tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity
14,599 Commits 31 Branches 527 Tags
Commit Graph

1033 Commits

Author SHA1 Message Date
Ingo Schommer
96f022be85 MINOR Fixed unit tests after change Member->checkPassword() to return ValidationResult instead of boolean (see r98268) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98274 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:25 +13:00
Andrew Short
a0ab707feb FEATURE: Moved the log-in validation process from individual authenticators into Member->checkPassword() and canLogIn(), to allow more extensibility and control (trunk, 2.4). 
MINOR: Use a ValidationResult to log in a member so that custom errors can be generated.

From: Andrew Short <andrewjshort@gmail.com> (from r98267)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98268 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:25 +13:00
Sam Minnee
30382db462 BUGFIX: Don't register member IDs that don't exist in the DB as being logged in. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98265 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:25 +13:00
Will Rossiter
18fe161702 BUGFIX: fixed member labels not appearing in cms popup. #5025 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98030 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:19 +13:00
Ingo Schommer
db31ff5ad1 API CHANGE Removed $blankItemText parameter from Permission::get_codes() 
ENHANCEMENT Allow ungrouped retrieval of Permission::get_codes() through new $grouped switch

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97819 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:16 +13:00
Ingo Schommer
4557ba87aa API CHANGE Removed Member::init_db_fields(), its no longer needed due to the Member.PasswordEncyrption property changing from an ENUM to Varchar. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97818 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:16 +13:00
Sam Minnee
00e5caf49c BUGFIX: Fixed Permission::get_members_by_permission() for DB abstractions 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97653 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:15 +13:00
Ingo Schommer
31280ece2c BUGFIX Checking for presence of all columns in Security::database_is_ready(). This was necessitated by an earlier change to the sapphire ORM which now selects all columns explicitly in a SQL query (instead of SELECT *) (see #4027) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97480 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:13 +13:00
Ingo Schommer
51c14227b2 API CHANGE Security::setDefaultAdmin() no longer writes credentials to any Member database records (created through Security::findAnAdministrator(). This prevents outdated credentials when setDefaultAdmin() code changes after creating the database record (see #4271) 
API CHANGE Security::findAnAdministrator() no longer sets 'Email' and 'Password' properties on newly created members. Removed the $username and $password argments from the method.
ENHANCEMENT Member->requireDefaultRecords() no longer creates a default administrator based on $_REQUEST data. Moved functionality into Installer->install()
MINOR Security::findAnAdministrator() names any default administrators 'Default Admin' instead of 'Admin'

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97478 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:13 +13:00
Andrew Short
168114d4e2 ENHANCEMENT: Updated Member->getMemberFormFields() to use scaffolding and to be in line with Member->getCMSFields(). 
From: Andrew Short <andrewjshort@gmail.com> (from r97401)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97436 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:12 +13:00
Geoff Munn
81d775f06f BUGFIX: old 2.3 passwords now handled correctly and migrated accordingly 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97357 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:11 +13:00
Geoff Munn
f4de365be8 API CHANGE: Unique_identifier now accepted as the login requirement, allowing alternatives to 'Email' 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97270 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:10 +13:00
Sam Minnee
25a437e5a0 BUGFIX: Removed XSS holes (from r94823) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96773 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:07 +13:00
Sam Minnee
150457f8a2 BUGFIX: Don't let non ADMINs with permission-editing rights assign themselves ADMIN permissions. (from r89805) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96718 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:02 +13:00
Sam Minnee
66c7eb6f10 MINOR update merge info, merged in r87119 (from r88839) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96714 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:02 +13:00
Sam Minnee
51a2eeed15 MERGE merged back a whole bunch of defect fixes from trunk (from r87846) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96712 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:02 +13:00
Geoff Munn
6b59dc3e78 BUGFIX: Fallback for arrays which do not contain 'alreadyLoggedIn' values 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@95968 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:00 +13:00
Mateusz Uzdowski
d6b4ad39d8 BUGFIX: adding onAfterDelete hooks to remove the no longer necessary permissions 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94859 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:59 +13:00
Mateusz Uzdowski
7cdf62fd1c MINOR: added comment 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94856 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:59 +13:00
Mateusz Uzdowski
056dae8103 BUGFIX: orphaned permissions and subsite administrator groups were causing trouble - now with the JOIN the first global administrator group is picked up when ussing the override login. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94835 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:59 +13:00
Mateusz Uzdowski
fa3fe47284 BUGFIX: removing permissions before re-applying them (previously it just removed the components on the relation which resulted in permissions having GroupID set to 0) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94810 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:59 +13:00
Will Rossiter
cd9f6cc9b2 MINOR: removed duplicate writes for performance 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94438 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:58 +13:00
Will Rossiter
1eb9fe83c1 APICHANGE: Group::addByGroupName() now creates the group if one does not already exist (from r83010) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94430 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:57 +13:00
Andrew O'Neil
a783448266 BUGFIX: Make sure findAnAdministrator gets a global administrator when subsites is installed. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94369 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:57 +13:00
Sean Harvey
06b7dc5de3 BUGFIX #4686 Fixed $member non-object error, and decorated checks from not working in Member::canView(), Member::canEdit() and Member::canDelete() 
MINOR Added additional tests to MemberTest


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94358 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:57 +13:00
Will Rossiter
eb64eec534 API CHANGE: removed deprecated extend calls (r93632). API CHANGE: removed fieldExists(). Use hasField() (r93633). API CHANGE removed listOfFields() (r93647). API CHANGE: removed Tag() and URL() from Image. Use getTag() and getURL(). BUGFIX: updated Image.php to use getTag() (r93639, r93646). API CHANGE: removed val(). Use XML_val() (r93650). API CHANGE: removed $add_action. Use singlar_name or lang tables (r93658). API CHANGE: removed ConfirmedFormAction (r93674). API CHANGE: removed ajax_render on CTF (r93679). 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@93685 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:53 +13:00
Ingo Schommer
03c5caea72 MINOR Updated paths from jsparty to sapphire/thirdparty, cms/thirdparty and sapphire/javascript 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@93611 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:52 +13:00
Ingo Schommer
4452101790 API CHANGE Refactored hiding of Permissions added in r92428. Added PermissionCheckboxSetField?->setHiddenPermissions() (from r92865) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@92878 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:38 +13:00
Normann Lou
65b1bc4839 APICHANGE: add the ability to remove some permissions specified by their code in the rendered field html of PermissionChecksetBoxField and full-covered unit tests of this ability. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@92428 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:38 +13:00
Sean Harvey
c34ef6d562 BUGFIX More robust checks on the current member in Member::canEdit() and Member::canDelete() if there is no logged in member 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@92129 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:37 +13:00
Sean Harvey
797715ef78 BUGFIX Fixed Group::collateFamilyIDs() when working with MSSQL 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91775 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:37 +13:00
Sam Minnee
f9c0ce652d BUGFIX: Include salt in legacy password encryptor (from r91743) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91746 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:37 +13:00
Sam Minnee
45bbebe19f BUGFIX: Made use of new BasicAuth::protect_entire_site() consistent. (from r91658) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91659 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:37 +13:00
Sam Minnee
ac239d6a0b BUGFIX: Don't enable site-wide protection by default (from r91609) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91613 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:37 +13:00
Sam Minnee
723d075ffd API CHANGE: Replaced BasicAuth::enable() with BasicAuth::protect_entire_site() 
API CHANGE: BasicAuth::requireLogin() no longer has an option to automatically log you in.  You can call logIn() on the object returned, instead. (from r91603)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91612 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:36 +13:00
Ingo Schommer
65c1c6fd20 NOTFORMERGE Fixed merge error from r91576 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91592 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:36 +13:00
Ingo Schommer
07fc3650a3 ENHANCEMENT Pluggable password encryption through PasswordEncryptor class (#3665) (merged from r90949) 
BUGFIX Fixed password hashing design flaw in Security::encrypt_password(). Removing base_convert() packing with unsafe precision, but retaining backwards compatibilty through pluggable encryptors: PasswordEncryptor_LegacyPHPHash (#3004) (merged from r90949)
API CHANGE Deprecated Security::encrypt_passwords() (merged from r90949)
API CHANGE Deprecated Security::$useSalt, use custom PasswordEncryptor implementation (merged from r90949)
API CHANGE Removed Security::get_encryption_algorithms() (merged from r90949)
API CHANGE MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword
API CHANGE Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others. (merged from r90949)


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91576 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:36 +13:00
Ingo Schommer
2a1abcae2a BUGFIX Legacy password hash migration in MemberAuthenticator::authenticate() which fixes the precision problems mentioned in #3004 when a user logs in (from r90950) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91572 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:36 +13:00
Ingo Schommer
710f701645 MINOR Moved Security::encryptallpasswords() to EncryptAllPasswordsTask (merged from r90948) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91564 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:36 +13:00
Sean Harvey
f238823b27 BUGFIX #6287 open_basedir restriction breaks RandomGenerator when trying to read dev/urandom (from r115314) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@115315 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-12-22 21:01:27 +00:00
Will Rossiter
bda08c6988 ENHANCEMENT: abstract generateURLSegments functionality out to Convert::raw2url() to allow non site tree objects to safely make use of the logic. BUGFIX: #5586 Group::setCode() now calls Convert::raw2url() rather than requiring a SiteTree instance 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@115205 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-12-20 03:18:51 +00:00
Ingo Schommer
1c34d8f1b4 API CHANGE Deprecated TreeTitle(), use getTreeTitle() (in SiteTree, File, Group) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@115119 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-12-16 05:16:06 +00:00
Will Rossiter
9f6e3c9162 ENHANCEMENT: added requireDefaultRecords. PATCH via fragarach (#6133) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114810 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-12-11 00:45:05 +00:00
Ingo Schommer
4b2c64c843 BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114758 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-12-09 21:18:49 +00:00
Ingo Schommer
f61a307486 MINOR Reverting Member "AutoLoginHash", "RememberLoginToken" and "Salt" to their original VARCHAR length to avoid problems with invalidated hashes due to shorter field length 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114748 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-12-09 08:17:35 +00:00
Ingo Schommer
674d8e0f4a MINOR Reduced VARCHAR length from 1024 to 40 bytes, which fits the sha1 hashes created by RandomGenerator. 1024 bytes caused problems with index lengths on MySQL 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114743 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-12-09 05:48:33 +00:00
Sam Minnee
51ee52c7ab BUGFIX Using RandomGenerator class in SecurityToken->generate() for more random tokens (from r114500) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114549 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-12-05 08:45:42 +00:00
Sam Minnee
b34286caab MINOR Reverted r108515 (from r114079) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114544 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-12-05 08:43:10 +00:00
Sam Minnee
3f8a0ede40 BUGFIX Using current controller for MemberTableField constructor in Group->getCMSFields() instead of passing in a wrong instance (Group) (from r113273) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114526 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-12-05 08:24:12 +00:00
Sam Minnee
9ec31acacb ENHANCEMENT Added SecurityToken to wrap CSRF protection via "SecurityID" request parameter (from r113272) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114525 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-12-05 08:22:57 +00:00