22 Commits

Author	SHA1	Message	Date
Damian Mooyman	6ba00e829a	[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt	2017-11-30 15:53:50 +13:00
Daniel Hensby	091d99f599	FIX Authenticators are more resilient to incomplete configuration	2017-09-12 15:57:03 +01:00
Daniel Hensby	447ce0f84f	[SS-2017-002] FIX Lock out users who dont exist in the DB	2017-05-25 16:14:52 +01:00
Damian Mooyman	4f06a43986	Merge 3.3 into 3 ... # Conflicts: # admin/javascript/lang/src/cs.js # admin/javascript/lang/src/de.js # admin/javascript/lang/src/en.js # admin/javascript/lang/src/eo.js # admin/javascript/lang/src/es.js # admin/javascript/lang/src/fi.js # admin/javascript/lang/src/fr.js # admin/javascript/lang/src/id.js # admin/javascript/lang/src/id_ID.js # admin/javascript/lang/src/it.js # admin/javascript/lang/src/ja.js # admin/javascript/lang/src/lt.js # admin/javascript/lang/src/mi.js # admin/javascript/lang/src/nb.js # admin/javascript/lang/src/nl.js # admin/javascript/lang/src/pl.js # admin/javascript/lang/src/ro.js # admin/javascript/lang/src/ru.js # admin/javascript/lang/src/sk.js # admin/javascript/lang/src/sl.js # admin/javascript/lang/src/sr.js # admin/javascript/lang/src/sr@latin.js # admin/javascript/lang/src/sr_RS.js # admin/javascript/lang/src/sr_RS@latin.js # admin/javascript/lang/src/sv.js # admin/javascript/lang/src/zh.js # javascript/lang/fr.js # javascript/lang/src/ar.js # javascript/lang/src/cs.js # javascript/lang/src/de.js # javascript/lang/src/en.js # javascript/lang/src/eo.js # javascript/lang/src/es.js # javascript/lang/src/fi.js # javascript/lang/src/fr.js # javascript/lang/src/id.js # javascript/lang/src/id_ID.js # javascript/lang/src/it.js # javascript/lang/src/ja.js # javascript/lang/src/lt.js # javascript/lang/src/mi.js # javascript/lang/src/nb.js # javascript/lang/src/nl.js # javascript/lang/src/pl.js # javascript/lang/src/ru.js # javascript/lang/src/sk.js # javascript/lang/src/sl.js # javascript/lang/src/sr.js # javascript/lang/src/sr@latin.js # javascript/lang/src/sr_RS.js # javascript/lang/src/sr_RS@latin.js # javascript/lang/src/sv.js # javascript/lang/src/zh.js # lang/it.yml	2016-05-11 14:06:23 +12:00
Daniel Hensby	cf29b2c146	Merge remote-tracking branch '3.1.19' into 3.2.4	2016-05-05 11:17:45 +01:00
Daniel Hensby	f32c893546	[SS-2016-005] FIX Apply brute force protection to default admin	2016-04-19 23:20:29 +01:00
Sam Minnee	3ee8f505b7	MINORE: Remove training whitespace. ... The main benefit of this is so that authors who make use of .editorconfig don't end up with whitespace changes in their PRs. Spaces vs. tabs has been left alone, although that could do with a tidy-up in SS4 after the switch to PSR-1/2. The command used was this: for match in '*.ss' '*.css' '*.scss' '*.html' '*.yml' '*.php' '*.js' '*.csv' '*.inc' '*.php5'; do find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+ find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" | xargs perl -pi -e 's/ +$//' done	2016-01-07 10:15:54 +13:00
Damian Mooyman	0b1f297873	Merge remote-tracking branch 'origin/3.1' ... Conflicts: .travis.yml README.md admin/code/LeftAndMain.php admin/css/screen.css admin/scss/screen.scss api/RestfulService.php conf/ConfigureFromEnv.php control/injector/ServiceConfigurationLocator.php control/injector/SilverStripeServiceConfigurationLocator.php core/ClassInfo.php core/Object.php css/AssetUploadField.css css/ComplexTableField_popup.css dev/CSSContentParser.php dev/DevelopmentAdmin.php docs/en/changelogs/index.md docs/en/misc/contributing/code.md docs/en/reference/execution-pipeline.md filesystem/GD.php filesystem/ImagickBackend.php filesystem/Upload.php forms/Form.php forms/FormField.php forms/HtmlEditorConfig.php forms/gridfield/GridFieldDetailForm.php forms/gridfield/GridFieldSortableHeader.php lang/en.yml model/Aggregate.php model/DataList.php model/DataObject.php model/DataQuery.php model/Image.php model/MySQLDatabase.php model/SQLQuery.php model/fieldtypes/HTMLText.php model/fieldtypes/Text.php scss/AssetUploadField.scss search/filters/SearchFilter.php security/Authenticator.php security/LoginForm.php security/Member.php security/MemberAuthenticator.php security/MemberLoginForm.php security/Security.php tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php tests/control/HTTPTest.php tests/control/RequestHandlingTest.php tests/filesystem/UploadTest.php tests/forms/FormTest.php tests/forms/NumericFieldTest.php tests/model/DataListTest.php tests/model/DataObjectTest.php tests/model/TextTest.php tests/security/MemberAuthenticatorTest.php tests/security/SecurityDefaultAdminTest.php tests/view/SSViewerCacheBlockTest.php tests/view/SSViewerTest.php	2014-11-18 12:45:54 +13:00
Damian Mooyman	53c40a94fa	API Enable re-authentication within the CMS if a user session is lost ... BUG Resolve issue with error redirection being ignored within CMS BUG Fix issue with invalid securityID being re-emitted on failure	2014-10-14 15:19:48 +13:00
Damian Mooyman	eb069e605d	Remove all redundant whitespace	2014-08-19 09:17:15 +12:00
Ingo Schommer	3334eafcb1	API Marked statics private, use Config API instead (#8317) ... See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.	2013-03-24 17:20:53 +01:00
Sam Minnee	1f7fc1f76a	FIX Remove instances of lines longer than 120c ... The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.	2012-09-30 17:18:13 +13:00
Ingo Schommer	e2f073f38a	Method visibility according to coding conventions	2012-09-20 10:46:59 +02:00
Simon Welsh	f07258f3cf	MINOR Update @package values to match renaming sapphire	2012-04-15 10:50:19 +12:00
Simon Welsh	f8082e4814	MINOR Add newline to end of files without one	2012-04-15 10:50:19 +12:00
Stig Lindqvist	0d031a5045	API CHANGE Use Config for registering default password encryptors ... Using the config system for registering password encryptors Remove the eval on password encryptor construction by using reflection Throws deprecation messages when using static register / unregister	2012-04-07 19:14:00 +12:00
Ingo Schommer	e4dfc243b4	BUGFIX Fixed SapphireTest->loginWithPermission() and MemberAuthenticatorTest to use existing Members based on their unique_identifier_field (if existing) to accommodate recent Member->onBeforeWrite() changes (see r100705) (from r100723) ... git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@105628 467b73ca-7a2a-4603-9d3b-597d59a354a9	2010-05-25 04:24:53 +00:00
Ingo Schommer	a6362eb6e0	MINOR Fixed MemberAuthenticatorTest, was setting global state in r97357 (from r97369) ... git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102444 467b73ca-7a2a-4603-9d3b-597d59a354a9	2010-04-12 05:01:48 +00:00
Ingo Schommer	f400c28099	BUGFIX: old 2.3 passwords now handled correctly and migrated accordingly (from r97357) ... git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102443 467b73ca-7a2a-4603-9d3b-597d59a354a9	2010-04-12 05:01:31 +00:00
Ingo Schommer	61e27830c6	MINOR Fixed unit tests after change Member->checkPassword() to return ValidationResult instead of boolean (see r98268) (merged from r98274) ... git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@99701 467b73ca-7a2a-4603-9d3b-597d59a354a9	2010-02-23 04:05:34 +00:00
Ingo Schommer	38c71c56a3	MINOR Added flag to remaining SapphireTest subclasses ... git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@93977 467b73ca-7a2a-4603-9d3b-597d59a354a9	2009-11-30 01:56:05 +00:00
Ingo Schommer	e4ca24c7e2	BUGFIX Legacy password hash migration in MemberAuthenticator::authenticate() which fixes the precision problems mentioned in #3004 when a user logs in ... git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90950 467b73ca-7a2a-4603-9d3b-597d59a354a9	2009-11-06 02:23:30 +00:00