micmania1
229bea399b
added logout url to Security and deprecated Security::set_login_url in favour of config
2013-12-20 21:55:54 +00:00
Ingo Schommer
d75f545887
Clear DB caches in SecurityTest
2013-10-20 14:23:23 +02:00
Ingo Schommer
b58e2dbe3a
Member.lock_out_delay_mins configurable, password security docs
2013-07-11 09:47:28 +02:00
Ingo Schommer
fb784af738
API Enforce $allowed_actions in RequestHandler->checkAccessAction()
...
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk
Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.
Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
Ingo Schommer
3334eafcb1
API Marked statics private, use Config API instead ( #8317 )
...
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Sam Minnee
d8bfc0bb48
API CHANGE: Added Security::set_login_url() so that you can define an alternative log-in page if you have made one yourself.
2013-01-29 18:03:47 +01:00
Mateusz Uzdowski
a8b0e44d98
API Hash autologin tokens before storing in the database.
...
Refactor the code to make it clear the distinction is made between a
plaintext token and a hashed version. Rename fields so it is more
obvious what is being written and what sent out to the user.
This reuses the salt and algorithm from the Member, which are kept
constant throughout the Member lifetime in a normal scenario. If they do
change, users will need to re-request so the hashes can be regenerated.
2012-11-09 11:29:42 +01:00
Sam Minnee
1f7fc1f76a
FIX Remove instances of lines longer than 120c
...
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a
Method visibility according to coding conventions
2012-09-20 10:46:59 +02:00
Sean Harvey
007ed25c0b
MINOR Fixing broken tests
2012-04-20 15:05:18 +12:00
Simon Welsh
f07258f3cf
MINOR Update @package values to match renaming sapphire
2012-04-15 10:50:19 +12:00
Simon Welsh
f8082e4814
MINOR Add newline to end of files without one
2012-04-15 10:50:19 +12:00
Sam Minnee
ec73555db4
MINOR: Text fix.
2011-10-29 17:36:38 +13:00
Simon Welsh
2c0257e9b9
Cast the header value to string as PHPUnit can't handle it being NULL.
2011-10-29 15:24:06 +13:00
Ingo Schommer
2870eb9212
MINOR Changed $fixture_path to relative filenames in all sapphire test cases in order to allow easier file moving and less verbosity in tests
2011-03-30 23:04:48 +13:00
Ingo Schommer
65e7b83421
MINOR Made login form redirection test in SecurityTest explicit, rather than implicit through testLogInAsSomeoneElse()
2011-03-29 18:08:33 +13:00
Paul Meyrick
dc36725869
MINOR Using BlankPage template in SecurityTest, BasicAuthTest to remove ContentController dependency
...
MINOR Checking for SiteTree class existence in Security, Translatable
MINOR Checking for ContentController existence in FulltextSearchable
MINOR Removed unnecessary ContentController tests from ObjectTest
MINOR Replaced CMS specific examples in PermissionCheckboxSetFieldTest, DataObjectTest
MINOR Changed SecurityTest to make assertions against Security/login rather than relying on redirection from admin/cms
2011-03-29 18:07:55 +13:00
Ingo Schommer
d099c7e5ba
BUGFIX Unregistering custom Authenticators in SecurityTest->setUp()
2011-03-21 18:13:01 +13:00
Ingo Schommer
a7e9be3bc4
BUGFIX Fixing SecurityTest to clear any custom settings in Security::$force_database_is_ready before making assertions
2011-03-21 18:12:59 +13:00
Ingo Schommer
4b2c64c843
BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114758 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 21:18:49 +00:00
Sam Minnee
b7f21302bc
MINOR Fixed failing test as session being set before logging out and losing BackURL (from r108518)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112759 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:47:19 +00:00
Sam Minnee
0e3693f99e
BUGFIX: tests now pass when the locale is set to something other than 'en_US' in the mysite's _config.php file (from r107940)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112702 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-18 22:33:41 +00:00
Ingo Schommer
caa2a292bb
BUGFIX: SecurityTest tests would fail on sites which had set a non-default unique identifier field for Members (from r104016)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112329 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-14 23:53:44 +00:00
Sam Minnee
51375f7cc6
ENHANCEMENT: added tests for checking the change password functionality, including the resulting redirection (from #5420 ) (from r103250)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112128 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 03:39:04 +00:00
Sam Minnee
890ac94a6a
MINOR: Several changes merged from branches/2.4
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112060 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 01:35:19 +00:00
Ingo Schommer
6450810b4c
BUGFIX Checking for presence of all columns in Security::database_is_ready(). This was necessitated by an earlier change to the sapphire ORM which now selects all columns explicitly in a SQL query (instead of SELECT *) (see #4027 ) (from r97480)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102494 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 21:17:07 +00:00
Ingo Schommer
61e27830c6
MINOR Fixed unit tests after change Member->checkPassword() to return ValidationResult instead of boolean (see r98268) (merged from r98274)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@99701 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 04:05:34 +00:00
Ingo Schommer
5e3cffec1f
BUGFIX More robust URL handling in SecurityTest to avoid failing on custom /admin redirects
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85514 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-01 06:48:31 +00:00
Sean Harvey
13b358a8dd
Merged from branches/2.3
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75582 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-04-29 00:07:39 +00:00
Sam Minnee
41fb93b344
ENHANCEMENT #3032 ajshort: Use static methods for accessing static data
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73036 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-14 00:16:32 +00:00
Ingo Schommer
6d708765fe
BUGFIX Fixed redirection to external URLs through Security/login with BackURL parameter
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71708 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-02-11 21:08:28 +00:00
Sam Minnee
96c5be8252
Updating queries to be more DB agnostic
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66507 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-24 09:31:14 +00:00
Sam Minnee
12e62c6329
ENHANCEMENT: Change MySQLDatabase connection to operate in ANSI SQL mode, to ease the transition to DB abstraction
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66399 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-22 03:51:04 +00:00
Ingo Schommer
2b15a2d5b5
BUGFIX Using _t() to check content strings in unit tests and avoid tests failing when i18n is enabled
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64042 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-10-10 02:20:33 +00:00
Hayden Smith
634ed7b70c
Merged from branches/nzct-trunk. Use 'svn log -c <changeset> -g' for full commit message. Merge includes stability fixes and minor refactor of TableListField and ComplexTableField.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@63806 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-10-08 02:00:12 +00:00
Sam Minnee
12a62b9f62
Updated SecurityTest to use new FunctionalTest system consistently
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60427 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-08-11 23:04:25 +00:00
Sam Minnee
8536a47b7c
Update SecurityTest to use the FunctionalTest base-class
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60394 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-08-11 05:27:18 +00:00
Ingo Schommer
2d8434a43f
(merged from branches/roa. use "svn log -c <changeset> -g <module-svn-path>" for detailed commit message)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60327 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-08-11 02:57:59 +00:00
Ingo Schommer
ad4d506f82
(merged from branches/roa. use "svn log -c <changeset> -g <module-svn-path>" for detailed commit message)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60287 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-08-11 00:14:48 +00:00
Sam Minnee
7b278290b4
BUGFIX: SecurityTest fails when running tests at 12am
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@58559 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-07-21 12:21:53 +00:00
Ingo Schommer
60860cc1b9
MINOR Unified @package PHPdoc (added where missing, removed duplicates)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@56212 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-06-15 13:33:53 +00:00
Sam Minnee
834da4640d
Merged revisions 52618 via svnmerge from
...
http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity
........
r52618 | sminnee | 2008-04-13 16:58:15 +1200 (Sun, 13 Apr 2008) | 1 line
Updated tests to make better use of TestViewer
........
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53470 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-04-26 06:32:52 +00:00
Sam Minnee
a1f8892c52
Merged revisions 52151 via svnmerge from
...
http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity
........
r52151 | sminnee | 2008-04-05 11:14:26 +1300 (Sat, 05 Apr 2008) | 1 line
Lock users out after 5 failed log-ins
........
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53466 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-04-26 06:32:05 +00:00
Sam Minnee
eb60b67732
Merged revisions 52121 via svnmerge from
...
http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity
........
r52121 | sminnee | 2008-04-03 22:04:33 +1300 (Thu, 03 Apr 2008) | 4 lines
Added DataObject::validate() for specifying DataObject-level validators.
Added DataObject::onAfterWrite(), a complement of DataObject::onBeforeWrite()
Added password strength testing to security system
Added password expiry to security system
........
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53465 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-04-26 06:31:52 +00:00