Commit Graph

44 Commits

Author SHA1 Message Date
micmania1
229bea399b added logout url to Security and deprecated Security::set_login_url in favour of config 2013-12-20 21:55:54 +00:00
Ingo Schommer
d75f545887 Clear DB caches in SecurityTest 2013-10-20 14:23:23 +02:00
Ingo Schommer
b58e2dbe3a Member.lock_out_delay_mins configurable, password security docs 2013-07-11 09:47:28 +02:00
Ingo Schommer
fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction()
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Sam Minnee
d8bfc0bb48 API CHANGE: Added Security::set_login_url() so that you can define an alternative log-in page if you have made one yourself. 2013-01-29 18:03:47 +01:00
Mateusz Uzdowski
a8b0e44d98 API Hash autologin tokens before storing in the database.
Refactor the code to make it clear the distinction is made between a
plaintext token and a hashed version. Rename fields so it is more
obvious what is being written and what sent out to the user.

This reuses the salt and algorithm from the Member, which are kept
constant throughout the Member lifetime in a normal scenario. If they do
change, users will need to re-request so the hashes can be regenerated.
2012-11-09 11:29:42 +01:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Sean Harvey
007ed25c0b MINOR Fixing broken tests 2012-04-20 15:05:18 +12:00
Simon Welsh
f07258f3cf MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
Simon Welsh
f8082e4814 MINOR Add newline to end of files without one 2012-04-15 10:50:19 +12:00
Sam Minnee
ec73555db4 MINOR: Text fix. 2011-10-29 17:36:38 +13:00
Simon Welsh
2c0257e9b9 Cast the header value to string as PHPUnit can't handle it being NULL. 2011-10-29 15:24:06 +13:00
Ingo Schommer
2870eb9212 MINOR Changed $fixture_path to relative filenames in all sapphire test cases in order to allow easier file moving and less verbosity in tests 2011-03-30 23:04:48 +13:00
Ingo Schommer
65e7b83421 MINOR Made login form redirection test in SecurityTest explicit, rather than implicit through testLogInAsSomeoneElse() 2011-03-29 18:08:33 +13:00
Paul Meyrick
dc36725869 MINOR Using BlankPage template in SecurityTest, BasicAuthTest to remove ContentController dependency
MINOR Checking for SiteTree class existence in Security, Translatable
MINOR Checking for ContentController existence in FulltextSearchable
MINOR Removed unnecessary ContentController tests from ObjectTest
MINOR Replaced CMS specific examples in PermissionCheckboxSetFieldTest, DataObjectTest
MINOR Changed SecurityTest to make assertions against Security/login rather than relying on redirection from admin/cms
2011-03-29 18:07:55 +13:00
Ingo Schommer
d099c7e5ba BUGFIX Unregistering custom Authenticators in SecurityTest->setUp() 2011-03-21 18:13:01 +13:00
Ingo Schommer
a7e9be3bc4 BUGFIX Fixing SecurityTest to clear any custom settings in Security::$force_database_is_ready before making assertions 2011-03-21 18:12:59 +13:00
Ingo Schommer
4b2c64c843 BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114758 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 21:18:49 +00:00
Sam Minnee
b7f21302bc MINOR Fixed failing test as session being set before logging out and losing BackURL (from r108518)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112759 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:47:19 +00:00
Sam Minnee
0e3693f99e BUGFIX: tests now pass when the locale is set to something other than 'en_US' in the mysite's _config.php file (from r107940)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112702 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-18 22:33:41 +00:00
Ingo Schommer
caa2a292bb BUGFIX: SecurityTest tests would fail on sites which had set a non-default unique identifier field for Members (from r104016)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112329 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-14 23:53:44 +00:00
Sam Minnee
51375f7cc6 ENHANCEMENT: added tests for checking the change password functionality, including the resulting redirection (from #5420) (from r103250)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112128 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 03:39:04 +00:00
Sam Minnee
890ac94a6a MINOR: Several changes merged from branches/2.4
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112060 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 01:35:19 +00:00
Ingo Schommer
6450810b4c BUGFIX Checking for presence of all columns in Security::database_is_ready(). This was necessitated by an earlier change to the sapphire ORM which now selects all columns explicitly in a SQL query (instead of SELECT *) (see #4027) (from r97480)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102494 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 21:17:07 +00:00
Ingo Schommer
61e27830c6 MINOR Fixed unit tests after change Member->checkPassword() to return ValidationResult instead of boolean (see r98268) (merged from r98274)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@99701 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 04:05:34 +00:00
Ingo Schommer
5e3cffec1f BUGFIX More robust URL handling in SecurityTest to avoid failing on custom /admin redirects
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85514 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-01 06:48:31 +00:00
Sean Harvey
13b358a8dd Merged from branches/2.3
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75582 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-04-29 00:07:39 +00:00
Sam Minnee
41fb93b344 ENHANCEMENT #3032 ajshort: Use static methods for accessing static data
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73036 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-14 00:16:32 +00:00
Ingo Schommer
6d708765fe BUGFIX Fixed redirection to external URLs through Security/login with BackURL parameter
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71708 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-02-11 21:08:28 +00:00
Sam Minnee
96c5be8252 Updating queries to be more DB agnostic
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66507 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-24 09:31:14 +00:00
Sam Minnee
12e62c6329 ENHANCEMENT: Change MySQLDatabase connection to operate in ANSI SQL mode, to ease the transition to DB abstraction
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66399 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-22 03:51:04 +00:00
Ingo Schommer
2b15a2d5b5 BUGFIX Using _t() to check content strings in unit tests and avoid tests failing when i18n is enabled
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64042 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-10-10 02:20:33 +00:00
Hayden Smith
634ed7b70c Merged from branches/nzct-trunk. Use 'svn log -c <changeset> -g' for full commit message. Merge includes stability fixes and minor refactor of TableListField and ComplexTableField.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@63806 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-10-08 02:00:12 +00:00
Sam Minnee
12a62b9f62 Updated SecurityTest to use new FunctionalTest system consistently
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60427 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-08-11 23:04:25 +00:00
Sam Minnee
8536a47b7c Update SecurityTest to use the FunctionalTest base-class
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60394 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-08-11 05:27:18 +00:00
Ingo Schommer
2d8434a43f (merged from branches/roa. use "svn log -c <changeset> -g <module-svn-path>" for detailed commit message)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60327 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-08-11 02:57:59 +00:00
Ingo Schommer
ad4d506f82 (merged from branches/roa. use "svn log -c <changeset> -g <module-svn-path>" for detailed commit message)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60287 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-08-11 00:14:48 +00:00
Sam Minnee
7b278290b4 BUGFIX: SecurityTest fails when running tests at 12am
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@58559 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-07-21 12:21:53 +00:00
Ingo Schommer
60860cc1b9 MINOR Unified @package PHPdoc (added where missing, removed duplicates)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@56212 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-06-15 13:33:53 +00:00
Sam Minnee
834da4640d Merged revisions 52618 via svnmerge from
http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity

........
  r52618 | sminnee | 2008-04-13 16:58:15 +1200 (Sun, 13 Apr 2008) | 1 line
  
  Updated tests to make better use of TestViewer
........


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53470 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-04-26 06:32:52 +00:00
Sam Minnee
a1f8892c52 Merged revisions 52151 via svnmerge from
http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity

........
  r52151 | sminnee | 2008-04-05 11:14:26 +1300 (Sat, 05 Apr 2008) | 1 line
  
  Lock users out after 5 failed log-ins
........


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53466 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-04-26 06:32:05 +00:00
Sam Minnee
eb60b67732 Merged revisions 52121 via svnmerge from
http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity

........
  r52121 | sminnee | 2008-04-03 22:04:33 +1300 (Thu, 03 Apr 2008) | 4 lines
  
  Added DataObject::validate() for specifying DataObject-level validators.
  Added DataObject::onAfterWrite(), a complement of DataObject::onBeforeWrite()
  Added password strength testing to security system
  Added password expiry to security system
........


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53465 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-04-26 06:31:52 +00:00