); $this->assertEquals(array( "He's a good guy", "She is awesome." . PHP_EOL . "So awesome that she gets multiple rows and \"escaped\" strings in her biography", "Pretty old, with an escaped comma", - "Unicode FTW"), $biographies); - $this->assertEquals(array("31/01/1988","31/01/1982","31/01/1882","31/06/1982"), $birthdays); - $this->assertEquals(array('1', '0', '1', '1'), $registered); + "Unicode FTW", + "Likes leading tabs in his biography", + ), $biographies); + $this->assertEquals(array("31/01/1988","31/01/1982","31/01/1882","31/06/1982","31/4/2000"), $birthdays); + $this->assertEquals(array('1', '0', '1', '1', '0'), $registered); } public function testParsingWithHeadersAndColumnMap() { @@ -54,15 +56,16 @@ class CSVParserTest extends SapphireTest { $registered[] = $record['IsRegistered']; } - $this->assertEquals(array('John','Jane','Jamie','Järg'), $firstNames); + $this->assertEquals(array('John','Jane','Jamie','Järg','Jacob'), $firstNames); $this->assertEquals(array( "He's a good guy", "She is awesome." . PHP_EOL . "So awesome that she gets multiple rows and \"escaped\" strings in her biography", "Pretty old, with an escaped comma", - "Unicode FTW"), $biographies); - $this->assertEquals(array("31/01/1988","31/01/1982","31/01/1882","31/06/1982"), $birthdays); - $this->assertEquals(array('1', '0', '1', '1'), $registered); + "Unicode FTW", + "Likes leading tabs in his biography"), $biographies); + $this->assertEquals(array("31/01/1988","31/01/1982","31/01/1882","31/06/1982","31/4/2000"), $birthdays); + $this->assertEquals(array('1', '0', '1', '1', '0'), $registered); } public function testParsingWithExplicitHeaderRow() { @@ -82,15 +85,16 @@ class CSVParserTest extends SapphireTest { } /* And the first row will be returned in the data */ - $this->assertEquals(array('FirstName','John','Jane','Jamie','Järg'), $firstNames); + $this->assertEquals(array('FirstName','John','Jane','Jamie','Järg','Jacob'), $firstNames); $this->assertEquals(array( 'Biography', "He's a good guy", "She is awesome." . PHP_EOL . "So awesome that she gets multiple rows and \"escaped\" strings in her biography", "Pretty old, with an escaped comma", - "Unicode FTW"), $biographies); - $this->assertEquals(array("Birthday","31/01/1988","31/01/1982","31/01/1882","31/06/1982"), $birthdays); - $this->assertEquals(array('IsRegistered', '1', '0', '1', '1'), $registered); + "Unicode FTW", + "Likes leading tabs in his biography"), $biographies); + $this->assertEquals(array("Birthday","31/01/1988","31/01/1982","31/01/1882","31/06/1982","31/4/2000"), $birthdays); + $this->assertEquals(array('IsRegistered', '1', '0', '1', '1', '0'), $registered); } } diff --git a/tests/dev/CsvBulkLoaderTest.php b/tests/dev/CsvBulkLoaderTest.php index 7b1d15a5b..bb21b98f2 100644 --- a/tests/dev/CsvBulkLoaderTest.php +++ b/tests/dev/CsvBulkLoaderTest.php @@ -27,7 +27,7 @@ class CsvBulkLoaderTest extends SapphireTest { $results = $loader->load($filepath); // Test that right amount of columns was imported - $this->assertEquals(4, $results->Count(), 'Test correct count of imported data'); + $this->assertEquals(5, $results->Count(), 'Test correct count of imported data'); // Test that columns were correctly imported $obj = DataObject::get_one("CsvBulkLoaderTest_Player", array( @@ -49,14 +49,14 @@ class CsvBulkLoaderTest extends SapphireTest { $filepath = $this->getCurrentAbsolutePath() . '/CsvBulkLoaderTest_PlayersWithHeader.csv'; $loader->deleteExistingRecords = true; $results1 = $loader->load($filepath); - $this->assertEquals(4, $results1->Count(), 'Test correct count of imported data on first load'); + $this->assertEquals(5, $results1->Count(), 'Test correct count of imported data on first load'); //delete existing data before doing second CSV import $results2 = $loader->load($filepath, '512MB', true); //get all instances of the loaded DataObject from the database and count them $resultDataObject = DataObject::get('CsvBulkLoaderTest_Player'); - $this->assertEquals(4, $resultDataObject->Count(), + $this->assertEquals(5, $resultDataObject->Count(), 'Test if existing data is deleted before new data is added'); } diff --git a/tests/dev/CsvBulkLoaderTest_PlayersWithHeader.csv b/tests/dev/CsvBulkLoaderTest_PlayersWithHeader.csv index 2536266fc..f8e101f08 100644 --- a/tests/dev/CsvBulkLoaderTest_PlayersWithHeader.csv +++ b/tests/dev/CsvBulkLoaderTest_PlayersWithHeader.csv @@ -4,3 +4,4 @@ So awesome that she gets multiple rows and \"escaped\" strings in her biography","31/01/1982","0" "Jamie","Pretty old\, with an escaped comma","31/01/1882","1" "Järg","Unicode FTW","31/06/1982","1" +"Jacob"," Likes leading tabs in his biography","31/4/2000","0" diff --git a/tests/forms/gridfield/GridFieldExportButtonTest.php b/tests/forms/gridfield/GridFieldExportButtonTest.php index 42ef28e22..516a2bc13 100644 --- a/tests/forms/gridfield/GridFieldExportButtonTest.php +++ b/tests/forms/gridfield/GridFieldExportButtonTest.php @@ -53,6 +53,22 @@ class GridFieldExportButtonTest extends SapphireTest { ); } + public function testXLSSanitisation() { + // Create risky object + $object = new GridFieldExportButtonTest_Team(); + $object->Name = '=SUM(1, 2)'; + $object->write(); + + // Export + $button = new GridFieldExportButton(); + $button->setExportColumns(array('Name' => 'My Name')); + + $this->assertEquals( + "\"My Name\"\n\"\t=SUM(1, 2)\"\n\"Test\"\n\"Test2\"\n", + $button->generateExportFileData($this->gridField) + ); + } + public function testGenerateFileDataAnonymousFunctionField() { $button = new GridFieldExportButton(); $button->setExportColumns(array( diff --git a/tests/security/MemberAuthenticatorTest.php b/tests/security/MemberAuthenticatorTest.php index f3e4598ca..bf6dd9942 100644 --- a/tests/security/MemberAuthenticatorTest.php +++ b/tests/security/MemberAuthenticatorTest.php @@ -196,7 +196,8 @@ class MemberAuthenticatorTest extends SapphireTest { $this->assertNull($response); $this->assertCount(1, LoginAttempt::get()); $attempt = LoginAttempt::get()->first(); - $this->assertEquals($email, $attempt->Email); + $this->assertEmpty($attempt->Email); // Doesn't store potentially sensitive data + $this->assertEquals(sha1($email), $attempt->EmailHashed); $this->assertEquals('Failure', $attempt->Status); } diff --git a/tests/security/SecurityTest.php b/tests/security/SecurityTest.php index d336c1f64..3b8c19a2b 100644 --- a/tests/security/SecurityTest.php +++ b/tests/security/SecurityTest.php @@ -507,25 +507,21 @@ class SecurityTest extends FunctionalTest { /* UNSUCCESSFUL ATTEMPTS WITH WRONG PASSWORD FOR EXISTING USER ARE LOGGED */ $this->doTestLoginForm('testuser@example.com', 'wrongpassword'); - $attempt = DataObject::get_one('LoginAttempt', array( - '"LoginAttempt"."Email"' => 'testuser@example.com' - )); - $this->assertTrue(is_object($attempt)); - $member = DataObject::get_one('Member', array( - '"Member"."Email"' => 'testuser@example.com' - )); + $attempt = LoginAttempt::getByEmail('testuser@example.com')->first(); + $this->assertInstanceOf('LoginAttempt', $attempt); + $member = Member::get()->filter('Email', 'testuser@example.com')->first(); $this->assertEquals($attempt->Status, 'Failure'); - $this->assertEquals($attempt->Email, 'testuser@example.com'); + $this->assertEmpty($attempt->Email); // Doesn't store potentially sensitive data + $this->assertEquals($attempt->EmailHashed, sha1('testuser@example.com')); $this->assertEquals($attempt->Member(), $member); /* UNSUCCESSFUL ATTEMPTS WITH NONEXISTING USER ARE LOGGED */ $this->doTestLoginForm('wronguser@silverstripe.com', 'wrongpassword'); - $attempt = DataObject::get_one('LoginAttempt', array( - '"LoginAttempt"."Email"' => 'wronguser@silverstripe.com' - )); - $this->assertTrue(is_object($attempt)); + $attempt = LoginAttempt::getByEmail('wronguser@silverstripe.com')->first(); + $this->assertInstanceOf('LoginAttempt', $attempt); $this->assertEquals($attempt->Status, 'Failure'); - $this->assertEquals($attempt->Email, 'wronguser@silverstripe.com'); + $this->assertEmpty($attempt->Email); // Doesn't store potentially sensitive data + $this->assertEquals($attempt->EmailHashed, sha1('wronguser@silverstripe.com')); $this->assertNotNull( $this->loginErrorMessage(), 'An invalid email returns a message.' ); @@ -536,15 +532,14 @@ class SecurityTest extends FunctionalTest { /* SUCCESSFUL ATTEMPTS ARE LOGGED */ $this->doTestLoginForm('testuser@example.com', '1nitialPassword'); - $attempt = DataObject::get_one('LoginAttempt', array( - '"LoginAttempt"."Email"' => 'testuser@example.com' - )); + $attempt = LoginAttempt::getByEmail('testuser@example.com')->first(); $member = DataObject::get_one('Member', array( '"Member"."Email"' => 'testuser@example.com' )); - $this->assertTrue(is_object($attempt)); + $this->assertInstanceOf('LoginAttempt', $attempt); $this->assertEquals($attempt->Status, 'Success'); - $this->assertEquals($attempt->Email, 'testuser@example.com'); + $this->assertEmpty($attempt->Email); // Doesn't store potentially sensitive data + $this->assertEquals($attempt->EmailHashed, sha1('testuser@example.com')); $this->assertEquals($attempt->Member(), $member); }