Damian Mooyman 53c40a94fa API Enable re-authentication within the CMS if a user session is lost
BUG Resolve issue with error redirection being ignored within CMS
BUG Fix issue with invalid securityID being re-emitted on failure
2014-10-14 15:19:48 +13:00

1.3 KiB

3.1.7

Upgrading

Authentication

3.1.7 introduces a re-authentication feature, which allows user working in the CMS to quickly re-enter their password and continue working should their session expire. This occurs through a popup dialog, which asks the user for their current password to continue working.

If using a custom [api:Authenticator] class to replace the default MemberAuthenticator, then by default this feature will be disabled. If multiple authenticators are used, only supported ones will be available within the CMS.

In order to create a CMS supported version the Authenticator::supports_cms and Authenticator::get_cms_login_form methods should be overridden. See [api:MemberAuthenticator] for an example implementation.

Check the documentation at the Authentication topic.

Default Admin

In this version the way that the default admin user is managed is slightly changed. Rather than defaulting to the first administrator user in the CMS, a user logging in as a default admin will always be assigned to a "Default Admin" user with admin privileges. In the past, this user would only be created if no other administrators existed.

Security

  • 2014-07-05 c247dd5 Add default $lock_out_after_incorrect_logins value [SS-2014-016].