/**
  * @covers SilverStripe\Forms\GridField\GridFieldDataColumns::getDisplayFields
  */
 public function testGridFieldGetDefaultDisplayFields()
 {
     $obj = new GridField('testfield', 'testfield', Member::get());
     $expected = Member::singleton()->summaryFields();
     $columns = $obj->getConfig()->getComponentByType('SilverStripe\\Forms\\GridField\\GridFieldDataColumns');
     $this->assertEquals($expected, $columns->getDisplayFields($obj));
 }
 public function getEditForm($id = null, $fields = null)
 {
     // TODO Duplicate record fetching (see parent implementation)
     if (!$id) {
         $id = $this->currentPageID();
     }
     $form = parent::getEditForm($id);
     // TODO Duplicate record fetching (see parent implementation)
     $record = $this->getRecord($id);
     if ($record && !$record->canView()) {
         return Security::permissionFailure($this);
     }
     $memberList = GridField::create('Members', false, Member::get(), $memberListConfig = GridFieldConfig_RecordEditor::create()->addComponent(new GridFieldButtonRow('after'))->addComponent(new GridFieldExportButton('buttons-after-left')))->addExtraClass("members_grid");
     if ($record && method_exists($record, 'getValidator')) {
         $validator = $record->getValidator();
     } else {
         $validator = Member::singleton()->getValidator();
     }
     $memberListConfig->getComponentByType('GridFieldDetailForm')->setValidator($validator);
     $groupList = GridField::create('Groups', false, Group::get(), GridFieldConfig_RecordEditor::create());
     $columns = $groupList->getConfig()->getComponentByType('GridFieldDataColumns');
     $columns->setDisplayFields(array('Breadcrumbs' => singleton('SilverStripe\\Security\\Group')->fieldLabel('Title')));
     $columns->setFieldFormatting(array('Breadcrumbs' => function ($val, $item) {
         return Convert::raw2xml($item->getBreadcrumbs(' > '));
     }));
     $fields = new FieldList($root = new TabSet('Root', $usersTab = new Tab('Users', _t('SecurityAdmin.Users', 'Users'), new LiteralField('MembersCautionText', sprintf('<div class="alert alert-warning" role="alert">%s</div>', _t('SecurityAdmin.MemberListCaution', 'Caution: Removing members from this list will remove them from all groups and the database'))), $memberList), $groupsTab = new Tab('Groups', singleton('SilverStripe\\Security\\Group')->i18n_plural_name(), $groupList)), new HiddenField('ID', false, 0));
     // Add import capabilities. Limit to admin since the import logic can affect assigned permissions
     if (Permission::check('ADMIN')) {
         $fields->addFieldsToTab('Root.Users', array(new HeaderField(_t('SecurityAdmin.IMPORTUSERS', 'Import users'), 3), new LiteralField('MemberImportFormIframe', sprintf('<iframe src="%s" id="MemberImportFormIframe" width="100%%" height="250px" frameBorder="0">' . '</iframe>', $this->Link('memberimport')))));
         $fields->addFieldsToTab('Root.Groups', array(new HeaderField(_t('SecurityAdmin.IMPORTGROUPS', 'Import groups'), 3), new LiteralField('GroupImportFormIframe', sprintf('<iframe src="%s" id="GroupImportFormIframe" width="100%%" height="250px" frameBorder="0">' . '</iframe>', $this->Link('groupimport')))));
     }
     // Tab nav in CMS is rendered through separate template
     $root->setTemplate('CMSTabSet');
     // Add roles editing interface
     if (Permission::check('APPLY_ROLES')) {
         $rolesField = GridField::create('Roles', false, PermissionRole::get(), GridFieldConfig_RecordEditor::create());
         $rolesTab = $fields->findOrMakeTab('Root.Roles', _t('SecurityAdmin.TABROLES', 'Roles'));
         $rolesTab->push($rolesField);
     }
     $actionParam = $this->getRequest()->param('Action');
     if ($actionParam == 'groups') {
         $groupsTab->addExtraClass('ui-state-active');
     } elseif ($actionParam == 'users') {
         $usersTab->addExtraClass('ui-state-active');
     } elseif ($actionParam == 'roles') {
         $rolesTab->addExtraClass('ui-state-active');
     }
     $actions = new FieldList();
     $form = Form::create($this, 'EditForm', $fields, $actions)->setHTMLID('Form_EditForm');
     $form->addExtraClass('cms-edit-form');
     $form->setTemplate($this->getTemplatesWithSuffix('_EditForm'));
     // Tab nav in CMS is rendered through separate template
     if ($form->Fields()->hasTabset()) {
         $form->Fields()->findOrMakeTab('Root')->setTemplate('CMSTabSet');
     }
     $form->addExtraClass('center ss-tabset cms-tabset ' . $this->BaseCSSClasses());
     $form->setAttribute('data-pjax-fragment', 'CurrentForm');
     $this->extend('updateEditForm', $form);
     return $form;
 }
 public function getEditForm($id = null, $fields = null)
 {
     $this->setCurrentPageID(Member::currentUserID());
     $form = parent::getEditForm($id, $fields);
     if ($form instanceof HTTPResponse) {
         return $form;
     }
     $form->Fields()->removeByName('LastVisited');
     $form->Fields()->push(new HiddenField('ID', null, Member::currentUserID()));
     $form->Actions()->push(FormAction::create('save', _t('CMSMain.SAVE', 'Save'))->addExtraClass('ss-ui-button ss-ui-action-constructive')->setAttribute('data-icon', 'accept')->setUseButtonTag(true));
     $form->Actions()->removeByName('action_delete');
     if ($member = Member::currentUser()) {
         $form->setValidator($member->getValidator());
     } else {
         $form->setValidator(Member::singleton()->getValidator());
     }
     if ($form->Fields()->hasTabSet()) {
         $form->Fields()->findOrMakeTab('Root')->setTemplate('SilverStripe\\Forms\\CMSTabSet');
     }
     $form->addExtraClass('member-profile-form root-form cms-edit-form center fill-height');
     return $form;
 }
 /**
  * Log login attempt
  * TODO We could handle this with an extension
  *
  * @param array $data
  * @param Member $member
  * @param bool $success
  */
 protected static function record_login_attempt($data, $member, $success)
 {
     if (!Security::config()->login_recording) {
         return;
     }
     // Check email is valid
     $email = isset($data['Email']) ? $data['Email'] : null;
     if (is_array($email)) {
         throw new InvalidArgumentException("Bad email passed to MemberAuthenticator::authenticate(): {$email}");
     }
     $attempt = new LoginAttempt();
     if ($success) {
         // successful login (member is existing with matching password)
         $attempt->MemberID = $member->ID;
         $attempt->Status = 'Success';
         // Audit logging hook
         $member->extend('authenticated');
     } else {
         // Failed login - we're trying to see if a user exists with this email (disregarding wrong passwords)
         $attempt->Status = 'Failure';
         if ($member) {
             // Audit logging hook
             $attempt->MemberID = $member->ID;
             $member->extend('authenticationFailed');
         } else {
             // Audit logging hook
             Member::singleton()->extend('authenticationFailedUnknownUser', $data);
         }
     }
     $attempt->Email = $email;
     $attempt->IP = Controller::curr()->getRequest()->getIP();
     $attempt->write();
 }
예제 #5
0
 /**
  * Return an existing member with administrator privileges, or create one of necessary.
  *
  * Will create a default 'Administrators' group if no group is found
  * with an ADMIN permission. Will create a new 'Admin' member with administrative permissions
  * if no existing Member with these permissions is found.
  *
  * Important: Any newly created administrator accounts will NOT have valid
  * login credentials (Email/Password properties), which means they can't be used for login
  * purposes outside of any default credentials set through {@link Security::setDefaultAdmin()}.
  *
  * @return Member
  */
 public static function findAnAdministrator()
 {
     // coupling to subsites module
     $origSubsite = null;
     if (is_callable('Subsite::changeSubsite')) {
         $origSubsite = \Subsite::currentSubsiteID();
         \Subsite::changeSubsite(0);
     }
     $member = null;
     // find a group with ADMIN permission
     $adminGroup = Permission::get_groups_by_permission('ADMIN')->first();
     if (is_callable('Subsite::changeSubsite')) {
         \Subsite::changeSubsite($origSubsite);
     }
     if ($adminGroup) {
         $member = $adminGroup->Members()->First();
     }
     if (!$adminGroup) {
         Group::singleton()->requireDefaultRecords();
         $adminGroup = Permission::get_groups_by_permission('ADMIN')->first();
     }
     if (!$member) {
         Member::singleton()->requireDefaultRecords();
         $member = Permission::get_members_by_permission('ADMIN')->first();
     }
     if (!$member) {
         $member = Member::default_admin();
     }
     if (!$member) {
         // Failover to a blank admin
         $member = Member::create();
         $member->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin');
         $member->write();
         // Add member to group instead of adding group to member
         // This bypasses the privilege escallation code in Member_GroupSet
         $adminGroup->DirectMembers()->add($member);
     }
     return $member;
 }
예제 #6
0
 /**
  * Check if the submitted member data is valid (server-side)
  *
  * Check if a member with that email doesn't already exist, or if it does
  * that it is this member.
  *
  * @param array $data Submitted data
  * @return bool Returns TRUE if the submitted data is valid, otherwise
  *              FALSE.
  */
 public function php($data)
 {
     $valid = parent::php($data);
     $identifierField = (string) Member::config()->unique_identifier_field;
     // Only validate identifier field if it's actually set. This could be the case if
     // somebody removes `Email` from the list of required fields.
     if (isset($data[$identifierField])) {
         $id = isset($data['ID']) ? (int) $data['ID'] : 0;
         if (!$id && ($ctrl = $this->form->getController())) {
             // get the record when within GridField (Member editing page in CMS)
             if ($ctrl instanceof GridFieldDetailForm_ItemRequest && ($record = $ctrl->getRecord())) {
                 $id = $record->ID;
             }
         }
         // If there's no ID passed via controller or form-data, use the assigned member (if available)
         if (!$id && ($member = $this->getForMember())) {
             $id = $member->exists() ? $member->ID : 0;
         }
         // set the found ID to the data array, so that extensions can also use it
         $data['ID'] = $id;
         $members = Member::get()->filter($identifierField, $data[$identifierField]);
         if ($id) {
             $members = $members->exclude('ID', $id);
         }
         if ($members->count() > 0) {
             $this->validationError($identifierField, _t('Member.VALIDATIONMEMBEREXISTS', 'A member already exists with the same {identifier}', array('identifier' => Member::singleton()->fieldLabel($identifierField))), 'required');
             $valid = false;
         }
     }
     // Execute the validators on the extensions
     $results = $this->extend('updatePHP', $data, $this->form);
     $results[] = $valid;
     return min($results);
 }
 /**
  * Test that extensions using updateCMSFields() are applied correctly
  */
 public function testUpdateCMSFields()
 {
     Member::add_extension('MemberTest_FieldsExtension');
     $member = Member::singleton();
     $fields = $member->getCMSFields();
     /** @skipUpgrade */
     $this->assertNotNull($fields->dataFieldByName('Email'), 'Scaffolded fields are retained');
     $this->assertNull($fields->dataFieldByName('Salt'), 'Field modifications run correctly');
     $this->assertNotNull($fields->dataFieldByName('TestMemberField'), 'Extension is applied correctly');
     Member::remove_extension('MemberTest_FieldsExtension');
 }
    /**
     * Constructor
     *
     * @skipUpgrade
     * @param Controller $controller The parent controller, necessary to
     *                               create the appropriate form action tag.
     * @param string $name The method on the controller that will return this
     *                     form object.
     * @param FieldList $fields All of the fields in the form - a
     *                                   {@link FieldList} of {@link FormField}
     *                                   objects.
     * @param FieldList|FormAction $actions All of the action buttons in the
     *                                     form - a {@link FieldList} of
     *                                     {@link FormAction} objects
     * @param bool $checkCurrentUser If set to TRUE, it will be checked if a
     *                               the user is currently logged in, and if
     *                               so, only a logout button will be rendered
     */
    public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
    {
        // This is now set on the class directly to make it easier to create subclasses
        // $this->authenticator_class = $authenticatorClassName;
        $customCSS = project() . '/css/member_login.css';
        if (Director::fileExists($customCSS)) {
            Requirements::css($customCSS);
        }
        if (isset($_REQUEST['BackURL'])) {
            $backURL = $_REQUEST['BackURL'];
        } else {
            $backURL = Session::get('BackURL');
        }
        if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) {
            $fields = FieldList::create(HiddenField::create("AuthenticationMethod", null, $this->authenticator_class, $this));
            $actions = FieldList::create(FormAction::create("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else")));
        } else {
            if (!$fields) {
                $label = Member::singleton()->fieldLabel(Member::config()->unique_identifier_field);
                $fields = FieldList::create(HiddenField::create("AuthenticationMethod", null, $this->authenticator_class, $this), $emailField = TextField::create("Email", $label, null, null, $this), PasswordField::create("Password", _t('Member.PASSWORD', 'Password')));
                if (Security::config()->remember_username) {
                    $emailField->setValue(Session::get('SessionForms.MemberLoginForm.Email'));
                } else {
                    // Some browsers won't respect this attribute unless it's added to the form
                    $this->setAttribute('autocomplete', 'off');
                    $emailField->setAttribute('autocomplete', 'off');
                }
                if (Security::config()->autologin_enabled) {
                    $fields->push(CheckboxField::create("Remember", _t('Member.KEEPMESIGNEDIN', "Keep me signed in"))->setAttribute('title', sprintf(_t('Member.REMEMBERME', "Remember me next time? (for %d days on this device)"), RememberLoginHash::config()->get('token_expiry_days'))));
                }
            }
            if (!$actions) {
                $actions = FieldList::create(FormAction::create('dologin', _t('Member.BUTTONLOGIN', "Log in")), LiteralField::create('forgotPassword', '<p id="ForgotPassword"><a href="' . Security::lost_password_url() . '">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'));
            }
        }
        if (isset($backURL)) {
            $fields->push(HiddenField::create('BackURL', 'BackURL', $backURL));
        }
        // Reduce attack surface by enforcing POST requests
        $this->setFormMethod('POST', true);
        parent::__construct($controller, $name, $fields, $actions);
        $this->setValidator(RequiredFields::create('Email', 'Password'));
        // Focus on the email input when the page is loaded
        $js = <<<JS
\t\t\t(function() {
\t\t\t\tvar el = document.getElementById("MemberLoginForm_LoginForm_Email");
\t\t\t\tif(el && el.focus && (typeof jQuery == 'undefined' || jQuery(el).is(':visible'))) el.focus();
\t\t\t})();
JS;
        Requirements::customScript($js, 'MemberLoginFormFieldFocus');
    }