/**
* Attempt to find and authenticate member if possible from the given data
*
* @param array $data
* @param Form $form
* @param bool &$success Success flag
* @return Member Found member, regardless of successful login
*/
protected static function authenticate_member($data, $form, &$success)
{
// Default success to false
$success = false;
// Attempt to identify by temporary ID
$member = null;
$email = null;
if (!empty($data['tempid'])) {
// Find user by tempid, in case they are re-validating an existing session
$member = Member::member_from_tempid($data['tempid']);
if ($member) {
$email = $member->Email;
}
}
// Otherwise, get email from posted value instead
/** @skipUpgrade */
if (!$member && !empty($data['Email'])) {
$email = $data['Email'];
}
// Check default login (see Security::setDefaultAdmin())
$asDefaultAdmin = $email === Security::default_admin_username();
if ($asDefaultAdmin) {
// If logging is as default admin, ensure record is setup correctly
$member = Member::default_admin();
$success = !$member->isLockedOut() && Security::check_default_admin($email, $data['Password']);
//protect against failed login
if ($success) {
return $member;
}
}
// Attempt to identify user by email
if (!$member && $email) {
// Find user by email
$member = Member::get()->filter(Member::config()->unique_identifier_field, $email)->first();
}
// Validate against member if possible
if ($member && !$asDefaultAdmin) {
$result = $member->checkPassword($data['Password']);
$success = $result->valid();
} else {
$result = new ValidationResult(false, _t('Member.ERRORWRONGCRED'));
}
// Emit failure to member and form (if available)
if (!$success) {
if ($member) {
$member->registerFailedLogin();
}
if ($form) {
$form->sessionMessage($result->message(), 'bad');
}
} else {
if ($member) {
$member->registerSuccessfulLogin();
}
}
return $member;
}
public function testDefaultAdmin()
{
$adminMembers = Permission::get_members_by_permission('ADMIN');
$this->assertEquals(0, $adminMembers->count());
$admin = Member::default_admin();
$this->assertInstanceOf('SilverStripe\\Security\\Member', $admin);
$this->assertTrue(Permission::checkMember($admin, 'ADMIN'));
$this->assertEquals($admin->Email, Security::default_admin_username());
$this->assertNull($admin->Password);
}
/**
* Check if this user is the currently configured default admin
*
* @return bool
*/
public function isDefaultAdmin()
{
return Security::has_default_admin() && $this->Email === Security::default_admin_username();
}
/**
* Test that the default admin can be authenticated
*/
public function testDefaultAdmin()
{
// Make form
$controller = new Security();
$form = new Form($controller, 'Form', new FieldList(), new FieldList());
// Test correct login
$result = MemberAuthenticator::authenticate(array('Email' => 'admin', 'Password' => 'password'), $form);
$this->assertNotEmpty($result);
$this->assertEquals($result->Email, Security::default_admin_username());
$this->assertEmpty($form->Message());
// Test incorrect login
$form->clearMessage();
$result = MemberAuthenticator::authenticate(array('Email' => 'admin', 'Password' => 'notmypassword'), $form);
$this->assertEmpty($result);
$this->assertEquals('The provided details don't seem to be correct. Please try again.', $form->Message());
$this->assertEquals('bad', $form->MessageType());
}
