tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
24,096 Commits 31 Branches 527 Tags 162 MiB
31e1dc96b2
Commit Graph

386 Commits

Author SHA1 Message Date
Guy Sartorelli
7efde6bf37
Merge branch '4' into 5.0 2023-04-27 14:43:38 +12:00
Florian Thoma
41c4b4ee02 make Group use tri-state can* extension hooks, fixes #9580 2023-04-11 10:18:21 +10:00
Florian Thoma
cd946b6c80
Group visibility for SITETREE_GRANT_ACCESS permissions 
Make groups visible if member has SITETREE_GRANT_ACCESS permissions, otherwise the dropdown for selecting the group is empty
 2023-04-05 16:33:41 +10:00
Sabina Talipova
5236b0a9df
Merge pull request #10666 from creative-commoners/pulls/5/security-extensions 
NEW migrate functionality from security-extensions module
 2023-02-07 13:50:56 +13:00
Guy Sartorelli
fecb7ba4d8
NEW Add sudo mode service 2023-02-07 13:36:42 +13:00
Guy Sartorelli
8ddedb038e
NEW Allow admins to require password reset for members 
This came from silverstripe/silverstripe-security-extensions
 2023-02-07 13:36:21 +13:00
Steve Boyd
a74e9d3ecd Merge branch '4' into 5 2023-02-03 10:14:36 +13:00
Steve Boyd
23efed1802 Merge branch '4.12' into 4 2023-02-02 16:20:00 +13:00
Guy Sartorelli
826028082b
FIX Sort without specifying a table name (#10675) 
Using a table name in sort() is not allowed in CMS 5. We could use
orderBy() here but member is the table it will sort on by default anyway
so there's no need.

Also added unit tests, which should have caught this ages ago.
 2023-02-01 13:52:13 +13:00
Guy Sartorelli
dca4e0bcb8
FIX Remove unused action from allowed_actions (#10672) 
This action was used in CMS 3, but has since been replaced with
/Security/lostpassword/passwordsent which is a separate set of actions.
 2023-01-31 13:59:12 +13:00
Thomas Portelange
3e5d99dedc
Prevent backslash in class name 
since the default code is using get_called_class, you can end up with \ in the class name which is an escape character for css selectors
this update convert for example

even valCMS_ACCESS_SilverStripe\VersionedAdmin\ArchiveAdmin
to
even valCMS_ACCESS_SilverStripe-VersionedAdmin-ArchiveAdmin

ArchiveAdmin class should probably implement     private static $required_permission_codes = 'CMS_ACCESS_ArchiveAdmin '; also
 2023-01-30 10:26:22 +01:00
Steve Boyd
77301408d8 MNT Remove legacy upgrader config 2023-01-20 17:05:41 +13:00
Steve Boyd
700288d5ca FIX Cast absoluteUrl() argument to string 2022-12-14 11:24:42 +13:00
Steve Boyd
55f8fce12b MNT Linting 2022-12-08 17:12:32 +13:00
Sabina Talipova
53c0147f11
API Remove deprecated code (#10594) 2022-12-08 10:44:47 +13:00
Steve Boyd
ae4d7fa090 API Create orderBy() method to handle raw SQL 2022-12-07 12:25:58 +13:00
Steve Boyd
b5533e4680 API Stop using deprecated API 2022-11-28 19:16:31 +13:00
Sabina Talipova
a52c7795c7 Merge branch '4' into 5 2022-11-22 11:41:53 +13:00
Guy Sartorelli
8e16b57646
Merge branch '4' into 5 2022-11-21 18:13:01 +13:00
Sabina Talipova
ad116c63e6
Merge pull request #10565 from creative-commoners/pulls/4/stop-depr 
API Stop using deprecated API
 2022-11-16 14:26:18 +13:00
Steve Boyd
137ebcebec API Stop using deprecated API 2022-11-15 18:20:54 +13:00
Guy Sartorelli
ed63beeeee
Merge branch '4.11' into 4 2022-11-09 10:53:09 +13:00
Steve Boyd
9091d64652 API Deprecate Member::create_new_password() 2022-11-02 10:08:27 +13:00
Steve Boyd
a3c1cb0ddf
ENH Set PasswordEncryption on default admin 2022-10-27 13:57:27 +13:00
Steve Boyd
6e9d3ab632 Merge branch '4' into 5 2022-10-21 12:00:39 +13:00
Guy Sartorelli
919cfcf435
Merge pull request #10494 from creative-commoners/pulls/5/symfony-mailer 
NEW Migrate from swiftmailer/swiftmailer to symfony/mailer
 2022-10-19 15:52:31 +13:00
Steve Boyd
2e85674ccc NEW Migrate from swiftmailer/swiftmailer to symfony/mailer 2022-10-19 15:16:14 +13:00
Steve Boyd
a57c7315a2 API Strongly-type action method signatures 2022-10-17 17:58:20 +13:00
Steve Boyd
9c453abf89 API Update deprecations 2022-10-13 14:49:15 +13:00
Steve Boyd
33b6a00f49 ENH Update deprecation messages 2022-10-13 14:48:40 +13:00
Steve Boyd
2991901660 ENH Update deprecation messages 2022-10-13 14:05:49 +13:00
Steve Boyd
7b87926428 ENH Update deprecation messages 2022-10-13 14:05:49 +13:00
Steve Boyd
cc49036616 ENH Standardise deprecation messages 2022-10-13 14:05:49 +13:00
Guy Sartorelli
421864d111
Merge branch '4.11' into 4 2022-09-29 09:41:06 +13:00
Thomas Portelange
54892fa267
request may not have a session 
see https://github.com/silverstripe/silverstripe-framework/pull/10512
 2022-09-28 10:44:13 +02:00
Bram de Leeuw
f78c3ee5bb
Member updateName extension hook 
Allow updating the Member name from an extension
 2022-09-26 16:57:39 +02:00
Steve Boyd
b101b8bdb8 Merge branch '4.11' into 4 2022-07-04 13:20:12 +12:00
Loz Calver
b37178e831
FIX: 'passwordsent' title was not being displayed (fixes #10366) (#10367) 2022-07-01 13:58:57 +12:00
Guy Sartorelli
9d73b7b4bd Merge branch '4.11' into 4 2022-05-27 12:55:53 +12:00
Guy Sartorelli
972a77f4d3 Merge branch '4.10' into 4.11 2022-05-27 12:55:35 +12:00
Guy Sartorelli
e0c4f01c11 FIX Resolve deduping problem with group codes. 
Also remove dead validation code.
 2022-05-27 11:19:32 +12:00
Guy Sartorelli
07aae0e56a
Merge pull request #10330 from creative-commoners/pulls/4.9/permissions-repeated-records 
ENH Replace record in Permission Table if GroupID already exist
 2022-05-23 18:30:21 +12:00
Sabina Talipova
70f1dc8841 ENH Override record if a provided GroupId with provided Code already exist in Permission table. 2022-05-23 14:52:33 +12:00
Loz Calver
903dd860b7 ENH: Add extension hooks to core emails 2022-05-16 10:02:49 +01:00
Guy Sartorelli
63f3637dc2 ENH Ensure users are sent emails when passwords are changed by default. 2022-05-12 11:42:27 +12:00
Steve Boyd
511b3bb060 ENH PHP 8.1 compatibility 2022-04-14 13:12:59 +12:00
GuySartorelli
5c54276b6f
ENH Make all GridField components injectable (using abstract class) (#10204) 
* ENH Make all GridField components injectable.

Some components were already injectable, but all GridField components shipped in silverstripe should be injectable.
This makes it a LOT easier to make global project-specific changes to a given component.
The new AbstractGridFieldComponent also makes it easy to make similar wide-spread changes in the future.

* DOCS Encourage injection for GridField and GridFieldComponents.
 2022-02-02 11:14:33 +13:00
Steve Boyd
511b8a4c71 Merge branch '4.10' into 4 2022-01-19 16:03:42 +13:00
Nicolaas / Sunn Side Up
e40a95af27
MINOR: add filterable and sortable field indexes (#10189) 2022-01-17 10:55:55 +13:00
Steve Boyd
cbf2987a61
FIX Disallow negative values for FailedLoginCount (#10200) 2022-01-14 11:29:49 +13:00
Nicolaas / Sunn Side Up
41530f0be3
MINOR: adding index to PermissionRoleCode.Code for faster filtering and sorting 2022-01-05 09:40:12 +13:00
Steve Boyd
ed492da636 Merge branch '4.10' into 4 2021-12-16 17:45:33 +13:00
Steve Boyd
8b3bec9c68 Merge branch '4.9' into 4.10 2021-12-16 10:58:13 +13:00
Lukas
552cf5944d
MNT Fix various typos with codespell (#10177) 2021-12-13 21:05:33 +13:00
Kirk Mayo
b8d37f9ae4
NEW Validate the Title on Group is not empty (#10113) 2021-11-03 14:26:16 +13:00
Florian Thoma
31668e8acf fix: remove login marker cookie on logout 
Apply suggestions from code review

Co-authored-by: Michal Kleiner <mk@011.nz>
 2021-11-01 10:04:18 +11:00
Steve Boyd
0a389112ca FIX Only send email if email address set 2021-09-07 11:20:29 +12:00
Steve Boyd
00e29758ff DOC Add information regarding Security::setCurrentUser() 2021-09-06 14:04:53 +12:00
Florian Thoma
9a7c99fc4b FIX Take current request protocol into account when deleting session cookie 2021-08-06 10:55:05 +10:00
Florian Thoma
3e2ca3027b destroy session on logout instead of restarting it 2021-07-20 12:05:16 +10:00
Steve Boyd
e812999632 Merge branch '4.7' into 4.8 2021-06-21 14:58:40 +12:00
Steve Boyd
b625ba99b3 ENH Remove wording for authenticated devices being manageable 2021-06-18 09:50:13 +12:00
Steve Boyd
7ed7ad0254 FIX Ensure changing a password to blank is validated 2021-06-17 12:05:20 +12:00
Garion Herman
debf1ae9fb
Merge pull request #9887 from lekoala/patch-18 2021-04-24 21:05:29 +12:00
Steve Boyd
bcccc63d33 API Methods to override logout_accross_devices 2021-04-19 13:13:35 +12:00
Maxime Rainville
fdd23a3675 Merge branch '4.7' into 4 2021-04-14 11:35:58 +12:00
André Kiste
e2777ded8e • Add missing string 
• Move attribute to login-forms
 2021-04-13 15:33:49 +12:00
André Kiste
bbcc187c02 Update conflicting translations. 
Revert removal of translations.
 2021-04-12 11:42:57 +12:00
André Kiste
8692aabe9b Use new designs 2021-04-08 12:32:12 +12:00
Steve Boyd
1c7fd287a1 ENH Reduce default token period from 90 to 30 days 2021-04-06 13:22:10 +12:00
Maxime Rainville
66fa597b3b
FIX Better handling of remember me token when login across devices is disabled (#9895) 
* BUG Make sure remember me tokens are not invalidated when logging out without the logout_across_devices flag

* Remove unneeded comment
 2021-03-31 11:31:52 +13:00
André Kiste
44fae4497b Better describe the 'keep me signed in' checkbox 2021-03-30 13:19:55 +13:00
Thomas Portelange
22b2d58b5a
Update src/Security/Member.php 
Co-authored-by: Steve Boyd <emteknetnz@gmail.com>
 2021-03-22 09:02:18 +01:00
Thomas Portelange
19052e6924
Update src/Security/Member.php 
Co-authored-by: Steve Boyd <emteknetnz@gmail.com>
 2021-03-22 09:02:13 +01:00
Thomas Portelange
0586c55e62
prevent spaces in emails 
so this is not the first time a customer of mine is just copy pasting stuff in emails fields and somehow, a space at the end skips validation. this update ensure there is no space before or after the email, it would probably save a lot of time for everyone to have this build in.
it's probably better to fix it here rather than at form level because this also happens for csv imports etc
 2021-03-19 10:11:02 +01:00
William Desportes
c932d7e7fb
Fix the phpdoc blocks 2020-12-21 22:23:23 +01:00
Robbie Averill
7184703a57
Merge pull request #9516 from alessandromarotta/isLockectOut-call-LoginAttempt-getByEmail 
isLockedOut() in Member.php call LoginAttempt::getByEmail but it passes to it the unique_identifier_field instead $this->Email
 2020-10-01 17:43:30 -07:00
Robbie Averill
27bd5d12e3 ENH Replace E_USER_ERROR errors with exceptions 2020-09-24 23:51:21 -07:00
Dan Hensby
ae0ece2b02
Merge pull request #9665 from creative-commoners/pulls/4/php8-fqcn-token 2020-09-18 20:44:22 +01:00
Steve Boyd
ab50e2cc51 Merge branch '4.6' into 4 2020-09-15 13:44:57 +12:00
Maxime Rainville
8bcfa57342 BUG Make PasswordEncryptor::check more resistent to timing attacks 2020-09-10 22:17:50 +12:00
Maxime Rainville
adaf793ddb
BUG Always validate Member credentials against DRAFT stage (#9671) 2020-09-08 11:47:04 +12:00
Sam Minnee
622cf8b914 FIX: Drop parameter names in Injector instantiation to preserve behaviour in PHP 8 
Fixes #9667
 2020-09-07 17:24:00 +12:00
Loz Calver
7377d094c0 FIX: Include missing security page titles when CMS not installed (fixes #9648) 2020-08-21 14:55:06 +01:00
Nicolaas
65e0233258
PATCH: using standard way to refer to classes Group and PermissionRoleCode 2020-07-14 07:50:05 +12:00
Alessandro Marotta
f3d1e308e5 Update Member.php 
The public function isLockedOut() in Member.php call LoginAttempt::getByEmail but serves to it the unique_identifier_field.

This PR could allow to extensions to patch the use of uniqueidentifierfield (otherwise it would be necessary to extends the Member Class to override the isLockedOut function, with a lot of problems)
 2020-05-10 19:07:22 +02:00
Daniel Hensby
42cee6f5fb
Merge pull request #9489 from mattclegg/1587548067 
DOCS: Fix typos
 2020-04-22 12:28:02 +01:00
Daniel Hensby
826d1fa4eb
Merge pull request #9491 from mattclegg/1587548119 
DOCS: Remove unnecessary `return`
 2020-04-22 12:22:15 +01:00
mattclegg
2f717a4d90
DOCS: Remove unnecessary return 2020-04-22 15:50:12 +05:45
mattclegg
d521a52a33
DOCS: Fix typos 2020-04-22 15:20:11 +05:45
Daniel Hensby
237b2d5f74
Convert array delcarations to short array syntax 2020-04-20 18:58:09 +01:00
Serge Latyntcev
cb36aab80c Merge branch '4.5' into 4 2020-04-15 14:49:19 +12:00
mattclegg
e968f5cb86
DOCS: Remove outdated TODO 2020-04-14 15:00:08 +05:45
Robbie Averill
f77f725355
Merge pull request #9447 from mattclegg/docs__GridFieldDetailForm_ItemRequest-httpError 
[DOCS] Better debug text for errors generated by GridFieldDetailForm_ItemRequest
 2020-04-02 13:05:49 -07:00
Dan Hensby
9e0ed0a50a
Fix spaces around concatenation operator 2020-04-02 12:09:22 +01:00
Dan Hensby
5bf2ac83ee
Merge branch '4.5' into 4 2020-04-01 19:23:47 +01:00
Matt Clegg
e80f1b2b83
[DOCS] Member::logInAs is not a valid example 
Member::logInAs doesn't exist as a static function.

Additionally, `logInAs` does exist as a function in SapphireTest.php, so, should this be updated to also use `Member::actAs` for consistency?
 2020-03-31 18:20:21 +05:45
Robbie Averill
5002f514b3
FIX Capitalisation fixes in welcome back message (#9439) 2020-03-23 15:54:30 +13:00
mattclegg
06dab6b539
[BUGFIX] silverstripe/admin is not required to be installed 
If the silverstripe/admin module is not installed then the javascript/css requirements fail to load
 2020-03-16 18:54:01 +05:45
Serge Latyntsev
bd2ccf70fa
Merge pull request #9282 from open-sausages/pulls/4/docs/clarify-basic-auth 
DOCS Clarify BasicAuth limitations
 2019-10-22 14:01:51 +13:00