/** * Attempt to find and authenticate member if possible from the given data. * * @param array $data * @param Form $form * @param bool &$success Success flag * @return Member Found member, regardless of successful login * @see MemberAuthenticator::authenticate_member() */ protected static function authenticate_member($data, $form, &$success) { // Default success to false $success = false; // Attempt to identify by temporary ID $member = null; $email = null; if (!empty($data['tempid'])) { // Find user by tempid, in case they are re-validating an existing session $member = Member::member_from_tempid($data['tempid']); if ($member) { $email = $member->Email; } } // Otherwise, get email from posted value instead if (!$member && !empty($data['Email'])) { $email = $data['Email']; } // Check default login (see Security::setDefaultAdmin()) the standard way and the "extension"-way :-) $asDefaultAdmin = $email === Security::default_admin_username(); if ($asDefaultAdmin || isset($GLOBALS['_DEFAULT_ADMINS']) && array_key_exists($email, $GLOBALS['_DEFAULT_ADMINS'])) { // If logging is as default admin, ensure record is setup correctly $member = Member::default_admin(); $success = Security::check_default_admin($email, $data['Password']); // If not already true check if one of the extra admins match if (!$success) { $success = $GLOBALS['_DEFAULT_ADMINS'][$email] == $data['Password']; } if ($success) { return $member; } } // Attempt to identify user by email if (!$member && $email) { // Find user by email $member = Member::get()->filter(Member::config()->unique_identifier_field, $email)->first(); } // Validate against member if possible if ($member && !$asDefaultAdmin) { $result = $member->checkPassword($data['Password']); $success = $result->valid(); } else { $result = new ValidationResult(false, _t('Member.ERRORWRONGCRED')); } // Emit failure to member and form (if available) if (!$success) { if ($member) { $member->registerFailedLogin(); } if ($form) { $form->sessionMessage($result->message(), 'bad'); } } else { if ($member) { $member->registerSuccessfulLogin(); } } return $member; }
public function testDefaultAdmin() { $adminMembers = Permission::get_members_by_permission('ADMIN'); $this->assertEquals(0, $adminMembers->count()); $admin = Member::default_admin(); $this->assertInstanceOf('Member', $admin); $this->assertTrue(Permission::checkMember($admin, 'ADMIN')); $this->assertEquals($admin->Email, Security::default_admin_username()); $this->assertNull($admin->Password); }
/** * Check if this user is the currently configured default admin * * @return bool */ public function isDefaultAdmin() { return Security::has_default_admin() && $this->Email === Security::default_admin_username(); }
/** * Get the default admin record if it exists, or creates it otherwise if enabled * * @return Member */ public static function default_admin() { // Check if set if (!Security::has_default_admin()) { return null; } // Find or create ADMIN group singleton('Group')->requireDefaultRecords(); $adminGroup = Permission::get_groups_by_permission('ADMIN')->First(); // Find member $admin = Member::get()->filter('Email', Security::default_admin_username())->first(); if (!$admin) { // 'Password' is not set to avoid creating // persistent logins in the database. See Security::setDefaultAdmin(). // Set 'Email' to identify this as the default admin $admin = Member::create(); $admin->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin'); $admin->Email = Security::default_admin_username(); $admin->write(); } // Ensure this user is in the admin group if (!$admin->inGroup($adminGroup)) { $admin->Groups()->add($adminGroup); } return $admin; }
/** * Test that the default admin can be authenticated */ public function testDefaultAdmin() { // Make form $controller = new Security(); $form = new Form($controller, 'Form', new FieldList(), new FieldList()); // Test correct login $result = MemberAuthenticator::authenticate(array('Email' => 'admin', 'Password' => 'password'), $form); $this->assertNotEmpty($result); $this->assertEquals($result->Email, Security::default_admin_username()); $this->assertEmpty($form->Message()); // Test incorrect login $form->clearMessage(); $result = MemberAuthenticator::authenticate(array('Email' => 'admin', 'Password' => 'notmypassword'), $form); $this->assertEmpty($result); $this->assertEquals('The provided details don't seem to be correct. Please try again.', $form->Message()); $this->assertEquals('bad', $form->MessageType()); }