tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity
18,811 Commits 31 Branches 527 Tags
Commit Graph

450 Commits

Author SHA1 Message Date
Ingo Schommer
fa568e333e Fixed linting errors 2017-06-23 11:19:16 +12:00
Will Rossiter
ad54e7eb30 Fix ImportButton not opening the modal 2017-06-23 10:10:01 +12:00
Damian Mooyman
3873e4ba00 API Refactor bootstrap, request handling 
See https://github.com/silverstripe/silverstripe-framework/pull/7037
and https://github.com/silverstripe/silverstripe-framework/issues/6681

Squashed commit of the following:

commit 8f65e5653211240650eaa4fa65bb83b45aae6d58
Author: Ingo Schommer <me@chillu.com>
Date:   Thu Jun 22 22:25:50 2017 +1200

    Fixed upgrade guide spelling

commit 76f95944fa89b0b540704b8d744329f690f9698c
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 16:38:34 2017 +1200

    BUG Fix non-test class manifest including sapphiretest / functionaltest

commit 9379834cb4b2e5177a2600049feec05bf111c16b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 15:50:47 2017 +1200

    BUG Fix nesting bug in Kernel

commit 188ce35d82599360c40f0f2de29579c56fb90761
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 15:14:51 2017 +1200

    BUG fix db bootstrapping issues

commit 7ed4660e7a63915e8e974deeaba9807bc4d38b0d
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 14:49:07 2017 +1200

    BUG Fix issue in DetailedErrorFormatter

commit 738f50c497166f81ccbe3f40fbcff895ce71f82f
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 11:49:19 2017 +1200

    Upgrading notes on mysite/_config.php

commit 6279d28e5e455916f902a2f963c014d8899f7fc7
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 11:43:28 2017 +1200

    Update developer documentation

commit 5c90d53a84ef0139c729396949a7857fae60436f
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 10:48:44 2017 +1200

    Update installer to not use global databaseConfig

commit f9b2ba4755371f08bd95f6908ac612fcbb7ca205
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 21:04:39 2017 +1200

    Fix behat issues

commit 5b59a912b60282b4dad4ef10ed3b97c5d0a761ac
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 17:07:11 2017 +1200

    Move HTTPApplication to SilverStripe\Control namespace

commit e2c4a18f637bdd3d276619554de60ee8b4d95ced
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 16:29:03 2017 +1200

    More documentation
    Fix up remaining tests
    Refactor temp DB into TempDatabase class so it’s available outside of unit tests.

commit 5d235e64f341d6251bfe9f4833f15cc8593c5034
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 12:13:15 2017 +1200

    API HTTPRequestBuilder::createFromEnvironment() now cleans up live globals
    BUG Fix issue with SSViewer
    Fix Security / View tests

commit d88d4ed4e48291cb65407f222f190064b1f1deeb
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 16:39:43 2017 +1200

    API Refactor AppKernel into CoreKernel

commit f7946aec3391139ae1b4029c353c327a36552b36
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 16:00:40 2017 +1200

    Docs and minor cleanup

commit 12bd31f9366327650b5c0c0f96cd0327d44faf0a
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 15:34:34 2017 +1200

    API Remove OutputMiddleware
    API Move environment / global / ini management into Environment class
    API Move getTempFolder into TempFolder class
    API Implement HTTPRequestBuilder / CLIRequestBuilder
    BUG Restore SS_ALLOWED_HOSTS check in original location
    API CoreKernel now requires $basePath to be passed in
    API Refactor installer.php to use application to bootstrap
    API move memstring conversion globals to Convert
    BUG Fix error in CoreKernel nesting not un-nesting itself properly.

commit bba979114624247cf463cf2a8c9e4be9a7c3a772
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 18:07:53 2017 +1200

    API Create HTTPMiddleware and standardise middleware for request handling

commit 2a10c2397bdc53001013f607b5d38087ce6c0730
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 17:42:42 2017 +1200

    Fixed ORM tests

commit d75a8d1d93398af4bd0432df9e4bc6295c15a3fe
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 17:15:07 2017 +1200

    FIx i18n tests

commit 06364af3c379c931889c4cc34dd920fee3db204a
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 16:59:34 2017 +1200

    Fix controller namespace
    Move states to sub namespace

commit 2a278e2953d2dbb19f78d91c919048e1fc935436
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 12:49:45 2017 +1200

    Fix forms namespace

commit b65c21241bee019730027071d815dbf7571197a4
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 15 18:56:48 2017 +1200

    Update API usages

commit d1d4375c95a264a6b63cbaefc2c1d12f808bfd82
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 15 18:41:44 2017 +1200

    API Refactor $flush into HTPPApplication
    API Enforce health check in Controller::pushCurrent()
    API Better global backup / restore
    Updated Director::test() to use new API

commit b220534f06732db4fa940d8724c2a85c0ba2495a
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 22:05:57 2017 +1200

    Move app nesting to a test state helper

commit 603704165c08d0c1c81fd5e6bb9506326eeee17b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 21:46:04 2017 +1200

    Restore kernel stack to fix multi-level nesting

commit 2f6336a15bf79dc8c2edd44cec1931da2dd51c28
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 17:23:21 2017 +1200

    API Implement kernel nesting

commit fc7188da7d6ad6785354bab61f08700454c81d91
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:43:13 2017 +1200

    Fix core tests

commit a0ae7235148fffd71f2f02d1fe7fe45bf3aa39eb
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:23:52 2017 +1200

    Fix manifest tests

commit ca033952513633e182040d3d13e1caa9000ca184
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:00:00 2017 +1200

    API Move extension management into test state

commit c66d4339777663a8a04661fea32a0cf35b95d20f
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 14:10:59 2017 +1200

    API Refactor SapphireTest state management into SapphireTestState
    API Remove Injector::unregisterAllObjects()
    API Remove FakeController

commit f26ae75c6ecaafa0dec1093264e0187191e6764d
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 12 18:04:34 2017 +1200

    Implement basic CLI application object

commit 001d5596621404892de0a5413392379eff990641
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 12 17:39:38 2017 +1200

    Remove references to SapphireTest::is_running_test()
    Upgrade various code

commit de079c041dacd96bc4f4b66421fa2b2cc4c320f8
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 7 18:07:33 2017 +1200

    API Implement APP object
    API Refactor of Session
 2017-06-22 22:50:45 +12:00
Loz Calver
5d27dccd60 NEW: Add CSRF token to logout action 2017-06-21 15:42:13 +01:00
Damian Mooyman
306d801258 Merge pull request #6984 from dhensby/pulls/4/default-pdo 
NEW DB Driver defaults to PDO
 2017-06-18 21:27:32 +12:00
Chris Joe
8c91d48d3a Merge pull request #7033 from open-sausages/pulls/4.0/remove-parse-indexspec 
FIX Remove reference to removed method parseIndexSpec
 2017-06-16 16:40:51 +12:00
Chris Joe
102eaed36c Merge pull request #6722 from open-sausages/pulls/4.0/requirements-html-cleanup 
Better HTML generation behaviour for Requirements_Backend
 2017-06-16 13:52:06 +12:00
Damian Mooyman
64e802f795
API Move createTag to HTML class 
ENHANCEMENT Better HTML generation behaviour for Requirements_Backend
 2017-06-16 12:22:05 +12:00
Damian Mooyman
54879402ce
BUG Removed reserved / removed / invalid country codes 
Fixes #6996
 2017-06-16 11:38:00 +12:00
Damian Mooyman
957d238caa
FIX Remove reference to removed method parseIndexSpec 
Fixes #6968
 2017-06-16 11:20:52 +12:00
Damian Mooyman
0f90c5b63f ENHANCEMENT Update style of CMSLogin form 2017-06-15 18:13:14 +12:00
Damian Mooyman
024371c37e
API Change authentication ValidationResult handling to pass by-reference 2017-06-15 17:25:23 +12:00
Damian Mooyman
62d095305b
API Update DefaultAdmin services 
API Improve validation of authentication process
 2017-06-15 15:53:57 +12:00
Simon Erkelens
576eee72dc Remove DefaultAdmin things from Security and Member into the MemberAuthenticator, unifying and removing duplicate code. 2017-06-15 14:20:29 +12:00
Chris Joe
950b1dfec2 Merge pull request #7010 from flamerohr/pulls/4.0/no-path-to-follow 
Enhancement show the path which threw the error
 2017-06-12 10:36:46 +12:00
Damian Mooyman
0dcfa5fa9d FIX CMSSecurity doesn't have Authenticators assigned. 2017-06-12 10:10:34 +12:00
Christopher Joe
7178caf4a9 Enhancement show the path which threw the error 2017-06-12 10:08:12 +12:00
Simon Erkelens
3fe837dad7 Fix for CMS Authenticator. Should only apply to CMSSecurity 2017-06-10 14:47:53 +12:00
Simon Erkelens
5c4e55b60d It's not CascadeLogInTo anymore, it's CascadeInTo 
I'm mildly surprised this didn't break. I changed it to CascadeInTo, as the logout action needs to cascade into the session as well.
 2017-06-10 12:58:22 +12:00
Damian Mooyman
d89bd15330
Move authentication hooks to SapphireTest 2017-06-09 16:25:40 +12:00
Damian Mooyman
62753b3cb1
Cleanup and RequestFilter refactor 2017-06-09 15:07:35 +12:00
Simon Erkelens
5fce3308b4 Move LostPasswordHandler in to it's own class. 
- Moved the Authenticators from statics to normal
- Moved MemberLoginForm methods to the getFormFields as they make more sense there
- Did some spring-cleaning on the LostPasswordHandler
- Removed the BuildResponse from ChangePasswordHandler after spring cleaning
 2017-06-08 20:09:57 +12:00
Simon Erkelens
082db89550 Feedback from Damian. 
- Move the success and message to a validationresult
- Fix tests for validationresult return
- We need to clear the session in Test logOut method
- Rename to MemberAuthenticator and CMSMemberAuthenticator for consistency.
- Unify all to getCurrentUser on Security
- ChangePasswordHandler removed from Security
- Update SapphireTest for CMS login/logout
- Get the Member ID correctly, if it's an object.
- Only enable "remember me" when it's allowed.
- Add flag to disable password logging
- Remove Subsites coupling, give it an extension hook to disable itself
- Change cascadeLogInTo to cascadeInTo for the logout method logic naming
- Docblocks
- Basicauth config
 2017-06-08 17:50:20 +12:00
Simon Erkelens
2b26cafcff Separate out the log-out handling. 
Repairing tests and regressions
Consistently use `Security::getCurrentUser()` and `Security::setCurrentUser()`
Fix for the logout handler to properly logout, some minor wording updates
Remove the login hashes for the member when logging out.
BasicAuth to use `HTTPRequest`
 2017-06-07 21:11:58 +12:00
Sam Minnee
f9ea752bae NEW: Add AuthenticationHandler interface 
NEW: Add IdentityStore for registering log-in / log-out data
NEW: Add AuthenticationRequestFilter for managing login
NEW: Add Security:setCurrentUser() / Security::getCurrentUser()
NEW: Add FunctionalTest::logOut()
 2017-06-07 21:11:55 +12:00
Simon Erkelens
c4194f0ed2 CMS Login Handling 
Move to canLogin in the authentication check. Protected isLockedOut

Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken.

logOut could be managed from the Authenticator instead of the member
 2017-06-07 21:11:54 +12:00
Sam Minnee
7af7e6719e API: Security.authenticators is now a map, not an array 
Authenticators is now a map of keys -> service names. The key is used
in things such as URL segments. The “default_authenticator” value has
been replaced with the key “default” in this map, although in time a
default authenticator may not be needed.
IX: Refactor login() to avoid code duplication on single/multiple handlers
IX: Refactor LoginHandler to be more amenable to extension
IX: Fixed permissionFailure hack
his LoginHandler is expected to be the starting point for other
custom authenticators so it should be easier to repurpose components
`of it.
IX: Fix database-is-ready checks in tests.
IX: Fixed MemberAuthenticatorTest to match the new API
IX: Update security URLs in MemberTest
 2017-06-07 21:11:53 +12:00
Sam Minnee
e226b67d06 Refactoring of authenticators 
Further down the line, I'm only returning the `Member` on the doLogin, so it's possible for the Handler or Extending Handler to move to a second step.
Also cleaned up some minor typos I ran in to. Nothing major.

This solution works and is manually tested for now. Supports multiple login forms that end up in the correct handler. I haven't gotten past the handler yet, as I've yet to refactor my Yubiauth implementation.

FIX: Corrections to the multi-login-form support.

Importantly, the system provide a URL-space for each handler, e.g.
“Security/login/default” and “Security/login/other”. This is much
cleaner than identifying the active authenticator by a get parameter,
and means that the tabbed interface is only needed on the very first view.

Note that you can test this without a module simply by loading the
default authenticator twice:

SilverStripe\Security\Security:
  authenticators:
    default: SilverStripe\Security\MemberAuthenticator\Authenticator
    other: SilverStripe\Security\MemberAuthenticator\Authenticator

FIX: Refactor delegateToHandler / delegateToHandlers to have less
duplicated code.
 2017-06-07 21:11:52 +12:00
Daniel Hensby
856aa79892 Merge pull request #6987 from open-sausages/pull/4.0/3239-consisten-fist-last-returns 
Consistent return values for first and last methods
 2017-06-06 16:59:04 +01:00
Damian Mooyman
8c0ced311f Merge pull request #6998 from AntonyThorpe/StrictFormMethodCheck 
Updated Form.php & 04_Form_Security.md  - strictFormMethodCheck to true
 2017-06-06 23:06:11 +12:00
Antony Thorpe
6348f2e3e8 Updated Form.php & 04_Form_Security.md 
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting.  In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]."  The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)).

Why not make this the default behaviour?  Is there a scenario where this would cause a problem?  Have manually tested in the CMS (alpha7) and is working fine.

Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
 2017-06-06 21:10:49 +12:00
Saophalkun Ponlu
e267d29b9a BUG Consistent return values for first and last methods 2017-06-06 17:22:55 +12:00
Christopher Joe
d12c986dd5
Fixes printing from crashing 2017-06-06 13:31:37 +12:00
Daniel Hensby
9a0e01d4a0
NEW DB Driver defaults to PDO 2017-06-01 11:00:35 +01:00
Daniel Hensby
11de4abe0a Merge pull request #6977 from andrewandante/FIX/move_dotenv_higher 
move TRUSTED_PROXY below .env loader
 2017-05-30 12:41:09 +01:00
Andrew Aitken-Fincham
8f44b8f0ba move trusted_proxy_ips below .env loader 2017-05-30 12:18:47 +01:00
Damian Mooyman
b27ef810d4 Merge pull request #6974 from colintucker/fix-csv-bulk-loader 
Fixes a bug with split file names during CSV import
 2017-05-30 16:18:06 +12:00
Damian Mooyman
e7d87add9f API Remove legacy HTMLEditor classes 2017-05-30 11:01:28 +12:00
Nick
acb74a8577 Fix $class variable from being clobbered 
The $class variable gets overwritten in the function.

This causes error messages to be less helpful. For example if you setup a has_many but forget the has_one on the other side the error will look something like

`[Emergency] Uncaught Exception: No has_one found on class 'SomeObject', the has_many relation from 'SilverStripe\View\ViewableData' to 'SomeObject' requires a has_one on 'SomeObject'`

fixing this gives a more useful error, like

`[Emergency] Uncaught Exception: No has_one found on class 'SomeObject', the has_many relation from 'Page' to 'SomeObject' requires a has_one on 'SomeObject'`
 2017-05-29 20:31:09 +12:00
Colin Tucker
db59e51c4a Fixes a bug with split file names during CSV import 2017-05-29 16:08:23 +10:00
Damian Mooyman
963d9197d3
API Ensure that all DataQuery joins are aliased based on relationship name 2017-05-26 13:38:58 +12:00
Daniel Hensby
893f19a5ea
DOCS Updating index definition examples 2017-05-25 23:29:12 +01:00
Daniel Hensby
3e556b5966
NEW Move index generation to DataObjectSchema and solidify index spec 2017-05-25 23:29:12 +01:00
Damian Mooyman
0cd40ca6e5
BUG Fix minor accessors of legacy ->class property 2017-05-25 11:55:12 +12:00
Damian Mooyman
29f450b1e1 Revert injector type hint to Injector 2017-05-25 11:06:48 +12:00
Damian Mooyman
906a4c444b
API Add streamable response object 2017-05-23 16:32:29 +12:00
Damian Mooyman
d15b9ee0b0 Response to feedback 2017-05-23 13:50:35 +12:00
Damian Mooyman
fba8e2c245 API Remove Object class 
API DataObjectSchema::manyManyComponent() return array is now associative array
 2017-05-23 13:50:35 +12:00
Damian Mooyman
7e2f8d1f2d Merge pull request #6951 from sminnee/fix-2494 
FIX: Don’t assume posix_getpwuid is available.
 2017-05-23 13:10:56 +12:00
Sam Minnee
09164e7e2a FIX: Better error checking for non-writable temp paths 
Fixes https://github.com/silverstripe/silverstripe-framework/issues/1666
 2017-05-23 10:06:48 +12:00