mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #4006 from kinglozzer/patch-1
FIX: Security::$default_message_set Config value unusable
This commit is contained in:
commit
de2aa47250
@ -93,9 +93,10 @@ class Security extends Controller {
|
|||||||
/**
|
/**
|
||||||
* Default message set used in permission failures.
|
* Default message set used in permission failures.
|
||||||
*
|
*
|
||||||
|
* @config
|
||||||
* @var array|string
|
* @var array|string
|
||||||
*/
|
*/
|
||||||
private static $default_message_set = '';
|
private static $default_message_set;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Random secure token, can be used as a crypto key internally.
|
* Random secure token, can be used as a crypto key internally.
|
||||||
@ -176,9 +177,6 @@ class Security extends Controller {
|
|||||||
* If you pass an array, you can use the
|
* If you pass an array, you can use the
|
||||||
* following keys:
|
* following keys:
|
||||||
* - default: The default message
|
* - default: The default message
|
||||||
* - logInAgain: The message to show
|
|
||||||
* if the user has just
|
|
||||||
* logged out and the
|
|
||||||
* - alreadyLoggedIn: The message to
|
* - alreadyLoggedIn: The message to
|
||||||
* show if the user
|
* show if the user
|
||||||
* is already logged
|
* is already logged
|
||||||
@ -209,8 +207,8 @@ class Security extends Controller {
|
|||||||
} else {
|
} else {
|
||||||
// Prepare the messageSet provided
|
// Prepare the messageSet provided
|
||||||
if(!$messageSet) {
|
if(!$messageSet) {
|
||||||
if(self::$default_message_set) {
|
if($configMessageSet = static::config()->get('default_message_set')) {
|
||||||
$messageSet = self::$default_message_set;
|
$messageSet = $configMessageSet;
|
||||||
} else {
|
} else {
|
||||||
$messageSet = array(
|
$messageSet = array(
|
||||||
'default' => _t(
|
'default' => _t(
|
||||||
@ -224,11 +222,6 @@ class Security extends Controller {
|
|||||||
. "can access that page, you can log in again below.",
|
. "can access that page, you can log in again below.",
|
||||||
|
|
||||||
"%s will be replaced with a link to log in."
|
"%s will be replaced with a link to log in."
|
||||||
),
|
|
||||||
'logInAgain' => _t(
|
|
||||||
'Security.LOGGEDOUT',
|
|
||||||
"You have been logged out. If you would like to log in again, enter "
|
|
||||||
. "your credentials below."
|
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
@ -73,6 +73,47 @@ class SecurityTest extends FunctionalTest {
|
|||||||
|
|
||||||
$this->autoFollowRedirection = true;
|
$this->autoFollowRedirection = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testPermissionFailureSetsCorrectFormMessages() {
|
||||||
|
Config::nest();
|
||||||
|
|
||||||
|
// Controller that doesn't attempt redirections
|
||||||
|
$controller = new SecurityTest_NullController();
|
||||||
|
$controller->response = new SS_HTTPResponse();
|
||||||
|
|
||||||
|
Security::permissionFailure($controller, array('default' => 'Oops, not allowed'));
|
||||||
|
$this->assertEquals('Oops, not allowed', Session::get('Security.Message.message'));
|
||||||
|
|
||||||
|
// Test that config values are used correctly
|
||||||
|
Config::inst()->update('Security', 'default_message_set', 'stringvalue');
|
||||||
|
Security::permissionFailure($controller);
|
||||||
|
$this->assertEquals('stringvalue', Session::get('Security.Message.message'),
|
||||||
|
'Default permission failure message value was not present');
|
||||||
|
|
||||||
|
Config::inst()->remove('Security', 'default_message_set');
|
||||||
|
Config::inst()->update('Security', 'default_message_set', array('default' => 'arrayvalue'));
|
||||||
|
Security::permissionFailure($controller);
|
||||||
|
$this->assertEquals('arrayvalue', Session::get('Security.Message.message'),
|
||||||
|
'Default permission failure message value was not present');
|
||||||
|
|
||||||
|
// Test that non-default messages work.
|
||||||
|
// NOTE: we inspect the response body here as the session message has already
|
||||||
|
// been fetched and output as part of it, so has been removed from the session
|
||||||
|
$this->logInWithPermission('EDITOR');
|
||||||
|
|
||||||
|
Config::inst()->update('Security', 'default_message_set',
|
||||||
|
array('default' => 'default', 'alreadyLoggedIn' => 'You are already logged in!'));
|
||||||
|
Security::permissionFailure($controller);
|
||||||
|
$this->assertContains('You are already logged in!', $controller->response->getBody(),
|
||||||
|
'Custom permission failure message was ignored');
|
||||||
|
|
||||||
|
Security::permissionFailure($controller,
|
||||||
|
array('default' => 'default', 'alreadyLoggedIn' => 'One-off failure message'));
|
||||||
|
$this->assertContains('One-off failure message', $controller->response->getBody(),
|
||||||
|
"Message set passed to Security::permissionFailure() didn't override Config values");
|
||||||
|
|
||||||
|
Config::unnest();
|
||||||
|
}
|
||||||
|
|
||||||
public function testLogInAsSomeoneElse() {
|
public function testLogInAsSomeoneElse() {
|
||||||
$member = DataObject::get_one('Member');
|
$member = DataObject::get_one('Member');
|
||||||
@ -501,3 +542,11 @@ class SecurityTest_SecuredController extends Controller implements TestOnly {
|
|||||||
return 'Success';
|
return 'Success';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
class SecurityTest_NullController extends Controller implements TestOnly {
|
||||||
|
|
||||||
|
public function redirect($url, $code = 302) {
|
||||||
|
// NOOP
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user