385 Commits

Author	SHA1	Message	Date
Damian Mooyman	bc2fc7f2db	BUG Prevent invalid members being written to database if validation_enabled is false	2018-02-01 16:24:31 +13:00
Christopher Joe	456871fd91	Enhancement Updated PasswordValidator to fallback to config options - still retains instance variables	2018-01-31 10:54:43 +13:00
Damian Mooyman	bca47029c4	Merge remote-tracking branch 'origin/4.0' into 4 ... # Conflicts: # src/Control/SimpleResourceURLGenerator.php # tests/php/Control/SimpleResourceURLGeneratorTest.php	2018-01-25 12:53:15 +13:00
Damian Mooyman	a3c52f901a	Merge remote-tracking branch 'origin/4.0' into 4 ... # Conflicts: # src/Core/TempFolder.php # src/ORM/DataObject.php # src/View/ThemeResourceLoader.php # src/includes/constants.php # tests/php/Control/SimpleResourceURLGeneratorTest.php # tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php # tests/php/View/RequirementsTest.php	2018-01-22 14:57:05 +13:00
Damian Mooyman	60fa7558d3	BUG Fix double casting in login authenticator name ... Fixes #7769	2018-01-22 14:06:24 +13:00
Daniel Hensby	db610aaf3b	Fixing string concat CS issues	2018-01-16 18:39:30 +00:00
Damian Mooyman	f86b855c90	BUG Prevent basic-auth from disallowing logout ... Fixes #7555	2018-01-16 15:24:20 +13:00
Damian Mooyman	c4ff8443bb	API Shift basic auth checking into middleware ... Fixes #7554	2017-12-20 11:39:04 +13:00
Chris Joe	4ad9ceca6b	Merge pull request #7702 from open-sausages/pulls/4/fix-message-casting-permissions ... BUG Fix message casting for html security messages	2017-12-18 15:43:35 +13:00
Daniel Hensby	e4bf9a31ed	Merge branch '4.0' into 4	2017-12-14 21:20:11 +00:00
Daniel Hensby	1c72d6946d	Merge branch '3.6' into 4.0	2017-12-14 21:01:35 +00:00
Damian Mooyman	140ed72e2a	BUG Fix message casting for html security messages	2017-12-14 14:49:58 +13:00
Damian Mooyman	529e341dbc	Merge pull request #7699 from open-sausages/pulls/4/html-in-security-msg ... ENHANCEMENT Allow html in security failure message	2017-12-14 14:30:09 +13:00
Damian Mooyman	8b1b9f022b	Fix linting issues	2017-12-14 13:50:52 +13:00
Saophalkun Ponlu	31e04c8491	ENHANCEMENT Allow html in security failure message	2017-12-13 17:10:16 +13:00
Damian Mooyman	a2fa9f0943	Merge pull request #7694 from creative-commoners/pulls/4.0/injection-session ... FIX Use Injector to retrieve the current session	2017-12-12 16:47:36 +13:00
Robbie Averill	eb6c1fc6de	FIX Allow the current controller as well as injectable HTTPRequest objects	2017-12-12 16:35:53 +13:00
Robbie Averill	097d0697c5	FIX Use Injector to retrieve the current session	2017-12-12 16:03:16 +13:00
Damian Mooyman	33b2d50d59	Cache warming in InheritedPermissions::getCachePermissions() ... Simplify Group::Members() code Remove cms-only config	2017-12-12 09:01:43 +13:00
Aaron Carlino	2be902ef2f	Adapt to new MemberCacheFlusher interface	2017-12-11 17:50:11 +13:00
Aaron Carlino	45999e1133	Revisions per robbieaverill	2017-12-11 17:50:11 +13:00
Aaron Carlino	aefb0aeaa8	Make InheritedPermissions use cache and implement cache flushing	2017-12-11 17:50:11 +13:00
Damian Mooyman	ee27329728	Minor linting / style updates	2017-12-11 16:46:59 +13:00
Aaron Carlino	8b429bf47b	update docblock	2017-12-11 16:46:59 +13:00
Aaron Carlino	86458941be	Refactor to MemberCacheFlusher	2017-12-11 16:46:59 +13:00
Aaron Carlino	4857816c9e	Revisions per robbieaverill	2017-12-11 16:46:59 +13:00
Aaron Carlino	eecb9f64d3	Add new InheritedPermissionFlusher extension, CacheFlusher service	2017-12-11 16:46:59 +13:00
Damian Mooyman	6b384f4b35	Merge branch '4.0' into 4	2017-12-07 13:52:00 +13:00
Daniel Hensby	eb55c27124	Merge branch '4.0' into 4	2017-12-05 12:14:22 +00:00
Damian Mooyman	f1dd3d6f03	[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt	2017-11-30 17:00:49 +13:00
Loz Calver	c4b366828e	FIX: Restore BackURL preservation on log out (closes #7636)	2017-11-27 16:15:28 +00:00
Simon Erkelens	0987003053	Add the ability to redirect a user to a custom page with custom content after changing their password	2017-11-27 14:18:40 +13:00
Damian Mooyman	6a73466b41	BUG Fix basicauth	2017-11-03 12:08:38 +13:00
Damian Mooyman	ad36b8f6a9	Use restart instead of destroy	2017-11-03 12:08:38 +13:00
Daniel Hensby	a61ce077c6	FIX Sessions must be destroyed on logout	2017-11-03 12:08:38 +13:00
Robbie Averill	897cba55cb	FIX Move Member log out extension points to non-deprecated methods	2017-11-02 11:39:02 +13:00
Damian Mooyman	3c8848a090	Update code style and fix tests	2017-10-30 17:34:15 +13:00
Christopher Joe	f6b7cf8889	Feature disable current user from removing their admin permission	2017-10-30 12:34:06 +13:00
Oly Su	4d85da179f	291 checks if ->value is iterable	2017-10-27 10:46:20 +13:00
Damian Mooyman	b9cb1e69e6	BUG Replace phpdotenv with thread-safe replacement	2017-10-20 18:43:11 +13:00
Simon Erkelens	6506a5b958	Don't add a . when there's no extension	2017-10-16 11:56:35 +13:00
Damian Mooyman	6a55dcfc16	Fix references to resource paths / urls	2017-10-10 16:51:47 +13:00
Chris Joe	566d7baa48	Merge pull request #7437 from open-sausages/pulls/4.0/stateless-extensions ... API Extensions are now stateless	2017-10-09 11:45:33 +13:00
Ingo Schommer	7406318f03	Merge pull request #7436 from creative-commoners/pulls/4.0/consistent-change-password-api ... NEW Ensure changePassword is called by onBeforeWrite for a consistent API	2017-10-06 11:26:37 +01:00
Damian Mooyman	b996e2c22c	API Extensions are now stateless ... ENHANCEMENT Injector now lazy-loads services more intelligently	2017-10-06 14:53:44 +13:00
Daniel Hensby	16cac4e3bd	Merge branch '3' into 4	2017-10-05 16:40:31 +01:00
Robbie Averill	413034f684	Remove psuedo-property SetPassword from Member	2017-10-05 16:55:24 +13:00
Robbie Averill	cdf6ae45a3	NEW Ensure changePassword is called by onBeforeWrite for a consistent API	2017-10-05 16:14:15 +13:00
Robbie Averill	6044579a3f	MINOR Separate some areas of logic in LostPasswordHandler to make them more overridable	2017-10-05 14:17:38 +13:00
Robbie Averill	6b52412693	NEW Make Member::changePassword extensible	2017-10-05 11:18:34 +13:00