Commit Graph

126 Commits

Author SHA1 Message Date
Ingo Schommer
4b2c64c843 BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114758 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 21:18:49 +00:00
Sam Minnee
b34286caab MINOR Reverted r108515 (from r114079)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114544 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:43:10 +00:00
Sam Minnee
f8ec13a1ab BUGFIX: Themed permissionFailure messages (from r109102)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112780 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:55:20 +00:00
Sam Minnee
f23921b815 BUGFIX #5627 Clear session on logout (from r108515)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112758 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:47:05 +00:00
Ingo Schommer
f63751893b BUGFIX Allowing dev/build in "live" mode when Security::database_is_ready() returns FALSE (typically happens when an existing SilverStripe project is upgraded and database columns in Member/Permission/Group have been added) (fixes #4957)
MINOR Using Object::create() in DevelopmentAdmin to make objects mockable
ENHANCEMENT Added Security::$force_database_is_ready to mock database_is_ready() state
ENHANCEMENT Added permission check exception in TaskRunner and DatabaseAdmin if SapphireTest::is_running_test() returns TRUE (necessary for DevelopmentAdminTest) (from r107415)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112588 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:43:30 +00:00
Ingo Schommer
68e98b4ee2 MINOR Making $Email available in Security_passwordsent.ss template (fixes #5737) (from r106876)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112541 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:06:53 +00:00
Sam Minnee
16277e5299 BUGFIX: fallback to the standard authenticator before throwing user_error as in some cases auth method is not passed back to the login form (from r102156)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112062 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 01:36:12 +00:00
Andreas Piening
1941c6042c ENHANCEMENT Creating default "Content Authors" group with limited rights if no other groups exist.
MINOR Moved Permission->requireDefaultRecords() to Group->requireDefaultRecords() and Member->requireDefaultRecords().
MINOR Removed outdated checks for CanCMS and CanCMSAdmin from Permission->requireDefaultRecords() (from r100799)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@108804 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-08-03 01:05:27 +00:00
Ingo Schommer
95c4befb4a BUGFIX: Sam's fix for "Unknown column Group.SubsiteID" with new subsites (from r100375)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@105555 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-05-25 03:45:27 +00:00
Ingo Schommer
e67c8d8c37 BUGFIX Setting ID = -1 on Security/lostpassword to avoid showing toplevel navigation (see #5086) (from r99479)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102864 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-14 04:40:30 +00:00
Ingo Schommer
b4c425168c MINOR: Fixed caching of login page for tests (from r98538)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102766 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-14 02:19:54 +00:00
Ingo Schommer
ef36220d9f BUGFIX: Make Security/login page's ID give a different number for loggedin vs loggedout, to help with partial caching (from r98534)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102763 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-14 02:17:42 +00:00
Ingo Schommer
8256228e69 MINOR Upgraded jQuery.entwine (formerly known as jQuery.concrete) to the latest trunk
MINOR Updated jQuery.concrete references to point to the new "entwine" name

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102695 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-13 05:45:29 +00:00
Ingo Schommer
9c0c2cad7a BUGFIX: Make login form work without any theme loaded. (from r98432)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102656 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-13 03:24:20 +00:00
Ingo Schommer
6450810b4c BUGFIX Checking for presence of all columns in Security::database_is_ready(). This was necessitated by an earlier change to the sapphire ORM which now selects all columns explicitly in a SQL query (instead of SELECT *) (see #4027) (from r97480)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102494 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 21:17:07 +00:00
Ingo Schommer
426190bc9e API CHANGE Security::setDefaultAdmin() no longer writes credentials to any Member database records (created through Security::findAnAdministrator(). This prevents outdated credentials when setDefaultAdmin() code changes after creating the database record (see #4271)
API CHANGE Security::findAnAdministrator() no longer sets 'Email' and 'Password' properties on newly created members. Removed the $username and $password argments from the method.
ENHANCEMENT Member->requireDefaultRecords() no longer creates a default administrator based on $_REQUEST data. Moved functionality into Installer->install()
MINOR Security::findAnAdministrator() names any default administrators 'Default Admin' instead of 'Admin' (from r97478)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102493 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 21:16:26 +00:00
Ingo Schommer
b69b03b9e0 API CHANGE: Unique_identifier now accepted as the login requirement, allowing alternatives to 'Email' (from r97270)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102440 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 05:00:05 +00:00
Ingo Schommer
603657b943 MERGE merged back a whole bunch of defect fixes from trunk (from r87846) (from r96712)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102336 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 01:45:52 +00:00
Ingo Schommer
0375eea256 BUGFIX: Fallback for arrays which do not contain 'alreadyLoggedIn' values (from r95968)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102322 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 00:51:21 +00:00
Sean Harvey
ca45cbe7e2 BUGFIX: orphaned permissions and subsite administrator groups were causing trouble - now with the JOIN the first global administrator group is picked up when ussing the override login. (from r94835)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@95625 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-12-16 05:43:35 +00:00
Sean Harvey
298ef035ed BUGFIX: Make sure findAnAdministrator gets a global administrator when subsites is installed. (from r94369)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@95603 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-12-16 05:40:05 +00:00
Ingo Schommer
78ec0cbfa7 MINOR Updated jquery-concrete
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92558 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:33:12 +00:00
Ingo Schommer
dca8c0cb6f merging
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92557 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:33:06 +00:00
Ingo Schommer
926834db27 MINOR Removed redundant jquery-ui.js dependency from TabSet.php and Security.php
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92550 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:32:27 +00:00
Ingo Schommer
4b1293771d MINOR Using jquery.concrete and jquery.selector on github through piston dependency management
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92542 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:31:55 +00:00
Ingo Schommer
757df3088e ENHANCEMENT Returning FALSE from Security->ping() if no valid user session exists, for more accurate login checking through the CMS javascript pinging
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92527 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:31:09 +00:00
Ingo Schommer
2fc966cc44 MINOR Removed loader.js dependencies
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92514 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:30:36 +00:00
Ingo Schommer
dd074069de MINOR Moved css specific to Security/login in Security_login.css (shouldnt be in the generic Form.css declarations)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92509 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:30:24 +00:00
Ingo Schommer
a11db29672 MINOR Changed paths to moved thirdparty dependencies (mostly from /jsparty to /sapphire/thirdparty, /cms/javascript and /sapphire/javascript)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92502 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:29:59 +00:00
Ingo Schommer
3b547ec9c9 ENHANCEMENT Using "concrete" jQuery plugin for tabbed Security/login view (in combination with jQuery UI tabs)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92480 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:22:41 +00:00
Ingo Schommer
deb691a481 ENHANCEMENT Using jQuery UI tabs for Security/login with multiple authentication methods (e.g. CMS-login and OpenID)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92478 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:22:36 +00:00
Andrew O'Neil
649079f4e8 BUGFIX: Use Object::create() for lostpassword(). (#4670, Tjofras)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@91270 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-11 03:00:02 +00:00
Ingo Schommer
e675381cd4 ENHANCEMENT Pluggable password encryption through PasswordEncryptor class (#3665)
BUGFIX Fixed password hashing design flaw in Security::encrypt_password(). Removing base_convert() packing with unsafe precision, but retaining backwards compatibilty through pluggable encryptors: PasswordEncryptor_LegacyPHPHash (#3004)
API CHANGE Deprecated Security::encrypt_passwords()
API CHANGE Deprecated Security::$useSalt, use custom PasswordEncryptor implementation
API CHANGE Removed Security::get_encryption_algorithms()
API CHANGE MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword
API CHANGE Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90949 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-06 02:23:21 +00:00
Ingo Schommer
7dc1d607de MINOR Moved Security::encryptallpasswords() to EncryptAllPasswordsTask
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90948 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-06 02:23:13 +00:00
Andrew Short
79773042be API CHANGE: Renamed conflicting classes to have an "SS_" namespace, and renamed existing "SS" namespace to "SS_". The affected classes are: HTTPRequest, HTTPResponse, Query, Database, SSBacktrace, SSCli, SSDatetime, SSDatetimeTest, SSLog, SSLogTest, SSLogEmailWriter, SSLogErrorEmailFormatter, SSLogErrorFileFormatter, SSLogFileWriter and SSZendLog.
MINOR: Replaced usage of renamed classes with the new namespaced name.

From: Andrew Short <andrewjshort@gmail.com>

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90075 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-26 03:06:31 +00:00
Ingo Schommer
d386db0bc3 ENHANCEMENT Avoid information disclosure in Security/lostpassword form by returning the same message regardless wether a matching email address was found in the database.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86021 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 03:01:46 +00:00
Will Rossiter
ebce107d07 MINOR: added check for exec() and fixed the path for the wordlist file. Ticket #4428
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85701 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-03 23:36:45 +00:00
Sam Minnee
d38c79f584 ENHANCEMENT: If you are logged in and Security::permissionFailure() is called, just return a 403
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@81430 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-07-09 03:20:32 +00:00
Sam Minnee
20cbabfcb5 BUGFIX #3750 bgribaudo: Always render the security login form in the $Form template variable.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@79565 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-06-18 08:22:27 +00:00
Geoff Munn
aaaf9cdfcd API CHANGE: queries fixed for MSSQL
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@72929 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-11 23:03:28 +00:00
Sam Minnee
189f0567f8 Merged from branches/2.2
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@72811 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-10 22:17:26 +00:00
Andrew O'Neil
635e2c3df6 Merged from 2.3
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@72453 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-04 03:44:11 +00:00
Andrew O'Neil
60f75c5ca4 Merged changes from 2.3 branch
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71172 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-02-01 23:49:53 +00:00
Ingo Schommer
0747fc6d52 MINOR merged from branches/2.3
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@69856 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-01-07 23:00:54 +00:00
Ingo Schommer
d26f08b481 MINOR merged branches/2.3 into trunk
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@67465 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-12-04 22:38:32 +00:00
Ingo Schommer
1c639c320e MINOR reverted r66670 (see discussion at http://groups.google.com/group/silverstripe-dev/browse_thread/thread/1ed2a3c9224a785c)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66943 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-28 05:29:52 +00:00
Ingo Schommer
501cd2b70d BUGFIX Redirecting with 403 HTTP statuscode on Security::permissionFailure() for better testability
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66670 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-25 22:21:28 +00:00
Sam Minnee
96c5be8252 Updating queries to be more DB agnostic
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66507 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-24 09:31:14 +00:00
Sam Minnee
93438e0be2 API CHANGE: Adding double quotes to all table and field references (a work in progress)
API CHANGE: DataObject::get()'s GROUP BY clause is only generated for MySQL as it needs to be improved for other databases to accept it.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66427 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-23 23:28:16 +00:00
Sam Minnee
a3d3fb65a9 Updated SQL queries to be ansi compatable
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66401 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-23 00:31:06 +00:00