Sam Minnee
e226b67d06
Refactoring of authenticators
...
Further down the line, I'm only returning the `Member` on the doLogin, so it's possible for the Handler or Extending Handler to move to a second step.
Also cleaned up some minor typos I ran in to. Nothing major.
This solution works and is manually tested for now. Supports multiple login forms that end up in the correct handler. I haven't gotten past the handler yet, as I've yet to refactor my Yubiauth implementation.
FIX: Corrections to the multi-login-form support.
Importantly, the system provide a URL-space for each handler, e.g.
“Security/login/default” and “Security/login/other”. This is much
cleaner than identifying the active authenticator by a get parameter,
and means that the tabbed interface is only needed on the very first view.
Note that you can test this without a module simply by loading the
default authenticator twice:
SilverStripe\Security\Security:
authenticators:
default: SilverStripe\Security\MemberAuthenticator\Authenticator
other: SilverStripe\Security\MemberAuthenticator\Authenticator
FIX: Refactor delegateToHandler / delegateToHandlers to have less
duplicated code.
2017-06-07 21:11:52 +12:00
Daniel Hensby
856aa79892
Merge pull request #6987 from open-sausages/pull/4.0/3239-consisten-fist-last-returns
...
Consistent return values for first and last methods
2017-06-06 16:59:04 +01:00
Damian Mooyman
8c0ced311f
Merge pull request #6998 from AntonyThorpe/StrictFormMethodCheck
...
Updated Form.php & 04_Form_Security.md - strictFormMethodCheck to true
2017-06-06 23:06:11 +12:00
Antony Thorpe
6348f2e3e8
Updated Form.php & 04_Form_Security.md
...
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting. In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf ) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]." The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)
).
Why not make this the default behaviour? Is there a scenario where this would cause a problem? Have manually tested in the CMS (alpha7) and is working fine.
Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
2017-06-06 21:10:49 +12:00
Damian Mooyman
ba44c4c30d
Merge pull request #6988 from open-sausages/pulls/4.0/print-with-gotink
...
Fixes printing from crashing
2017-06-06 18:33:11 +12:00
Saophalkun Ponlu
e267d29b9a
BUG Consistent return values for first and last methods
2017-06-06 17:22:55 +12:00
Christopher Joe
d12c986dd5
Fixes printing from crashing
2017-06-06 13:31:37 +12:00
Ingo Schommer
b137e91998
Internal security process docs
2017-06-02 11:30:12 +12:00
Daniel Hensby
9a0e01d4a0
NEW DB Driver defaults to PDO
2017-06-01 11:00:35 +01:00
Chris Joe
44f27645bd
Merge pull request #6981 from edlinklater/patch-1
...
Docs: Correct Stevie's name on committers page
2017-05-31 13:40:31 +12:00
Ed Linklater
f007fca51f
Docs: Correct Stevie's name on committers page
2017-05-31 12:27:06 +12:00
Daniel Hensby
90c2a7de11
Merge pull request #6979 from dhensby/pulls/bracket-test-only
...
FIX Bracket should implement TestOnly
2017-05-30 23:10:16 +01:00
Daniel Hensby
13ee3148d9
FIX Bracket should implement TestOnly
2017-05-30 22:44:24 +01:00
Daniel Hensby
11de4abe0a
Merge pull request #6977 from andrewandante/FIX/move_dotenv_higher
...
move TRUSTED_PROXY below .env loader
2017-05-30 12:41:09 +01:00
Andrew Aitken-Fincham
8f44b8f0ba
move trusted_proxy_ips below .env loader
2017-05-30 12:18:47 +01:00
Damian Mooyman
b27ef810d4
Merge pull request #6974 from colintucker/fix-csv-bulk-loader
...
Fixes a bug with split file names during CSV import
2017-05-30 16:18:06 +12:00
Chris Joe
8efaa180a4
Merge pull request #6969 from open-sausages/pulls/4.0/insert-page-link
...
API Remove legacy HTMLEditor classes
2017-05-30 11:42:08 +12:00
Damian Mooyman
e7d87add9f
API Remove legacy HTMLEditor classes
2017-05-30 11:01:28 +12:00
Damian Mooyman
36e3a43bdb
Merge pull request #6976 from nfauchelle/patch-5
...
Update 05_Dataobject_Relationship_Management.md
2017-05-30 10:05:27 +12:00
Damian Mooyman
f2fbabec17
Merge pull request #6975 from nfauchelle/patch-4
...
Fix $class variable from being clobbered
2017-05-30 10:04:29 +12:00
Nick
318b0248b7
Update 05_Dataobject_Relationship_Management.md
...
Correct a naffed up code block and a typo
2017-05-29 20:54:50 +12:00
Nick
acb74a8577
Fix $class variable from being clobbered
...
The $class variable gets overwritten in the function.
This causes error messages to be less helpful. For example if you setup a has_many but forget the has_one on the other side the error will look something like
`[Emergency] Uncaught Exception: No has_one found on class 'SomeObject', the has_many relation from 'SilverStripe\View\ViewableData' to 'SomeObject' requires a has_one on 'SomeObject'`
fixing this gives a more useful error, like
`[Emergency] Uncaught Exception: No has_one found on class 'SomeObject', the has_many relation from 'Page' to 'SomeObject' requires a has_one on 'SomeObject'`
2017-05-29 20:31:09 +12:00
Colin Tucker
db59e51c4a
Fixes a bug with split file names during CSV import
2017-05-29 16:08:23 +10:00
Daniel Hensby
77444ca28d
Merge pull request #6939 from open-sausages/pulls/4.0/query-join-alias
...
API Ensure that all DataQuery joins are aliased based on relationship name
2017-05-28 23:27:23 +01:00
Damian Mooyman
963d9197d3
API Ensure that all DataQuery joins are aliased based on relationship name
2017-05-26 13:38:58 +12:00
Chris Joe
adb2641ca6
Merge pull request #6967 from open-sausages/pulls/4/resample-doc-images
...
Resample doc images for react di
2017-05-26 12:07:07 +12:00
Aaron Carlino
06615e3d76
Resample doc images for react di
2017-05-26 11:08:07 +12:00
Chris Joe
5ec8d40c19
Merge pull request #6957 from open-sausages/pulls/4/react-di-documentation
...
Docs for React DI
2017-05-26 10:59:42 +12:00
Chris Joe
9da2b5c4ab
Merge pull request #6930 from dhensby/pulls/4/db-schema-indexes
...
Cleaning up DB index definition
2017-05-26 10:54:16 +12:00
Daniel Hensby
893f19a5ea
DOCS Updating index definition examples
2017-05-25 23:29:12 +01:00
Daniel Hensby
3e556b5966
NEW Move index generation to DataObjectSchema and solidify index spec
2017-05-25 23:29:12 +01:00
Aaron Carlino
bfc373cf0f
update docs with new api
2017-05-25 16:34:32 +12:00
Aaron Carlino
75981989b0
Docs for React DI
2017-05-25 14:58:55 +12:00
Chris Joe
9fe707d3b9
Merge pull request #6962 from open-sausages/pulls/4.0/remove-object-2
...
BUG Fix minor accessors of legacy ->class property
2017-05-25 12:32:11 +12:00
Damian Mooyman
9c63a8c8ce
BUG Fix race conditions in DatetimeFieldTest
2017-05-25 12:13:04 +12:00
Damian Mooyman
0cd40ca6e5
BUG Fix minor accessors of legacy ->class property
2017-05-25 11:55:12 +12:00
Damian Mooyman
29f450b1e1
Revert injector type hint to Injector
2017-05-25 11:06:48 +12:00
Ingo Schommer
c75f759b18
Merge pull request #6959 from open-sausages/pulls/4.0/time-to-get-webpacking
...
Enhancement add contribution notes about releasing to NPM
2017-05-25 08:12:27 +12:00
Christopher Joe
e327bf3c70
Enhancement add contribution notes about releasing to NPM
2017-05-24 17:07:05 +12:00
Chris Joe
8bff04740d
Merge pull request #6909 from open-sausages/pulls/4.0/secure-assets-streaming
...
API Add streamable response object
2017-05-24 12:23:56 +12:00
Damian Mooyman
906a4c444b
API Add streamable response object
2017-05-23 16:32:29 +12:00
Chris Joe
44981de560
Merge pull request #6927 from open-sausages/pulls/4.0/remove-object
...
API Remove Object class
2017-05-23 15:15:01 +12:00
Damian Mooyman
e945ea64b5
Temporarily switch to composer 1.5
2017-05-23 13:50:35 +12:00
Damian Mooyman
d15b9ee0b0
Response to feedback
2017-05-23 13:50:35 +12:00
Damian Mooyman
fba8e2c245
API Remove Object class
...
API DataObjectSchema::manyManyComponent() return array is now associative array
2017-05-23 13:50:35 +12:00
Damian Mooyman
7e2f8d1f2d
Merge pull request #6951 from sminnee/fix-2494
...
FIX: Don’t assume posix_getpwuid is available.
2017-05-23 13:10:56 +12:00
Damian Mooyman
cd0cac69ce
Merge pull request #6952 from sminnee/fix-1666
...
FIX: Better error checking for non-writable temp paths
2017-05-23 13:00:10 +12:00
Sam Minnee
09164e7e2a
FIX: Better error checking for non-writable temp paths
...
Fixes https://github.com/silverstripe/silverstripe-framework/issues/1666
2017-05-23 10:06:48 +12:00
Sam Minnee
40d9bbfd69
FIX: Don’t assume posix_getpwuid is available.
...
Fixes https://github.com/silverstripe/silverstripe-framework/issues/2494
In Silverstripe 3.1, on some shared hosts the following bug can occur:
Warning: posix_getpwuid() has been disabled for security reasons
2017-05-23 10:00:36 +12:00
Chris Joe
93e92e49c5
Merge pull request #6950 from open-sausages/revert-6941-pulls/phpunit-pretty-print
...
Revert 6941 pulls/phpunit pretty print
2017-05-23 09:54:09 +12:00