mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-09-18 15:36:30 +02:00
903379bde2
fixed a couple of external links fixed a docs link
50 lines
3.4 KiB
Markdown
50 lines
3.4 KiB
Markdown
title: Authentication
|
|
summary: Explains SilverStripe's Authentication options and custom authenticators.
|
|
|
|
# Authentication
|
|
|
|
By default, SilverStripe provides a [api:MemberAuthenticator] class which hooks into its own internal
|
|
authentication system.
|
|
|
|
The main login system uses these controllers to handle the various security requests:
|
|
|
|
[api:Security] - Which is the controller which handles most front-end security requests, including logging in, logging out, resetting password, or changing password. This class also provides an interface to allow configured [api:Authenticator] classes to each display a custom login form.
|
|
|
|
[api:CMSSecurity] - Which is the controller which handles security requests within the CMS, and allows users to re-login without leaving the CMS.
|
|
|
|
## Member Authentication
|
|
|
|
The default member authentication system is implemented in the following classes:
|
|
|
|
[api:MemberAuthenticator] - Which is the default member authentication implementation. This uses the email and password stored internally for each member to authenticate them.
|
|
|
|
[api:MemberLoginForm] - Is the default form used by `MemberAuthenticator`, and is displayed on the public site at the url `Security/login` by default.
|
|
|
|
[api:CMSMemberLoginForm] - Is the secondary form used by `MemberAuthenticator`, and will be displayed to the user within the CMS any time their session expires or they are logged out via an action. This form is presented via a popup dialog, and can be used to re-authenticate that user automatically without them having to lose their workspace. E.g. if editing a form, the user can login and continue to publish their content.
|
|
|
|
## Custom Authentication
|
|
|
|
Additional authentication methods (oauth, etc) can be implemented by creating custom implementations of each of the
|
|
following base classes:
|
|
|
|
[api:Authenticator] - The base class for authentication systems. This class also acts as the factory to generate various login forms for parts of the system. If an authenticator supports in-cms reauthentication then it will be necessary to override the `supports_cms` and `get_cms_login_form` methods.
|
|
|
|
[api:LoginForm] - which is the base class for a login form which links to a specific authenticator. At the very least, it will be necessary to implement a form class which provides a default login interface. If in-cms re-authentication is desired, then a specialised subclass of this method may be necessary. For example, this form could be extended to require confirmation of username as well as password.
|
|
|
|
## Default Admin
|
|
|
|
When a new SilverStripe site is created for the first time, it may be necessary to create a default admin to provide
|
|
CMS access for the first time. SilverStripe provides a default admin configuration system, which allows a username
|
|
and password to be configured for a single special user outside of the normal membership system.
|
|
|
|
It is advisable to configure this user in your `_ss_environment.php` file outside of the web root, as below:
|
|
|
|
:::php
|
|
// Configure a default username and password to access the CMS on all sites in this environment.
|
|
define('SS_DEFAULT_ADMIN_USERNAME', 'admin');
|
|
define('SS_DEFAULT_ADMIN_PASSWORD', 'password');
|
|
|
|
When a user logs in with these credentials, then a [api:Member] with the Email 'admin' will be generated in
|
|
the database, but without any password information. This means that the password can be reset or changed by simply
|
|
updating the `_ss_environment.php` file.
|