Updates the CMS profile page and SecurityAdmin to give developers a few ways to customise the required fields.
Added extension hook updateValidator for getValidator for things like modules to inject required fields to go along with Injector for replacing the entire class for project specific use.
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
Refactor the code to make it clear the distinction is made between a
plaintext token and a hashed version. Rename fields so it is more
obvious what is being written and what sent out to the user.
This reuses the salt and algorithm from the Member, which are kept
constant throughout the Member lifetime in a normal scenario. If they do
change, users will need to re-request so the hashes can be regenerated.
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
Renamed the Member::mapInGroups() to Member::map_in_groups() since it's a static method and throws deprecation message if using the old variant.
Rewrote the mapInGroups to use a more ORMy way of fetching Members for a set of groups and included a test for.
instead of assertType(), assertEmpty() is available in PHPUnit 3.5+.
PHPUnit 3.4 is no longer supported, so please upgrade your version to
work.
MINOR Removed FullTestSuite which was a workaround for PHPUnit but not
used.
MINOR Added test Extension classes for testing decorated can*() methods (from r94359)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@95602 467b73ca-7a2a-4603-9d3b-597d59a354a9
BUGFIX Fixed password hashing design flaw in Security::encrypt_password(). Removing base_convert() packing with unsafe precision, but retaining backwards compatibilty through pluggable encryptors: PasswordEncryptor_LegacyPHPHash (#3004)
API CHANGE Deprecated Security::encrypt_passwords()
API CHANGE Deprecated Security::$useSalt, use custom PasswordEncryptor implementation
API CHANGE Removed Security::get_encryption_algorithms()
API CHANGE MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword
API CHANGE Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90949 467b73ca-7a2a-4603-9d3b-597d59a354a9
ENHANCEMENT Added a "strict-mode" for Member->inGroup() and Member->inGroups() to determine true membership to a group (without inheritance)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65125 467b73ca-7a2a-4603-9d3b-597d59a354a9
http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity
........
r52617 | sminnee | 2008-04-13 16:57:53 +1200 (Sun, 13 Apr 2008) | 1 line
Updated changed password test to check for a sent email
........
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53469 467b73ca-7a2a-4603-9d3b-597d59a354a9
