tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
4,728 Commits 31 Branches 527 Tags 162 MiB
eecd34868f
Commit Graph

25 Commits

Author SHA1 Message Date
Ingo Schommer
eecd34868f BUGFIX Keep Member.PasswordEncryption setting on empty passwords 
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
 2013-02-17 23:16:25 +01:00
Mateusz Uzdowski
22095dae6c API Hash autologin tokens before storing in the database. 
Backported from 3.0, cc423c38fb.
 2012-11-09 12:03:55 +01:00
Ingo Schommer
de1f07045b BUGFIX Avoid privilege escalation from EDIT_PERMISSIONS to ADMIN through TreeMultiselectField (in Member->getCMSFields()) by checking for admin groups in Member->onChangeGroups() 2011-03-09 15:54:05 +13:00
Ingo Schommer
dfb9c71342 MINOR Fixed regression from r111843 (i18nText, MemberDatetimeFieldTest, MemberTest) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@111844 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:55 +13:00
Ingo Schommer
139ab46240 BUGFIX Protect MemberTest from side effects caused by auth_openid and forum modules 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@110894 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:50 +13:00
Ingo Schommer
486091e4ec API CHANGE Member->canEdit() returns false if the editing member has lower permissions than the edited member, for example if a member with CMS_ACCESS_SecurityAdmin permissions tries to edit an ADMIN (fixes #5651) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@110856 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:50 +13:00
Sean Harvey
6f9b33e022 MINOR Tests for Member::getName() and Member::setName() 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109333 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:47 +13:00
Julian Seidenberg
b22261f781 BUGFIX: tests now pass when the locale is set to something other than 'en_US' in the mysite's _config.php file 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107940 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:39 +13:00
Ingo Schommer
7ac4a9ec4d BUGFIX Fixed Member->PasswordEncryption defaults when writing new Member without setting a password. Fixes critical issue with MemberTableField saving in admin/security, where new members are stored with a cleartext password by default instead of using the default SHA1 (see #5772) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107532 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:37 +13:00
Sean Harvey
3be26a4cec ENHANCEMENT #5352 Decouple date display from i18n locales, users now have access to change their date and time formats in Member::getCMSFields() using Member_DatetimeOptionsetField field 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107326 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:35 +13:00
Will Rossiter
c38dc3b1b4 APICHANGE: moved Group::addToGroupByName to $member->addToGroupByCode. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@106217 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:31 +13:00
Ingo Schommer
90e8171536 API CHANGE Removed "auto-merging" of member records from Member->onBeforeWrite() due to security reasons - please use DataObject->merge() explicitly if this is desired behaviour (from r100705) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100718 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:51 +13:00
Ingo Schommer
96f022be85 MINOR Fixed unit tests after change Member->checkPassword() to return ValidationResult instead of boolean (see r98268) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98274 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:25 +13:00
Sean Harvey
faab8f7d16 MINOR Added tests methods for Member::can*() methods to MemberTest 
MINOR Added test Extension classes for testing decorated can*() methods


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94359 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:57 +13:00
Sean Harvey
06b7dc5de3 BUGFIX #4686 Fixed $member non-object error, and decorated checks from not working in Member::canView(), Member::canEdit() and Member::canDelete() 
MINOR Added additional tests to MemberTest


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94358 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:57 +13:00
Ingo Schommer
07fc3650a3 ENHANCEMENT Pluggable password encryption through PasswordEncryptor class (#3665) (merged from r90949) 
BUGFIX Fixed password hashing design flaw in Security::encrypt_password(). Removing base_convert() packing with unsafe precision, but retaining backwards compatibilty through pluggable encryptors: PasswordEncryptor_LegacyPHPHash (#3004) (merged from r90949)
API CHANGE Deprecated Security::encrypt_passwords() (merged from r90949)
API CHANGE Deprecated Security::$useSalt, use custom PasswordEncryptor implementation (merged from r90949)
API CHANGE Removed Security::get_encryption_algorithms() (merged from r90949)
API CHANGE MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword
API CHANGE Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others. (merged from r90949)


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91576 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:17:36 +13:00
Sean Harvey
13b358a8dd Merged from branches/2.3 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75582 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-04-29 00:07:39 +00:00
Sam Minnee
96c5be8252 Updating queries to be more DB agnostic 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66507 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-11-24 09:31:14 +00:00
Ingo Schommer
e57b7651ef ENHANCEMENT Unit tests for Member->inGroup() and Member->inGroups() 
ENHANCEMENT Added a "strict-mode" for Member->inGroup() and Member->inGroups() to determine true membership to a group (without inheritance)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65125 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-11-03 01:57:16 +00:00
Sam Minnee
c812ca5f91 Improved robustness of MemberTest 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60391 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-08-11 05:17:37 +00:00
Ingo Schommer
03fcc80e19 (merged from branches/roa. use "svn log -c <changeset> -g <module-svn-path>" for detailed commit message) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60205 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-08-09 03:19:54 +00:00
Ingo Schommer
60860cc1b9 MINOR Unified @package PHPdoc (added where missing, removed duplicates) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@56212 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-06-15 13:33:53 +00:00
Sam Minnee
9a2675aa4f MINOR: Cleaning up tests 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@54638 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-05-15 08:46:12 +00:00
Sam Minnee
efd1cf63e2 Merged revisions 52617 via svnmerge from 
http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity

........
  r52617 | sminnee | 2008-04-13 16:57:53 +1200 (Sun, 13 Apr 2008) | 1 line
  
  Updated changed password test to check for a sent email
........


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53469 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-04-26 06:32:42 +00:00
Sam Minnee
eb60b67732 Merged revisions 52121 via svnmerge from 
http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity

........
  r52121 | sminnee | 2008-04-03 22:04:33 +1300 (Thu, 03 Apr 2008) | 4 lines
  
  Added DataObject::validate() for specifying DataObject-level validators.
  Added DataObject::onAfterWrite(), a complement of DataObject::onBeforeWrite()
  Added password strength testing to security system
  Added password expiry to security system
........


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53465 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-04-26 06:31:52 +00:00