tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
18,396 Commits 31 Branches 527 Tags 162 MiB
fa568e333e
Commit Graph

18396 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ingo Schommer
fa568e333e Fixed linting errors 2017-06-23 11:19:16 +12:00
Ingo Schommer
12c2edc1d5 Fix DeprecationTest 
The $project use has changed in 3873e4ba00.
The test isn't really reliant on $project anyway,
it just tests that any other module identifier
doesn't interfere with core notification settings.
 2017-06-23 10:22:26 +12:00
Ingo Schommer
fb09e0b65f Fix merge error 2017-06-23 09:27:46 +12:00
Ingo Schommer
e592bed3e5 Fixed merge error 2017-06-22 23:07:58 +12:00
Damian Mooyman
3873e4ba00 API Refactor bootstrap, request handling 
See https://github.com/silverstripe/silverstripe-framework/pull/7037
and https://github.com/silverstripe/silverstripe-framework/issues/6681

Squashed commit of the following:

commit 8f65e56532
Author: Ingo Schommer <me@chillu.com>
Date:   Thu Jun 22 22:25:50 2017 +1200

    Fixed upgrade guide spelling

commit 76f95944fa
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 16:38:34 2017 +1200

    BUG Fix non-test class manifest including sapphiretest / functionaltest

commit 9379834cb4
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 15:50:47 2017 +1200

    BUG Fix nesting bug in Kernel

commit 188ce35d82
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 15:14:51 2017 +1200

    BUG fix db bootstrapping issues

commit 7ed4660e7a
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 14:49:07 2017 +1200

    BUG Fix issue in DetailedErrorFormatter

commit 738f50c497
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 11:49:19 2017 +1200

    Upgrading notes on mysite/_config.php

commit 6279d28e5e
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 11:43:28 2017 +1200

    Update developer documentation

commit 5c90d53a84
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 22 10:48:44 2017 +1200

    Update installer to not use global databaseConfig

commit f9b2ba4755
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 21:04:39 2017 +1200

    Fix behat issues

commit 5b59a912b6
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 17:07:11 2017 +1200

    Move HTTPApplication to SilverStripe\Control namespace

commit e2c4a18f63
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 16:29:03 2017 +1200

    More documentation
    Fix up remaining tests
    Refactor temp DB into TempDatabase class so it’s available outside of unit tests.

commit 5d235e64f3
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 21 12:13:15 2017 +1200

    API HTTPRequestBuilder::createFromEnvironment() now cleans up live globals
    BUG Fix issue with SSViewer
    Fix Security / View tests

commit d88d4ed4e4
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 16:39:43 2017 +1200

    API Refactor AppKernel into CoreKernel

commit f7946aec33
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 16:00:40 2017 +1200

    Docs and minor cleanup

commit 12bd31f936
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 20 15:34:34 2017 +1200

    API Remove OutputMiddleware
    API Move environment / global / ini management into Environment class
    API Move getTempFolder into TempFolder class
    API Implement HTTPRequestBuilder / CLIRequestBuilder
    BUG Restore SS_ALLOWED_HOSTS check in original location
    API CoreKernel now requires $basePath to be passed in
    API Refactor installer.php to use application to bootstrap
    API move memstring conversion globals to Convert
    BUG Fix error in CoreKernel nesting not un-nesting itself properly.

commit bba9791146
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 18:07:53 2017 +1200

    API Create HTTPMiddleware and standardise middleware for request handling

commit 2a10c2397b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 17:42:42 2017 +1200

    Fixed ORM tests

commit d75a8d1d93
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 17:15:07 2017 +1200

    FIx i18n tests

commit 06364af3c3
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 16:59:34 2017 +1200

    Fix controller namespace
    Move states to sub namespace

commit 2a278e2953
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 19 12:49:45 2017 +1200

    Fix forms namespace

commit b65c21241b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 15 18:56:48 2017 +1200

    Update API usages

commit d1d4375c95
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Thu Jun 15 18:41:44 2017 +1200

    API Refactor $flush into HTPPApplication
    API Enforce health check in Controller::pushCurrent()
    API Better global backup / restore
    Updated Director::test() to use new API

commit b220534f06
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 22:05:57 2017 +1200

    Move app nesting to a test state helper

commit 603704165c
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 21:46:04 2017 +1200

    Restore kernel stack to fix multi-level nesting

commit 2f6336a15b
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 17:23:21 2017 +1200

    API Implement kernel nesting

commit fc7188da7d
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:43:13 2017 +1200

    Fix core tests

commit a0ae723514
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:23:52 2017 +1200

    Fix manifest tests

commit ca03395251
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 15:00:00 2017 +1200

    API Move extension management into test state

commit c66d433977
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Tue Jun 13 14:10:59 2017 +1200

    API Refactor SapphireTest state management into SapphireTestState
    API Remove Injector::unregisterAllObjects()
    API Remove FakeController

commit f26ae75c6e
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 12 18:04:34 2017 +1200

    Implement basic CLI application object

commit 001d559662
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Mon Jun 12 17:39:38 2017 +1200

    Remove references to SapphireTest::is_running_test()
    Upgrade various code

commit de079c041d
Author: Damian Mooyman <damian@silverstripe.com>
Date:   Wed Jun 7 18:07:33 2017 +1200

    API Implement APP object
    API Refactor of Session
 2017-06-22 22:50:45 +12:00
Daniel Hensby
4ad6bdbe7e Merge pull request #7028 from kinglozzer/logout-token 
WIP: Add CSRF token to logout action
 2017-06-22 09:39:49 +01:00
Loz Calver
5d27dccd60 NEW: Add CSRF token to logout action 2017-06-21 15:42:13 +01:00
Loz Calver
4d73982263 Merge pull request #7038 from SpiritLevel/patch-1 
Update 03_Environment_Management.md
 2017-06-20 09:04:42 +01:00
David Alexander
3b812417ad Update 03_Environment_Management.md 
@dhensby I thought I saw a recent merge making PDO the default.
 2017-06-20 10:12:55 +12:00
Damian Mooyman
306d801258 Merge pull request #6984 from dhensby/pulls/4/default-pdo 
NEW DB Driver defaults to PDO
 2017-06-18 21:27:32 +12:00
Chris Joe
8c91d48d3a Merge pull request #7033 from open-sausages/pulls/4.0/remove-parse-indexspec 
FIX Remove reference to removed method parseIndexSpec
 2017-06-16 16:40:51 +12:00
Chris Joe
102eaed36c Merge pull request #6722 from open-sausages/pulls/4.0/requirements-html-cleanup 
Better HTML generation behaviour for Requirements_Backend
 2017-06-16 13:52:06 +12:00
Damian Mooyman
dd4eb6ce44 Merge pull request #6960 from open-sausages/pulls/4.0/security-process-docs 
Internal security process docs
 2017-06-16 13:50:58 +12:00
Chris Joe
fa203d8c99 Merge pull request #7034 from open-sausages/pulls/4.0/fix-i18n-countries 
BUG Removed reserved / removed / invalid country codes
 2017-06-16 13:26:42 +12:00
Damian Mooyman
64e802f795
API Move createTag to HTML class 
ENHANCEMENT Better HTML generation behaviour for Requirements_Backend
 2017-06-16 12:22:05 +12:00
Damian Mooyman
54879402ce
BUG Removed reserved / removed / invalid country codes 
Fixes #6996
 2017-06-16 11:38:00 +12:00
Damian Mooyman
957d238caa
FIX Remove reference to removed method parseIndexSpec 
Fixes #6968
 2017-06-16 11:20:52 +12:00
Chris Joe
65e2347342 Merge pull request #6989 from open-sausages/pulls/4.0/cms-reauth-style 
ENHANCEMENT Update style of CMSLogin form
 2017-06-15 20:20:27 +12:00
Damian Mooyman
619942f426
Remove trash file 2017-06-15 18:33:47 +12:00
Damian Mooyman
0f90c5b63f ENHANCEMENT Update style of CMSLogin form 2017-06-15 18:13:14 +12:00
Damian Mooyman
22e084f288 Merge pull request #7026 from Firesphere/move_default_admin 
Move default admin
 2017-06-15 18:12:51 +12:00
Damian Mooyman
024371c37e
API Change authentication ValidationResult handling to pass by-reference 2017-06-15 17:25:23 +12:00
Damian Mooyman
62d095305b
API Update DefaultAdmin services 
API Improve validation of authentication process
 2017-06-15 15:53:57 +12:00
Simon Erkelens
576eee72dc Remove DefaultAdmin things from Security and Member into the MemberAuthenticator, unifying and removing duplicate code. 2017-06-15 14:20:29 +12:00
Chris Joe
950b1dfec2 Merge pull request #7010 from flamerohr/pulls/4.0/no-path-to-follow 
Enhancement show the path which threw the error
 2017-06-12 10:36:46 +12:00
Damian Mooyman
0dcfa5fa9d FIX CMSSecurity doesn't have Authenticators assigned. 2017-06-12 10:10:34 +12:00
Christopher Joe
7178caf4a9 Enhancement show the path which threw the error 2017-06-12 10:08:12 +12:00
Simon Erkelens
3fe837dad7 Fix for CMS Authenticator. Should only apply to CMSSecurity 2017-06-10 14:47:53 +12:00
Damian Mooyman
4733abd79f Merge pull request #7006 from Firesphere/patch-1 
FIX Not `CascadeLogInTo` anymore, but `CascadeInTo`
 2017-06-10 13:43:48 +12:00
Simon Erkelens
5c4e55b60d It's not CascadeLogInTo anymore, it's CascadeInTo 
I'm mildly surprised this didn't break. I changed it to CascadeInTo, as the logout action needs to cascade into the session as well.
 2017-06-10 12:58:22 +12:00
Damian Mooyman
c7f7233c4d Merge pull request #6829 from sminnee/authenticator-refactor 
Refactor Authenticators
 2017-06-09 16:46:56 +12:00
Damian Mooyman
d89bd15330
Move authentication hooks to SapphireTest 2017-06-09 16:25:40 +12:00
Damian Mooyman
62753b3cb1
Cleanup and RequestFilter refactor 2017-06-09 15:07:35 +12:00
Simon Erkelens
5fce3308b4 Move LostPasswordHandler in to it's own class. 
- Moved the Authenticators from statics to normal
- Moved MemberLoginForm methods to the getFormFields as they make more sense there
- Did some spring-cleaning on the LostPasswordHandler
- Removed the BuildResponse from ChangePasswordHandler after spring cleaning
 2017-06-08 20:09:57 +12:00
Simon Erkelens
082db89550 Feedback from Damian. 
- Move the success and message to a validationresult
- Fix tests for validationresult return
- We need to clear the session in Test logOut method
- Rename to MemberAuthenticator and CMSMemberAuthenticator for consistency.
- Unify all to getCurrentUser on Security
- ChangePasswordHandler removed from Security
- Update SapphireTest for CMS login/logout
- Get the Member ID correctly, if it's an object.
- Only enable "remember me" when it's allowed.
- Add flag to disable password logging
- Remove Subsites coupling, give it an extension hook to disable itself
- Change cascadeLogInTo to cascadeInTo for the logout method logic naming
- Docblocks
- Basicauth config
 2017-06-08 17:50:20 +12:00
Simon Erkelens
2b26cafcff Separate out the log-out handling. 
Repairing tests and regressions
Consistently use `Security::getCurrentUser()` and `Security::setCurrentUser()`
Fix for the logout handler to properly logout, some minor wording updates
Remove the login hashes for the member when logging out.
BasicAuth to use `HTTPRequest`
 2017-06-07 21:11:58 +12:00
Sam Minnee
f9ea752bae NEW: Add AuthenticationHandler interface 
NEW: Add IdentityStore for registering log-in / log-out data
NEW: Add AuthenticationRequestFilter for managing login
NEW: Add Security:setCurrentUser() / Security::getCurrentUser()
NEW: Add FunctionalTest::logOut()
 2017-06-07 21:11:55 +12:00
Simon Erkelens
c4194f0ed2 CMS Login Handling 
Move to canLogin in the authentication check. Protected isLockedOut

Enable login to be called with a different login service (CMSLogin), enabling CMS Log in. Seems the styling and/or output is still broken.

logOut could be managed from the Authenticator instead of the member
 2017-06-07 21:11:54 +12:00
Sam Minnee
7af7e6719e API: Security.authenticators is now a map, not an array 
Authenticators is now a map of keys -> service names. The key is used
in things such as URL segments. The “default_authenticator” value has
been replaced with the key “default” in this map, although in time a
default authenticator may not be needed.
IX: Refactor login() to avoid code duplication on single/multiple handlers
IX: Refactor LoginHandler to be more amenable to extension
IX: Fixed permissionFailure hack
his LoginHandler is expected to be the starting point for other
custom authenticators so it should be easier to repurpose components
`of it.
IX: Fix database-is-ready checks in tests.
IX: Fixed MemberAuthenticatorTest to match the new API
IX: Update security URLs in MemberTest
 2017-06-07 21:11:53 +12:00
Sam Minnee
e226b67d06 Refactoring of authenticators 
Further down the line, I'm only returning the `Member` on the doLogin, so it's possible for the Handler or Extending Handler to move to a second step.
Also cleaned up some minor typos I ran in to. Nothing major.

This solution works and is manually tested for now. Supports multiple login forms that end up in the correct handler. I haven't gotten past the handler yet, as I've yet to refactor my Yubiauth implementation.

FIX: Corrections to the multi-login-form support.

Importantly, the system provide a URL-space for each handler, e.g.
“Security/login/default” and “Security/login/other”. This is much
cleaner than identifying the active authenticator by a get parameter,
and means that the tabbed interface is only needed on the very first view.

Note that you can test this without a module simply by loading the
default authenticator twice:

SilverStripe\Security\Security:
  authenticators:
    default: SilverStripe\Security\MemberAuthenticator\Authenticator
    other: SilverStripe\Security\MemberAuthenticator\Authenticator

FIX: Refactor delegateToHandler / delegateToHandlers to have less
duplicated code.
 2017-06-07 21:11:52 +12:00
Daniel Hensby
856aa79892 Merge pull request #6987 from open-sausages/pull/4.0/3239-consisten-fist-last-returns 
Consistent return values for first and last methods
 2017-06-06 16:59:04 +01:00
Damian Mooyman
8c0ced311f Merge pull request #6998 from AntonyThorpe/StrictFormMethodCheck 
Updated Form.php & 04_Form_Security.md  - strictFormMethodCheck to true
 2017-06-06 23:06:11 +12:00
Antony Thorpe
6348f2e3e8 Updated Form.php & 04_Form_Security.md 
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting.  In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]."  The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)).

Why not make this the default behaviour?  Is there a scenario where this would cause a problem?  Have manually tested in the CMS (alpha7) and is working fine.

Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
 2017-06-06 21:10:49 +12:00
Damian Mooyman
ba44c4c30d Merge pull request #6988 from open-sausages/pulls/4.0/print-with-gotink 
Fixes printing from crashing
 2017-06-06 18:33:11 +12:00
Saophalkun Ponlu
e267d29b9a BUG Consistent return values for first and last methods 2017-06-06 17:22:55 +12:00
Christopher Joe
d12c986dd5
Fixes printing from crashing 2017-06-06 13:31:37 +12:00
Ingo Schommer
b137e91998 Internal security process docs 2017-06-02 11:30:12 +12:00
Daniel Hensby
9a0e01d4a0
NEW DB Driver defaults to PDO 2017-06-01 11:00:35 +01:00
Chris Joe
44f27645bd Merge pull request #6981 from edlinklater/patch-1 
Docs: Correct Stevie's name on committers page
 2017-05-31 13:40:31 +12:00
Ed Linklater
f007fca51f Docs: Correct Stevie's name on committers page 2017-05-31 12:27:06 +12:00