Commit Graph

61 Commits

Author SHA1 Message Date
Daniel Hensby
3507ddb0e8 FIX MemberPassword history removed with with Members
Currently Members that were deleted would still have their passwords
stored in the DB even though they were deleted. This seems unnecessary
and just increases data that could potentially be compromised later.
2015-06-24 21:04:23 +01:00
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Damian Mooyman
d8e9af8af8 API New Database abstraction layer. Ticket #7429
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
2014-07-09 18:04:05 +12:00
Simon Welsh
d431e98ecf Merge branch '3.1'
Conflicts:
	forms/Form.php
	forms/FormField.php
	security/Member.php
	security/MemberLoginForm.php
2014-03-10 22:58:49 +13:00
Loz Calver
d91c7d14b8 FIX: Rewrite Member getCMSFields to ensure updateCMSFields is only run once (fixes #2827)
Fix usage of  inside closure

Can't use self:: in closure either

Basic unit tests to check extensions are applied correctly
2014-02-16 21:21:15 +00:00
Ingo Schommer
6906c9bd1a API Removed auto-detection for i18n date/time formats
Default to "yyyy-MM-dd" for date format, and "H:mm" for time_format.
Switched to config API for setting/getting values.

Avoid using "MMM" in particular, since it causes
inconsistencies in month names between jQuery UI and Zend_Locale_Format.

Fixes https://github.com/silverstripe/silverstripe-cms/issues/544
2014-02-16 23:57:49 +13:00
Andrew Short
bedf292612 Merge branch '3.1'
Conflicts:
	docs/en/reference/execution-pipeline.md
	lang/nl.yml
2013-11-11 18:18:25 +11:00
andrewvt
389bdb4ddf Added a unit test for removeFromGroupByCode()
Added a unit test for removeFromGroupByCode()
2013-10-31 22:05:13 -04:00
Ingo Schommer
628b920ea7 Fixed merge error in MemberTest 2013-10-23 18:26:05 +02:00
Ingo Schommer
b56ca812dc Merge remote-tracking branch 'origin/3.1'
Conflicts:
	tests/security/MemberTest.php
2013-10-23 14:53:29 +02:00
Thomas Speak
d22ca62c6f BUG FailedLoginCount reset
If you fail your maximum login attempts and are locked out, further failed login attempts add to your already existing FailedLoginCount as it is only reset if you log in successfully. This means that if you're locked out, then try again, one failure will automatically lock you out again, regardless of what you set your max limit to.

Example:

lock_out_after_incorrect_logins: 3
FailedLoginCount: 0

The user fails three login attempts.

lock_out_after_incorrect_logins: 3
FailedLoginCount: 3

The user is now locked out.

Lockout time passes.

The user fails their 4th login.

lock_out_after_incorrect_logins: 3
FailedLoginCount: 4

This will continue to happen until the user successfully logs in, without giving them the pre-defined amount of login attempts again due to this condition being met after every incorrect login:
```php
if($this->FailedLoginCount >= self::config()->lock_out_after_incorrect_logins) {
```

FailedLoginTestCount Test Added
2013-10-18 13:48:11 +01:00
Will Rossiter
813d34b15e FIX: Use Injector API for managing Member_Validator instance.
Updates the CMS profile page and SecurityAdmin to give developers a few ways to customise the required fields.

Added extension hook updateValidator for getValidator for things like modules to inject required fields to go along with Injector for replacing the entire class for project specific use.
2013-10-16 11:29:43 +13:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Hamish Friedlander
7efae6b95f Merge remote-tracking branch 'origin/3.0' into 3.1 2013-02-18 14:31:57 +13:00
Ingo Schommer
30096ee730 BUGFIX Keep Member.PasswordEncryption setting on empty passwords
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
2013-02-17 23:30:41 +01:00
Ingo Schommer
22eeaa4ac1 BUG Members should not be allowed to delete themselves (fixes #8121) 2012-12-16 23:53:45 +01:00
Simon Welsh
b0121b541c Add codesniffer that ensures indentation is with tabs. 2012-12-12 17:33:31 +13:00
Simon Welsh
fc5dd2994c Add codesniffer that ensures indentation is with tabs. 2012-12-12 00:12:11 +13:00
Ingo Schommer
c55c7c33f8 Merge branch '3.0'
Conflicts:
	admin/code/CMSProfileController.php
	composer.json
	tests/model/DataObjectTest.php
2012-11-22 23:51:28 +01:00
Mateusz Uzdowski
a8b0e44d98 API Hash autologin tokens before storing in the database.
Refactor the code to make it clear the distinction is made between a
plaintext token and a hashed version. Rename fields so it is more
obvious what is being written and what sent out to the user.

This reuses the salt and algorithm from the Member, which are kept
constant throughout the Member lifetime in a normal scenario. If they do
change, users will need to re-request so the hashes can be regenerated.
2012-11-09 11:29:42 +01:00
Andrew O'Neil
6dd6a5c188 APICHANGE: Use late static binding for Object::remove_extension() 2012-11-07 11:07:55 +13:00
Andrew O'Neil
fdea5321c7 APICHANGE: add_extension() is now called directly on the class, instead of on Object 2012-11-07 11:07:55 +13:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Stig Lindqvist
bbe3879eaa BUGFIX: Member::mapInGroups() throws SQL error
Renamed the Member::mapInGroups() to Member::map_in_groups() since it's a static method and throws deprecation message if using the old variant.
Rewrote the mapInGroups to use a more ORMy way of fetching Members for a set of groups and included a test for.
2012-05-10 13:53:54 +12:00
Sean Harvey
b1e17578c7 API CHANGE Removed assertType() and assertEmpty() workarounds. Use assertInstanceOf()
instead of assertType(), assertEmpty() is available in PHPUnit 3.5+.
PHPUnit 3.4 is no longer supported, so please upgrade your version to
work.

MINOR Removed FullTestSuite which was a workaround for PHPUnit but not
used.
2012-05-09 23:05:39 +12:00
Sean Harvey
8a6671d72e BUGFIX Member::onChangeGroups() should allow ADMIN permission grant if the logged in user is an ADMIN 2012-04-27 12:27:46 +12:00
Simon Welsh
f07258f3cf MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
Sean Harvey
e097f6e1a8 MINOR Fixes to method arguments in core classes for E_STRICT support.
API CHANGE Remove abstract static function and just use static functions
in Authenticator (PHP 5.3+ doesn't support abstract static functions)
2012-03-28 22:41:42 +13:00
Sean Harvey
d28da56e19 BUGFIX Fixed regression where Member::PasswordEncryption field wouldn't be set to the default 2012-03-09 17:29:57 +13:00
Ingo Schommer
424da6abe1 API CHANGE Moved NZGovtPasswordValidator to new 'securityextras' module 2012-03-02 00:28:22 +01:00
Will Rossiter
1732a17114 Merged new-orm into datagrid 2011-09-26 16:47:54 +13:00
Ingo Schommer
e1931c107f MINOR Updated MemberTest to accept new default date formats caused by Zend/CLDR upgrade (from 'MM/dd/yyyy' to a less ambiguous 'MMM d, y') 2011-05-31 07:55:12 +12:00
ajshort
04e30243d0 MINOR: Updated MemberTest to work with a standard array iterator. 2011-05-03 12:16:40 +10:00
ajshort
3a1c2df4e7 API CHANGE: Renamed DataObjectDecorator to DataExtension.
API CHANGE: Renamed LeftAndMainDecorator to LeftAndMainExtension.
MINOR: Replaced all references to decorators with extension.
2011-04-26 11:01:38 +10:00
Ingo Schommer
2870eb9212 MINOR Changed $fixture_path to relative filenames in all sapphire test cases in order to allow easier file moving and less verbosity in tests 2011-03-30 23:04:48 +13:00
Ingo Schommer
2184acf17d Revert "MINOR Replaced assertType() calls with assertInstanceOf(), deprecated in PHPUnit 3.6 (throws warnings as of 3.5.10)" - cased too many problems with mixed build environments that require PHP 3.4
This reverts commit 65f6104cd6.
2011-03-11 15:06:09 +13:00
Ingo Schommer
498e5758bf BUGFIX Avoid privilege escalation from EDIT_PERMISSIONS to ADMIN through TreeMultiselectField (in Member->getCMSFields()) by checking for admin groups in Member->onChangeGroups() 2011-03-09 15:49:41 +13:00
Ingo Schommer
65f6104cd6 MINOR Replaced assertType() calls with assertInstanceOf(), deprecated in PHPUnit 3.6 (throws warnings as of 3.5.10) 2011-02-21 18:49:09 +13:00
Sam Minnee
1fc540c16b MINOR Fixed regression from r111843 (i18nText, MemberDatetimeFieldTest, MemberTest) (from r111844)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112929 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 05:01:35 +00:00
Sam Minnee
ef36436f75 BUGFIX Protect MemberTest from side effects caused by auth_openid and forum modules (from r110894)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112865 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 03:01:29 +00:00
Sam Minnee
d8a8635374 API CHANGE Member->canEdit() returns false if the editing member has lower permissions than the edited member, for example if a member with CMS_ACCESS_SecurityAdmin permissions tries to edit an ADMIN (fixes #5651) (from r110856)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112861 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 02:46:26 +00:00
Sam Minnee
38f9e74fba MINOR Tests for Member::getName() and Member::setName() (from r109333)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112823 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 01:24:04 +00:00
Sam Minnee
0e3693f99e BUGFIX: tests now pass when the locale is set to something other than 'en_US' in the mysite's _config.php file (from r107940)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112702 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-18 22:33:41 +00:00
Ingo Schommer
577e82a123 BUGFIX Fixed Member->PasswordEncryption defaults when writing new Member without setting a password. Fixes critical issue with MemberTableField saving in admin/security, where new members are stored with a cleartext password by default instead of using the default SHA1 (see #5772) (from r107532)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112602 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:52:38 +00:00
Ingo Schommer
47762cdf5b ENHANCEMENT #5352 Decouple date display from i18n locales, users now have access to change their date and time formats in Member::getCMSFields() using Member_DatetimeOptionsetField field (from r107326)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112568 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:23:02 +00:00
Ingo Schommer
39b056024f APICHANGE: moved Group::addToGroupByName to $member->addToGroupByCode. (from r106217)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112528 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:00:48 +00:00
Ingo Schommer
c604341a1d API CHANGE Removed "auto-merging" of member records from Member->onBeforeWrite() due to security reasons - please use DataObject->merge() explicitly if this is desired behaviour
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@100705 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-03-09 04:10:38 +00:00
Ingo Schommer
61e27830c6 MINOR Fixed unit tests after change Member->checkPassword() to return ValidationResult instead of boolean (see r98268) (merged from r98274)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@99701 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 04:05:34 +00:00
Sean Harvey
69cda024ab MINOR Added tests methods for Member::can*() methods to MemberTest
MINOR Added test Extension classes for testing decorated can*() methods (from r94359)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@95602 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-12-16 05:39:57 +00:00