mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00

Damian Mooyman 53c40a94fa API Enable re-authentication within the CMS if a user session is lost

BUG Resolve issue with error redirection being ignored within CMS
BUG Fix issue with invalid securityID being re-emitted on failure

2014-10-14 15:19:48 +13:00

1.3 KiB

Raw Blame History

3.1.7

Upgrading

Authentication

3.1.7 introduces a re-authentication feature, which allows user working in the CMS to quickly re-enter their password and continue working should their session expire. This occurs through a popup dialog, which asks the user for their current password to continue working.

If using a custom [api:Authenticator] class to replace the default MemberAuthenticator, then by default this feature will be disabled. If multiple authenticators are used, only supported ones will be available within the CMS.

In order to create a CMS supported version the Authenticator::supports_cms and Authenticator::get_cms_login_form methods should be overridden. See [api:MemberAuthenticator] for an example implementation.

Check the documentation at the Authentication topic.

Default Admin

In this version the way that the default admin user is managed is slightly changed. Rather than defaulting to the first administrator user in the CMS, a user logging in as a default admin will always be assigned to a "Default Admin" user with admin privileges. In the past, this user would only be created if no other administrators existed.

Security

2014-07-05 c247dd5 Add default $lock_out_after_incorrect_logins value [SS-2014-016].

1.3 KiB Raw Blame History