Commit Graph

180 Commits

Author SHA1 Message Date
micmania1
1e83dff4ed BUGFIX #828 optimised query in graphql asset admin 2018-10-18 18:34:03 +13:00
Robbie Averill
ee24413c30 Merge branch '4.2' into 4 2018-10-03 15:28:05 +02:00
Robbie Averill
231d6d9a9f FIX New members now receive the configured default locale, not the current locale 2018-09-28 16:25:10 +02:00
Robbie Averill
4d14e9b6b1
Merge pull request #8421 from creative-commoners/pulls/4.3/psr-5-deprecations
Update deprecation PHPDocs to be PSR-5 compliant
2018-09-28 14:18:54 +02:00
Robbie Averill
f842ee2eec Update deprecation PHPDocs to be PSR-5 compliant
See: https://github.com/php-fig/fig-standards/blob/master/proposed/phpdoc-tags.md#55-deprecated
2018-09-28 10:49:14 +02:00
Robbie Averill
adb4d1f92d MINOR Reduce some code complexity, update array syntax and injected SQLSelect etc 2018-09-27 16:40:23 +02:00
Simon Gow
c269a987d5 Performance issues with BasicAuth and LoginAttempts
Two functions interact with the LoginAttempt object which when used in conjunction with BasicAuth result in significant performance degradation over time, as the LoginAttempts Table fills.

This fix adds an index to the lookup column EmailHashed and removes the Email filter part of getByEmail() so it can use the index resulting in a much faster query.

For more information see https://github.com/silverstripe/silverstripe-framework/issues/8389
2018-09-20 13:34:03 +12:00
Robbie Averill
373a8afeb5 Merge branch '4.2' into 4 2018-09-06 13:26:46 +02:00
Ingo Schommer
f7d85fe794 Make sure that CMS requests disable caching
Original author: @dhensby

Forward port from 3.7 fix at https://github.com/silverstripe/silverstripe-framework/pull/8318
2018-09-05 11:38:41 +12:00
Robbie Averill
83e461abbf Merge branch '4.2' into 4 2018-08-27 16:15:57 +12:00
Robbie Averill
373326e49c
Merge pull request #8324 from creative-commoners/pulls/4.2/request-before-init
FIX Pass request to dummy controller before calling init
2018-08-21 12:08:14 +12:00
Robbie Averill
18fff5c16c Remove past tense for "log in" in expired token message 2018-08-20 22:31:23 +12:00
Robbie Averill
dbab696690 FIX Message when changing password with invalid token now contains correct links to login
The Security controller should be used to return these links rather than the
ChangePasswordHandler
2018-08-20 22:30:12 +12:00
Robbie Averill
873873dc30 FIX Pass request to dummy controller before calling init 2018-08-15 10:14:25 +12:00
Anh Le
68f75a9e25
Password changing notification issue on new member
With `notify_password_change = true`, new member is receiving notification email regarding password changing when they should not.
2018-08-13 14:13:05 +07:00
Ingo Schommer
2d6964c243
Merge pull request #8261 from open-sausages/pulls/4/secure-remember-me-cookie
NEW Option for secure "remember me" cookie
2018-07-31 09:19:15 +12:00
Ingo Schommer
114b0a5ea7
NEW Option for secure "remember me" cookie
Fixes #8234
2018-07-30 16:41:49 +01:00
Ingo Schommer
93b0884e19 BUG Lazy session state (fixes #8267)
Fixes regression from 3.x, where sessions where lazy started as required:
Either because an existing session identifier was sent through with the request,
or because new session data needed to be persisted as part of the request execution.

Without this lazy starting, *every* request will get a session,
which makes all those responses uncacheable by HTTP layers.

Note that 4.x also changed the $data vs. $changedData payloads:
In 3.x, they both contained key/value pairs.
In 4.x, $data contains key/value, while $changedData contains key/boolean to declare isChanged.
While this reduces duplication in the class, it also surfaced a bug which was latent in 3.x:
When an existing session is lazily resumed via start(), $data is set back to an empty array.
In 3.x, any changed data before this point was *also* retained in $changedData,
ensuring it gets merged into existing $_SESSION data.
In 4.x, this clears out data - hence the need for a more complex merge logic.

Since isset($this->data) is no longer an accurate indicator of a started session,
we introduce a separate $this->started flag.

Note that I've chosen not to make lazy an opt-in (e.g. via start($request, $lazy=false)).
We already have a distinction between lazy starting via init(), and force starting via start().
2018-07-19 13:32:04 +12:00
Daniel Hensby
560fe9820a FIX remove personal information from password reset confirmation screen 2018-07-05 14:19:15 +12:00
Robbie Averill
e0993043f8 Merge branch '4.1' into 4 2018-05-30 15:08:39 +12:00
Robbie Averill
c8b0bc0ad7 Merge branch '4.0' into 4.1
# Conflicts:
  #	src/ORM/DataObject.php
  #	tests/php/ORM/DataObjectDuplicationTest.php
  #	tests/php/ORM/DataObjectDuplicationTest/Class1.php
2018-05-30 14:52:07 +12:00
Robbie Averill
ea16e28aa7 Merge branch '4.1' into 4 2018-05-28 18:33:56 +12:00
Robbie Averill
6d98a912c9 Merge branch 'heads/4.1.1' into 4.1 2018-05-28 18:26:20 +12:00
Robbie Averill
3a537bc745 Merge branch 'heads/4.0.4' into 4.0 2018-05-28 17:50:07 +12:00
Robbie Averill
722202fef4 Merge remote-tracking branch 'origin/4.0.4' into 4.1.1
# Conflicts:
  #	src/Control/Director.php
2018-05-24 15:41:11 +12:00
Robbie Averill
5887201dd5
Merge pull request #64 from silverstripe-security/pulls/4.0/ss-2018-010
[SS-2018-010] Fix regression of SS-2017-002
2018-05-14 17:12:45 +12:00
Robbie Averill
beec0c0d47 [SS-2018-010] Fix regression of SS-2017-002 2018-05-14 17:12:07 +12:00
Damian Mooyman
e409d6f673 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-14 17:10:22 +12:00
Daniel Hensby
d5e2d3fa67
Merge branch '3.6' into 4.0 2018-05-01 21:47:17 +01:00
azt3k
6b39b25e20
Fixes a count() php warning without an api change
Warning: count(): Parameter must be an array or an object that implements Countable in /path/to/vendor/silverstripe/framework/src/Security/Member.php on line 1355
2018-04-27 09:31:07 +01:00
Damian Mooyman
9a12fac218
BUG Prevent password validator min score producing false negatives
Replaces #7995
2018-04-18 10:35:31 +12:00
Daniel Hensby
70effc7046
Revert "ENHANCEMENT Add config var to skip confirm logout (#7977)"
This reverts commit 47bcac930d.
2018-04-04 13:51:18 +01:00
Andrew Aitken-Fincham
47bcac930d ENHANCEMENT Add config var to skip confirm logout (#7977) 2018-04-04 09:43:49 +12:00
Damian Mooyman
386ef27f65
Update requesthandlers with missing extension points 2018-03-23 15:28:00 +13:00
Damian Mooyman
625f7b4eee
Merge remote-tracking branch 'origin/4.0' into 4.1 2018-03-13 14:26:18 +13:00
Joe Harvey
bf2cee3989 Bugfix - Correct duplicate nesting of 'Content' to be returned to template
In scenarios where:

- No member is logged in
- An 'AutoLoginHash' is provided via the 't' (token) query param
- The token isn't valid (determined by Member::validateAutoLoginToken())

The message which is intended to be returned to the end-user via $Content
in the template, is mistakenly double nested in ['Content' => ['Content' => 'Message']]
this leads to "The method forTemplate() doesn't exist on ArrayData" errors.

See - https://github.com/silverstripe/silverstripe-framework/issues/7866
2018-03-07 14:14:05 +00:00
JorisDebonnet
3e0984db49
Delete orphaned Group_Members records after deleting a Member 2018-02-27 19:47:26 +01:00
Daniel Hensby
c04ff8c55a
Merge branch '4.0' into 4.1 2018-02-21 13:40:30 +00:00
Damian Mooyman
0e26c06644
BUG Fix behaviour towards versioned but unstagable records 2018-02-20 12:20:18 +13:00
Daniel Hensby
7ec5fa2c8d
Merge branch '4.0' into 4.1 2018-02-09 15:19:15 +00:00
Daniel Hensby
e298fcc345
Merge branch '3.6' into 4.0 2018-02-09 14:32:58 +00:00
Damian Mooyman
2f1f5c0caa
Merge remote-tracking branch 'origin/4.0' into 4 2018-02-07 11:48:46 +13:00
Daniel Hensby
660dfd34a8
FIX Issue where default admin has no password encryption 2018-02-06 20:18:32 +00:00
Damian Mooyman
e359948eb3
Merge remote-tracking branch 'origin/4.0' into 4
# Conflicts:
#	src/Core/CoreKernel.php
2018-02-05 17:52:38 +13:00
Simon Erkelens
a071672b48 [bugfix] $request == null breaks
The $request incoming as null was not properly detected by the if/elseif structure.
2018-02-05 13:02:07 +13:00
Damian Mooyman
bc2fc7f2db
BUG Prevent invalid members being written to database if validation_enabled is false 2018-02-01 16:24:31 +13:00
Christopher Joe
456871fd91 Enhancement Updated PasswordValidator to fallback to config options - still retains instance variables 2018-01-31 10:54:43 +13:00
Damian Mooyman
bca47029c4
Merge remote-tracking branch 'origin/4.0' into 4
# Conflicts:
#	src/Control/SimpleResourceURLGenerator.php
#	tests/php/Control/SimpleResourceURLGeneratorTest.php
2018-01-25 12:53:15 +13:00
Damian Mooyman
a3c52f901a
Merge remote-tracking branch 'origin/4.0' into 4
# Conflicts:
#	src/Core/TempFolder.php
#	src/ORM/DataObject.php
#	src/View/ThemeResourceLoader.php
#	src/includes/constants.php
#	tests/php/Control/SimpleResourceURLGeneratorTest.php
#	tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php
#	tests/php/View/RequirementsTest.php
2018-01-22 14:57:05 +13:00
Damian Mooyman
60fa7558d3
BUG Fix double casting in login authenticator name
Fixes #7769
2018-01-22 14:06:24 +13:00