Commit Graph

200 Commits

Author SHA1 Message Date
Loz Calver
5d27dccd60 NEW: Add CSRF token to logout action 2017-06-21 15:42:13 +01:00
Damian Mooyman
64e802f795
API Move createTag to HTML class
ENHANCEMENT Better HTML generation behaviour for Requirements_Backend
2017-06-16 12:22:05 +12:00
Damian Mooyman
62d095305b
API Update DefaultAdmin services
API Improve validation of authentication process
2017-06-15 15:53:57 +12:00
Simon Erkelens
576eee72dc Remove DefaultAdmin things from Security and Member into the MemberAuthenticator, unifying and removing duplicate code. 2017-06-15 14:20:29 +12:00
Damian Mooyman
d89bd15330
Move authentication hooks to SapphireTest 2017-06-09 16:25:40 +12:00
Simon Erkelens
082db89550 Feedback from Damian.
- Move the success and message to a validationresult
- Fix tests for validationresult return
- We need to clear the session in Test logOut method
- Rename to MemberAuthenticator and CMSMemberAuthenticator for consistency.
- Unify all to getCurrentUser on Security
- ChangePasswordHandler removed from Security
- Update SapphireTest for CMS login/logout
- Get the Member ID correctly, if it's an object.
- Only enable "remember me" when it's allowed.
- Add flag to disable password logging
- Remove Subsites coupling, give it an extension hook to disable itself
- Change cascadeLogInTo to cascadeInTo for the logout method logic naming
- Docblocks
- Basicauth config
2017-06-08 17:50:20 +12:00
Simon Erkelens
2b26cafcff Separate out the log-out handling.
Repairing tests and regressions
Consistently use `Security::getCurrentUser()` and `Security::setCurrentUser()`
Fix for the logout handler to properly logout, some minor wording updates
Remove the login hashes for the member when logging out.
BasicAuth to use `HTTPRequest`
2017-06-07 21:11:58 +12:00
Sam Minnee
f9ea752bae NEW: Add AuthenticationHandler interface
NEW: Add IdentityStore for registering log-in / log-out data
NEW: Add AuthenticationRequestFilter for managing login
NEW: Add Security:setCurrentUser() / Security::getCurrentUser()
NEW: Add FunctionalTest::logOut()
2017-06-07 21:11:55 +12:00
Simon Erkelens
c4194f0ed2 CMS Login Handling
Move to canLogin in the authentication check. Protected isLockedOut

Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken.

logOut could be managed from the Authenticator instead of the member
2017-06-07 21:11:54 +12:00
Sam Minnee
7af7e6719e API: Security.authenticators is now a map, not an array
Authenticators is now a map of keys -> service names. The key is used
in things such as URL segments. The “default_authenticator” value has
been replaced with the key “default” in this map, although in time a
default authenticator may not be needed.
IX: Refactor login() to avoid code duplication on single/multiple handlers
IX: Refactor LoginHandler to be more amenable to extension
IX: Fixed permissionFailure hack
his LoginHandler is expected to be the starting point for other
custom authenticators so it should be easier to repurpose components
`of it.
IX: Fix database-is-ready checks in tests.
IX: Fixed MemberAuthenticatorTest to match the new API
IX: Update security URLs in MemberTest
2017-06-07 21:11:53 +12:00
Sam Minnee
e226b67d06 Refactoring of authenticators
Further down the line, I'm only returning the `Member` on the doLogin, so it's possible for the Handler or Extending Handler to move to a second step.
Also cleaned up some minor typos I ran in to. Nothing major.

This solution works and is manually tested for now. Supports multiple login forms that end up in the correct handler. I haven't gotten past the handler yet, as I've yet to refactor my Yubiauth implementation.

FIX: Corrections to the multi-login-form support.

Importantly, the system provide a URL-space for each handler, e.g.
“Security/login/default” and “Security/login/other”. This is much
cleaner than identifying the active authenticator by a get parameter,
and means that the tabbed interface is only needed on the very first view.

Note that you can test this without a module simply by loading the
default authenticator twice:

SilverStripe\Security\Security:
  authenticators:
    default: SilverStripe\Security\MemberAuthenticator\Authenticator
    other: SilverStripe\Security\MemberAuthenticator\Authenticator

FIX: Refactor delegateToHandler / delegateToHandlers to have less
duplicated code.
2017-06-07 21:11:52 +12:00
Daniel Hensby
13ee3148d9
FIX Bracket should implement TestOnly 2017-05-30 22:44:24 +01:00
Damian Mooyman
e7d87add9f API Remove legacy HTMLEditor classes 2017-05-30 11:01:28 +12:00
Damian Mooyman
963d9197d3
API Ensure that all DataQuery joins are aliased based on relationship name 2017-05-26 13:38:58 +12:00
Daniel Hensby
3e556b5966
NEW Move index generation to DataObjectSchema and solidify index spec 2017-05-25 23:29:12 +01:00
Damian Mooyman
9c63a8c8ce
BUG Fix race conditions in DatetimeFieldTest 2017-05-25 12:13:04 +12:00
Damian Mooyman
906a4c444b
API Add streamable response object 2017-05-23 16:32:29 +12:00
Damian Mooyman
fba8e2c245 API Remove Object class
API DataObjectSchema::manyManyComponent() return array is now associative array
2017-05-23 13:50:35 +12:00
Damian Mooyman
f7e7fa5847
Fix linting issues 2017-05-23 09:13:50 +12:00
Damian Mooyman
7bc8172bc1 Merge pull request #6937 from caffeineinc/2930-checkboxfield-invalid-html
CheckboxField creates invalid HTML when required #2939
2017-05-22 13:44:58 +12:00
Damian Mooyman
ba89c0804a Add missing _config folder 2017-05-22 12:16:57 +12:00
Ingo Schommer
a433e5f4a8 Find root modules with _config.php
When modules are installed as the webroot,
manifest generation should behave the same way as when they're in a subfolder.
Which means accepting the module folder both with a _config/ folder
and a _config.php file present.
2017-05-22 12:16:57 +12:00
Simon Gow
cdc03602ed CheckboxField creates invalid HTML when required #2939
- Updated CheckboxField, CheckboxSetField, DropdownField, OptionsetField
 to validate with HTML5 attributes & aria-required.

https://www.w3.org/TR/wai-aria/states_and_properties#aria-required
2017-05-22 12:15:28 +12:00
Damian Mooyman
2aa3b5d5fa Merge pull request #6934 from robbieaverill/pulls/4.0/consistent-instance-method
API Consistent use of inst() naming across framework
2017-05-22 11:57:20 +12:00
Robbie Averill
f2cbe86f03 Remove CustomMethods::createMethod and create_function implementations, replace with closures 2017-05-19 15:56:44 +12:00
Robbie Averill
ad43a82923 API Consistent use of inst() naming across framework 2017-05-19 14:38:06 +12:00
Ingo Schommer
100048da33 API PSR-11 compliance (fixes #6594) (#6931)
Note that our usage of `$asSingleton` in `get()` is fine. Quote from the PSR:

> Two successive calls to get with the same identifier SHOULD return the same value. However, depending on the implementor design and/or user configuration, different values might be returned, so user SHOULD NOT rely on getting the same value on 2 successive calls.
2017-05-19 13:45:07 +12:00
Daniel Hensby
db3e3d51fd Merge pull request #6928 from open-sausages/pulls/4.0/form-action-handler-regression
Process actions on Form subclasses
2017-05-18 12:09:28 +01:00
Ingo Schommer
adbf9d9f71 Process actions on Form subclasses
Regression introduced through https://github.com/silverstripe/silverstripe-framework/issues/6362.

Quote from the RFC:

```
Thus the order of action precedence becomes

action callback
action on the Form
action on the FormRequestHandler
action on any parent controller (if given)
```
2017-05-18 22:47:39 +12:00
Daniel Hensby
3495c0826e Cleanup SapphireTest and time related tests (#6898)
* Test databases now include timestamp for easier debugging

* Use classname::class instead of string literal classnames

* Remove DataObject::get_one() from SapphireTest

* More fixes to ICU DB inconsitency for time formatting

* Correctly restore PHPUnits error handler
2017-05-18 22:01:55 +12:00
Damian Mooyman
8ed675d29b Merge pull request #4542 from patricknelson/issue-4417-validator-remove-validation-master
FIX for #4417: Ensuring ->removeValidation() is defined on instances of Validator. Setup new API for enabling/disabling validation. Documentation and better type handling.
2017-05-18 09:27:48 +12:00
Patrick Nelson
5fa3c85280
FIX for #4417: Ensuring ->removeValidation() is defined on instances of Validator. Setup new API for enabling/disabling validation. Documentation and better type handling. 2017-05-16 12:58:00 +01:00
Damian Mooyman
f5f6fdce12
API Duplication of many_many relationships now defaults to many_many only
Fixes https://github.com/silverstripe/silverstripe-cms/issues/1453
2017-05-16 23:26:39 +12:00
Damian Mooyman
259f957ce8 API Rename services to match FQN of interface / classes 2017-05-16 14:15:49 +12:00
Saophalkun Ponlu
a975b88661 Pass autofocus flag to front-end 2017-05-16 11:53:23 +12:00
Damian Mooyman
7a8dfd2785 Add lint-clean and cleanup code linting 2017-05-16 05:01:51 +12:00
Daniel Hensby
e741af9127
Merge branch 'pull/6905' 2017-05-12 12:21:02 +01:00
Damian Mooyman
0b70b008b3 API Implement InheritedPermission calculator (#6877)
* API Implement InheritedPermission calculator

* API Rename RootPermissions to DefaultPermissionChecker
API Refactor inherited permission fields into InheritedPermissionExtension
API Introduce PermissionChecker interface
2017-05-11 21:07:27 +12:00
Ingo Schommer
36214343f0 Merge pull request #6902 from open-sausages/pulls/4/remove-jsmin
Pulls/4/remove jsmin
2017-05-11 11:54:14 +12:00
Aaron Carlino
5b46461879 Remove JSMinifier implementation 2017-05-11 10:40:00 +12:00
Aaron Carlino
7fa47e234f New API for minified files using injectable service 2017-05-11 10:14:16 +12:00
Christopher Joe
17ddfab877 Fix Test form factories use the new interface 2017-05-11 09:57:55 +12:00
Aaron Carlino
4af71b9ed7 Pulls/4/remove reliance on admin dir (#6876)
* Stop relying on external constants

* Revise getTinyMCEPath method to throw exception when no path can be computed

* Throw exception on no gzip, better admin module check
2017-05-10 13:18:44 +12:00
Saophalkun Ponlu
fd51f35bc2 Update tests 2017-05-09 16:52:32 +12:00
Damian Mooyman
a136b8ad44 Merge pull request #6885 from open-sausages/pulls/4.0/fix-intl-test-consistency
Fix intl ICU inconsistencies
2017-05-09 15:52:22 +12:00
Ingo Schommer
0d9b383631 API Removed legacy form fields (fixes #6099) 2017-05-09 11:16:41 +12:00
Aaron Carlino
afd1575267 ENHANCEMENT GridField passes in context for canCreate 2017-05-09 09:15:09 +12:00
Ingo Schommer
493556e497 More robust datetime ICU tests
Some ICU versions (e.g. on CentOS 7.2 with PHP 5.6)
use lowercase rather than uppercase AM/PM indicators
2017-05-08 21:34:56 +12:00
Ingo Schommer
20c6066391 Remove flakey swedish intl test
The intl extension relies on system ICU libraries.
Which seems to behave differently on CentOS 7.2 with PHP 5.6 (returns as '53.292:18 US$').
See http://stackoverflow.com/questions/3991814/php-pecl-extension-intl-giving-garbled-results-for-swedish-ordinal-numbers/8691743#8691743

It's a redundant test, let's just avoid this noise.
2017-05-08 21:31:14 +12:00
Damian Mooyman
d2c6c539d2 Merge pull request #6872 from sminnee/fixture-by-table
NEW: Allow SapphireTest::objFromFixture() to accept either table or class
2017-05-05 15:14:01 +12:00
Sam Minnee
a05958b3ea FIX: i18n test fixtures stricter for Symfony3 2017-05-05 14:32:07 +12:00
Damian Mooyman
942c0257b7 API Upgrade to behat 3 2017-05-05 14:32:07 +12:00
Sam Minnee
1691e90fbd NEW: Allow SapphireTest::objFromFixture() to accept either table or class
Right now SapphireTest::objFromFixture() requires a class as the first
argument. This is fine when your fixture file uses classes as the keys,
but if populating a fixture via tables, objFromFixture() won’t work.

This patch lets you specify either the table name or the class name as
the key.

The benefit here is that you can build fixtures as raw inserts, which is
substantially quicker, and is likely to be a useful tool in building
more efficient test suites.
2017-05-05 10:53:49 +12:00
Damian Mooyman
1f8de20ce7
Fix FormSchemaTest.php linting issues 2017-05-04 13:56:54 +12:00
Damian Mooyman
8b9f41d4f4 BUG Fix ApcuCache and MemCache namespace 2017-05-04 12:17:33 +12:00
Damian Mooyman
0c52ea067c BUG Fix incorrect text collection of __CLASS__ following an Name::class constant (#6868) 2017-05-04 10:19:05 +12:00
Damian Mooyman
12fc690d80 Merge pull request #6850 from robbieaverill/bugfix/i18n-lang-region-same
FIX IntlLocales::validate when lang and region are the same e.g. de_DE
2017-05-01 08:41:44 +12:00
Robbie Averill
3a372a1f41 FIX IntlLocales::validate when lang and region are the same e.g. de_DE 2017-04-28 17:19:27 +12:00
Damian Mooyman
699d5d6a42 Fix i18nTextCollector handling of special string characters 2017-04-28 14:59:42 +12:00
Damian Mooyman
2ae8fde2d3 Fix tests 2017-04-28 14:59:42 +12:00
Uncle Cheese
d51c4891e2 New namespaced i18n keys 2017-04-28 14:59:42 +12:00
Uncle Cheese
494cbd1875 Ran upgrader for lang files 2017-04-28 14:59:42 +12:00
Ingo Schommer
daed727acc Fixed form schema validation 2017-04-28 08:30:59 +12:00
Ingo Schommer
a2ee6a76a0 Fixed formschematest 2017-04-27 21:44:28 +12:00
Ingo Schommer
60706c8efd Store $value in ISO and server timezone consistently, fix min/max timezone handling 2017-04-27 14:59:11 +12:00
Ingo Schommer
de8abe1167 API rename 2017-04-27 11:53:43 +12:00
Ingo Schommer
9b41350f64 More min/max setter tests 2017-04-27 11:53:34 +12:00
Ingo Schommer
958736502a Removed “T” str_replace, more comments 2017-04-27 10:32:22 +12:00
Ingo Schommer
a73abbfcb8 unit test cleanup 2017-04-27 09:18:38 +12:00
Ingo Schommer
1ec2abe75f Fixed timezone and normalised ISO handling
A few observations:
- ISO says “T” is optional (https://en.wikipedia.org/wiki/ISO_8601#cite_note-21),
- WHATWG says in the HTML5 spec that it’s optional (https://html.spec.whatwg.org/multipage/infrastructure.html#local-dates-and-times)
- W3C says it’s reqiured in 1997 (https://www.w3.org/TR/NOTE-datetime), but then later says it’s optional in its HTML5 spec (https://www.w3.org/TR/html5/infrastructure.html#floating-dates-and-times).
- Chrome doesn’t parse values with whitespace separators (requires "T")
- DataObject DBDatetime values and database columns use whitespace separators (and will have many devs relying on this format)
- MySQL only supports whitespace separators (https://dev.mysql.com/doc/refman/5.7/en/datetime.html)
- SQLite can parse both ways (https://sqlite.org/lang_datefunc.html)

So the goal here is to retain ORM/database compatibility with 3.x (whitespace separator),
while exposing "T" separators to the browser in HTML5 mode.

Regarding timezones, this fixes a regression where setValue() would not actually
apply the timezone (last $value assignment is ineffective now that sub fields are removed).
2017-04-26 22:55:29 +12:00
Ingo Schommer
a279d00e81 Min/max validations 2017-04-26 22:45:12 +12:00
Ingo Schommer
e97783b057 Better second handling 2017-04-26 22:45:08 +12:00
Saophalkun Ponlu
dba1f61f13 Fix tests related to date time 2017-04-26 22:45:07 +12:00
Christopher Joe
1f74221c2d Fix unit tests 2017-04-26 16:03:52 +12:00
Simon Erkelens
ff3ad6eb6b Use Config for authenticator settings 2017-04-22 14:48:56 +12:00
Damian Mooyman
2548bfba1e API Replace SS_HOST with SS_BASE_URL
API Remove Director::$test_servers / $dev_servers
API Remove MODULES_PATH / MODULES_DIR constants
ENHANCEMENT Injector backtick syntax now supports environment variables as well as constants
Fixes #6588
2017-04-20 22:28:57 +12:00
Damian Mooyman
136b67f597
API Major refactor of Hierarchy into MarkedSet 2017-04-13 16:27:13 +12:00
Damian Mooyman
f2768c85b1 API Enable namespaced-localisation keys in templates
BUG Fix whitespaces in SSTemplateParser.peg
2017-04-11 18:07:53 +12:00
Damian Mooyman
e61257c27b API Update embed/embed to 3.0
API Better shortcode generation for embed shortcodes
2017-04-04 10:20:08 +12:00
Damian Mooyman
9be22701fd API exists() no longer true for nullifyIfEmpty if empty string
Optimise DBString::exists() to skip shortcodes
2017-04-04 10:20:08 +12:00
Ingo Schommer
e3fbd1dcac Fixed coding conventions 2017-04-03 20:54:25 +12:00
Ingo Schommer
e9693467bf Fixed tests 2017-04-03 20:04:37 +12:00
Ingo Schommer
a70de91b33 Fix DatetimeFieldTest 2017-04-03 19:35:40 +12:00
Ingo Schommer
3b94d14e42 MERGE 2017-04-03 12:11:21 +12:00
Ingo Schommer
326aa37ea4 API HTML5 date/time fields, remove member prefs (fixes #6626) 2017-03-31 15:21:47 +13:00
Daniel Hensby
ac075eaf0b Remove TestListener and rely on PHPUnits APIs 2017-03-30 11:46:58 +13:00
Ingo Schommer
ac9d645e4e Root-level module support in Module->getResourcePath()
See https://github.com/silverstripe/silverstripe-framework/pull/6733
2017-03-29 10:19:31 +13:00
Ingo Schommer
556c9a537e Module->getResourcePath()
Based on Sam's feedback in https://github.com/silverstripe/silverstripe-framework/pull/6733
2017-03-28 17:22:30 +13:00
Damian Mooyman
874c6ccdd4 API Add experimental getResource() to Module 2017-03-28 14:13:47 +13:00
Damian Mooyman
ac3a9c9e6e API Split out SilverStripe\ORM\Versioned into new module 2017-03-27 11:03:39 +13:00
Daniel Hensby
0410b4c35e
Respect PHPUnit method visibility 2017-03-24 16:23:03 +13:00
Daniel Hensby
6b4a72dee8
Fixing deprecated PHPUnit APIs 2017-03-24 16:23:01 +13:00
Damian Mooyman
1186f07830 API Use mysql-safe table namespace separator 2017-03-24 14:17:30 +13:00
Sam Minnée
d91c6659be Merge pull request #6723 from open-sausages/pulls/4.0/assets-module
API Split SilverStripe\Assets into separate module
2017-03-23 09:21:27 +13:00
Damian Mooyman
dae6d5902f API Split SilverStripe\Assets into separate module 2017-03-21 11:12:51 +13:00
Damian Mooyman
e4c68bc2bf
Fix and test pluralisation usages 2017-03-21 10:49:30 +13:00
Damian Mooyman
54ba08a306 API Replace ManifestCache with ManifestCacheFactory
API Remove lots of deprecated module code from ClassManifest
2017-03-21 09:43:48 +13:00
Sam Minnee
5ea238c58b MINOR: Add a Versioned test for #6680
It turns out that cascaded query params as described in #6680 were
already implemented; this test confirms that.
2017-03-14 09:39:26 +13:00
Damian Mooyman
0c41a97a8b API Refactor Form request handling into FormRequestHandler
API Add HasRequestHandler interface
API Refactor Link() and url handling behaviour from Controller into RequestHandler
API RequestHandler classes now must define url_segment to have a default Link()
API Clean up redirectBack()
2017-03-10 15:04:33 +13:00
Christopher Joe
50deb17763 API remove UploadField, AssetField and associated files
Fixes #6481
2017-03-09 10:16:46 +13:00