Commit Graph

530 Commits

Author SHA1 Message Date
Robbie Averill
392cda15f6 NEW Add updateRules extension point to Director::handleRequest 2017-07-23 22:10:46 +12:00
Chris Joe
6a3c51e072 Merge pull request #7036 from fullscreeninteractive/wilr-patch-1
Fix ImportButton not opening the modal
2017-07-21 14:10:31 +12:00
Damian Mooyman
6fd6a38949
BUG Fix unassigned nestedFrom
Fixes #7194
2017-07-21 08:58:19 +12:00
Damian Mooyman
e77c7fe04c Merge pull request #7188 from dhensby/pulls/4/fix-full-text-search-table-option
FIX FulltextSearchable  DB engine not set correctly
2017-07-20 12:27:30 +12:00
Loz Calver
c41c0a957b Merge pull request #7163 from sachajudd/pulls/4.0/debugview-info-color
NEW add web accessible colours to web view dev/build
2017-07-19 15:01:36 +01:00
Daniel Hensby
8aeec92087
FIX FulltextSearchable DB engine not set correctly 2017-07-19 12:28:15 +01:00
Daniel Hensby
d7095c2213
Merge branch '3' into 4 2017-07-18 14:19:16 +01:00
Daniel Hensby
d59e2dbe5b Merge pull request #7183 from robbieaverill/pulls/4.0/fix-log-in-as-someone-else
FIX Log in as someone else returns user back to login screen
2017-07-18 11:54:33 +01:00
Sacha Judd
f367a0aa62 NEW add web accessible colours to web view dev/build 2017-07-18 22:00:35 +12:00
Robbie Averill
ba9ad55274 FIX Base URL defaults to a slash in currentURL if not defined already 2017-07-18 21:56:21 +12:00
Robbie Averill
a5ca4ecb59 FIX Log in as someone else returns user back to login screen 2017-07-18 17:15:58 +12:00
Damian Mooyman
ed0ed89865 Merge pull request #7055 from robbieaverill/pulls/4.0/polymorphic-has-one-indexes
NEW Ensure polymorphic has_one fields are indexed
2017-07-18 16:39:45 +12:00
Robbie Averill
fb18e441a7 DBIndexable::getIndexSpecs is responsible for returning a DBFields full indexable spec 2017-07-18 15:03:56 +12:00
Saophalkun Ponlu
c2841b6d64 Enhancement Remove "Remove link" button from the editor's main toolbar
Fix behat for selecting link should focus on field
2017-07-18 13:11:27 +12:00
Damian Mooyman
de7b746094 Merge pull request #7180 from robbieaverill/pulls/4.0/remove-config-update-use
Use merge and set instead of update for config calls
2017-07-18 09:16:20 +12:00
Daniel Hensby
be7b2d4970 Merge pull request #7179 from robbieaverill/pulls/4.0/is-cli-for-phpdbg
FIX Ensure phpdbg calls are registered by SilverStripe core as a CLI call
2017-07-17 14:26:39 +01:00
Robbie Averill
da4e46e4de FIX Use merge and set instead of update for config calls 2017-07-17 17:59:40 +12:00
Robbie Averill
ea4181166f FIX Ensure phpdbg calls are registered by SilverStripe core as a CLI call 2017-07-17 16:56:01 +12:00
Robbie Averill
bd5782adca NEW Allow index type to be configured per DBField instance 2017-07-17 14:36:47 +12:00
Robbie Averill
c9c4390619 NEW Ensure polymorphic has_one fields are indexed
* Add tests for config based indexing on composite DBFields
* Allow fields to have "indexed" option passed via field spec
2017-07-17 14:36:29 +12:00
Robbie Averill
1a38feff22 FIX Version provider uses early bound config getter, move LeftAndMain config to admin module 2017-07-16 16:49:10 +12:00
Daniel Hensby
7fd316d405
Merge branch 3 into 4 2017-07-15 13:20:37 +01:00
Daniel Hensby
be0e16d648 Merge pull request #7170 from robbieaverill/pulls/4.0/ignore-exceptions-on-killing-testdb
FIX Ignore exceptions thrown when deleting test databases
2017-07-14 14:53:51 +01:00
Loz Calver
aafd2a573d Update Convert::memstring2bytes() logic 2017-07-14 09:16:05 +01:00
Damian Mooyman
3a7f9e8eb5 Merge pull request #7167 from open-sausages/pulls/4.0/tree-search-in-forest
API TreeDropdown tree parameter
2017-07-14 16:23:30 +12:00
Simon Erkelens
3e97b99e22 [BUG] Fix issues with multiple authenticators for a single task (#7149)
Using multiple 2FA authenticators, logging out, resetting password etc. proved to be handled wrong.
Example scenario:
The result is an error, because the `renderWrappedController` was called, despite the responses being a set of either array with Content or Form, or a redirect action.

The default action should be followed and not try to render if there is nothing to render

Because the logout (or changepassword, or resetpassword, etc.) has already been handled, the first response is the default authenticator's response. This _could_ be a form (in case of logout without valid token), a content set (reset password) or a form (change password).

This edge case only happens when there are multiple authenticators supporting the requested method that is _not_ login.
2017-07-14 09:20:58 +12:00
Robbie Averill
b16896f22b FIX Ignore exceptions thrown when deleting test databases
This will prevent long runnings builds (e.g. code coverage) from failing when the test database connection is gone (MySQL server has gone away) by the time the shutdown handler runs.
2017-07-13 23:33:51 +12:00
Robbie Averill
823e49526f NEW Allow SSViewer and SSViewer_FromString to be injectable 2017-07-13 20:48:58 +12:00
Christopher Joe
ccda816f90 API added flatList argument for generating the json tree list with a context string property 2017-07-13 17:04:35 +12:00
Damian Mooyman
5fcd7d084f
BUG Fix registered shutdown function not handling responsibility for outputting redirection response 2017-07-13 15:32:39 +12:00
Aaron Carlino
2b266276c2 API Implement new module sorting pattern 2017-07-13 10:27:27 +12:00
Daniel Hensby
b2831b809c Merge pull request #7133 from kinglozzer/cache-classname
Cache ClassInfo::class_name() calls
2017-07-10 13:23:45 +01:00
Damian Mooyman
85359ad59e
BUG Ensure that installer can create an initial admin account
Fixes #7124
2017-07-06 13:30:04 +12:00
Loz Calver
e3e16fe835 Cache ClassInfo::class_name() calls 2017-07-05 15:15:08 +01:00
Daniel Hensby
aafa054cf7 Merge pull request #7129 from mfendeksilverstripe/master
Limited nodes with too many children are no longer accessible
2017-07-05 12:37:26 +01:00
Daniel Hensby
2c5e237a93
Merge pull request #7103 from dnadesign/fix-numericfield-null 2017-07-05 11:45:45 +01:00
Daniel Hensby
2f551c91d7 Merge pull request #6922 from kinglozzer/debugview-styles
Update DebugView styles
2017-07-05 11:35:04 +01:00
Loz Calver
713b01ebc7 Update DebugView styles 2017-07-05 09:14:26 +01:00
Aaron Carlino
c836a2e2d2 BUGFIX: Module resource regex does not allow ports 2017-07-05 13:26:30 +12:00
Mojmir Fendek
3f2d217a45 Limited nodes that have more children than allowed limit are no longer accessible to the user. 2017-07-05 11:34:24 +12:00
John Milmine
f14e6bae2c fix numeric field for null values 2017-07-05 07:35:13 +12:00
Daniel Hensby
64005bff91 Merge pull request #6440 from open-sausages/pulls/4.0/json-detection
ENHANCEMENT: Debug class emits plain text for application/json requests
2017-07-04 13:42:42 +01:00
Damian Mooyman
ed26b251c8
ENHANCEMENT: Better output type detection for debugging 2017-07-04 17:33:49 +12:00
Damian Mooyman
4b23205838
Fix unnamespaced i18n keys
Fixes https://github.com/silverstripe/silverstripe-framework/issues/6862
2017-07-04 14:18:47 +12:00
Damian Mooyman
f65e3627dc
BUG Implement or exclude all pending upgrader deltas 2017-07-03 12:21:47 +12:00
Damian Mooyman
92903d883e Allow editor themes to fall back safely 2017-07-03 10:38:50 +12:00
Aaron Carlino
cddaaf1444 Update TinyMCEConfig to use theme CSS 2017-07-03 10:38:50 +12:00
Daniel Hensby
c69a565b08 Merge pull request #7046 from andrewandante/FEAT/add_inGroup_to_Group
add inGroup(s) methods to Group
2017-06-30 16:38:55 +01:00
Andrew Aitken-Fincham
ab60a167e6 add inGroup(s) methods to Group 2017-06-30 12:47:37 +01:00
Damian Mooyman
3633947699
BUG Fix broken installer assets and session crash 2017-06-30 14:50:58 +12:00
Damian Mooyman
ee05c586b6 Merge pull request #7083 from sminnee/get-one-miss-null
FIX: DataObject::get_one() misses return null, not false
2017-06-30 13:08:20 +12:00
Aaron Carlino
ad9d4e6820 Pulls/4.0/shortcode namespacing (#7085)
* New shortcode providers, update config, docs

* Use new ImageShortcodeProvider

* Move tests

* New shortcodes namespace

* Move file and image shortcode registrations from framework to assets
2017-06-29 18:45:17 +12:00
Christopher Joe
061393a098 Fix enable ?flush rather than just ?flush=1 2017-06-29 16:13:38 +12:00
Daniel Hensby
30986b4ea3
[SS-2017-002] FIX Lock out users who dont exist in the DB 2017-06-29 13:58:55 +12:00
Sam Minnee
2c8790ca7d FIX: DataObject::get_one() misses return null, not false
Fixes https://github.com/silverstripe/silverstripe-framework/issues/5441
2017-06-29 13:51:52 +12:00
Daniel Hensby
e7df10dc52
Merge branch '3' 2017-06-28 18:59:08 +01:00
Damian Mooyman
b2f3b218a3
BUG Fix incorrect $database autoinit
BUG Fix missing $request in Installer bootstrapping
2017-06-28 17:59:16 +12:00
Damian Mooyman
8078ee08f2
BUG Fix folder urls getting mtime querystring appended 2017-06-28 16:59:41 +12:00
Sam Minnee
741166e369 API: ModulePath template global now takes any composer package name.
NEW: URL generation now handled by pluggable ResourceURLGenerator service.
NEW: Requirements::javascript() and Requirements::css() now support “vendor/package:resource” syntax.

These changes will make it easier to us to fully abstract:
 - file access from module location
 - file location from URL generation

API: ModulePath template global now takes any composer package name.
NEW: URL generation now handled by pluggable ResourceURLGenerator service.
NEW: Requirements::javascript() and Requirements::css() now support “vendor/package:resource” syntax.

These changes will make it easier to us to fully abstract:
 - file access from module location
 - file location from URL generation
2017-06-28 16:59:28 +12:00
Saophalkun Ponlu
288de2eb14 BUG Add flag on form whether to notify user when there's unsaved changes 2017-06-28 11:14:12 +12:00
Will Rossiter
ecb5d85de0 Support empty SS_DATABASE_PREFIX 2017-06-28 08:18:21 +12:00
Damian Mooyman
f699650b5f Update based on feedback 2017-06-27 13:32:39 +12:00
Damian Mooyman
d20ab50f9d API Stronger Injector service unregistration
BUG Fix up test regressions
FIX director references to request object
API Move all middlewares to common namespace
API Implement RequestHandlerMiddlewareAdapter
ENHANCEMENT Improve IP address parsing
Fix up PHPDoc / psr2 linting
BUG Fix property parsing in TrustedProxyMiddleware
BUG Fix Director::is_https()
2017-06-27 13:32:39 +12:00
Damian Mooyman
7aa67f856b Move files to middleware folder 2017-06-27 13:32:39 +12:00
Sam Minnee
67887febc5 fix - session now uses request 2017-06-27 13:32:39 +12:00
Sam Minnee
69fe166897 API: Director::handleRequest() is no longer static - use a Director service
NEW: Add HTMLMiddlewareAware trait to HTTPApplication, Director, and RequestHandler
NEW: Allow service specs to be passed to Director rules.

This refactor of the controller middlewares takes a service definition
approach rather than a static-method-and-config approach that Director
historically had.

The use of a trait for middleware means that the Middlewares array
property can be defined on RequestHandler, Director, and HTTPApplication
objects in the same way.
2017-06-27 13:32:39 +12:00
Sam Minnee
e92c63c545 API: Remove $sid argument of Session::start()
NEW: Pass HTTPRequest to session
NEW: Pass HTTPReuqest optionally to Director statics

The session handler now expects to operate on a specific
HTTPRequest object.
2017-06-27 13:32:39 +12:00
Sam Minnee
ccc86306b6 NEW: Add TrustedProxyMiddleware
API: SS_TRUSTED_PROXY_HOST_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_PROTOCOL_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_IP_HEADER replace with middleware config
API: Front-End-Https = “on” header no longer supported

This middleware replaces the TRUSTED_PROXY setting and shifts its
configuration out of the env vars and bootstrap and into the Director
flow.
2017-06-27 13:32:39 +12:00
Sam Minnee
c4d038f20d NEW: Add HTTPRequest::getScheme()/setScheme()
NEW: Add HTTPRequest::setIP()
API: Rely on HTTPRequestBuilder to set scheme and IP

These changes tidy up HTTPRequest making it a container for information
and removing special logic from it.

This makes it less feature-rich: it doesn’t contain trusted-proxy logic.
This will be able to provided by a middleware.

The new getScheme() method is designed to be closish to PSR-7’s
getUri()->getScheme() equivalent.

There are no more direct $_SERVER references in HTTPRequest.
2017-06-27 13:32:39 +12:00
Sam Minnee
4d89daac78 NEW: Register Injector::inst()->get(HTTPRequest)
HTTPRequest is provided as a service so that global references for
session, hostname, etc can be facilitated. It’s a bit of a hack and
should be avoided but we’re unlikely to scrub it completely from the
Silverstripe 4 code.
2017-06-27 13:32:39 +12:00
Sam Minnee
10866c0809 API: Replace Director::direct() with Director::handleRequest().
There was no longer any code in direct() and so I opted to expose the
handleRequest() method instead.
2017-06-27 13:32:39 +12:00
Sam Minnee
72a7655e95 NEW: Moved allowed-hosts checking to a middleware. 2017-06-27 13:32:39 +12:00
Sam Minnee
db080c0603 NEW: Move session activation to SessionMiddleware. 2017-06-27 13:32:39 +12:00
Sam Minnee
254204a3a6 NEW: Replace AuthenticationRequestFilter with AuthenticationMiddleware 2017-06-27 13:32:39 +12:00
Sam Minnee
e855622890 NEW: Replace FlushRequestFilter with FlushMiddleware 2017-06-27 13:32:39 +12:00
Sam Minnee
b30f410ea0 API: Deprecate RequestFilter.
NEW: Allow application of HTTPMiddleware to Director.

Director can now use the same HTTPMiddleware objects as the app object.
They can be applied either globally or pre-rule.
2017-06-27 13:32:39 +12:00
Sam Minnee
26b9bf11ed NEW: Allow “%$” prefix in Injector::get()
Injector::get() looks up services by name. In yaml config it can make
things clearer to prefix service names by %$, which is how they must
be prefixed when referencing nested services within service definitions.

This change means that any other system referencing services will
support an optional prefix without needing to specifically code support
in themselves.
2017-06-27 13:32:39 +12:00
Damian Mooyman
17c8e913bc Merge pull request #7053 from creative-commoners/pulls/4.0/restore-extension-constructor
NEW restored Extension::__construct()
2017-06-26 21:39:55 +12:00
Franco Springveldt
d3d426bdfc NEW restored Extension::__construct() 2017-06-26 17:34:43 +12:00
Sam Minnee
3c35d25a64 FIX: Allow DB::setConfig() in _config.php
This wasn’t working because the database was being validated before
_config.php was loaed.

This is how the installer sets config so this is an important fix.
2017-06-26 14:04:20 +12:00
Ingo Schommer
fa568e333e Fixed linting errors 2017-06-23 11:19:16 +12:00
Will Rossiter
ad54e7eb30 Fix ImportButton not opening the modal 2017-06-23 10:10:01 +12:00
Damian Mooyman
3873e4ba00 API Refactor bootstrap, request handling
See https://github.com/silverstripe/silverstripe-framework/pull/7037
and https://github.com/silverstripe/silverstripe-framework/issues/6681

Squashed commit of the following:

commit 8f65e56532
Author: Ingo Schommer <me@chillu.com>
Date:   Thu Jun 22 22:25:50 2017 +1200

    Fixed upgrade guide spelling

commit 76f95944fa
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 16:38:34 2017 +1200

    BUG Fix non-test class manifest including sapphiretest / functionaltest

commit 9379834cb4
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 15:50:47 2017 +1200

    BUG Fix nesting bug in Kernel

commit 188ce35d82
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 15:14:51 2017 +1200

    BUG fix db bootstrapping issues

commit 7ed4660e7a
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 14:49:07 2017 +1200

    BUG Fix issue in DetailedErrorFormatter

commit 738f50c497
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 11:49:19 2017 +1200

    Upgrading notes on mysite/_config.php

commit 6279d28e5e
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 11:43:28 2017 +1200

    Update developer documentation

commit 5c90d53a84
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 10:48:44 2017 +1200

    Update installer to not use global databaseConfig

commit f9b2ba4755
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 21:04:39 2017 +1200

    Fix behat issues

commit 5b59a912b6
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 17:07:11 2017 +1200

    Move HTTPApplication to SilverStripe\Control namespace

commit e2c4a18f63
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 16:29:03 2017 +1200

    More documentation
    Fix up remaining tests
    Refactor temp DB into TempDatabase class so it’s available outside of unit tests.

commit 5d235e64f3
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 12:13:15 2017 +1200

    API HTTPRequestBuilder::createFromEnvironment() now cleans up live globals
    BUG Fix issue with SSViewer
    Fix Security / View tests

commit d88d4ed4e4
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 16:39:43 2017 +1200

    API Refactor AppKernel into CoreKernel

commit f7946aec33
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 16:00:40 2017 +1200

    Docs and minor cleanup

commit 12bd31f936
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 15:34:34 2017 +1200

    API Remove OutputMiddleware
    API Move environment / global / ini management into Environment class
    API Move getTempFolder into TempFolder class
    API Implement HTTPRequestBuilder / CLIRequestBuilder
    BUG Restore SS_ALLOWED_HOSTS check in original location
    API CoreKernel now requires $basePath to be passed in
    API Refactor installer.php to use application to bootstrap
    API move memstring conversion globals to Convert
    BUG Fix error in CoreKernel nesting not un-nesting itself properly.

commit bba9791146
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 18:07:53 2017 +1200

    API Create HTTPMiddleware and standardise middleware for request handling

commit 2a10c2397b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 17:42:42 2017 +1200

    Fixed ORM tests

commit d75a8d1d93
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 17:15:07 2017 +1200

    FIx i18n tests

commit 06364af3c3
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 16:59:34 2017 +1200

    Fix controller namespace
    Move states to sub namespace

commit 2a278e2953
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 12:49:45 2017 +1200

    Fix forms namespace

commit b65c21241b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 15 18:56:48 2017 +1200

    Update API usages

commit d1d4375c95
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 15 18:41:44 2017 +1200

    API Refactor $flush into HTPPApplication
    API Enforce health check in Controller::pushCurrent()
    API Better global backup / restore
    Updated Director::test() to use new API

commit b220534f06
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 22:05:57 2017 +1200

    Move app nesting to a test state helper

commit 603704165c
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 21:46:04 2017 +1200

    Restore kernel stack to fix multi-level nesting

commit 2f6336a15b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 17:23:21 2017 +1200

    API Implement kernel nesting

commit fc7188da7d
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:43:13 2017 +1200

    Fix core tests

commit a0ae723514
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:23:52 2017 +1200

    Fix manifest tests

commit ca03395251
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:00:00 2017 +1200

    API Move extension management into test state

commit c66d433977
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 14:10:59 2017 +1200

    API Refactor SapphireTest state management into SapphireTestState
    API Remove Injector::unregisterAllObjects()
    API Remove FakeController

commit f26ae75c6e
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 12 18:04:34 2017 +1200

    Implement basic CLI application object

commit 001d559662
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 12 17:39:38 2017 +1200

    Remove references to SapphireTest::is_running_test()
    Upgrade various code

commit de079c041d
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 7 18:07:33 2017 +1200

    API Implement APP object
    API Refactor of Session
2017-06-22 22:50:45 +12:00
Loz Calver
5d27dccd60 NEW: Add CSRF token to logout action 2017-06-21 15:42:13 +01:00
Damian Mooyman
306d801258 Merge pull request #6984 from dhensby/pulls/4/default-pdo
NEW DB Driver defaults to PDO
2017-06-18 21:27:32 +12:00
Chris Joe
8c91d48d3a Merge pull request #7033 from open-sausages/pulls/4.0/remove-parse-indexspec
FIX Remove reference to removed method parseIndexSpec
2017-06-16 16:40:51 +12:00
Chris Joe
102eaed36c Merge pull request #6722 from open-sausages/pulls/4.0/requirements-html-cleanup
Better HTML generation behaviour for Requirements_Backend
2017-06-16 13:52:06 +12:00
Damian Mooyman
64e802f795
API Move createTag to HTML class
ENHANCEMENT Better HTML generation behaviour for Requirements_Backend
2017-06-16 12:22:05 +12:00
Damian Mooyman
54879402ce
BUG Removed reserved / removed / invalid country codes
Fixes #6996
2017-06-16 11:38:00 +12:00
Damian Mooyman
957d238caa
FIX Remove reference to removed method parseIndexSpec
Fixes #6968
2017-06-16 11:20:52 +12:00
Damian Mooyman
0f90c5b63f ENHANCEMENT Update style of CMSLogin form 2017-06-15 18:13:14 +12:00
Damian Mooyman
024371c37e
API Change authentication ValidationResult handling to pass by-reference 2017-06-15 17:25:23 +12:00
Damian Mooyman
62d095305b
API Update DefaultAdmin services
API Improve validation of authentication process
2017-06-15 15:53:57 +12:00
Simon Erkelens
576eee72dc Remove DefaultAdmin things from Security and Member into the MemberAuthenticator, unifying and removing duplicate code. 2017-06-15 14:20:29 +12:00
Chris Joe
950b1dfec2 Merge pull request #7010 from flamerohr/pulls/4.0/no-path-to-follow
Enhancement show the path which threw the error
2017-06-12 10:36:46 +12:00
Damian Mooyman
0dcfa5fa9d FIX CMSSecurity doesn't have Authenticators assigned. 2017-06-12 10:10:34 +12:00
Christopher Joe
7178caf4a9 Enhancement show the path which threw the error 2017-06-12 10:08:12 +12:00
Simon Erkelens
3fe837dad7 Fix for CMS Authenticator. Should only apply to CMSSecurity 2017-06-10 14:47:53 +12:00
Simon Erkelens
5c4e55b60d It's not CascadeLogInTo anymore, it's CascadeInTo
I'm mildly surprised this didn't break. I changed it to CascadeInTo, as the logout action needs to cascade into the session as well.
2017-06-10 12:58:22 +12:00
Damian Mooyman
d89bd15330
Move authentication hooks to SapphireTest 2017-06-09 16:25:40 +12:00
Damian Mooyman
62753b3cb1
Cleanup and RequestFilter refactor 2017-06-09 15:07:35 +12:00
Simon Erkelens
5fce3308b4 Move LostPasswordHandler in to it's own class.
- Moved the Authenticators from statics to normal
- Moved MemberLoginForm methods to the getFormFields as they make more sense there
- Did some spring-cleaning on the LostPasswordHandler
- Removed the BuildResponse from ChangePasswordHandler after spring cleaning
2017-06-08 20:09:57 +12:00
Simon Erkelens
082db89550 Feedback from Damian.
- Move the success and message to a validationresult
- Fix tests for validationresult return
- We need to clear the session in Test logOut method
- Rename to MemberAuthenticator and CMSMemberAuthenticator for consistency.
- Unify all to getCurrentUser on Security
- ChangePasswordHandler removed from Security
- Update SapphireTest for CMS login/logout
- Get the Member ID correctly, if it's an object.
- Only enable "remember me" when it's allowed.
- Add flag to disable password logging
- Remove Subsites coupling, give it an extension hook to disable itself
- Change cascadeLogInTo to cascadeInTo for the logout method logic naming
- Docblocks
- Basicauth config
2017-06-08 17:50:20 +12:00
Simon Erkelens
2b26cafcff Separate out the log-out handling.
Repairing tests and regressions
Consistently use `Security::getCurrentUser()` and `Security::setCurrentUser()`
Fix for the logout handler to properly logout, some minor wording updates
Remove the login hashes for the member when logging out.
BasicAuth to use `HTTPRequest`
2017-06-07 21:11:58 +12:00
Sam Minnee
f9ea752bae NEW: Add AuthenticationHandler interface
NEW: Add IdentityStore for registering log-in / log-out data
NEW: Add AuthenticationRequestFilter for managing login
NEW: Add Security:setCurrentUser() / Security::getCurrentUser()
NEW: Add FunctionalTest::logOut()
2017-06-07 21:11:55 +12:00
Simon Erkelens
c4194f0ed2 CMS Login Handling
Move to canLogin in the authentication check. Protected isLockedOut

Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken.

logOut could be managed from the Authenticator instead of the member
2017-06-07 21:11:54 +12:00
Sam Minnee
7af7e6719e API: Security.authenticators is now a map, not an array
Authenticators is now a map of keys -> service names. The key is used
in things such as URL segments. The “default_authenticator” value has
been replaced with the key “default” in this map, although in time a
default authenticator may not be needed.
IX: Refactor login() to avoid code duplication on single/multiple handlers
IX: Refactor LoginHandler to be more amenable to extension
IX: Fixed permissionFailure hack
his LoginHandler is expected to be the starting point for other
custom authenticators so it should be easier to repurpose components
`of it.
IX: Fix database-is-ready checks in tests.
IX: Fixed MemberAuthenticatorTest to match the new API
IX: Update security URLs in MemberTest
2017-06-07 21:11:53 +12:00
Sam Minnee
e226b67d06 Refactoring of authenticators
Further down the line, I'm only returning the `Member` on the doLogin, so it's possible for the Handler or Extending Handler to move to a second step.
Also cleaned up some minor typos I ran in to. Nothing major.

This solution works and is manually tested for now. Supports multiple login forms that end up in the correct handler. I haven't gotten past the handler yet, as I've yet to refactor my Yubiauth implementation.

FIX: Corrections to the multi-login-form support.

Importantly, the system provide a URL-space for each handler, e.g.
“Security/login/default” and “Security/login/other”. This is much
cleaner than identifying the active authenticator by a get parameter,
and means that the tabbed interface is only needed on the very first view.

Note that you can test this without a module simply by loading the
default authenticator twice:

SilverStripe\Security\Security:
  authenticators:
    default: SilverStripe\Security\MemberAuthenticator\Authenticator
    other: SilverStripe\Security\MemberAuthenticator\Authenticator

FIX: Refactor delegateToHandler / delegateToHandlers to have less
duplicated code.
2017-06-07 21:11:52 +12:00
Daniel Hensby
856aa79892 Merge pull request #6987 from open-sausages/pull/4.0/3239-consisten-fist-last-returns
Consistent return values for first and last methods
2017-06-06 16:59:04 +01:00
Damian Mooyman
8c0ced311f Merge pull request #6998 from AntonyThorpe/StrictFormMethodCheck
Updated Form.php & 04_Form_Security.md  - strictFormMethodCheck to true
2017-06-06 23:06:11 +12:00
Antony Thorpe
6348f2e3e8 Updated Form.php & 04_Form_Security.md
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting.  In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]."  The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)).

Why not make this the default behaviour?  Is there a scenario where this would cause a problem?  Have manually tested in the CMS (alpha7) and is working fine.

Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
2017-06-06 21:10:49 +12:00
Saophalkun Ponlu
e267d29b9a BUG Consistent return values for first and last methods 2017-06-06 17:22:55 +12:00
Christopher Joe
d12c986dd5
Fixes printing from crashing 2017-06-06 13:31:37 +12:00
Daniel Hensby
9a0e01d4a0
NEW DB Driver defaults to PDO 2017-06-01 11:00:35 +01:00
Daniel Hensby
11de4abe0a Merge pull request #6977 from andrewandante/FIX/move_dotenv_higher
move TRUSTED_PROXY below .env loader
2017-05-30 12:41:09 +01:00
Andrew Aitken-Fincham
8f44b8f0ba move trusted_proxy_ips below .env loader 2017-05-30 12:18:47 +01:00
Damian Mooyman
b27ef810d4 Merge pull request #6974 from colintucker/fix-csv-bulk-loader
Fixes a bug with split file names during CSV import
2017-05-30 16:18:06 +12:00
Damian Mooyman
e7d87add9f API Remove legacy HTMLEditor classes 2017-05-30 11:01:28 +12:00
Nick
acb74a8577 Fix $class variable from being clobbered
The $class variable gets overwritten in the function.

This causes error messages to be less helpful. For example if you setup a has_many but forget the has_one on the other side the error will look something like

`[Emergency] Uncaught Exception: No has_one found on class 'SomeObject', the has_many relation from 'SilverStripe\View\ViewableData' to 'SomeObject' requires a has_one on 'SomeObject'`

fixing this gives a more useful error, like

`[Emergency] Uncaught Exception: No has_one found on class 'SomeObject', the has_many relation from 'Page' to 'SomeObject' requires a has_one on 'SomeObject'`
2017-05-29 20:31:09 +12:00
Colin Tucker
db59e51c4a Fixes a bug with split file names during CSV import 2017-05-29 16:08:23 +10:00
Damian Mooyman
963d9197d3
API Ensure that all DataQuery joins are aliased based on relationship name 2017-05-26 13:38:58 +12:00
Daniel Hensby
893f19a5ea
DOCS Updating index definition examples 2017-05-25 23:29:12 +01:00
Daniel Hensby
3e556b5966
NEW Move index generation to DataObjectSchema and solidify index spec 2017-05-25 23:29:12 +01:00
Damian Mooyman
0cd40ca6e5
BUG Fix minor accessors of legacy ->class property 2017-05-25 11:55:12 +12:00
Damian Mooyman
29f450b1e1 Revert injector type hint to Injector 2017-05-25 11:06:48 +12:00
Damian Mooyman
906a4c444b
API Add streamable response object 2017-05-23 16:32:29 +12:00
Damian Mooyman
d15b9ee0b0 Response to feedback 2017-05-23 13:50:35 +12:00
Damian Mooyman
fba8e2c245 API Remove Object class
API DataObjectSchema::manyManyComponent() return array is now associative array
2017-05-23 13:50:35 +12:00
Damian Mooyman
7e2f8d1f2d Merge pull request #6951 from sminnee/fix-2494
FIX: Don’t assume posix_getpwuid is available.
2017-05-23 13:10:56 +12:00
Sam Minnee
09164e7e2a FIX: Better error checking for non-writable temp paths
Fixes https://github.com/silverstripe/silverstripe-framework/issues/1666
2017-05-23 10:06:48 +12:00
Sam Minnee
40d9bbfd69 FIX: Don’t assume posix_getpwuid is available.
Fixes https://github.com/silverstripe/silverstripe-framework/issues/2494

In Silverstripe 3.1, on some shared hosts the following bug can occur:
Warning: posix_getpwuid() has been disabled for security reasons
2017-05-23 10:00:36 +12:00
Damian Mooyman
7bc8172bc1 Merge pull request #6937 from caffeineinc/2930-checkboxfield-invalid-html
CheckboxField creates invalid HTML when required #2939
2017-05-22 13:44:58 +12:00
Ingo Schommer
a433e5f4a8 Find root modules with _config.php
When modules are installed as the webroot,
manifest generation should behave the same way as when they're in a subfolder.
Which means accepting the module folder both with a _config/ folder
and a _config.php file present.
2017-05-22 12:16:57 +12:00
Simon Gow
cdc03602ed CheckboxField creates invalid HTML when required #2939
- Updated CheckboxField, CheckboxSetField, DropdownField, OptionsetField
 to validate with HTML5 attributes & aria-required.

https://www.w3.org/TR/wai-aria/states_and_properties#aria-required
2017-05-22 12:15:28 +12:00
Damian Mooyman
2aa3b5d5fa Merge pull request #6934 from robbieaverill/pulls/4.0/consistent-instance-method
API Consistent use of inst() naming across framework
2017-05-22 11:57:20 +12:00
Damian Mooyman
80bff0d099 Merge pull request #6932 from mikenz/pulls/4.0/treedropdownfield-orphaned
Bugfix: Parent treedropdownfield for an orphaned page is broken
2017-05-22 10:53:33 +12:00
Damian Mooyman
4197090e11 Merge pull request #6940 from kinglozzer/randomgenerator
Only use random_bytes() for RandomGenerator (closes #6397)
2017-05-22 10:29:55 +12:00
Damian Mooyman
f35017479b Merge pull request #6933 from robbieaverill/pulls/4.0/table-name-on-dev-build
Change to show created table names instead of model names in dev/build
2017-05-20 23:10:19 +12:00
Robbie Averill
4408726b6b Change to show created table names instead of model names in dev/build 2017-05-20 16:09:49 +12:00
Loz Calver
e653e90997 Only use random_bytes() for RandomGenerator (closes #6397) 2017-05-19 11:18:56 +01:00
Robbie Averill
f2cbe86f03 Remove CustomMethods::createMethod and create_function implementations, replace with closures 2017-05-19 15:56:44 +12:00
Robbie Averill
ad43a82923 API Consistent use of inst() naming across framework 2017-05-19 14:38:06 +12:00
Ingo Schommer
100048da33 API PSR-11 compliance (fixes #6594) (#6931)
Note that our usage of `$asSingleton` in `get()` is fine. Quote from the PSR:

> Two successive calls to get with the same identifier SHOULD return the same value. However, depending on the implementor design and/or user configuration, different values might be returned, so user SHOULD NOT rely on getting the same value on 2 successive calls.
2017-05-19 13:45:07 +12:00
Mike Cochrane
31578d4771 Bugfix: Parent treedropdownfield for an orphaned page is broken 2017-05-19 12:15:36 +12:00
Daniel Hensby
db3e3d51fd Merge pull request #6928 from open-sausages/pulls/4.0/form-action-handler-regression
Process actions on Form subclasses
2017-05-18 12:09:28 +01:00
Ingo Schommer
adbf9d9f71 Process actions on Form subclasses
Regression introduced through https://github.com/silverstripe/silverstripe-framework/issues/6362.

Quote from the RFC:

```
Thus the order of action precedence becomes

action callback
action on the Form
action on the FormRequestHandler
action on any parent controller (if given)
```
2017-05-18 22:47:39 +12:00
Daniel Hensby
3495c0826e Cleanup SapphireTest and time related tests (#6898)
* Test databases now include timestamp for easier debugging

* Use classname::class instead of string literal classnames

* Remove DataObject::get_one() from SapphireTest

* More fixes to ICU DB inconsitency for time formatting

* Correctly restore PHPUnits error handler
2017-05-18 22:01:55 +12:00
Damian Mooyman
8ed675d29b Merge pull request #4542 from patricknelson/issue-4417-validator-remove-validation-master
FIX for #4417: Ensuring ->removeValidation() is defined on instances of Validator. Setup new API for enabling/disabling validation. Documentation and better type handling.
2017-05-18 09:27:48 +12:00
Nick
dddf88278c Fix a typo in comment
Typo
2017-05-17 22:09:07 +12:00
Loz Calver
471166c15e Merge pull request #6169 from open-sausages/pulls/4.0/duplicate-manymany-option
API Duplication of many_many relationships now defaults to many_many only
2017-05-17 09:31:09 +01:00