At the moment, if a user is logged in on a device (say, their phone) but has forgotten their password.
If they attempt to reset their password on their desktop, then open the email on their phone they then see the reset password form *with* the CurrentPassword field. I'm not entirely sure what happens if a DIFFERENT user is currently logged in, but I think they remain logged in and you're effectively trying to change their password.
Both scenarios are not ideal and (in fact) this happens a lot in the real world as it's a legitimate complaint we're receiving from a visitors of one of our client's websites.
Default to "yyyy-MM-dd" for date format, and "H:mm" for time_format.
Switched to config API for setting/getting values.
Avoid using "MMM" in particular, since it causes
inconsistencies in month names between jQuery UI and Zend_Locale_Format.
Fixes https://github.com/silverstripe/silverstripe-cms/issues/544
This will resolve issues in cases where the site locale may be assigned a value that does not have an explicit translation. E.g. if the locale is en_NZ (and it's appropriate for this to be the assigned locale), Afrikaans will no longer be the default selected locale when creating members. Now en_US is chosen as a better fallback default.
This is a minor ease of use fix that means fewer CMS users can be accidentally created in Afrikaans within NZ based sites.
Test cases included.
Partially reverts b0f38f4990
which broke unit tests relying on the old entity name
in 3.1, where translations and the en.yml master file have been backported to.
DataObject::validate() is currently set to protected, but this means
you can't call validate() from outside the context of itself unless
you overload the method to use a public visibility and then call
parent::validate()
As it would turn out, most classes that overload this method already
set the visibility to public, so it would make sense the parent matches
that as well.
Required to save/restore parts of the session information,
which Member nukes indiscriminately on logout.
Specific use case is restoring linkages to temporary databases
on Behat test runs.
If you fail your maximum login attempts and are locked out, further failed login attempts add to your already existing FailedLoginCount as it is only reset if you log in successfully. This means that if you're locked out, then try again, one failure will automatically lock you out again, regardless of what you set your max limit to.
Example:
lock_out_after_incorrect_logins: 3
FailedLoginCount: 0
The user fails three login attempts.
lock_out_after_incorrect_logins: 3
FailedLoginCount: 3
The user is now locked out.
Lockout time passes.
The user fails their 4th login.
lock_out_after_incorrect_logins: 3
FailedLoginCount: 4
This will continue to happen until the user successfully logs in, without giving them the pre-defined amount of login attempts again due to this condition being met after every incorrect login:
```php
if($this->FailedLoginCount >= self::config()->lock_out_after_incorrect_logins) {
```
FailedLoginTestCount Test Added
Adding a hook for registerFailedLogin so that it is possible to add some custom logic when a user fails to login
Also rearranged the write as this function could hit the DB up to 3 times. Now it will me 0 or 1 times.
Updates the CMS profile page and SecurityAdmin to give developers a few ways to customise the required fields.
Added extension hook updateValidator for getValidator for things like modules to inject required fields to go along with Injector for replacing the entire class for project specific use.
The functionality is easy to replicate in custom controllers,
and is too rarely used to be placed in core.
This also removes the `Member::is_repeat_member()` getter
and the `PastMember`/`IsRepeatMember` template globals.
See https://groups.google.com/forum/#!topic/silverstripe-dev/b8K3wU64TXg
Due to the recent change of translations to transifex, some
locales changed their names, which prompted a fix to
i18n::get_available_translations() (see 00ffe7294).
This caused a regression where short locales are determined
from the YAML file names (e.g. "en"), but weren't matched up
with fully qualified locales from get_available_translations() (e.g. "en_US").
Since this list is used in the admin/myprofile dropdown for the Member.Locale value,
it didn't match up with any entries and defaulted to the first one ("Africaans").
Note that the behaviour of admin/myprofile is still a bit weird:
It defaults the locale on new members to the one set for the current administrator.
So if a site defaults to en_US in _config.php, but the admin happens to view
his backend in de_DE, all members he creates default to de_DE as well.
Thanks to @tractorcow for contributing and peer reviewing!
Remove all top/bottom margins from buttons and apply to GridFieldButtonRow component. Ensure that all buttons are added to a suitable GridFieldButtonRow in ModelAdmin, SecurityAdmin and Group.
If there's validation errors in the ChangePasswordForm, the user
is taken to the BackURL because redirectBack() will go there if
it's set.
Instead of this, just redirect back to the "changepassword" action
on the Security controller.
Running Members() on a Group that has no Db record causes UnsavedRelationList to be returned by DirectMembers() which in turn causes alterDataQuery() to fall over when called on an UnsavedRelationList. This just adds a simple check to prevent it.
The call to Members() includes members of child groups, which was causing any members added through the grid field to be added to the child groups as well.
With this modification we can use Object::useCustomClass() to create a
custom ChangePasswordForm form:
Object::useCustomClass('ChangePasswordForm',
'CustomChangePasswordForm');
Disables ID based partial caching for all security actions so that actions such as Security/lostpassword and Security/passwordsent work properly even if partial caching is used.
