Daniel Hensby
42cee6f5fb
Merge pull request #9489 from mattclegg/1587548067
...
DOCS: Fix typos
2020-04-22 12:28:02 +01:00
mattclegg
d521a52a33
DOCS: Fix typos
2020-04-22 15:20:11 +05:45
Daniel Hensby
237b2d5f74
Convert array delcarations to short array syntax
2020-04-20 18:58:09 +01:00
Robbie Averill
0672f8b76b
NEW HTTPRequest now has hasSession() to determine whether a session exists for it
2019-08-02 11:29:23 +12:00
Robbie Averill
3224c9971b
Merge branch '4.4' into 4
2019-08-02 11:24:54 +12:00
Robbie Averill
3b96c51688
Merge branch '4.3' into 4.4
2019-08-02 11:24:45 +12:00
Robbie Averill
5c794dfcdd
FIX Prevent setting session value when no session exists yet
2019-07-29 17:16:01 +02:00
Aaron Carlino
d04e54c1be
Merge branch '4.4' into 4
2019-06-10 17:33:30 +12:00
Aaron Carlino
f766555d61
Merge branch '4.2' into 4.3
2019-06-10 17:27:05 +12:00
Serge Latyntcev
ca56e8d78e
[CVE-2019-12246] Denial of Service on flush and development URL tools
2019-06-10 17:23:56 +12:00
Indy Griffiths
5dc57518c2
NEW Filter out authenticators that are falsy
...
Use-case: if a module is defining its own authenticator and you want to disable it, as it seems we don't have `unregister_authenticator()` anymore and I can't spot how to remove YAML-based injected properties, then this lets you mark it as null or false to prevent it from erroring out when it attempts to call `supportedServices()`
2019-05-04 20:58:48 +12:00
Robbie Averill
f842ee2eec
Update deprecation PHPDocs to be PSR-5 compliant
...
See: https://github.com/php-fig/fig-standards/blob/master/proposed/phpdoc-tags.md#55-deprecated
2018-09-28 10:49:14 +02:00
Ingo Schommer
f7d85fe794
Make sure that CMS requests disable caching
...
Original author: @dhensby
Forward port from 3.7 fix at https://github.com/silverstripe/silverstripe-framework/pull/8318
2018-09-05 11:38:41 +12:00
Robbie Averill
873873dc30
FIX Pass request to dummy controller before calling init
2018-08-15 10:14:25 +12:00
Damian Mooyman
386ef27f65
Update requesthandlers with missing extension points
2018-03-23 15:28:00 +13:00
Daniel Hensby
7ec5fa2c8d
Merge branch '4.0' into 4.1
2018-02-09 15:19:15 +00:00
Daniel Hensby
e298fcc345
Merge branch '3.6' into 4.0
2018-02-09 14:32:58 +00:00
Damian Mooyman
e359948eb3
Merge remote-tracking branch 'origin/4.0' into 4
...
# Conflicts:
# src/Core/CoreKernel.php
2018-02-05 17:52:38 +13:00
Simon Erkelens
a071672b48
[bugfix] $request == null breaks
...
The $request incoming as null was not properly detected by the if/elseif structure.
2018-02-05 13:02:07 +13:00
Damian Mooyman
a3c52f901a
Merge remote-tracking branch 'origin/4.0' into 4
...
# Conflicts:
# src/Core/TempFolder.php
# src/ORM/DataObject.php
# src/View/ThemeResourceLoader.php
# src/includes/constants.php
# tests/php/Control/SimpleResourceURLGeneratorTest.php
# tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php
# tests/php/View/RequirementsTest.php
2018-01-22 14:57:05 +13:00
Daniel Hensby
db610aaf3b
Fixing string concat CS issues
2018-01-16 18:39:30 +00:00
Chris Joe
4ad9ceca6b
Merge pull request #7702 from open-sausages/pulls/4/fix-message-casting-permissions
...
BUG Fix message casting for html security messages
2017-12-18 15:43:35 +13:00
Daniel Hensby
e4bf9a31ed
Merge branch '4.0' into 4
2017-12-14 21:20:11 +00:00
Daniel Hensby
1c72d6946d
Merge branch '3.6' into 4.0
2017-12-14 21:01:35 +00:00
Damian Mooyman
140ed72e2a
BUG Fix message casting for html security messages
2017-12-14 14:49:58 +13:00
Damian Mooyman
8b1b9f022b
Fix linting issues
2017-12-14 13:50:52 +13:00
Saophalkun Ponlu
31e04c8491
ENHANCEMENT Allow html in security failure message
2017-12-13 17:10:16 +13:00
Simon Erkelens
0987003053
Add the ability to redirect a user to a custom page with custom content after changing their password
2017-11-27 14:18:40 +13:00
Loz Calver
ecc619248b
Merge pull request #7298 from robbieaverill/pulls/4.0/replace-stat-usage
...
Replace use of Configurable stat() with config()->get(), will be deprecated in future
2017-08-23 10:12:40 +01:00
Damian Mooyman
14761a9246
Remove mcrypt
...
Use session for alternativeDatabaseName instead
Fixes #7280
2017-08-23 12:13:32 +12:00
Robbie Averill
8ebc13ae4e
Replace use of Configurable stat() with config()->get(), will be deprecated in future
2017-08-23 09:42:10 +12:00
Damian Mooyman
b6a8e45888
BUG Ensure mocked controller has request assigned
...
Fixes #7237
2017-08-03 15:52:31 +12:00
Damian Mooyman
8418011456
Fix linting issues
2017-08-02 14:08:59 +12:00
Robbie Averill
e307f067ed
FIX Replace deprecated %s placeholders in translations with named placeholders
...
* Remove the use of sprintf and %s placeholders in the i18n tests
2017-08-02 13:03:55 +12:00
Simon Erkelens
3e97b99e22
[BUG] Fix issues with multiple authenticators for a single task ( #7149 )
...
Using multiple 2FA authenticators, logging out, resetting password etc. proved to be handled wrong.
Example scenario:
The result is an error, because the `renderWrappedController` was called, despite the responses being a set of either array with Content or Form, or a redirect action.
The default action should be followed and not try to render if there is nothing to render
Because the logout (or changepassword, or resetpassword, etc.) has already been handled, the first response is the default authenticator's response. This _could_ be a form (in case of logout without valid token), a content set (reset password) or a form (change password).
This edge case only happens when there are multiple authenticators supporting the requested method that is _not_ login.
2017-07-14 09:20:58 +12:00
Damian Mooyman
4b23205838
Fix unnamespaced i18n keys
...
Fixes https://github.com/silverstripe/silverstripe-framework/issues/6862
2017-07-04 14:18:47 +12:00
Damian Mooyman
f65e3627dc
BUG Implement or exclude all pending upgrader deltas
2017-07-03 12:21:47 +12:00
Ingo Schommer
fa568e333e
Fixed linting errors
2017-06-23 11:19:16 +12:00
Damian Mooyman
3873e4ba00
API Refactor bootstrap, request handling
...
See https://github.com/silverstripe/silverstripe-framework/pull/7037
and https://github.com/silverstripe/silverstripe-framework/issues/6681
Squashed commit of the following:
commit 8f65e5653276f95944fa9379834cb4188ce35d827ed4660e7a738f50c4976279d28e5e5c90d53a84f9b2ba47555b59a912b6e2c4a18f635d235e64f3d88d4ed4e4f7946aec3312bd31f936bba97911462a10c2397bd75a8d1d9306364af3c32a278e2953b65c21241bd1d4375c95b220534f06603704165c2f6336a15bfc7188da7da0ae723514ca03395251c66d433977f26ae75c6e001d559662de079c041d
2017-06-22 22:50:45 +12:00
Loz Calver
5d27dccd60
NEW: Add CSRF token to logout action
2017-06-21 15:42:13 +01:00
Damian Mooyman
0f90c5b63f
ENHANCEMENT Update style of CMSLogin form
2017-06-15 18:13:14 +12:00
Damian Mooyman
62d095305b
API Update DefaultAdmin services
...
API Improve validation of authentication process
2017-06-15 15:53:57 +12:00
Simon Erkelens
576eee72dc
Remove DefaultAdmin things from Security and Member into the MemberAuthenticator, unifying and removing duplicate code.
2017-06-15 14:20:29 +12:00
Simon Erkelens
3fe837dad7
Fix for CMS Authenticator. Should only apply to CMSSecurity
2017-06-10 14:47:53 +12:00
Damian Mooyman
62753b3cb1
Cleanup and RequestFilter refactor
2017-06-09 15:07:35 +12:00
Simon Erkelens
5fce3308b4
Move LostPasswordHandler in to it's own class.
...
- Moved the Authenticators from statics to normal
- Moved MemberLoginForm methods to the getFormFields as they make more sense there
- Did some spring-cleaning on the LostPasswordHandler
- Removed the BuildResponse from ChangePasswordHandler after spring cleaning
2017-06-08 20:09:57 +12:00
Simon Erkelens
082db89550
Feedback from Damian.
...
- Move the success and message to a validationresult
- Fix tests for validationresult return
- We need to clear the session in Test logOut method
- Rename to MemberAuthenticator and CMSMemberAuthenticator for consistency.
- Unify all to getCurrentUser on Security
- ChangePasswordHandler removed from Security
- Update SapphireTest for CMS login/logout
- Get the Member ID correctly, if it's an object.
- Only enable "remember me" when it's allowed.
- Add flag to disable password logging
- Remove Subsites coupling, give it an extension hook to disable itself
- Change cascadeLogInTo to cascadeInTo for the logout method logic naming
- Docblocks
- Basicauth config
2017-06-08 17:50:20 +12:00
Simon Erkelens
2b26cafcff
Separate out the log-out handling.
...
Repairing tests and regressions
Consistently use `Security::getCurrentUser()` and `Security::setCurrentUser()`
Fix for the logout handler to properly logout, some minor wording updates
Remove the login hashes for the member when logging out.
BasicAuth to use `HTTPRequest`
2017-06-07 21:11:58 +12:00
Sam Minnee
f9ea752bae
NEW: Add AuthenticationHandler interface
...
NEW: Add IdentityStore for registering log-in / log-out data
NEW: Add AuthenticationRequestFilter for managing login
NEW: Add Security:setCurrentUser() / Security::getCurrentUser()
NEW: Add FunctionalTest::logOut()
2017-06-07 21:11:55 +12:00
Simon Erkelens
c4194f0ed2
CMS Login Handling
...
Move to canLogin in the authentication check. Protected isLockedOut
Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken.
logOut could be managed from the Authenticator instead of the member
2017-06-07 21:11:54 +12:00
