Commit Graph

83 Commits

Author SHA1 Message Date
Robbie Averill
c3e5ab2258
Merge pull request #65 from silverstripe-security/pulls/4.2/ss-2018-009
[SS-2018-009] Allow forced redirects to HTTPS for responses with basic authentication
2018-05-28 18:57:38 +12:00
Ingo Schommer
9097a95de2 Cookie lifetime docs 2018-05-21 11:36:53 +12:00
Ingo Schommer
5445a0d3fc Corrected login data usage docs 2018-05-21 11:36:45 +12:00
Ingo Schommer
78fe189c6d
Merge pull request #8003 from open-sausages/pulls/4/docs-personal-data
Docs for personal data usage in core
2018-05-17 17:11:56 +12:00
Kairat Jenishev
b4ba3cbd1f
DOCS Fix broken links and headers 2018-05-03 16:42:52 +01:00
Robbie Averill
1505a89a63 Update to include note about auto redirect to HTTPS for basic auth 2018-04-24 16:42:52 +12:00
Ingo Schommer
1b882e802e Docs for personal data usage in core
See https://github.com/silverstripe/silverstripe-framework/issues/7791
2018-04-13 13:23:05 +12:00
Damian Mooyman
625f7b4eee
Merge remote-tracking branch 'origin/4.0' into 4.1 2018-03-13 14:26:18 +13:00
cpenny
fdbf4c2134 Updated docs for Rate Limiting. 2018-03-09 08:15:11 +13:00
Gorrie Coe
3ae8838285
Added Name to example 2017-12-12 14:40:34 +13:00
Gorrie Coe
849038a60b
Added after priority to replace default authenticator. 2017-12-12 12:52:52 +13:00
Damian Mooyman
cdfb413395
Code block whitespace / formatting cleanup 2017-10-27 15:38:27 +13:00
Aaron Carlino
e7274b0ee4 Add namespaces 2017-10-27 12:45:26 +13:00
Daniel Hensby
c077abf353
DOCS new rate limiting docs 2017-09-27 17:40:04 +01:00
Simon Erkelens
774d44a574 Authentication documentation rewrite 2017-08-28 16:28:30 +12:00
Aaron Carlino
50c8a02bff remove tabs 2017-08-07 15:11:17 +12:00
Aaron Carlino
e4935123d8 Remove a few more references 2017-08-07 14:01:38 +12:00
Aaron Carlino
6c0629f025 Remove more deprecated APIs 2017-08-07 14:01:38 +12:00
Aaron Carlino
e4fba5a7b1 add use statements 2017-08-07 14:01:38 +12:00
Aaron Carlino
84feab5a68 Yeah psr2 functions 2017-08-07 14:01:38 +12:00
Aaron Carlino
4c7a068b28 classes psr2 2017-08-07 14:01:38 +12:00
Aaron Carlino
2414eaeafd Yay, clean arrays 2017-08-07 14:01:38 +12:00
Aaron Carlino
eb1695c03d Replace all legacy ::: syntax with GFMD tags 2017-08-07 14:01:38 +12:00
Saophalkun Ponlu
63ba092765 FIX Add namespaces in markdown docs (#7088)
* FIX Add namespaces in markdown docs

* FIX Convert doc [link] to [link-text](link-uri)
2017-07-03 13:22:12 +12:00
Sam Minnee
ccc86306b6 NEW: Add TrustedProxyMiddleware
API: SS_TRUSTED_PROXY_HOST_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_PROTOCOL_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_IP_HEADER replace with middleware config
API: Front-End-Https = “on” header no longer supported

This middleware replaces the TRUSTED_PROXY setting and shifts its
configuration out of the env vars and bootstrap and into the Director
flow.
2017-06-27 13:32:39 +12:00
Simon Erkelens
2b26cafcff Separate out the log-out handling.
Repairing tests and regressions
Consistently use `Security::getCurrentUser()` and `Security::setCurrentUser()`
Fix for the logout handler to properly logout, some minor wording updates
Remove the login hashes for the member when logging out.
BasicAuth to use `HTTPRequest`
2017-06-07 21:11:58 +12:00
Simon Gow
5f82997690 Secure Coding - Security Headers, Force HTTPS and Cookies
- Amending best practices for secure coding to enforce HTTPS
- Add security headers to enforce HTTPS
- Ensure secure cookies are used.
- Added links for testing, changed documentation as part of peer review.
- Arrange headers to work with HTTP interface.
- fixed Cache-Control case
- Added reference to Secure Sessions.
- Replaced Cardinality with unique
- Fixed innacurate reference to decendant.
- Consistent spelling
- Databases over DBMSs
2017-04-13 13:59:02 +12:00
Daniel Hensby
6e096f6172
DOCS Updated environment management docs to use .env file 2017-01-31 21:28:51 +00:00
Damian Mooyman
7d67c5b9bd
API Allow users to act-as another 2017-01-16 09:04:20 +13:00
Robbie Averill
c620063608 DOCS Update docs to reference PageController without an underscore, implement some PSR-2 2017-01-11 09:59:28 +13:00
Damian Mooyman
bfd9cb1aca Rename SS_ prefixed classes (#5974) 2016-09-09 18:43:05 +12:00
Ingo Schommer
c96e031367 Moved coding conventions docs into contributing folder
Also created a contributing/coding_conventions landing page separately from the PHP ones, since we now need to account for JS and CSS conventions as well
2016-06-13 08:30:44 +12:00
Damian Mooyman
d52db0ba34 Merge 3 into master
# Conflicts:
#	.travis.yml
#	admin/css/ie7.css
#	admin/css/ie7.css.map
#	admin/css/ie8.css.map
#	admin/css/screen.css
#	admin/css/screen.css.map
#	admin/javascript/LeftAndMain.js
#	admin/scss/_style.scss
#	admin/scss/_uitheme.scss
#	control/HTTPRequest.php
#	core/Object.php
#	css/AssetUploadField.css
#	css/AssetUploadField.css.map
#	css/ConfirmedPasswordField.css.map
#	css/Form.css.map
#	css/GridField.css.map
#	css/TreeDropdownField.css.map
#	css/UploadField.css
#	css/UploadField.css.map
#	css/debug.css.map
#	dev/Debug.php
#	docs/en/00_Getting_Started/00_Server_Requirements.md
#	docs/en/02_Developer_Guides/06_Testing/00_Unit_Testing.md
#	docs/en/02_Developer_Guides/06_Testing/index.md
#	docs/en/02_Developer_Guides/14_Files/02_Images.md
#	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Extend_CMS_Interface.md
#	filesystem/File.php
#	filesystem/Folder.php
#	filesystem/GD.php
#	filesystem/Upload.php
#	forms/ToggleField.php
#	forms/Validator.php
#	javascript/lang/en_GB.js
#	javascript/lang/fr.js
#	javascript/lang/src/en.js
#	javascript/lang/src/fr.js
#	model/Image.php
#	model/UnsavedRelationList.php
#	model/Versioned.php
#	model/connect/MySQLDatabase.php
#	model/fieldtypes/DBField.php
#	model/fieldtypes/Enum.php
#	scss/AssetUploadField.scss
#	scss/UploadField.scss
#	templates/email/ChangePasswordEmail.ss
#	templates/forms/DropdownField.ss
#	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
#	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsUiContext.php
#	tests/forms/EnumFieldTest.php
#	tests/security/MemberTest.php
#	tests/security/MemberTest.yml
#	tests/security/SecurityTest.php
2016-04-29 17:50:55 +12:00
Daniel Hensby
745faebd81
Merge 3.2 into 3.3
Conflicts:
	.travis.yml
2016-04-26 00:17:09 +01:00
Damian Mooyman
b8e7f9a934 Standardise spelling of "customise"
Fixes #3988
2016-03-30 13:17:28 +13:00
Ingo Schommer
f36b110db3 Merge remote-tracking branch 'origin/3.3' 2016-03-04 17:06:04 +13:00
Damian Mooyman
24a6c53645 Merge branch '3.2' into 3.3
# Conflicts:
#	admin/code/ModelAdmin.php
#	lang/cs.yml
#	lang/lt.yml
#	lang/sk.yml
2016-02-29 17:03:22 +13:00
Damian Mooyman
2c1f837442 Merge branch '3.1' into 3.2
# Conflicts:
#	docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
#	docs/en/01_Tutorials/03_Forms.md
#	docs/en/02_Developer_Guides/00_Model/08_SQL_Query.md
#	docs/en/02_Developer_Guides/00_Model/10_Versioning.md
#	docs/en/02_Developer_Guides/03_Forms/Field_types/01_Common_Subclasses.md
#	docs/en/02_Developer_Guides/03_Forms/Field_types/05_UploadField.md
#	docs/en/02_Developer_Guides/09_Security/01_Access_Control.md
#	docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
#	docs/en/02_Developer_Guides/14_Files/01_Image.md
#	docs/en/02_Developer_Guides/14_Files/index.md
#	lang/cs.yml
#	lang/fi.yml
#	lang/sk.yml
2016-02-29 16:59:20 +13:00
Damian Mooyman
3b0a9f4ba2 Merge remote-tracking branch 'origin/3'
# Conflicts:
#	admin/javascript/LeftAndMain.Menu.js
#	control/HTTPRequest.php
#	css/GridField.css
#	css/GridField.css.map
#	docs/en/02_Developer_Guides/03_Forms/Field_types/01_Common_Subclasses.md
#	docs/en/02_Developer_Guides/06_Testing/00_Unit_Testing.md
#	docs/en/02_Developer_Guides/06_Testing/index.md
#	docs/en/02_Developer_Guides/14_Files/01_File_Management.md
#	docs/en/02_Developer_Guides/14_Files/02_Images.md
#	filesystem/Upload.php
#	javascript/HtmlEditorField.js
#	model/Image.php
#	model/connect/MySQLDatabase.php
#	model/fieldtypes/Enum.php
#	model/versioning/Versioned.php
#	scss/GridField.scss
2016-02-25 14:51:59 +13:00
Damian Mooyman
5f2d3f31d7 Merge remote-tracking branch 'origin/3.2' into 3.3
# Conflicts:
#	dev/DevelopmentAdmin.php
#	docs/en/02_Developer_Guides/08_Performance/02_HTTP_Cache_Headers.md
#	lang/cs.yml
#	lang/lt.yml
2016-02-24 17:29:06 +13:00
Damian Mooyman
ff5ed6efeb Merge remote-tracking branch 'origin/3.2.2' into 3.2 2016-02-24 17:03:43 +13:00
Damian Mooyman
06d5050321 Merge remote-tracking branch 'origin/3.1.17' into 3.1 2016-02-24 16:54:18 +13:00
Ingo Schommer
37059eb6b3 [ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers 2016-02-24 11:47:16 +13:00
Ingo Schommer
faa94d51d5 [ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers 2016-02-24 11:33:54 +13:00
Ingo Schommer
893e49703d [ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers 2016-02-18 17:28:54 +13:00
David Alexander
903379bde2 DOCS 3.2 : fixing api: links now that api: tag parser working
fixed a couple of external links

fixed a docs link
2016-02-17 18:02:38 -07:00
David Alexander
febbd35b51 DOCS 3.1 : fixing api: links
missed one
2016-02-17 03:00:22 -07:00
Jean-Fabien Barrois
bab1f230bf NEW Cross device "Remember Me" feature
At the moment, using the "Remember me" function on more than one device will only work with the last device used. Previous devices will not auto login.
This PR introduces a new DataObject for storing hashed tokens against multiple devices. Developers can configure if logging out should discard all tokens, or only the one used on the device logging out; token expiry date is 90 days by default but configurable. For added security, the old behaviour can still be enforced if multiple tokens are not desired.
See silverstripe#1574 for additional background
2016-02-10 09:42:08 +13:00
Damian Mooyman
e6b877df27 Merge remote-tracking branch 'origin/3'
# Conflicts:
#	control/Director.php
#	control/HTTP.php
#	core/startup/ParameterConfirmationToken.php
#	docs/en/00_Getting_Started/01_Installation/05_Common_Problems.md
#	docs/en/00_Getting_Started/04_Directory_Structure.md
#	docs/en/00_Getting_Started/05_Coding_Conventions.md
#	docs/en/01_Tutorials/01_Building_A_Basic_Site.md
#	docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
#	docs/en/01_Tutorials/03_Forms.md
#	docs/en/01_Tutorials/04_Site_Search.md
#	docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md
#	docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md
#	docs/en/02_Developer_Guides/13_i18n/index.md
#	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md
#	docs/en/03_Upgrading/index.md
#	docs/en/changelogs/index.md
#	docs/en/howto/customize-cms-menu.md
#	docs/en/howto/navigation-menu.md
#	docs/en/index.md
#	docs/en/installation/index.md
#	docs/en/installation/windows-manual-iis-6.md
#	docs/en/misc/contributing/code.md
#	docs/en/misc/contributing/issues.md
#	docs/en/misc/module-release-process.md
#	docs/en/reference/dataobject.md
#	docs/en/reference/execution-pipeline.md
#	docs/en/reference/grid-field.md
#	docs/en/reference/modeladmin.md
#	docs/en/reference/rssfeed.md
#	docs/en/reference/templates.md
#	docs/en/topics/commandline.md
#	docs/en/topics/debugging.md
#	docs/en/topics/email.md
#	docs/en/topics/forms.md
#	docs/en/topics/index.md
#	docs/en/topics/module-development.md
#	docs/en/topics/modules.md
#	docs/en/topics/page-type-templates.md
#	docs/en/topics/page-types.md
#	docs/en/topics/search.md
#	docs/en/topics/testing/index.md
#	docs/en/topics/testing/testing-guide-troubleshooting.md
#	docs/en/topics/theme-development.md
#	docs/en/tutorials/1-building-a-basic-site.md
#	docs/en/tutorials/2-extending-a-basic-site.md
#	docs/en/tutorials/3-forms.md
#	docs/en/tutorials/4-site-search.md
#	docs/en/tutorials/5-dataobject-relationship-management.md
#	docs/en/tutorials/building-a-basic-site.md
#	docs/en/tutorials/dataobject-relationship-management.md
#	docs/en/tutorials/extending-a-basic-site.md
#	docs/en/tutorials/forms.md
#	docs/en/tutorials/index.md
#	docs/en/tutorials/site-search.md
#	main.php
#	model/SQLQuery.php
#	security/ChangePasswordForm.php
#	security/MemberLoginForm.php
#	tests/control/ControllerTest.php
#	tests/core/startup/ParameterConfirmationTokenTest.php
#	tests/model/SQLQueryTest.php
#	tests/security/SecurityTest.php
#	tests/view/SSViewerTest.php
#	view/SSTemplateParser.php
#	view/SSTemplateParser.php.inc
#	view/SSViewer.php
2016-01-20 13:16:27 +13:00
Damian Mooyman
5d240feaec Merge remote-tracking branch 'origin/3.2' into 3.3 2016-01-19 15:08:24 +13:00