Commit Graph

18406 Commits

Author SHA1 Message Date
Damian Mooyman
f7946aec33 Docs and minor cleanup 2017-06-20 17:05:46 +12:00
Damian Mooyman
12bd31f936 API Remove OutputMiddleware
API Move environment / global / ini management into Environment class
API Move getTempFolder into TempFolder class
API Implement HTTPRequestBuilder / CLIRequestBuilder
BUG Restore SS_ALLOWED_HOSTS check in original location
API CoreKernel now requires $basePath to be passed in
API Refactor installer.php to use application to bootstrap
API move memstring conversion globals to Convert
BUG Fix error in CoreKernel nesting not un-nesting itself properly.
2017-06-20 17:05:46 +12:00
Damian Mooyman
bba9791146 API Create HTTPMiddleware and standardise middleware for request handling 2017-06-20 17:03:37 +12:00
Damian Mooyman
2a10c2397b Fixed ORM tests 2017-06-20 17:03:37 +12:00
Damian Mooyman
d75a8d1d93 FIx i18n tests 2017-06-20 17:03:37 +12:00
Damian Mooyman
06364af3c3 Fix controller namespace
Move states to sub namespace
2017-06-20 17:03:37 +12:00
Damian Mooyman
2a278e2953 Fix forms namespace 2017-06-20 17:03:37 +12:00
Damian Mooyman
b65c21241b Update API usages 2017-06-20 16:53:39 +12:00
Damian Mooyman
d1d4375c95 API Refactor $flush into HTPPApplication
API Enforce health check in Controller::pushCurrent()
API Better global backup / restore
Updated Director::test() to use new API
2017-06-20 16:53:39 +12:00
Damian Mooyman
b220534f06 Move app nesting to a test state helper 2017-06-20 16:53:39 +12:00
Damian Mooyman
603704165c Restore kernel stack to fix multi-level nesting 2017-06-20 16:53:39 +12:00
Damian Mooyman
2f6336a15b API Implement kernel nesting 2017-06-20 16:53:39 +12:00
Damian Mooyman
fc7188da7d Fix core tests 2017-06-20 16:53:39 +12:00
Damian Mooyman
a0ae723514 Fix manifest tests 2017-06-20 16:53:39 +12:00
Damian Mooyman
ca03395251 API Move extension management into test state 2017-06-20 16:53:39 +12:00
Damian Mooyman
c66d433977 API Refactor SapphireTest state management into SapphireTestState
API Remove Injector::unregisterAllObjects()
API Remove FakeController
2017-06-20 16:53:39 +12:00
Damian Mooyman
f26ae75c6e Implement basic CLI application object 2017-06-20 16:53:39 +12:00
Damian Mooyman
001d559662 Remove references to SapphireTest::is_running_test()
Upgrade various code
2017-06-20 16:53:39 +12:00
Damian Mooyman
de079c041d API Implement APP object
API Refactor of Session
2017-06-20 16:43:49 +12:00
Damian Mooyman
306d801258 Merge pull request #6984 from dhensby/pulls/4/default-pdo
NEW DB Driver defaults to PDO
2017-06-18 21:27:32 +12:00
Chris Joe
8c91d48d3a Merge pull request #7033 from open-sausages/pulls/4.0/remove-parse-indexspec
FIX Remove reference to removed method parseIndexSpec
2017-06-16 16:40:51 +12:00
Chris Joe
102eaed36c Merge pull request #6722 from open-sausages/pulls/4.0/requirements-html-cleanup
Better HTML generation behaviour for Requirements_Backend
2017-06-16 13:52:06 +12:00
Damian Mooyman
dd4eb6ce44 Merge pull request #6960 from open-sausages/pulls/4.0/security-process-docs
Internal security process docs
2017-06-16 13:50:58 +12:00
Chris Joe
fa203d8c99 Merge pull request #7034 from open-sausages/pulls/4.0/fix-i18n-countries
BUG Removed reserved / removed / invalid country codes
2017-06-16 13:26:42 +12:00
Damian Mooyman
64e802f795
API Move createTag to HTML class
ENHANCEMENT Better HTML generation behaviour for Requirements_Backend
2017-06-16 12:22:05 +12:00
Damian Mooyman
54879402ce
BUG Removed reserved / removed / invalid country codes
Fixes #6996
2017-06-16 11:38:00 +12:00
Damian Mooyman
957d238caa
FIX Remove reference to removed method parseIndexSpec
Fixes #6968
2017-06-16 11:20:52 +12:00
Chris Joe
65e2347342 Merge pull request #6989 from open-sausages/pulls/4.0/cms-reauth-style
ENHANCEMENT Update style of CMSLogin form
2017-06-15 20:20:27 +12:00
Damian Mooyman
619942f426
Remove trash file 2017-06-15 18:33:47 +12:00
Damian Mooyman
0f90c5b63f ENHANCEMENT Update style of CMSLogin form 2017-06-15 18:13:14 +12:00
Damian Mooyman
22e084f288 Merge pull request #7026 from Firesphere/move_default_admin
Move default admin
2017-06-15 18:12:51 +12:00
Damian Mooyman
024371c37e
API Change authentication ValidationResult handling to pass by-reference 2017-06-15 17:25:23 +12:00
Damian Mooyman
62d095305b
API Update DefaultAdmin services
API Improve validation of authentication process
2017-06-15 15:53:57 +12:00
Simon Erkelens
576eee72dc Remove DefaultAdmin things from Security and Member into the MemberAuthenticator, unifying and removing duplicate code. 2017-06-15 14:20:29 +12:00
Chris Joe
950b1dfec2 Merge pull request #7010 from flamerohr/pulls/4.0/no-path-to-follow
Enhancement show the path which threw the error
2017-06-12 10:36:46 +12:00
Damian Mooyman
0dcfa5fa9d FIX CMSSecurity doesn't have Authenticators assigned. 2017-06-12 10:10:34 +12:00
Christopher Joe
7178caf4a9 Enhancement show the path which threw the error 2017-06-12 10:08:12 +12:00
Simon Erkelens
3fe837dad7 Fix for CMS Authenticator. Should only apply to CMSSecurity 2017-06-10 14:47:53 +12:00
Damian Mooyman
4733abd79f Merge pull request #7006 from Firesphere/patch-1
FIX Not `CascadeLogInTo` anymore, but `CascadeInTo`
2017-06-10 13:43:48 +12:00
Simon Erkelens
5c4e55b60d It's not CascadeLogInTo anymore, it's CascadeInTo
I'm mildly surprised this didn't break. I changed it to CascadeInTo, as the logout action needs to cascade into the session as well.
2017-06-10 12:58:22 +12:00
Damian Mooyman
c7f7233c4d Merge pull request #6829 from sminnee/authenticator-refactor
Refactor Authenticators
2017-06-09 16:46:56 +12:00
Damian Mooyman
d89bd15330
Move authentication hooks to SapphireTest 2017-06-09 16:25:40 +12:00
Damian Mooyman
62753b3cb1
Cleanup and RequestFilter refactor 2017-06-09 15:07:35 +12:00
Simon Erkelens
5fce3308b4 Move LostPasswordHandler in to it's own class.
- Moved the Authenticators from statics to normal
- Moved MemberLoginForm methods to the getFormFields as they make more sense there
- Did some spring-cleaning on the LostPasswordHandler
- Removed the BuildResponse from ChangePasswordHandler after spring cleaning
2017-06-08 20:09:57 +12:00
Simon Erkelens
082db89550 Feedback from Damian.
- Move the success and message to a validationresult
- Fix tests for validationresult return
- We need to clear the session in Test logOut method
- Rename to MemberAuthenticator and CMSMemberAuthenticator for consistency.
- Unify all to getCurrentUser on Security
- ChangePasswordHandler removed from Security
- Update SapphireTest for CMS login/logout
- Get the Member ID correctly, if it's an object.
- Only enable "remember me" when it's allowed.
- Add flag to disable password logging
- Remove Subsites coupling, give it an extension hook to disable itself
- Change cascadeLogInTo to cascadeInTo for the logout method logic naming
- Docblocks
- Basicauth config
2017-06-08 17:50:20 +12:00
Simon Erkelens
2b26cafcff Separate out the log-out handling.
Repairing tests and regressions
Consistently use `Security::getCurrentUser()` and `Security::setCurrentUser()`
Fix for the logout handler to properly logout, some minor wording updates
Remove the login hashes for the member when logging out.
BasicAuth to use `HTTPRequest`
2017-06-07 21:11:58 +12:00
Sam Minnee
f9ea752bae NEW: Add AuthenticationHandler interface
NEW: Add IdentityStore for registering log-in / log-out data
NEW: Add AuthenticationRequestFilter for managing login
NEW: Add Security:setCurrentUser() / Security::getCurrentUser()
NEW: Add FunctionalTest::logOut()
2017-06-07 21:11:55 +12:00
Simon Erkelens
c4194f0ed2 CMS Login Handling
Move to canLogin in the authentication check. Protected isLockedOut

Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken.

logOut could be managed from the Authenticator instead of the member
2017-06-07 21:11:54 +12:00
Sam Minnee
7af7e6719e API: Security.authenticators is now a map, not an array
Authenticators is now a map of keys -> service names. The key is used
in things such as URL segments. The “default_authenticator” value has
been replaced with the key “default” in this map, although in time a
default authenticator may not be needed.
IX: Refactor login() to avoid code duplication on single/multiple handlers
IX: Refactor LoginHandler to be more amenable to extension
IX: Fixed permissionFailure hack
his LoginHandler is expected to be the starting point for other
custom authenticators so it should be easier to repurpose components
`of it.
IX: Fix database-is-ready checks in tests.
IX: Fixed MemberAuthenticatorTest to match the new API
IX: Update security URLs in MemberTest
2017-06-07 21:11:53 +12:00
Sam Minnee
e226b67d06 Refactoring of authenticators
Further down the line, I'm only returning the `Member` on the doLogin, so it's possible for the Handler or Extending Handler to move to a second step.
Also cleaned up some minor typos I ran in to. Nothing major.

This solution works and is manually tested for now. Supports multiple login forms that end up in the correct handler. I haven't gotten past the handler yet, as I've yet to refactor my Yubiauth implementation.

FIX: Corrections to the multi-login-form support.

Importantly, the system provide a URL-space for each handler, e.g.
“Security/login/default” and “Security/login/other”. This is much
cleaner than identifying the active authenticator by a get parameter,
and means that the tabbed interface is only needed on the very first view.

Note that you can test this without a module simply by loading the
default authenticator twice:

SilverStripe\Security\Security:
  authenticators:
    default: SilverStripe\Security\MemberAuthenticator\Authenticator
    other: SilverStripe\Security\MemberAuthenticator\Authenticator

FIX: Refactor delegateToHandler / delegateToHandlers to have less
duplicated code.
2017-06-07 21:11:52 +12:00