/**
* Will redirect the user directly to the IdP login endpoint if:
*
* 1) the 'SAMLAuthenticator' is the default authenticator
* 2) there isn't a GET param showloginform set to 1
* 3) the member is not currently logged in
* 4) there are no form messages (errors or notices)
*
* @return void
*/
public function onBeforeSecurityLogin()
{
if (Authenticator::get_default_authenticator() != 'SAMLAuthenticator') {
return;
}
// by going to the URL Security/login?showloginform=1 we bypass the auto sign on
if ($this->owner->request->getVar('showloginform') == 1) {
return;
}
// if member is already logged in, don't auto-sign-on, this is most likely because
// of unsufficient permissions.
$member = Member::currentUser();
if ($member && $member->exists()) {
return;
}
// if there are form messages, don't auto-sign-on, this is most likely because of
// login errors / failures or other notices.
if (Session::get('FormInfo')) {
// since FormInfo can be a "nulled" array, we have to check
foreach (Session::get('FormInfo') as $form => $info) {
foreach ($info as $name => $value) {
if ($value !== null) {
return;
}
}
}
}
$backURL = Session::get('BackURL');
if ($this->owner->request->getVar('BackURL')) {
$backURL = $this->owner->request->getVar('BackURL');
}
$authenticator = Injector::inst()->create('SAMLAuthenticator');
$authenticator->authenticate(array("BackURL" => $backURL));
}
function setUp()
{
self::$fixture_file = MODULE_SECUREFILES_PATH . '/tests/SecureFileControllerTest.yml';
parent::setUp();
$this->priorAuthenticators = Authenticator::get_authenticators();
$this->priorDefaultAuthenticator = Authenticator::get_default_authenticator();
Authenticator::register('MemberAuthenticator');
Authenticator::set_default_authenticator('MemberAuthenticator');
if (!file_exists(ASSETS_PATH)) {
mkdir(ASSETS_PATH);
}
/* Create a test folders for each of the fixture references */
$fileIDs = $this->allFixtureIDs('Folder');
foreach ($fileIDs as $fileID) {
$file = DataObject::get_by_id('Folder', $fileID);
if (!file_exists(BASE_PATH . "/{$file->Filename}")) {
mkdir(BASE_PATH . "/{$file->Filename}");
}
}
/* Create a test files for each of the fixture references */
$fileIDs = $this->allFixtureIDs('File');
foreach ($fileIDs as $fileID) {
$file = DataObject::get_by_id('File', $fileID);
$fh = fopen(BASE_PATH . "/{$file->Filename}", "w");
fwrite($fh, str_repeat('x', 1000));
fclose($fh);
}
// USERS:
// 1 x ADMIN user
// 1 x Member with SECUREFILEACCESS
// 1 x Member with SECURE_FILE_SETTINGS
// 1 x Member
}
function setUp()
{
// This test assumes that MemberAuthenticator is present and the default
$this->priorAuthenticators = Authenticator::get_authenticators();
$this->priorDefaultAuthenticator = Authenticator::get_default_authenticator();
Authenticator::register('MemberAuthenticator');
Authenticator::set_default_authenticator('MemberAuthenticator');
parent::setUp();
}
function setUp()
{
// This test assumes that MemberAuthenticator is present and the default
$this->priorAuthenticators = Authenticator::get_authenticators();
$this->priorDefaultAuthenticator = Authenticator::get_default_authenticator();
Authenticator::register('MemberAuthenticator');
Authenticator::set_default_authenticator('MemberAuthenticator');
// And that the unique identified field is 'Email'
$this->priorUniqueIdentifierField = Member::get_unique_identifier_field();
Member::set_unique_identifier_field('Email');
parent::setUp();
}
public function setUp()
{
// This test assumes that MemberAuthenticator is present and the default
$this->priorAuthenticators = Authenticator::get_authenticators();
$this->priorDefaultAuthenticator = Authenticator::get_default_authenticator();
foreach ($this->priorAuthenticators as $authenticator) {
Authenticator::unregister($authenticator);
}
Authenticator::register('MemberAuthenticator');
Authenticator::set_default_authenticator('MemberAuthenticator');
// And that the unique identified field is 'Email'
$this->priorUniqueIdentifierField = Member::config()->unique_identifier_field;
$this->priorRememberUsername = Security::config()->remember_username;
Member::config()->unique_identifier_field = 'Email';
parent::setUp();
}
/**
* The authenticate function
*
* Takes the basic auth details and attempts to log a user in from the DB
*
* @return Member|false The Member object, or false if no member
*/
public static function authenticate()
{
//if there is no username or password, break
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
return false;
}
//Attempt to authenticate with the default authenticator for the site
$authClass = Authenticator::get_default_authenticator();
$member = $authClass::authenticate(array('Email' => $_SERVER['PHP_AUTH_USER'], 'Password' => $_SERVER['PHP_AUTH_PW']));
//Log the member in and return the member, if they were found
if ($member) {
$member->LogIn(false);
return $member;
}
return false;
}
function setUp()
{
// This test assumes that MemberAuthenticator is present and the default
$this->priorAuthenticators = Authenticator::get_authenticators();
$this->priorDefaultAuthenticator = Authenticator::get_default_authenticator();
//Authenticator::register('MemberAuthenticator');
Authenticator::register_authenticator('ExternalAuthenticator');
Authenticator::set_default_authenticator('ExternalAuthenticator');
//Create the sources in this order. Switching them around would mean that
//all tests use the fake driver because this always succeeds and auto create
//is on
ExternalAuthenticator::createSource('sstripe_unittest', 'SSTRIPE', 'SilverStripe');
ExternalAuthenticator::createSource('fake_unittest', 'FAKE', 'Fake Source');
ExternalAuthenticator::setAuthSequential(true);
ExternalAuthenticator::setAuthSSLock('sstripe_unittest', true);
ExternalAuthenticator::setAuthSSLock('fake_unittest', false);
ExternalAuthenticator::setAutoAdd('fake_unittest', 'mygroup');
ExternalAuthenticator::setDefaultDomain('fake_unittest', 'silverstripe.com');
ExternalAuthenticator::setAuthDebug(false);
ExternalAuthenticator::setAuditLogFile(false);
ExternalAuthenticator::setAuditLogSStripe(true);
parent::setUp();
}
/**
* Get the login form to process according to the submitted data
*/
public function LoginForm()
{
if (isset($this->requestParams['AuthenticationMethod'])) {
$authenticator = trim($_REQUEST['AuthenticationMethod']);
$authenticators = Authenticator::get_authenticators();
if (in_array($authenticator, $authenticators)) {
return call_user_func(array($authenticator, 'get_login_form'), $this);
}
} else {
if ($authenticator = Authenticator::get_default_authenticator()) {
return call_user_func(array($authenticator, 'get_login_form'), $this);
}
}
user_error('Passed invalid authentication method', E_USER_ERROR);
}
/**
* Get the selected authenticator for this request
*
* @return string Class name of Authenticator
*/
protected function getAuthenticator()
{
$authenticator = $this->getRequest()->requestVar('AuthenticationMethod');
if ($authenticator) {
$authenticators = Authenticator::get_authenticators();
if (in_array($authenticator, $authenticators)) {
return $authenticator;
}
} else {
return Authenticator::get_default_authenticator();
}
}
