Ingo Schommer
eecd34868f
BUGFIX Keep Member.PasswordEncryption setting on empty passwords
...
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
2013-02-17 23:16:25 +01:00
Mateusz Uzdowski
22095dae6c
API Hash autologin tokens before storing in the database.
...
Backported from 3.0, cc423c38fb
.
2012-11-09 12:03:55 +01:00
Ingo Schommer
de1f07045b
BUGFIX Avoid privilege escalation from EDIT_PERMISSIONS to ADMIN through TreeMultiselectField (in Member->getCMSFields()) by checking for admin groups in Member->onChangeGroups()
2011-03-09 15:54:05 +13:00
Ingo Schommer
397bbe7bb5
BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter (from r114758)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114760 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:05 +13:00
Ingo Schommer
f8c970ec0c
ENHANCEMENT Added RandomGenerator for more secure CRSF tokens etc. (from r114497)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114499 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:03 +13:00
Sean Harvey
1544d55890
MINOR Fixed php tag in SecurityTokenTest, should be "<?php" not "<?"
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114016 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:02 +13:00
Ingo Schommer
e4d3584805
ENHANCEMENT Added SecurityToken to wrap CSRF protection via "SecurityID" request parameter
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113272 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:58 +13:00
Ingo Schommer
dfb9c71342
MINOR Fixed regression from r111843 (i18nText, MemberDatetimeFieldTest, MemberTest)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@111844 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:55 +13:00
Ingo Schommer
139ab46240
BUGFIX Protect MemberTest from side effects caused by auth_openid and forum modules
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@110894 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:50 +13:00
Ingo Schommer
486091e4ec
API CHANGE Member->canEdit() returns false if the editing member has lower permissions than the edited member, for example if a member with CMS_ACCESS_SecurityAdmin permissions tries to edit an ADMIN ( fixes #5651 )
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@110856 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:50 +13:00
Hamish Friedlander
deae822827
BUGFIX: BasicAuthTests fail when Member's unique_identifier_field is anything except the default of Email
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109834 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:48 +13:00
Sean Harvey
6f9b33e022
MINOR Tests for Member::getName() and Member::setName()
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109333 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:47 +13:00
Sean Harvey
ddcb7b6b89
MINOR Fixed failing test as session being set before logging out and losing BackURL
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108518 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:44 +13:00
Julian Seidenberg
b22261f781
BUGFIX: tests now pass when the locale is set to something other than 'en_US' in the mysite's _config.php file
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107940 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:39 +13:00
Ingo Schommer
78ac0fe3d6
ENHANCEMENT Allowing custom messages and permission codes in BasicAuth::protect_entire_site()
...
ENHANCEMENT Making $permissionCode argument optional for BasicAuth::requireLogin(). If not set the logic only checks for a valid account (but no group memberships)
ENHANCEMENT Using SS_HTTPResponse_Exception instead of header()/die() in BasicAuth::requireLogin() to make it more testable
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107867 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:38 +13:00
Ingo Schommer
7ac4a9ec4d
BUGFIX Fixed Member->PasswordEncryption defaults when writing new Member without setting a password. Fixes critical issue with MemberTableField saving in admin/security, where new members are stored with a cleartext password by default instead of using the default SHA1 (see #5772 )
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107532 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:37 +13:00
Sean Harvey
3be26a4cec
ENHANCEMENT #5352 Decouple date display from i18n locales, users now have access to change their date and time formats in Member::getCMSFields() using Member_DatetimeOptionsetField field
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107326 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:35 +13:00
Ingo Schommer
862c5a8602
MINOR Fixed hardcoded error message in PasswordValidator ( fixes #5734 )
...
MINOR Added PasswordValidatorTest
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@106687 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:32 +13:00
Will Rossiter
c38dc3b1b4
APICHANGE: moved Group::addToGroupByName to $member->addToGroupByCode.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@106217 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:31 +13:00
Hamish Friedlander
98a299d00c
BUGFIX: SecurityTest tests would fail on sites which had set a non-default unique identifier field for Members
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@104016 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:19 +13:00
Mateusz Uzdowski
f0677542a8
ENHANCEMENT: added tests for checking the change password functionality, including the resulting redirection (from #5420 )
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103250 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:14 +13:00
Ingo Schommer
05b4a2313e
BUGFIX Logging in with an invalid email returns no error message ( fixes #5332 , thanks ajshort)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@102072 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:11 +13:00
Geoff Munn
c9a8482e11
BUGFIX: results sorted alphabetically for consistency
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@101491 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:05 +13:00
Ingo Schommer
83675fc248
BUGFIX Fixed SapphireTest->loginWithPermission() and MemberAuthenticatorTest to use existing Members based on their unique_identifier_field (if existing) to accommodate recent Member->onBeforeWrite() changes (see r100705)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100723 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:51 +13:00
Ingo Schommer
90e8171536
API CHANGE Removed "auto-merging" of member records from Member->onBeforeWrite() due to security reasons - please use DataObject->merge() explicitly if this is desired behaviour (from r100705)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100718 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:51 +13:00
Geoff Munn
7af896d9ec
BUG FIX: column names quoted properly
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100693 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:50 +13:00
Ingo Schommer
d2ade7e844
MINOR Added MemberCsvBulkLoaderTest->testCleartextPasswordsAreHashedWithDefaultAlgo() (from r98841)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99645 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:39 +13:00
Ingo Schommer
6b556ef90d
ENHANCEMENT Added GroupCsvBulkLoader class to facilitate group imports with permission codes and hierarchy (merged from r94252)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98715 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:30 +13:00
Ingo Schommer
8f098c1341
ENHANCEMENT MemberCsvBulkLoader for easy member import with group associations (merged from r94251)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98714 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:30 +13:00
Ingo Schommer
96f022be85
MINOR Fixed unit tests after change Member->checkPassword() to return ValidationResult instead of boolean (see r98268)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98274 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:25 +13:00
Sam Minnee
7fb2185ec5
MINOR: Fixed PermissionTest assertion (from r96642)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98142 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:23 +13:00
Julian Seidenberg
ec18557735
MINOR: added descriptive text to test assert.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98115 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:22 +13:00
Julian Seidenberg
b48c1fb883
BUGFIX: fixed test that was trying to do a assertContains between a DataObjectSet and a Member object. Changed it to an assertEquals between Member and the First item in the Set. Also added an inverse test to check that Set doesn't contain the wrong Member.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98114 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:22 +13:00
Sam Minnee
f0dfab1308
MINOR unit test for getting members by permission via roles (from r88276)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98084 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:20 +13:00
Ingo Schommer
db31ff5ad1
API CHANGE Removed $blankItemText parameter from Permission::get_codes()
...
ENHANCEMENT Allow ungrouped retrieval of Permission::get_codes() through new $grouped switch
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97819 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:16 +13:00
Sam Minnee
c49b454d4b
MINOR: Make SecurityDefaultAdminTest when you run it by itself.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97652 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:15 +13:00
Ingo Schommer
31280ece2c
BUGFIX Checking for presence of all columns in Security::database_is_ready(). This was necessitated by an earlier change to the sapphire ORM which now selects all columns explicitly in a SQL query (instead of SELECT *) (see #4027 )
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97480 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:13 +13:00
Ingo Schommer
51c14227b2
API CHANGE Security::setDefaultAdmin() no longer writes credentials to any Member database records (created through Security::findAnAdministrator(). This prevents outdated credentials when setDefaultAdmin() code changes after creating the database record (see #4271 )
...
API CHANGE Security::findAnAdministrator() no longer sets 'Email' and 'Password' properties on newly created members. Removed the $username and $password argments from the method.
ENHANCEMENT Member->requireDefaultRecords() no longer creates a default administrator based on $_REQUEST data. Moved functionality into Installer->install()
MINOR Security::findAnAdministrator() names any default administrators 'Default Admin' instead of 'Admin'
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97478 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:13 +13:00
Ingo Schommer
e08667ead5
MINOR Fixed MemberAuthenticatorTest, was setting global state in r97357
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97369 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:11 +13:00
Geoff Munn
81d775f06f
BUGFIX: old 2.3 passwords now handled correctly and migrated accordingly
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97357 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:11 +13:00
Mateusz Uzdowski
55ded86c8f
FEATURE: added several tests for PermissionCheckboxSetField, PermissionRole and Group
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94887 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:59 +13:00
Sean Harvey
faab8f7d16
MINOR Added tests methods for Member::can*() methods to MemberTest
...
MINOR Added test Extension classes for testing decorated can*() methods
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94359 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:57 +13:00
Sean Harvey
06b7dc5de3
BUGFIX #4686 Fixed $member non-object error, and decorated checks from not working in Member::canView(), Member::canEdit() and Member::canDelete()
...
MINOR Added additional tests to MemberTest
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94358 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:57 +13:00
Ingo Schommer
4452101790
API CHANGE Refactored hiding of Permissions added in r92428. Added PermissionCheckboxSetField?->setHiddenPermissions() (from r92865)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@92878 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:38 +13:00
Normann Lou
65b1bc4839
APICHANGE: add the ability to remove some permissions specified by their code in the rendered field html of PermissionChecksetBoxField and full-covered unit tests of this ability.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@92428 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:38 +13:00
Ingo Schommer
65c1c6fd20
NOTFORMERGE Fixed merge error from r91576
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91592 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:36 +13:00
Ingo Schommer
07fc3650a3
ENHANCEMENT Pluggable password encryption through PasswordEncryptor class ( #3665 ) (merged from r90949)
...
BUGFIX Fixed password hashing design flaw in Security::encrypt_password(). Removing base_convert() packing with unsafe precision, but retaining backwards compatibilty through pluggable encryptors: PasswordEncryptor_LegacyPHPHash (#3004 ) (merged from r90949)
API CHANGE Deprecated Security::encrypt_passwords() (merged from r90949)
API CHANGE Deprecated Security::$useSalt, use custom PasswordEncryptor implementation (merged from r90949)
API CHANGE Removed Security::get_encryption_algorithms() (merged from r90949)
API CHANGE MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword
API CHANGE Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others. (merged from r90949)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91576 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:36 +13:00
Ingo Schommer
2a1abcae2a
BUGFIX Legacy password hash migration in MemberAuthenticator::authenticate() which fixes the precision problems mentioned in #3004 when a user logs in (from r90950)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91572 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:36 +13:00
Sam Minnee
dd8120aed7
API CHANGE: Added PermissionRole and PermissionRoleCode, along with relevant tests for the permission system. (from r85173)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@89187 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-15 22:27:56 +00:00
Ingo Schommer
5e3cffec1f
BUGFIX More robust URL handling in SecurityTest to avoid failing on custom /admin redirects
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85514 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-01 06:48:31 +00:00