Commit Graph

111 Commits

Author SHA1 Message Date
Simon Erkelens
3fe837dad7 Fix for CMS Authenticator. Should only apply to CMSSecurity 2017-06-10 14:47:53 +12:00
Damian Mooyman
62753b3cb1
Cleanup and RequestFilter refactor 2017-06-09 15:07:35 +12:00
Simon Erkelens
082db89550 Feedback from Damian.
- Move the success and message to a validationresult
- Fix tests for validationresult return
- We need to clear the session in Test logOut method
- Rename to MemberAuthenticator and CMSMemberAuthenticator for consistency.
- Unify all to getCurrentUser on Security
- ChangePasswordHandler removed from Security
- Update SapphireTest for CMS login/logout
- Get the Member ID correctly, if it's an object.
- Only enable "remember me" when it's allowed.
- Add flag to disable password logging
- Remove Subsites coupling, give it an extension hook to disable itself
- Change cascadeLogInTo to cascadeInTo for the logout method logic naming
- Docblocks
- Basicauth config
2017-06-08 17:50:20 +12:00
Sam Minnee
f9ea752bae NEW: Add AuthenticationHandler interface
NEW: Add IdentityStore for registering log-in / log-out data
NEW: Add AuthenticationRequestFilter for managing login
NEW: Add Security:setCurrentUser() / Security::getCurrentUser()
NEW: Add FunctionalTest::logOut()
2017-06-07 21:11:55 +12:00
Simon Erkelens
c4194f0ed2 CMS Login Handling
Move to canLogin in the authentication check. Protected isLockedOut

Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken.

logOut could be managed from the Authenticator instead of the member
2017-06-07 21:11:54 +12:00
Sam Minnee
7af7e6719e API: Security.authenticators is now a map, not an array
Authenticators is now a map of keys -> service names. The key is used
in things such as URL segments. The “default_authenticator” value has
been replaced with the key “default” in this map, although in time a
default authenticator may not be needed.
IX: Refactor login() to avoid code duplication on single/multiple handlers
IX: Refactor LoginHandler to be more amenable to extension
IX: Fixed permissionFailure hack
his LoginHandler is expected to be the starting point for other
custom authenticators so it should be easier to repurpose components
`of it.
IX: Fix database-is-ready checks in tests.
IX: Fixed MemberAuthenticatorTest to match the new API
IX: Update security URLs in MemberTest
2017-06-07 21:11:53 +12:00
Sam Minnee
e226b67d06 Refactoring of authenticators
Further down the line, I'm only returning the `Member` on the doLogin, so it's possible for the Handler or Extending Handler to move to a second step.
Also cleaned up some minor typos I ran in to. Nothing major.

This solution works and is manually tested for now. Supports multiple login forms that end up in the correct handler. I haven't gotten past the handler yet, as I've yet to refactor my Yubiauth implementation.

FIX: Corrections to the multi-login-form support.

Importantly, the system provide a URL-space for each handler, e.g.
“Security/login/default” and “Security/login/other”. This is much
cleaner than identifying the active authenticator by a get parameter,
and means that the tabbed interface is only needed on the very first view.

Note that you can test this without a module simply by loading the
default authenticator twice:

SilverStripe\Security\Security:
  authenticators:
    default: SilverStripe\Security\MemberAuthenticator\Authenticator
    other: SilverStripe\Security\MemberAuthenticator\Authenticator

FIX: Refactor delegateToHandler / delegateToHandlers to have less
duplicated code.
2017-06-07 21:11:52 +12:00
Damian Mooyman
259f957ce8 API Rename services to match FQN of interface / classes 2017-05-16 14:15:49 +12:00
Sam Minnee
4c772c80c3 FIX: Show detailed errors on CLI for live environments
API: Add HTTPOutputHandler::setCLIFormatter

Fixes https://github.com/silverstripe/silverstripe-framework/issues/6835

This provides detailed errors (but not warnings or notices) in CLI calls
on live environments.

It does this by adding a 2nd argument to our output handler,
CliFormatter. This formatter will be used when Director::is_cli() is
true.
2017-05-01 15:28:48 +12:00
Simon Erkelens
3f1f9d04b7 Improve the default LoginForm
- has the fields and actions extracted to a separate method, so it's more easily overridable
- Moved the global variable $_REQUEST to getting the info from the controller
- Updated string variables to `::class`
- Updated RequiredFields to be set in the YML, so it's overridable/updatable from either Config or code
2017-04-16 19:05:29 +12:00
Damian Mooyman
ac3a9c9e6e API Split out SilverStripe\ORM\Versioned into new module 2017-03-27 11:03:39 +13:00
Damian Mooyman
dae6d5902f API Split SilverStripe\Assets into separate module 2017-03-21 11:12:51 +13:00
Damian Mooyman
54ba08a306 API Replace ManifestCache with ManifestCacheFactory
API Remove lots of deprecated module code from ClassManifest
2017-03-21 09:43:48 +13:00
Damian Mooyman
ce14060913 API Apply default logger to all caches
API Rename ‘Logger’ service name to ‘Psr\Log\LoggerInterface’
API DefaultCacheFactory constructor now takes an array of default arguments
2017-03-15 15:31:24 +13:00
Damian Mooyman
c2f2318d5f Move admin routes to admin module 2017-03-14 10:22:45 +13:00
Loz Calver
b9da55c8ab Merge pull request #6659 from robbieaverill/bugfix/quote-constants-in-yaml
FIX Add quotes to constants in YAML to ensure syntax validity
2017-02-28 09:19:22 +00:00
Robbie Averill
badf7d3a73 FIX Add quotes to constants in YAML to ensure syntax validity 2017-02-27 21:48:42 +13:00
Damian Mooyman
3362e15a29 API Upgrade code to use updated config 2017-02-27 16:54:01 +13:00
Christopher Joe
98ecaf9bd0 Change UploadField to TreeDropdownField for modal fields
Change UploadField to abstract placeholder FileHandleField for non-modal fields
2017-02-27 10:38:23 +13:00
Ingo Schommer
d220ca3f67 API Use symfony/cache (fixes #6252) 2017-02-26 13:07:59 +13:00
Damian Mooyman
029a8b9586
API Substitute Zend_Currency with NumberFormatter based solution
API Substitute Zend_Locale with Locale / NumberFormatter
API Substitute Zend_Date with IntlDateFormatter
API Added DBTIme::Nice12, FormatFromSettings
API Added Short() method to DBDate / DBTime / DBDatetime
API Add Date::getTimestamp()
API Added setSubmittedValue api for FormField
API Add second arg to base FormField::setValue()
API Major refactor of i18n into component data parts
API Implement Resettable interface to reset objects between tests
ENHANCEMENT Changed DBField::create_field return type to `static` to support better type hinting
ENHANCEMENT i18nTextCollector supports __CLASS__
2017-02-09 15:28:59 +13:00
Damian Mooyman
8a07c56bdf API Replace i18n message localisation with symfony/translation
API Implement enhanced pluralisation
Remove Zend_Translate and all Zend dependencies from i18n
Deprecated $context from i18n::_t()
Warn on missing default string for i18n::_t()
2017-01-25 17:08:12 +13:00
Daniel Hensby
3ea5015f8b NEW Move to SwiftMailer powered Emails (#6466)
* API Replace existing Email and Mailer classes with SwiftMailer powered email system

* DOCS New Email docs

* Initial feedback from Damian

* Making Mailer an interface

* Templates relocated

* Round of feedback

* More robust approach to plain parts

* Revert changes to TestMailer
2017-01-13 14:48:46 +13:00
Daniel Hensby
bcc21c2403
Merge branch '3' 2016-11-10 01:09:35 +00:00
Damian Mooyman
bfd9cb1aca Rename SS_ prefixed classes (#5974) 2016-09-09 18:43:05 +12:00
Damian Mooyman
8dd644d25d
API Namespace all classes
Namespace all templates
Move difflib and BBCodeParser2 to thirdparty
Remove deprecated API marked for removal in 4.0
2016-09-08 10:23:17 +12:00
Damian Mooyman
7105099497
API Change behaviour of filter API to support injected search filter classes
API Remove DataList::applyFilterContext(), superseded by DataList::createSearchFilter()
API SearchFilter::getSupportedModifiers() added to support supported modifier inspection
2016-09-05 17:28:36 +12:00
Damian Mooyman
59efd280ad Fix issues with CMS permission codes
Standardise template locations
Move CMSSettingsController class to SiteConfig module
Fix CMSMenu behaviour for namespaced admin sections
Split classes into one per file
Manual fixes and cleanup
2016-08-17 11:19:14 +12:00
Damian Mooyman
5c9044a007 API Enforce default_cast for all field usages
API Introduce HTMLFragment as casting helper for HTMLText with shortcodes disabled
API Introduce DBField::CDATA for XML file value encoding
API RSSFeed now casts from the underlying model rather than by override
API Introduce CustomMethods::getExtraMethodConfig() to allow metadata to be queried
BUG Remove _call hack from VirtualPage
API Remove FormField::$dontEscape
API Introduce HTMLReadonlyField for non-editable readonly HTML
API FormField::Field() now returns string in many cases rather than DBField instance.
API Remove redundant *_val methods from ViewableData
API ViewableData::obj() no longer has a $forceReturnObject parameter as it always returns an object
BUG  Fix issue with ViewableData caching incorrect field values after being modified.
API Remove deprecated DB class methods
API Enforce plain text left/right formfield titles
2016-07-13 17:15:45 +12:00
Damian Mooyman
af22a83166 API Apply Framework\Security namespace 2016-07-07 11:32:28 +12:00
Hamish Friedlander
80d4af6b6e
API Apply Framework\ORM Namespace to model 2016-06-29 10:02:32 +12:00
Simon Erkelens
20fac04637 RFC #5487 Remove Oembed in favor of embed/embed. (#5536) 2016-05-27 13:09:03 +12:00
Frank Mullenger
b4cd617ee3 FIX: Renaming to HTMLEditorConfig.
FIX: Renaming to HTMLEditorField*.

FIX: Renaming to HTMLEditorSanitiser*.
2016-05-06 14:16:34 +12:00
Sam Minnee
aeccb8b8e0 API: Move DBField subclasses into SilverStripe\Model\FieldType namespace
API: Deprecate SS_Datetime.

The DBField subclasses are have all been renamed to start with “DB” and
be in the SilverStripe\Model\FieldType namespace. To keep DataObject
definitions concise, the original short variations of their names are
preserved as service definitions. Most of the field generation code
doesn’t need to change, but where field classes are referenced directly,
changes will be needed.

SS_Datetime, which is commonly referenced outside the model system
itself, has been preserved as a subclass of DBDatetime. This has been
marked as deprecated and can be removed in SilverStripe 5.

A few places that referred to $db and $casting values weren’t using
the Injector to instantiate the relevant classes. This meant that the
remapping we have created as part of moving classes into a namespace
didn’t work.
2016-03-22 18:09:30 +13:00
Sam Minnee
083799ec03 FIX: Minimal data-model changes to support PHP7.
The tidiest fix for this will be to update the namespace/naming of all
field types to follow this pattern. I’ve broken out the minimum
necessary to support PHP7 as its own commit, in case anyone needs to
backport that (e.g. if someone wanted to patch a SS 3 system to get
PHP7 support).

Rather than introduce a new API for fieldtype namespace simplification,
I’ve just used Injector. We may come up with a new configuration tool
that is better, but this has the advantage of existing now, and as such
I think is a good first step.
2016-03-22 17:39:08 +13:00
David Craig
afccef718c Initial Form Field Schema implementation
- Adds FormSchema class
- Adds FormSchema dependency to LeftAndMain via Injector
- Adds schema allowed_action method to LeftAndMain for generating Form schemas
- Adds FormFieldSchemaTrait to for schema getters and setters on FormFields
2016-03-03 08:20:54 +13:00
Damian Mooyman
3b0a9f4ba2 Merge remote-tracking branch 'origin/3'
# Conflicts:
#	admin/javascript/LeftAndMain.Menu.js
#	control/HTTPRequest.php
#	css/GridField.css
#	css/GridField.css.map
#	docs/en/02_Developer_Guides/03_Forms/Field_types/01_Common_Subclasses.md
#	docs/en/02_Developer_Guides/06_Testing/00_Unit_Testing.md
#	docs/en/02_Developer_Guides/06_Testing/index.md
#	docs/en/02_Developer_Guides/14_Files/01_File_Management.md
#	docs/en/02_Developer_Guides/14_Files/02_Images.md
#	filesystem/Upload.php
#	javascript/HtmlEditorField.js
#	model/Image.php
#	model/connect/MySQLDatabase.php
#	model/fieldtypes/Enum.php
#	model/versioning/Versioned.php
#	scss/GridField.scss
2016-02-25 14:51:59 +13:00
Oliver Shaw
ec647ed007 UPDATE: Add support for user defined charset and collation 2016-02-23 15:40:30 +00:00
Ingo Schommer
d1af214ef5 API Removed custom dev/tests/ execution
Rely on standard vendor/bin/phpunit via CLI instead.
See https://github.com/silverstripe/silverstripe-framework/issues/4254

- Not disabling xdebug. That should be harmful, and is actively harming test development
- No longer able to specifically skip tests via the `SkipTests` request parameter. Use phpunit.xml groups and the `--exclude-group` CLI argument instead
- No longer able to specify multiple comma-separated module folders. use phpunit.xml groups and the `--group` CLI argument instead
- Not explicitly calling `SSViewer::flush_template_cache()` (was never the case on running `phpunit` CLI anyway, and shouldn't be required any more)
2016-02-23 20:19:35 +13:00
Ingo Schommer
a16588aac3 API Removed JSTestRunner
See https://github.com/silverstripe/silverstripe-framework/issues/4254
2016-02-23 20:19:12 +13:00
Damian Mooyman
510c556739 API File has Versioned extension
API Improved support for versioned DataObject
API GridField extensions for versioned dataobjects
API De-couple File and ErrorPage
API File::handle_shortcode now respects canView()
API AssetControlExtension is now able to delete, publish, or protect files
API Upload now protects new assets by default
2016-02-23 13:46:28 +13:00
Damian Mooyman
f20ad434ce API Update TinyMCE to 4.x
API Allow HtmlEditorField to be individually configured
BUG Fix incorrect change detection
BUG Fix missing i18n files
2016-02-23 10:10:02 +13:00
Damian Mooyman
e6b877df27 Merge remote-tracking branch 'origin/3'
# Conflicts:
#	control/Director.php
#	control/HTTP.php
#	core/startup/ParameterConfirmationToken.php
#	docs/en/00_Getting_Started/01_Installation/05_Common_Problems.md
#	docs/en/00_Getting_Started/04_Directory_Structure.md
#	docs/en/00_Getting_Started/05_Coding_Conventions.md
#	docs/en/01_Tutorials/01_Building_A_Basic_Site.md
#	docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
#	docs/en/01_Tutorials/03_Forms.md
#	docs/en/01_Tutorials/04_Site_Search.md
#	docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md
#	docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md
#	docs/en/02_Developer_Guides/13_i18n/index.md
#	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md
#	docs/en/03_Upgrading/index.md
#	docs/en/changelogs/index.md
#	docs/en/howto/customize-cms-menu.md
#	docs/en/howto/navigation-menu.md
#	docs/en/index.md
#	docs/en/installation/index.md
#	docs/en/installation/windows-manual-iis-6.md
#	docs/en/misc/contributing/code.md
#	docs/en/misc/contributing/issues.md
#	docs/en/misc/module-release-process.md
#	docs/en/reference/dataobject.md
#	docs/en/reference/execution-pipeline.md
#	docs/en/reference/grid-field.md
#	docs/en/reference/modeladmin.md
#	docs/en/reference/rssfeed.md
#	docs/en/reference/templates.md
#	docs/en/topics/commandline.md
#	docs/en/topics/debugging.md
#	docs/en/topics/email.md
#	docs/en/topics/forms.md
#	docs/en/topics/index.md
#	docs/en/topics/module-development.md
#	docs/en/topics/modules.md
#	docs/en/topics/page-type-templates.md
#	docs/en/topics/page-types.md
#	docs/en/topics/search.md
#	docs/en/topics/testing/index.md
#	docs/en/topics/testing/testing-guide-troubleshooting.md
#	docs/en/topics/theme-development.md
#	docs/en/tutorials/1-building-a-basic-site.md
#	docs/en/tutorials/2-extending-a-basic-site.md
#	docs/en/tutorials/3-forms.md
#	docs/en/tutorials/4-site-search.md
#	docs/en/tutorials/5-dataobject-relationship-management.md
#	docs/en/tutorials/building-a-basic-site.md
#	docs/en/tutorials/dataobject-relationship-management.md
#	docs/en/tutorials/extending-a-basic-site.md
#	docs/en/tutorials/forms.md
#	docs/en/tutorials/index.md
#	docs/en/tutorials/site-search.md
#	main.php
#	model/SQLQuery.php
#	security/ChangePasswordForm.php
#	security/MemberLoginForm.php
#	tests/control/ControllerTest.php
#	tests/core/startup/ParameterConfirmationTokenTest.php
#	tests/model/SQLQueryTest.php
#	tests/security/SecurityTest.php
#	tests/view/SSViewerTest.php
#	view/SSTemplateParser.php
#	view/SSTemplateParser.php.inc
#	view/SSViewer.php
2016-01-20 13:16:27 +13:00
Damian Mooyman
037467beae API Asset Access Control implementation 2016-01-13 18:18:22 +13:00
Sam Minnee
3ee8f505b7 MINORE: Remove training whitespace.
The main benefit of this is so that authors who make use of
.editorconfig don't end up with whitespace changes in their PRs.

Spaces vs. tabs has been left alone, although that could do with a
tidy-up in SS4 after the switch to PSR-1/2.

The command used was this:

for match in '*.ss' '*.css' '*.scss' '*.html' '*.yml' '*.php' '*.js' '*.csv' '*.inc' '*.php5'; do
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" | xargs perl -pi -e 's/ +$//'
done
2016-01-07 10:15:54 +13:00
Damian Mooyman
48a30909f3 Merge remote-tracking branch 'origin/3.2' into 3
# Conflicts:
#	admin/javascript/LeftAndMain.BatchActions.js
#	css/UploadField.css
#	forms/HtmlEditorField.php
2015-12-22 14:07:52 +13:00
UndefinedOffset
afbb5cfed4 BUGFIX: Vimeo oEmbed endpoint redirecting to no www 2015-12-16 12:19:37 +13:00
UndefinedOffset
cd66917a86 BUGFIX: Vimeo oEmbed endpoint redirecting to no www 2015-12-15 17:53:57 -04:00
Marcus Nyeholt
f7c270a3ba NEW Use Config for determining Vary header
Existing implementation hardcodes the Vary header; swap to using Config layer
instead

Added test for changing the variable from config
2015-12-02 10:28:24 +11:00
Damian Mooyman
c13b5d989f API Enable advanced configuration options for requirements combined files
API Enable relative root paths for the default Flysystem AssetAdapter
2015-12-01 11:07:13 +13:00