diff --git a/dev/Debug.php b/dev/Debug.php index 9d42ddcc2..fef951a70 100644 --- a/dev/Debug.php +++ b/dev/Debug.php @@ -652,7 +652,7 @@ class Debug { $_SESSION['Security']['Message']['type'] = 'warning'; $_SESSION['BackURL'] = $_SERVER['REQUEST_URI']; header($_SERVER['SERVER_PROTOCOL'] . " 302 Found"); - header("Location: " . Director::baseURL() . "Security/login"); + header("Location: " . Director::baseURL() . Security::login_url()); die(); } } diff --git a/security/Security.php b/security/Security.php index f8da0e029..112fda9e2 100644 --- a/security/Security.php +++ b/security/Security.php @@ -242,7 +242,10 @@ class Security extends Controller { // Audit logging hook $controller->extend('permissionDenied', $member); - $controller->redirect("Security/login?BackURL=" . urlencode($_SERVER['REQUEST_URI'])); + $controller->redirect( + Config::inst()->get('Security', 'login_url') + . "?BackURL=" . urlencode($_SERVER['REQUEST_URI']) + ); } return; } @@ -927,8 +930,25 @@ class Security extends Controller { public static function set_ignore_disallowed_actions($flag) { self::$ignore_disallowed_actions = $flag; } + public static function ignore_disallowed_actions() { return self::$ignore_disallowed_actions; } + protected static $login_url = "Security/login"; + + /** + * Set a custom log-in URL if you have built your own log-in page. + */ + public static function set_login_url($loginUrl) { + self::$login_url = $loginUrl; + } + /** + * Get the URL of the log-in page. + * Defaults to Security/login but can be re-set with {@link set_login_url()} + */ + public static function login_url() { + return self::$login_url; + } + } diff --git a/tests/control/DirectorTest.php b/tests/control/DirectorTest.php index a157c59a6..48359bed3 100644 --- a/tests/control/DirectorTest.php +++ b/tests/control/DirectorTest.php @@ -252,7 +252,7 @@ class DirectorTest extends SapphireTest { } public function testForceSSLOnSubPagesPattern() { - $_SERVER['REQUEST_URI'] = Director::baseURL() . 'Security/login'; + $_SERVER['REQUEST_URI'] = Director::baseURL() . Config::inst()->get('Security', 'login_url'); $output = Director::forceSSL(array('/^Security/')); $this->assertEquals($output, 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); } diff --git a/tests/security/SecurityTest.php b/tests/security/SecurityTest.php index 6337e1b71..3325d09f9 100644 --- a/tests/security/SecurityTest.php +++ b/tests/security/SecurityTest.php @@ -57,7 +57,10 @@ class SecurityTest extends FunctionalTest { $response = $this->get('SecurityTest_SecuredController'); $this->assertEquals(302, $response->getStatusCode()); - $this->assertContains('Security/login', $response->getHeader('Location')); + $this->assertContains( + Config::inst()->get('Security', 'login_url'), + $response->getHeader('Location') + ); $this->logInWithPermission('ADMIN'); $response = $this->get('SecurityTest_SecuredController'); @@ -74,7 +77,7 @@ class SecurityTest extends FunctionalTest { $this->session()->inst_set('loggedInAs', $member->ID); /* View the Security/login page */ - $response = $this->get('Security/login'); + $response = $this->get(Config::inst()->get('Security', 'login_url')); $items = $this->cssParser()->getBySelector('#MemberLoginForm_LoginForm input.action'); @@ -108,7 +111,7 @@ class SecurityTest extends FunctionalTest { $this->autoFollowRedirection = true; /* Attempt to get into the admin section */ - $response = $this->get('Security/login/'); + $response = $this->get(Config::inst()->get('Security', 'login_url')); $items = $this->cssParser()->getBySelector('#MemberLoginForm_LoginForm input.text'); @@ -396,7 +399,7 @@ class SecurityTest extends FunctionalTest { public function doTestLoginForm($email, $password, $backURL = 'test/link') { $this->get('Security/logout'); $this->session()->inst_set('BackURL', $backURL); - $this->get('Security/login'); + $this->get(Config::inst()->get('Security', 'login_url')); return $this->submitForm( "MemberLoginForm_LoginForm",