Serge Latyntsev
233e0e7aa0
ENH PasswordExpirationMiddleware implementation ( #9207 )
2019-09-12 14:34:06 +12:00
Robbie Averill
e8c2f963fd
FIX Member::getLastName() now correctly returns the Member surname
2019-09-06 12:12:27 -07:00
Robbie Averill
11a7d6ccb4
Rename test to be clearer about its intent
...
Co-Authored-By: Guy Marriott <guy@scopey.co.nz>
2019-08-16 09:49:36 +12:00
Robbie Averill
bae7e32680
FIX Member::changePassword() no longer applies password validation rules to the hashed value
2019-08-16 09:06:07 +12:00
Serge Latyntsev
7ef13e7ef6
FIX Confirmation components to respect SS_BASE_URL ( #9074 )
2019-07-05 16:05:41 +12:00
Aaron Carlino
c747b1f8d3
Merge branch '4.3' into 4.4
2019-06-10 17:32:07 +12:00
Aaron Carlino
f766555d61
Merge branch '4.2' into 4.3
2019-06-10 17:27:05 +12:00
Serge Latyntcev
ca56e8d78e
[CVE-2019-12246] Denial of Service on flush and development URL tools
2019-06-10 17:23:56 +12:00
Robbie Averill
8a06682e31
Merge branch '4.3' into 4
...
# Conflicts:
# src/ORM/Connect/DBSchemaManager.php
2019-04-11 11:24:17 +12:00
Robbie Averill
123d483213
MemberTest and SecurityTest now set the default authenticator to use
2019-04-05 11:26:29 +13:00
Robbie Averill
7c96feef37
Merge branch '4.3' into 4
2019-01-08 12:27:48 +01:00
Robbie Averill
1ac36611a6
Update tests to pass in CWP kitchen sink context
2018-12-02 23:04:34 +00:00
Loz Calver
3f8551df41
Merge pull request #8462 from sminnee/nondestructive-enum
...
FIX: Make all enums non-destructive, not just ClassName
2018-11-28 16:42:12 +01:00
Robbie Averill
1f1c344272
Merge branch '4.3' into 4
...
# Conflicts:
# tests/php/Forms/ConfirmedPasswordFieldTest.php
2018-11-26 12:15:17 +01:00
Robbie Averill
7d1d6d0f7b
FIX Ensure that tests setting passwords have stubbed configuration
2018-11-14 11:54:17 +02:00
Robbie Averill
0bb94b018b
FIX Remove default password validation rules before running unit tests
2018-11-13 14:09:08 +02:00
Sam Minnee
bd5a815909
FIX: Make all enums non-destructive, not just ClassName
...
This change also renders a portion of DBSchemaManager irrelevant, that
destructively “fixes” old values. This is in keeping with the
non-destructive principle of dev/build, and some suggestions to move
away from enum fields altogether.
Fixes https://github.com/silverstripe/silverstripe-framework/issues/1387
2018-11-10 12:10:25 +13:00
Sam Minnee
5bb2d9484a
FIX: Update “original” DataObject data to be the content of the last write
...
FIX: Compare to original when determining fields changes
This fixes a number of edge-case issues relating to change detection.
Fixes #8443
Fixes #3821
Fixes #4561
2018-11-05 23:09:24 +13:00
Robbie Averill
ee24413c30
Merge branch '4.2' into 4
2018-10-03 15:28:05 +02:00
Robbie Averill
231d6d9a9f
FIX New members now receive the configured default locale, not the current locale
2018-09-28 16:25:10 +02:00
Robbie Averill
f842ee2eec
Update deprecation PHPDocs to be PSR-5 compliant
...
See: https://github.com/php-fig/fig-standards/blob/master/proposed/phpdoc-tags.md#55-deprecated
2018-09-28 10:49:14 +02:00
Robbie Averill
dbab696690
FIX Message when changing password with invalid token now contains correct links to login
...
The Security controller should be used to return these links rather than the
ChangePasswordHandler
2018-08-20 22:30:12 +12:00
Ingo Schommer
c541283093
Test coverage for session data change
2018-07-20 15:13:26 +12:00
Daniel Hensby
560fe9820a
FIX remove personal information from password reset confirmation screen
2018-07-05 14:19:15 +12:00
Damian Mooyman
6da72d686f
Maybe fix it?
2018-06-20 14:46:50 +12:00
Robbie Averill
6d98a912c9
Merge branch 'heads/4.1.1' into 4.1
2018-05-28 18:26:20 +12:00
Robbie Averill
722202fef4
Merge remote-tracking branch 'origin/4.0.4' into 4.1.1
...
# Conflicts:
# src/Control/Director.php
2018-05-24 15:41:11 +12:00
Robbie Averill
e7e32d13a3
FIX Add namespace and encryptor to tests that expect blowfish to be available
2018-05-24 11:24:56 +12:00
Robbie Averill
5887201dd5
Merge pull request #64 from silverstripe-security/pulls/4.0/ss-2018-010
...
[SS-2018-010] Fix regression of SS-2017-002
2018-05-14 17:12:45 +12:00
Robbie Averill
beec0c0d47
[SS-2018-010] Fix regression of SS-2017-002
2018-05-14 17:12:07 +12:00
Damian Mooyman
e409d6f673
[ss-2018-001] Restrict non-admins from being assigned to admin groups
2018-05-14 17:10:22 +12:00
Damian Mooyman
9a12fac218
BUG Prevent password validator min score producing false negatives
...
Replaces #7995
2018-04-18 10:35:31 +12:00
Daniel Hensby
c04ff8c55a
Merge branch '4.0' into 4.1
2018-02-21 13:40:30 +00:00
Damian Mooyman
0e26c06644
BUG Fix behaviour towards versioned but unstagable records
2018-02-20 12:20:18 +13:00
Daniel Hensby
7ec5fa2c8d
Merge branch '4.0' into 4.1
2018-02-09 15:19:15 +00:00
Daniel Hensby
e298fcc345
Merge branch '3.6' into 4.0
2018-02-09 14:32:58 +00:00
Damian Mooyman
2f1f5c0caa
Merge remote-tracking branch 'origin/4.0' into 4
2018-02-07 11:48:46 +13:00
Daniel Hensby
660dfd34a8
FIX Issue where default admin has no password encryption
2018-02-06 20:18:32 +00:00
Christopher Joe
456871fd91
Enhancement Updated PasswordValidator to fallback to config options - still retains instance variables
2018-01-31 10:54:43 +13:00
Damian Mooyman
a3c52f901a
Merge remote-tracking branch 'origin/4.0' into 4
...
# Conflicts:
# src/Core/TempFolder.php
# src/ORM/DataObject.php
# src/View/ThemeResourceLoader.php
# src/includes/constants.php
# tests/php/Control/SimpleResourceURLGeneratorTest.php
# tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php
# tests/php/View/RequirementsTest.php
2018-01-22 14:57:05 +13:00
Daniel Hensby
db610aaf3b
Fixing string concat CS issues
2018-01-16 18:39:30 +00:00
Daniel Hensby
c959160375
FIX Misnamed test namespaces
2018-01-16 17:41:18 +00:00
Damian Mooyman
c4ff8443bb
API Shift basic auth checking into middleware
...
Fixes #7554
2017-12-20 11:39:04 +13:00
Chris Joe
4ad9ceca6b
Merge pull request #7702 from open-sausages/pulls/4/fix-message-casting-permissions
...
BUG Fix message casting for html security messages
2017-12-18 15:43:35 +13:00
Daniel Hensby
e4bf9a31ed
Merge branch '4.0' into 4
2017-12-14 21:20:11 +00:00
Daniel Hensby
1c72d6946d
Merge branch '3.6' into 4.0
2017-12-14 21:01:35 +00:00
Damian Mooyman
140ed72e2a
BUG Fix message casting for html security messages
2017-12-14 14:49:58 +13:00
Damian Mooyman
33b2d50d59
Cache warming in InheritedPermissions::getCachePermissions()
...
Simplify Group::Members() code
Remove cms-only config
2017-12-12 09:01:43 +13:00
Aaron Carlino
2be902ef2f
Adapt to new MemberCacheFlusher interface
2017-12-11 17:50:11 +13:00
Aaron Carlino
aefb0aeaa8
Make InheritedPermissions use cache and implement cache flushing
2017-12-11 17:50:11 +13:00