Damian Mooyman 53c40a94fa API Enable re-authentication within the CMS if a user session is lost
BUG Resolve issue with error redirection being ignored within CMS
BUG Fix issue with invalid securityID being re-emitted on failure
2014-10-14 15:19:48 +13:00

28 lines
1.3 KiB
Markdown

# 3.1.7
## Upgrading
### Authentication
3.1.7 introduces a re-authentication feature, which allows user working in the CMS to quickly re-enter their password
and continue working should their session expire. This occurs through a popup dialog, which asks the user for their
current password to continue working.
If using a custom `[api:Authenticator]` class to replace the default MemberAuthenticator, then by default this feature
will be disabled. If multiple authenticators are used, only supported ones will be available within the CMS.
In order to create a CMS supported version the `Authenticator::supports_cms` and `Authenticator::get_cms_login_form`
methods should be overridden. See `[api:MemberAuthenticator]` for an example implementation.
Check the documentation at the [Authentication](/topics/authentication) topic.
### Default Admin
In this version the way that the default admin user is managed is slightly changed. Rather than defaulting to the first
administrator user in the CMS, a user logging in as a default admin will always be assigned to a "Default Admin"
user with admin privileges. In the past, this user would only be created if no other administrators existed.
## Security
* 2014-07-05 [c247dd5](https://github.com/silverstripe/silverstripe-framework/commit/c247dd5) Add default $lock_out_after_incorrect_logins value [SS-2014-016].