silverstripe /
cwp-core
@@ -20,104 +20,104 @@ |
||
| 20 | 20 | */ |
| 21 | 21 | class CwpControllerExtensionTest extends SapphireTest |
| 22 | 22 | { |
| 23 | - /** |
|
| 24 | - * @var Controller |
|
| 25 | - */ |
|
| 26 | - protected $controller; |
|
| 23 | + /** |
|
| 24 | + * @var Controller |
|
| 25 | + */ |
|
| 26 | + protected $controller; |
|
| 27 | 27 | |
| 28 | - /** |
|
| 29 | - * @var CanonicalURLMiddleware |
|
| 30 | - */ |
|
| 31 | - protected $middlewareMock; |
|
| 28 | + /** |
|
| 29 | + * @var CanonicalURLMiddleware |
|
| 30 | + */ |
|
| 31 | + protected $middlewareMock; |
|
| 32 | 32 | |
| 33 | - protected function setUp() |
|
| 34 | - { |
|
| 35 | - parent::setUp(); |
|
| 33 | + protected function setUp() |
|
| 34 | + { |
|
| 35 | + parent::setUp(); |
|
| 36 | 36 | |
| 37 | - $this->logOut(); |
|
| 37 | + $this->logOut(); |
|
| 38 | 38 | |
| 39 | - $this->controller = new Controller(); |
|
| 39 | + $this->controller = new Controller(); |
|
| 40 | 40 | |
| 41 | - $request = new HTTPRequest('GET', '/'); |
|
| 42 | - $request->setSession(new Session([])); |
|
| 41 | + $request = new HTTPRequest('GET', '/'); |
|
| 42 | + $request->setSession(new Session([])); |
|
| 43 | 43 | |
| 44 | - $this->controller->setRequest($request); |
|
| 44 | + $this->controller->setRequest($request); |
|
| 45 | 45 | |
| 46 | - $this->middlewareMock = $this->getMockBuilder(CanonicalURLMiddleware::class) |
|
| 47 | - ->setMethods(['setForceSSL']) |
|
| 48 | - ->getMock(); |
|
| 46 | + $this->middlewareMock = $this->getMockBuilder(CanonicalURLMiddleware::class) |
|
| 47 | + ->setMethods(['setForceSSL']) |
|
| 48 | + ->getMock(); |
|
| 49 | 49 | |
| 50 | - Injector::inst()->registerService($this->middlewareMock, CanonicalURLMiddleware::class); |
|
| 51 | - } |
|
| 50 | + Injector::inst()->registerService($this->middlewareMock, CanonicalURLMiddleware::class); |
|
| 51 | + } |
|
| 52 | 52 | |
| 53 | - public function testRedirectsSSLToDomain() |
|
| 54 | - { |
|
| 55 | - Config::modify()->set(Director::class, 'alternate_base_url', 'http://nothttps.local'); |
|
| 53 | + public function testRedirectsSSLToDomain() |
|
| 54 | + { |
|
| 55 | + Config::modify()->set(Director::class, 'alternate_base_url', 'http://nothttps.local'); |
|
| 56 | 56 | |
| 57 | - // Expecting this to call forceSSL to forcedomain.org. |
|
| 58 | - $this->middlewareMock->expects($this->once()) |
|
| 59 | - ->method('setForceSSL') |
|
| 60 | - ->with(true) |
|
| 61 | - ->will($this->returnSelf()); |
|
| 57 | + // Expecting this to call forceSSL to forcedomain.org. |
|
| 58 | + $this->middlewareMock->expects($this->once()) |
|
| 59 | + ->method('setForceSSL') |
|
| 60 | + ->with(true) |
|
| 61 | + ->will($this->returnSelf()); |
|
| 62 | 62 | |
| 63 | - Config::modify()->set(CwpControllerExtension::class, 'ssl_redirection_enabled', true); |
|
| 64 | - Config::modify()->set(CwpControllerExtension::class, 'ssl_redirection_force_domain', 'forcedomain.org'); |
|
| 63 | + Config::modify()->set(CwpControllerExtension::class, 'ssl_redirection_enabled', true); |
|
| 64 | + Config::modify()->set(CwpControllerExtension::class, 'ssl_redirection_force_domain', 'forcedomain.org'); |
|
| 65 | 65 | |
| 66 | - $this->controller->handleRequest($this->controller->getRequest()); |
|
| 67 | - } |
|
| 66 | + $this->controller->handleRequest($this->controller->getRequest()); |
|
| 67 | + } |
|
| 68 | 68 | |
| 69 | - public function testRedirectsSSLToCurrentDomain() |
|
| 70 | - { |
|
| 71 | - Config::modify()->set(Director::class, 'alternate_base_url', 'http://nothttps.local'); |
|
| 69 | + public function testRedirectsSSLToCurrentDomain() |
|
| 70 | + { |
|
| 71 | + Config::modify()->set(Director::class, 'alternate_base_url', 'http://nothttps.local'); |
|
| 72 | 72 | |
| 73 | - // Expecting this to call forceSSL to current domain. |
|
| 74 | - $this->middlewareMock->expects($this->once()) |
|
| 75 | - ->method('setForceSSL') |
|
| 76 | - ->will($this->returnSelf()); |
|
| 73 | + // Expecting this to call forceSSL to current domain. |
|
| 74 | + $this->middlewareMock->expects($this->once()) |
|
| 75 | + ->method('setForceSSL') |
|
| 76 | + ->will($this->returnSelf()); |
|
| 77 | 77 | |
| 78 | - Config::modify()->set(CwpControllerExtension::class, 'ssl_redirection_enabled', true); |
|
| 79 | - Config::modify()->set(CwpControllerExtension::class, 'ssl_redirection_force_domain', false); |
|
| 78 | + Config::modify()->set(CwpControllerExtension::class, 'ssl_redirection_enabled', true); |
|
| 79 | + Config::modify()->set(CwpControllerExtension::class, 'ssl_redirection_force_domain', false); |
|
| 80 | 80 | |
| 81 | - $this->controller->handleRequest($this->controller->getRequest()); |
|
| 82 | - } |
|
| 81 | + $this->controller->handleRequest($this->controller->getRequest()); |
|
| 82 | + } |
|
| 83 | 83 | |
| 84 | - public function testRequiresLoginForTest() |
|
| 85 | - { |
|
| 86 | - Injector::inst()->get(Kernel::class)->setEnvironment('test'); |
|
| 84 | + public function testRequiresLoginForTest() |
|
| 85 | + { |
|
| 86 | + Injector::inst()->get(Kernel::class)->setEnvironment('test'); |
|
| 87 | 87 | |
| 88 | - try { |
|
| 89 | - $this->controller->handleRequest($this->controller->getRequest()); |
|
| 90 | - } catch (Exception $e) { |
|
| 91 | - $this->assertEquals($e->getResponse()->getStatusCode(), '401', 'Forces BasicAuth on test'); |
|
| 88 | + try { |
|
| 89 | + $this->controller->handleRequest($this->controller->getRequest()); |
|
| 90 | + } catch (Exception $e) { |
|
| 91 | + $this->assertEquals($e->getResponse()->getStatusCode(), '401', 'Forces BasicAuth on test'); |
|
| 92 | 92 | |
| 93 | - // We need to pop manually, since throwing an SS_HTTPResponse_Exception in onBeforeInit hijacks |
|
| 94 | - // the normal Controller control flow and confuses TestRunner (as they share global controller stack). |
|
| 95 | - $this->controller->popCurrent(); |
|
| 96 | - } |
|
| 97 | - } |
|
| 93 | + // We need to pop manually, since throwing an SS_HTTPResponse_Exception in onBeforeInit hijacks |
|
| 94 | + // the normal Controller control flow and confuses TestRunner (as they share global controller stack). |
|
| 95 | + $this->controller->popCurrent(); |
|
| 96 | + } |
|
| 97 | + } |
|
| 98 | 98 | |
| 99 | - public function testRequiresLoginForNonTest() |
|
| 100 | - { |
|
| 101 | - Injector::inst()->get(Kernel::class)->setEnvironment('live'); |
|
| 99 | + public function testRequiresLoginForNonTest() |
|
| 100 | + { |
|
| 101 | + Injector::inst()->get(Kernel::class)->setEnvironment('live'); |
|
| 102 | 102 | |
| 103 | - $response = $this->controller->handleRequest($this->controller->getRequest()); |
|
| 104 | - $this->assertEquals($response->getStatusCode(), '200', 'Does not force BasicAuth on live'); |
|
| 105 | - } |
|
| 103 | + $response = $this->controller->handleRequest($this->controller->getRequest()); |
|
| 104 | + $this->assertEquals($response->getStatusCode(), '200', 'Does not force BasicAuth on live'); |
|
| 105 | + } |
|
| 106 | 106 | |
| 107 | - public function testRequiresLoginForLiveWhenEnabled() |
|
| 108 | - { |
|
| 109 | - Config::modify()->set(CwpControllerExtension::class, 'live_basicauth_enabled', true); |
|
| 107 | + public function testRequiresLoginForLiveWhenEnabled() |
|
| 108 | + { |
|
| 109 | + Config::modify()->set(CwpControllerExtension::class, 'live_basicauth_enabled', true); |
|
| 110 | 110 | |
| 111 | - Injector::inst()->get(Kernel::class)->setEnvironment('live'); |
|
| 111 | + Injector::inst()->get(Kernel::class)->setEnvironment('live'); |
|
| 112 | 112 | |
| 113 | - try { |
|
| 114 | - $this->controller->handleRequest($this->controller->getRequest()); |
|
| 115 | - } catch (Exception $e) { |
|
| 116 | - $this->assertEquals($e->getResponse()->getStatusCode(), '401', 'Forces BasicAuth on live (optionally)'); |
|
| 113 | + try { |
|
| 114 | + $this->controller->handleRequest($this->controller->getRequest()); |
|
| 115 | + } catch (Exception $e) { |
|
| 116 | + $this->assertEquals($e->getResponse()->getStatusCode(), '401', 'Forces BasicAuth on live (optionally)'); |
|
| 117 | 117 | |
| 118 | - // We need to pop manually, since throwing an SS_HTTPResponse_Exception in onBeforeInit hijacks |
|
| 119 | - // the normal Controller control flow and confuses TestRunner (as they share global controller stack). |
|
| 120 | - $this->controller->popCurrent(); |
|
| 121 | - } |
|
| 122 | - } |
|
| 118 | + // We need to pop manually, since throwing an SS_HTTPResponse_Exception in onBeforeInit hijacks |
|
| 119 | + // the normal Controller control flow and confuses TestRunner (as they share global controller stack). |
|
| 120 | + $this->controller->popCurrent(); |
|
| 121 | + } |
|
| 122 | + } |
|
| 123 | 123 | } |
@@ -14,67 +14,67 @@ |
||
| 14 | 14 | |
| 15 | 15 | class AtomFeedTest extends SapphireTest |
| 16 | 16 | { |
| 17 | - protected static $original_host; |
|
| 17 | + protected static $original_host; |
|
| 18 | 18 | |
| 19 | - public function testAtomFeed() |
|
| 20 | - { |
|
| 21 | - $list = new ArrayList(); |
|
| 22 | - $list->push(new ItemA()); |
|
| 23 | - $list->push(new ItemB()); |
|
| 24 | - $list->push(new ItemC()); |
|
| 19 | + public function testAtomFeed() |
|
| 20 | + { |
|
| 21 | + $list = new ArrayList(); |
|
| 22 | + $list->push(new ItemA()); |
|
| 23 | + $list->push(new ItemB()); |
|
| 24 | + $list->push(new ItemC()); |
|
| 25 | 25 | |
| 26 | - $atomFeed = new CwpAtomFeed( |
|
| 27 | - $list, |
|
| 28 | - "http://www.example.com", |
|
| 29 | - "Test Atom Feed", |
|
| 30 | - "Test Atom Feed Description" |
|
| 31 | - ); |
|
| 32 | - $content = $atomFeed->outputToBrowser(); |
|
| 26 | + $atomFeed = new CwpAtomFeed( |
|
| 27 | + $list, |
|
| 28 | + "http://www.example.com", |
|
| 29 | + "Test Atom Feed", |
|
| 30 | + "Test Atom Feed Description" |
|
| 31 | + ); |
|
| 32 | + $content = $atomFeed->outputToBrowser(); |
|
| 33 | 33 | |
| 34 | - //Debug::message($content); |
|
| 35 | - $this->assertContains('<link href="http://www.example.org/item-a/" />', $content); |
|
| 36 | - $this->assertContains('<link href="http://www.example.com/item-b.html" />', $content); |
|
| 37 | - $this->assertContains('<link href="http://www.example.com/item-c.html" />', $content); |
|
| 34 | + //Debug::message($content); |
|
| 35 | + $this->assertContains('<link href="http://www.example.org/item-a/" />', $content); |
|
| 36 | + $this->assertContains('<link href="http://www.example.com/item-b.html" />', $content); |
|
| 37 | + $this->assertContains('<link href="http://www.example.com/item-c.html" />', $content); |
|
| 38 | 38 | |
| 39 | - $this->assertContains('<title type="html">ItemA</title>', $content); |
|
| 40 | - $this->assertContains('<title type="html">ItemB</title>', $content); |
|
| 41 | - $this->assertContains('<title type="html">ItemC</title>', $content); |
|
| 39 | + $this->assertContains('<title type="html">ItemA</title>', $content); |
|
| 40 | + $this->assertContains('<title type="html">ItemB</title>', $content); |
|
| 41 | + $this->assertContains('<title type="html">ItemC</title>', $content); |
|
| 42 | 42 | |
| 43 | - $this->assertContains("\tItemA Content\n", $content); |
|
| 44 | - $this->assertContains("\tItemB Content\n", $content); |
|
| 45 | - $this->assertContains("\tItemC Content\n", $content); |
|
| 46 | - } |
|
| 43 | + $this->assertContains("\tItemA Content\n", $content); |
|
| 44 | + $this->assertContains("\tItemB Content\n", $content); |
|
| 45 | + $this->assertContains("\tItemC Content\n", $content); |
|
| 46 | + } |
|
| 47 | 47 | |
| 48 | - public function testRenderWithTemplate() |
|
| 49 | - { |
|
| 50 | - $atomFeed = new CwpAtomFeed(new ArrayList(), "", "", ""); |
|
| 51 | - $content = $atomFeed->outputToBrowser(); |
|
| 52 | - // test we have switched from a RSS feed test template tot he AtomFeed template |
|
| 53 | - $this->assertNotContains('<title>Test Custom Template</title>', $content); |
|
| 54 | - } |
|
| 48 | + public function testRenderWithTemplate() |
|
| 49 | + { |
|
| 50 | + $atomFeed = new CwpAtomFeed(new ArrayList(), "", "", ""); |
|
| 51 | + $content = $atomFeed->outputToBrowser(); |
|
| 52 | + // test we have switched from a RSS feed test template tot he AtomFeed template |
|
| 53 | + $this->assertNotContains('<title>Test Custom Template</title>', $content); |
|
| 54 | + } |
|
| 55 | 55 | |
| 56 | - public function testLinkToFeed() |
|
| 57 | - { |
|
| 58 | - $link = AtomTagsStub::linkToFeed('atomLinkUrl', 'Atom feed of this blog'); |
|
| 59 | - $this->assertContains('atomLinkUrl', $link); |
|
| 60 | - $this->assertContains('Atom feed of this blog', $link); |
|
| 61 | - $this->assertContains('application/atom+xml', $link); |
|
| 62 | - } |
|
| 56 | + public function testLinkToFeed() |
|
| 57 | + { |
|
| 58 | + $link = AtomTagsStub::linkToFeed('atomLinkUrl', 'Atom feed of this blog'); |
|
| 59 | + $this->assertContains('atomLinkUrl', $link); |
|
| 60 | + $this->assertContains('Atom feed of this blog', $link); |
|
| 61 | + $this->assertContains('application/atom+xml', $link); |
|
| 62 | + } |
|
| 63 | 63 | |
| 64 | - protected function setUp() |
|
| 65 | - { |
|
| 66 | - parent::setUp(); |
|
| 67 | - Config::modify()->set(Director::class, 'alternate_base_url', '/'); |
|
| 68 | - if (!self::$original_host) { |
|
| 69 | - self::$original_host = $_SERVER['HTTP_HOST']; |
|
| 70 | - } |
|
| 71 | - $_SERVER['HTTP_HOST'] = 'www.example.org'; |
|
| 72 | - } |
|
| 64 | + protected function setUp() |
|
| 65 | + { |
|
| 66 | + parent::setUp(); |
|
| 67 | + Config::modify()->set(Director::class, 'alternate_base_url', '/'); |
|
| 68 | + if (!self::$original_host) { |
|
| 69 | + self::$original_host = $_SERVER['HTTP_HOST']; |
|
| 70 | + } |
|
| 71 | + $_SERVER['HTTP_HOST'] = 'www.example.org'; |
|
| 72 | + } |
|
| 73 | 73 | |
| 74 | - protected function tearDown() |
|
| 75 | - { |
|
| 76 | - parent::tearDown(); |
|
| 77 | - Config::modify()->set(Director::class, 'alternate_base_url', null); |
|
| 78 | - $_SERVER['HTTP_HOST'] = self::$original_host; |
|
| 79 | - } |
|
| 74 | + protected function tearDown() |
|
| 75 | + { |
|
| 76 | + parent::tearDown(); |
|
| 77 | + Config::modify()->set(Director::class, 'alternate_base_url', null); |
|
| 78 | + $_SERVER['HTTP_HOST'] = self::$original_host; |
|
| 79 | + } |
|
| 80 | 80 | } |
@@ -7,35 +7,35 @@ |
||
| 7 | 7 | |
| 8 | 8 | class RichLinksExtensionTest extends SapphireTest |
| 9 | 9 | { |
| 10 | - public function testContentLinkInjections() |
|
| 11 | - { |
|
| 12 | - $field = new DBText(); |
|
| 10 | + public function testContentLinkInjections() |
|
| 11 | + { |
|
| 12 | + $field = new DBText(); |
|
| 13 | 13 | |
| 14 | - // External links injection. |
|
| 15 | - $field->setValue('<a href="http://newzealand.govt.nz">New Zealand Government</a>'); |
|
| 16 | - $this->assertEquals( |
|
| 17 | - $field->RichLinks(), |
|
| 18 | - '<a class="external" rel="external" title="Open external link" ' |
|
| 19 | - . 'href="http://newzealand.govt.nz">New Zealand Government' |
|
| 20 | - .'<span class="nonvisual-indicator">(external link)</span></a>', |
|
| 21 | - 'Injects attributes to external link without target.' |
|
| 22 | - ); |
|
| 14 | + // External links injection. |
|
| 15 | + $field->setValue('<a href="http://newzealand.govt.nz">New Zealand Government</a>'); |
|
| 16 | + $this->assertEquals( |
|
| 17 | + $field->RichLinks(), |
|
| 18 | + '<a class="external" rel="external" title="Open external link" ' |
|
| 19 | + . 'href="http://newzealand.govt.nz">New Zealand Government' |
|
| 20 | + .'<span class="nonvisual-indicator">(external link)</span></a>', |
|
| 21 | + 'Injects attributes to external link without target.' |
|
| 22 | + ); |
|
| 23 | 23 | |
| 24 | - $field->setValue('<a href="http://newzealand.govt.nz" target="_blank">New Zealand Government</a>'); |
|
| 25 | - $this->assertEquals( |
|
| 26 | - $field->RichLinks(), |
|
| 27 | - '<a class="external" rel="external" title="Open external link" ' |
|
| 28 | - . 'href="http://newzealand.govt.nz" target="_blank">New Zealand Government' |
|
| 29 | - .'<span class="nonvisual-indicator">(external link)</span></a>', |
|
| 30 | - 'Injects attributes to external link with target, while keeping the existing attributes.' |
|
| 31 | - ); |
|
| 24 | + $field->setValue('<a href="http://newzealand.govt.nz" target="_blank">New Zealand Government</a>'); |
|
| 25 | + $this->assertEquals( |
|
| 26 | + $field->RichLinks(), |
|
| 27 | + '<a class="external" rel="external" title="Open external link" ' |
|
| 28 | + . 'href="http://newzealand.govt.nz" target="_blank">New Zealand Government' |
|
| 29 | + .'<span class="nonvisual-indicator">(external link)</span></a>', |
|
| 30 | + 'Injects attributes to external link with target, while keeping the existing attributes.' |
|
| 31 | + ); |
|
| 32 | 32 | |
| 33 | - // Check the normal links are not affected. |
|
| 34 | - $field->setValue('<a href="[sitetree_link,id=1]">Internal</a>'); |
|
| 35 | - $this->assertEquals( |
|
| 36 | - $field->RichLinks(), |
|
| 37 | - '<a href="[sitetree_link,id=1]">Internal</a>', |
|
| 38 | - 'Regular link is not modified.' |
|
| 39 | - ); |
|
| 40 | - } |
|
| 33 | + // Check the normal links are not affected. |
|
| 34 | + $field->setValue('<a href="[sitetree_link,id=1]">Internal</a>'); |
|
| 35 | + $this->assertEquals( |
|
| 36 | + $field->RichLinks(), |
|
| 37 | + '<a href="[sitetree_link,id=1]">Internal</a>', |
|
| 38 | + 'Regular link is not modified.' |
|
| 39 | + ); |
|
| 40 | + } |
|
| 41 | 41 | } |
@@ -9,35 +9,35 @@ |
||
| 9 | 9 | |
| 10 | 10 | class CwpStatsReportTest extends SapphireTest |
| 11 | 11 | { |
| 12 | - protected static $fixture_file = 'CwpStatsReportTest.yml'; |
|
| 12 | + protected static $fixture_file = 'CwpStatsReportTest.yml'; |
|
| 13 | 13 | |
| 14 | - public function testCount() |
|
| 15 | - { |
|
| 16 | - // Publish all pages apart from page3. |
|
| 17 | - $this->objFromFixture(Page::class, 'page1')->publishRecursive(); |
|
| 18 | - $this->objFromFixture(Page::class, 'page2')->publishRecursive(); |
|
| 19 | - $this->objFromFixture(Page::class, 'page3')->publishRecursive(); |
|
| 14 | + public function testCount() |
|
| 15 | + { |
|
| 16 | + // Publish all pages apart from page3. |
|
| 17 | + $this->objFromFixture(Page::class, 'page1')->publishRecursive(); |
|
| 18 | + $this->objFromFixture(Page::class, 'page2')->publishRecursive(); |
|
| 19 | + $this->objFromFixture(Page::class, 'page3')->publishRecursive(); |
|
| 20 | 20 | |
| 21 | - // Add page5s to a subsite, if the module is installed. |
|
| 22 | - $page5s = $this->objFromFixture(Page::class, 'page5s'); |
|
| 23 | - if (class_exists(Subsite::class)) { |
|
| 24 | - $subsite = Subsite::create(); |
|
| 25 | - $subsite->Title = 'subsite'; |
|
| 26 | - $subsite->write(); |
|
| 21 | + // Add page5s to a subsite, if the module is installed. |
|
| 22 | + $page5s = $this->objFromFixture(Page::class, 'page5s'); |
|
| 23 | + if (class_exists(Subsite::class)) { |
|
| 24 | + $subsite = Subsite::create(); |
|
| 25 | + $subsite->Title = 'subsite'; |
|
| 26 | + $subsite->write(); |
|
| 27 | 27 | |
| 28 | - $page5s->SubsiteID = $subsite->ID; |
|
| 29 | - $page5s->write(); |
|
| 30 | - } |
|
| 31 | - $page5s->publishRecursive(); |
|
| 28 | + $page5s->SubsiteID = $subsite->ID; |
|
| 29 | + $page5s->write(); |
|
| 30 | + } |
|
| 31 | + $page5s->publishRecursive(); |
|
| 32 | 32 | |
| 33 | - $report = CwpStatsReport::create(); |
|
| 34 | - $records = $report->sourceRecords([])->toArray(); |
|
| 35 | - $i = 0; |
|
| 36 | - $this->assertEquals($records[$i++]['Count'], 4, 'Four pages in total, across locales, subsites, live only.'); |
|
| 37 | - if (class_exists(Subsite::class)) { |
|
| 38 | - $this->assertEquals($records[$i++]['Count'], 3, 'Three pages in the main site, if subsites installed.'); |
|
| 39 | - $this->assertEquals($records[$i++]['Count'], 1, 'One page in the subsite, if subsites installed'); |
|
| 40 | - } |
|
| 41 | - $this->assertEquals($records[$i++]['Count'], 1, 'One file in total.'); |
|
| 42 | - } |
|
| 33 | + $report = CwpStatsReport::create(); |
|
| 34 | + $records = $report->sourceRecords([])->toArray(); |
|
| 35 | + $i = 0; |
|
| 36 | + $this->assertEquals($records[$i++]['Count'], 4, 'Four pages in total, across locales, subsites, live only.'); |
|
| 37 | + if (class_exists(Subsite::class)) { |
|
| 38 | + $this->assertEquals($records[$i++]['Count'], 3, 'Three pages in the main site, if subsites installed.'); |
|
| 39 | + $this->assertEquals($records[$i++]['Count'], 1, 'One page in the subsite, if subsites installed'); |
|
| 40 | + } |
|
| 41 | + $this->assertEquals($records[$i++]['Count'], 1, 'One file in total.'); |
|
| 42 | + } |
|
| 43 | 43 | } |
@@ -11,11 +11,11 @@ |
||
| 11 | 11 | */ |
| 12 | 12 | class AtomTagsStub implements TestOnly |
| 13 | 13 | { |
| 14 | - public static function linkToFeed($url, $title = null) |
|
| 15 | - { |
|
| 16 | - $link = '<link rel="alternate" type="application/atom+xml" title="' . $title . |
|
| 17 | - '" href="' . $url . '" />'; |
|
| 18 | - CwpAtomFeed::linkToFeed($url, $title); |
|
| 19 | - return $link; |
|
| 20 | - } |
|
| 14 | + public static function linkToFeed($url, $title = null) |
|
| 15 | + { |
|
| 16 | + $link = '<link rel="alternate" type="application/atom+xml" title="' . $title . |
|
| 17 | + '" href="' . $url . '" />'; |
|
| 18 | + CwpAtomFeed::linkToFeed($url, $title); |
|
| 19 | + return $link; |
|
| 20 | + } |
|
| 21 | 21 | } |
@@ -7,33 +7,33 @@ |
||
| 7 | 7 | |
| 8 | 8 | class ItemC extends ViewableData implements TestOnly |
| 9 | 9 | { |
| 10 | - // ItemC tests fields - Title has casting, Content doesn't. |
|
| 11 | - private static $casting = [ |
|
| 12 | - 'Title' => 'Varchar', |
|
| 13 | - 'AltContent' => 'Text', |
|
| 14 | - ]; |
|
| 15 | - |
|
| 16 | - public $Title = 'ItemC'; |
|
| 17 | - |
|
| 18 | - public function Title() |
|
| 19 | - { |
|
| 20 | - return "ItemC"; |
|
| 21 | - } |
|
| 22 | - |
|
| 23 | - public function Content() |
|
| 24 | - { |
|
| 25 | - return "ItemC Content"; |
|
| 26 | - } |
|
| 27 | - |
|
| 28 | - public $AltContent = "ItemC AltContent"; |
|
| 29 | - |
|
| 30 | - public function Link() |
|
| 31 | - { |
|
| 32 | - return "item-c.html"; |
|
| 33 | - } |
|
| 34 | - |
|
| 35 | - public function AbsoluteLink() |
|
| 36 | - { |
|
| 37 | - return "http://www.example.com/item-c.html"; |
|
| 38 | - } |
|
| 10 | + // ItemC tests fields - Title has casting, Content doesn't. |
|
| 11 | + private static $casting = [ |
|
| 12 | + 'Title' => 'Varchar', |
|
| 13 | + 'AltContent' => 'Text', |
|
| 14 | + ]; |
|
| 15 | + |
|
| 16 | + public $Title = 'ItemC'; |
|
| 17 | + |
|
| 18 | + public function Title() |
|
| 19 | + { |
|
| 20 | + return "ItemC"; |
|
| 21 | + } |
|
| 22 | + |
|
| 23 | + public function Content() |
|
| 24 | + { |
|
| 25 | + return "ItemC Content"; |
|
| 26 | + } |
|
| 27 | + |
|
| 28 | + public $AltContent = "ItemC AltContent"; |
|
| 29 | + |
|
| 30 | + public function Link() |
|
| 31 | + { |
|
| 32 | + return "item-c.html"; |
|
| 33 | + } |
|
| 34 | + |
|
| 35 | + public function AbsoluteLink() |
|
| 36 | + { |
|
| 37 | + return "http://www.example.com/item-c.html"; |
|
| 38 | + } |
|
| 39 | 39 | } |
@@ -7,26 +7,26 @@ |
||
| 7 | 7 | |
| 8 | 8 | class ItemB extends ViewableData implements TestOnly |
| 9 | 9 | { |
| 10 | - // ItemB tests without $casting |
|
| 11 | - public $Title = 'ItemB'; |
|
| 10 | + // ItemB tests without $casting |
|
| 11 | + public $Title = 'ItemB'; |
|
| 12 | 12 | |
| 13 | - public function Title() |
|
| 14 | - { |
|
| 15 | - return "ItemB"; |
|
| 16 | - } |
|
| 13 | + public function Title() |
|
| 14 | + { |
|
| 15 | + return "ItemB"; |
|
| 16 | + } |
|
| 17 | 17 | |
| 18 | - public function AbsoluteLink() |
|
| 19 | - { |
|
| 20 | - return "http://www.example.com/item-b.html"; |
|
| 21 | - } |
|
| 18 | + public function AbsoluteLink() |
|
| 19 | + { |
|
| 20 | + return "http://www.example.com/item-b.html"; |
|
| 21 | + } |
|
| 22 | 22 | |
| 23 | - public function Content() |
|
| 24 | - { |
|
| 25 | - return "ItemB Content"; |
|
| 26 | - } |
|
| 23 | + public function Content() |
|
| 24 | + { |
|
| 25 | + return "ItemB Content"; |
|
| 26 | + } |
|
| 27 | 27 | |
| 28 | - public function AltContent() |
|
| 29 | - { |
|
| 30 | - return "ItemB AltContent"; |
|
| 31 | - } |
|
| 28 | + public function AltContent() |
|
| 29 | + { |
|
| 30 | + return "ItemB AltContent"; |
|
| 31 | + } |
|
| 32 | 32 | } |
@@ -8,32 +8,32 @@ |
||
| 8 | 8 | |
| 9 | 9 | class ItemA extends ViewableData implements TestOnly |
| 10 | 10 | { |
| 11 | - // Atom-feed items must have $casting/$db information. |
|
| 12 | - private static $casting = [ |
|
| 13 | - 'Title' => 'Varchar', |
|
| 14 | - 'Content' => 'Text', |
|
| 15 | - 'AltContent' => 'Text', |
|
| 16 | - ]; |
|
| 17 | - |
|
| 18 | - public $Title = 'ItemA'; |
|
| 19 | - |
|
| 20 | - public function Title() |
|
| 21 | - { |
|
| 22 | - return "ItemA"; |
|
| 23 | - } |
|
| 24 | - |
|
| 25 | - public function Content() |
|
| 26 | - { |
|
| 27 | - return "ItemA Content"; |
|
| 28 | - } |
|
| 29 | - |
|
| 30 | - public function AltContent() |
|
| 31 | - { |
|
| 32 | - return "ItemA AltContent"; |
|
| 33 | - } |
|
| 34 | - |
|
| 35 | - public function Link($action = null) |
|
| 36 | - { |
|
| 37 | - return Controller::join_links("item-a/", $action); |
|
| 38 | - } |
|
| 11 | + // Atom-feed items must have $casting/$db information. |
|
| 12 | + private static $casting = [ |
|
| 13 | + 'Title' => 'Varchar', |
|
| 14 | + 'Content' => 'Text', |
|
| 15 | + 'AltContent' => 'Text', |
|
| 16 | + ]; |
|
| 17 | + |
|
| 18 | + public $Title = 'ItemA'; |
|
| 19 | + |
|
| 20 | + public function Title() |
|
| 21 | + { |
|
| 22 | + return "ItemA"; |
|
| 23 | + } |
|
| 24 | + |
|
| 25 | + public function Content() |
|
| 26 | + { |
|
| 27 | + return "ItemA Content"; |
|
| 28 | + } |
|
| 29 | + |
|
| 30 | + public function AltContent() |
|
| 31 | + { |
|
| 32 | + return "ItemA AltContent"; |
|
| 33 | + } |
|
| 34 | + |
|
| 35 | + public function Link($action = null) |
|
| 36 | + { |
|
| 37 | + return Controller::join_links("item-a/", $action); |
|
| 38 | + } |
|
| 39 | 39 | } |
@@ -18,194 +18,194 @@ |
||
| 18 | 18 | class CwpControllerExtension extends Extension implements PermissionProvider |
| 19 | 19 | { |
| 20 | 20 | |
| 21 | - /** |
|
| 22 | - * Enables SSL redirections - disabling not recommended as it will prevent forcing SSL on admin panel. |
|
| 23 | - * |
|
| 24 | - * @config |
|
| 25 | - * @var bool |
|
| 26 | - */ |
|
| 27 | - private static $ssl_redirection_enabled = true; |
|
| 28 | - |
|
| 29 | - /** |
|
| 30 | - * Specify a domain to redirect the vulnerable areas to. |
|
| 31 | - * |
|
| 32 | - * If left as null, live instance will set this to <instance-id>.cwp.govt.nz via CWP_SECURE_DOMAIN in _config.php. |
|
| 33 | - * This allows us to automatically protect vulnerable areas on live even if the frontend cert is not installed. |
|
| 34 | - * |
|
| 35 | - * Set to false to redirect to https protocol on current domain (e.g. if you have frontend cert). |
|
| 36 | - * |
|
| 37 | - * Set to a domain string (e.g. 'example.com') to force that domain. |
|
| 38 | - * |
|
| 39 | - * @config |
|
| 40 | - * @var string |
|
| 41 | - */ |
|
| 42 | - private static $ssl_redirection_force_domain = null; |
|
| 43 | - |
|
| 44 | - /** |
|
| 45 | - * Enables the BasicAuth protection on all test environments. Disable with caution - it will open up |
|
| 46 | - * all your UAT and test environments to the world. |
|
| 47 | - * |
|
| 48 | - * @config |
|
| 49 | - * @var bool |
|
| 50 | - */ |
|
| 51 | - private static $test_basicauth_enabled = true; |
|
| 52 | - |
|
| 53 | - /** |
|
| 54 | - * Enables the BasicAuth protection on all live environments. |
|
| 55 | - * Useful for securing sites prior to public launch. |
|
| 56 | - * |
|
| 57 | - * @config |
|
| 58 | - * @var bool |
|
| 59 | - */ |
|
| 60 | - private static $live_basicauth_enabled = false; |
|
| 61 | - |
|
| 62 | - /** |
|
| 63 | - * This executes the passed callback with subsite filter disabled, |
|
| 64 | - * then enabled the filter again before returning the callback result |
|
| 65 | - * (or throwing the exception the callback raised) |
|
| 66 | - * |
|
| 67 | - * @param callback $callback - The callback to execute |
|
| 68 | - * @return mixed The result of the callback |
|
| 69 | - * @throws Exception Any exception the callback raised |
|
| 70 | - */ |
|
| 71 | - protected function callWithSubsitesDisabled($callback) |
|
| 72 | - { |
|
| 73 | - $rv = null; |
|
| 74 | - |
|
| 75 | - try { |
|
| 76 | - if (class_exists(Subsite::class)) { |
|
| 77 | - Subsite::disable_subsite_filter(true); |
|
| 78 | - } |
|
| 79 | - |
|
| 80 | - $rv = call_user_func($callback); |
|
| 81 | - } catch (Exception $e) { |
|
| 82 | - if (class_exists(Subsite::class)) { |
|
| 83 | - Subsite::disable_subsite_filter(false); |
|
| 84 | - } |
|
| 85 | - |
|
| 86 | - throw $e; |
|
| 87 | - } |
|
| 88 | - |
|
| 89 | - if (class_exists(Subsite::class)) { |
|
| 90 | - Subsite::disable_subsite_filter(false); |
|
| 91 | - } |
|
| 92 | - |
|
| 93 | - return $rv; |
|
| 94 | - } |
|
| 95 | - |
|
| 96 | - /** |
|
| 97 | - * Trigger Basic Auth protection, except when there's a reason to bypass it |
|
| 98 | - * - The source IP address is in the comma-seperated string in the constant CWP_IP_BYPASS_BASICAUTH |
|
| 99 | - * (so Pingdom, etc, can access the site) |
|
| 100 | - * - There is an identifiable member, that member has the ACCESS_UAT_SERVER permission, and they're trying |
|
| 101 | - * to access a white-list of URLs (so people following a reset password link can reset their password) |
|
| 102 | - */ |
|
| 103 | - protected function triggerBasicAuthProtection() |
|
| 104 | - { |
|
| 105 | - $allowWithoutAuth = false; |
|
| 106 | - |
|
| 107 | - // Allow whitelisting IPs for bypassing the basic auth. |
|
| 108 | - if (Environment::getEnv('CWP_IP_BYPASS_BASICAUTH')) { |
|
| 109 | - $remote = $_SERVER['REMOTE_ADDR']; |
|
| 110 | - $bypass = explode(',', Environment::getEnv('CWP_IP_BYPASS_BASICAUTH')); |
|
| 111 | - |
|
| 112 | - if (in_array($remote, $bypass)) { |
|
| 113 | - $allowWithoutAuth = true; |
|
| 114 | - } |
|
| 115 | - } |
|
| 116 | - |
|
| 117 | - // First, see if we can get a member to act on, either from a changepassword token or the session |
|
| 118 | - if (isset($_REQUEST['m']) && isset($_REQUEST['t'])) { |
|
| 119 | - $member = Member::get()->filter('ID', (int) $_REQUEST['m'])->first(); |
|
| 120 | - |
|
| 121 | - if (!$member->validateAutoLoginToken($_REQUEST['t'])) { |
|
| 122 | - $member = null; |
|
| 123 | - } |
|
| 124 | - } elseif ($this->owner->getRequest()->getSession()->get('AutoLoginHash')) { |
|
| 125 | - $member = Member::member_from_autologinhash( |
|
| 126 | - $this->owner->getRequest()->getSession()->get('AutoLoginHash') |
|
| 127 | - ); |
|
| 128 | - } else { |
|
| 129 | - $member = Security::getCurrentUser(); |
|
| 130 | - } |
|
| 131 | - |
|
| 132 | - // Then, if they have the right permissions, check the allowed URLs |
|
| 133 | - $existingMemberCanAccessUAT = $member && $this->callWithSubsitesDisabled(function () use ($member) { |
|
| 134 | - return Permission::checkMember($member, 'ACCESS_UAT_SERVER'); |
|
| 135 | - }); |
|
| 136 | - |
|
| 137 | - if ($existingMemberCanAccessUAT) { |
|
| 138 | - $allowed = array( |
|
| 139 | - '/^Security\/changepassword/', |
|
| 140 | - '/^Security\/ChangePasswordForm/' |
|
| 141 | - ); |
|
| 142 | - |
|
| 143 | - $relativeURL = Director::makeRelative(Director::absoluteURL($_SERVER['REQUEST_URI'])); |
|
| 144 | - |
|
| 145 | - foreach ($allowed as $pattern) { |
|
| 146 | - $allowWithoutAuth = $allowWithoutAuth || preg_match($pattern, $relativeURL); |
|
| 147 | - } |
|
| 148 | - } |
|
| 149 | - |
|
| 150 | - // Finally if they weren't allowed to bypass Basic Auth, trigger it |
|
| 151 | - if (!$allowWithoutAuth) { |
|
| 152 | - $this->callWithSubsitesDisabled(function () { |
|
| 153 | - BasicAuth::requireLogin( |
|
| 154 | - $this->owner->getRequest(), |
|
| 155 | - _t(__CLASS__ . '.LoginPrompt', "Please log in with your CMS credentials"), |
|
| 156 | - 'ACCESS_UAT_SERVER', |
|
| 157 | - true |
|
| 158 | - ); |
|
| 159 | - }); |
|
| 160 | - } |
|
| 161 | - } |
|
| 162 | - |
|
| 163 | - /** |
|
| 164 | - * @return void |
|
| 165 | - */ |
|
| 166 | - public function onBeforeInit() |
|
| 167 | - { |
|
| 168 | - // Grab global injectable service to allow testing. |
|
| 169 | - $director = Injector::inst()->get(Director::class); |
|
| 170 | - |
|
| 171 | - if (Config::inst()->get(__CLASS__, 'ssl_redirection_enabled')) { |
|
| 172 | - // redirect some vulnerable areas to the secure domain |
|
| 173 | - if (!$director::is_https()) { |
|
| 174 | - $forceDomain = Config::inst()->get(__CLASS__, 'ssl_redirection_force_domain'); |
|
| 175 | - |
|
| 176 | - if ($forceDomain) { |
|
| 177 | - $director::forceSSL(['/^Security/', '/^api/'], $forceDomain); |
|
| 178 | - } else { |
|
| 179 | - $director::forceSSL(['/^Security/', '/^api/']); |
|
| 180 | - } |
|
| 181 | - } |
|
| 182 | - } |
|
| 183 | - |
|
| 184 | - if (Config::inst()->get(__CLASS__, 'test_basicauth_enabled')) { |
|
| 185 | - // Turn on Basic Auth in testing mode |
|
| 186 | - if ($director::isTest()) { |
|
| 187 | - $this->triggerBasicAuthProtection(); |
|
| 188 | - } |
|
| 189 | - } |
|
| 190 | - |
|
| 191 | - if (Config::inst()->get(__CLASS__, 'live_basicauth_enabled')) { |
|
| 192 | - // Turn on Basic Auth in live mode |
|
| 193 | - if ($director::isLive()) { |
|
| 194 | - $this->triggerBasicAuthProtection(); |
|
| 195 | - } |
|
| 196 | - } |
|
| 197 | - } |
|
| 198 | - |
|
| 199 | - /** |
|
| 200 | - * @return array |
|
| 201 | - */ |
|
| 202 | - public function providePermissions() |
|
| 203 | - { |
|
| 204 | - return [ |
|
| 205 | - 'ACCESS_UAT_SERVER' => _t( |
|
| 206 | - __CLASS__ . '.UatServerPermission', |
|
| 207 | - 'Allow users to use their accounts to access the UAT server' |
|
| 208 | - ) |
|
| 209 | - ]; |
|
| 210 | - } |
|
| 21 | + /** |
|
| 22 | + * Enables SSL redirections - disabling not recommended as it will prevent forcing SSL on admin panel. |
|
| 23 | + * |
|
| 24 | + * @config |
|
| 25 | + * @var bool |
|
| 26 | + */ |
|
| 27 | + private static $ssl_redirection_enabled = true; |
|
| 28 | + |
|
| 29 | + /** |
|
| 30 | + * Specify a domain to redirect the vulnerable areas to. |
|
| 31 | + * |
|
| 32 | + * If left as null, live instance will set this to <instance-id>.cwp.govt.nz via CWP_SECURE_DOMAIN in _config.php. |
|
| 33 | + * This allows us to automatically protect vulnerable areas on live even if the frontend cert is not installed. |
|
| 34 | + * |
|
| 35 | + * Set to false to redirect to https protocol on current domain (e.g. if you have frontend cert). |
|
| 36 | + * |
|
| 37 | + * Set to a domain string (e.g. 'example.com') to force that domain. |
|
| 38 | + * |
|
| 39 | + * @config |
|
| 40 | + * @var string |
|
| 41 | + */ |
|
| 42 | + private static $ssl_redirection_force_domain = null; |
|
| 43 | + |
|
| 44 | + /** |
|
| 45 | + * Enables the BasicAuth protection on all test environments. Disable with caution - it will open up |
|
| 46 | + * all your UAT and test environments to the world. |
|
| 47 | + * |
|
| 48 | + * @config |
|
| 49 | + * @var bool |
|
| 50 | + */ |
|
| 51 | + private static $test_basicauth_enabled = true; |
|
| 52 | + |
|
| 53 | + /** |
|
| 54 | + * Enables the BasicAuth protection on all live environments. |
|
| 55 | + * Useful for securing sites prior to public launch. |
|
| 56 | + * |
|
| 57 | + * @config |
|
| 58 | + * @var bool |
|
| 59 | + */ |
|
| 60 | + private static $live_basicauth_enabled = false; |
|
| 61 | + |
|
| 62 | + /** |
|
| 63 | + * This executes the passed callback with subsite filter disabled, |
|
| 64 | + * then enabled the filter again before returning the callback result |
|
| 65 | + * (or throwing the exception the callback raised) |
|
| 66 | + * |
|
| 67 | + * @param callback $callback - The callback to execute |
|
| 68 | + * @return mixed The result of the callback |
|
| 69 | + * @throws Exception Any exception the callback raised |
|
| 70 | + */ |
|
| 71 | + protected function callWithSubsitesDisabled($callback) |
|
| 72 | + { |
|
| 73 | + $rv = null; |
|
| 74 | + |
|
| 75 | + try { |
|
| 76 | + if (class_exists(Subsite::class)) { |
|
| 77 | + Subsite::disable_subsite_filter(true); |
|
| 78 | + } |
|
| 79 | + |
|
| 80 | + $rv = call_user_func($callback); |
|
| 81 | + } catch (Exception $e) { |
|
| 82 | + if (class_exists(Subsite::class)) { |
|
| 83 | + Subsite::disable_subsite_filter(false); |
|
| 84 | + } |
|
| 85 | + |
|
| 86 | + throw $e; |
|
| 87 | + } |
|
| 88 | + |
|
| 89 | + if (class_exists(Subsite::class)) { |
|
| 90 | + Subsite::disable_subsite_filter(false); |
|
| 91 | + } |
|
| 92 | + |
|
| 93 | + return $rv; |
|
| 94 | + } |
|
| 95 | + |
|
| 96 | + /** |
|
| 97 | + * Trigger Basic Auth protection, except when there's a reason to bypass it |
|
| 98 | + * - The source IP address is in the comma-seperated string in the constant CWP_IP_BYPASS_BASICAUTH |
|
| 99 | + * (so Pingdom, etc, can access the site) |
|
| 100 | + * - There is an identifiable member, that member has the ACCESS_UAT_SERVER permission, and they're trying |
|
| 101 | + * to access a white-list of URLs (so people following a reset password link can reset their password) |
|
| 102 | + */ |
|
| 103 | + protected function triggerBasicAuthProtection() |
|
| 104 | + { |
|
| 105 | + $allowWithoutAuth = false; |
|
| 106 | + |
|
| 107 | + // Allow whitelisting IPs for bypassing the basic auth. |
|
| 108 | + if (Environment::getEnv('CWP_IP_BYPASS_BASICAUTH')) { |
|
| 109 | + $remote = $_SERVER['REMOTE_ADDR']; |
|
| 110 | + $bypass = explode(',', Environment::getEnv('CWP_IP_BYPASS_BASICAUTH')); |
|
| 111 | + |
|
| 112 | + if (in_array($remote, $bypass)) { |
|
| 113 | + $allowWithoutAuth = true; |
|
| 114 | + } |
|
| 115 | + } |
|
| 116 | + |
|
| 117 | + // First, see if we can get a member to act on, either from a changepassword token or the session |
|
| 118 | + if (isset($_REQUEST['m']) && isset($_REQUEST['t'])) { |
|
| 119 | + $member = Member::get()->filter('ID', (int) $_REQUEST['m'])->first(); |
|
| 120 | + |
|
| 121 | + if (!$member->validateAutoLoginToken($_REQUEST['t'])) { |
|
| 122 | + $member = null; |
|
| 123 | + } |
|
| 124 | + } elseif ($this->owner->getRequest()->getSession()->get('AutoLoginHash')) { |
|
| 125 | + $member = Member::member_from_autologinhash( |
|
| 126 | + $this->owner->getRequest()->getSession()->get('AutoLoginHash') |
|
| 127 | + ); |
|
| 128 | + } else { |
|
| 129 | + $member = Security::getCurrentUser(); |
|
| 130 | + } |
|
| 131 | + |
|
| 132 | + // Then, if they have the right permissions, check the allowed URLs |
|
| 133 | + $existingMemberCanAccessUAT = $member && $this->callWithSubsitesDisabled(function () use ($member) { |
|
| 134 | + return Permission::checkMember($member, 'ACCESS_UAT_SERVER'); |
|
| 135 | + }); |
|
| 136 | + |
|
| 137 | + if ($existingMemberCanAccessUAT) { |
|
| 138 | + $allowed = array( |
|
| 139 | + '/^Security\/changepassword/', |
|
| 140 | + '/^Security\/ChangePasswordForm/' |
|
| 141 | + ); |
|
| 142 | + |
|
| 143 | + $relativeURL = Director::makeRelative(Director::absoluteURL($_SERVER['REQUEST_URI'])); |
|
| 144 | + |
|
| 145 | + foreach ($allowed as $pattern) { |
|
| 146 | + $allowWithoutAuth = $allowWithoutAuth || preg_match($pattern, $relativeURL); |
|
| 147 | + } |
|
| 148 | + } |
|
| 149 | + |
|
| 150 | + // Finally if they weren't allowed to bypass Basic Auth, trigger it |
|
| 151 | + if (!$allowWithoutAuth) { |
|
| 152 | + $this->callWithSubsitesDisabled(function () { |
|
| 153 | + BasicAuth::requireLogin( |
|
| 154 | + $this->owner->getRequest(), |
|
| 155 | + _t(__CLASS__ . '.LoginPrompt', "Please log in with your CMS credentials"), |
|
| 156 | + 'ACCESS_UAT_SERVER', |
|
| 157 | + true |
|
| 158 | + ); |
|
| 159 | + }); |
|
| 160 | + } |
|
| 161 | + } |
|
| 162 | + |
|
| 163 | + /** |
|
| 164 | + * @return void |
|
| 165 | + */ |
|
| 166 | + public function onBeforeInit() |
|
| 167 | + { |
|
| 168 | + // Grab global injectable service to allow testing. |
|
| 169 | + $director = Injector::inst()->get(Director::class); |
|
| 170 | + |
|
| 171 | + if (Config::inst()->get(__CLASS__, 'ssl_redirection_enabled')) { |
|
| 172 | + // redirect some vulnerable areas to the secure domain |
|
| 173 | + if (!$director::is_https()) { |
|
| 174 | + $forceDomain = Config::inst()->get(__CLASS__, 'ssl_redirection_force_domain'); |
|
| 175 | + |
|
| 176 | + if ($forceDomain) { |
|
| 177 | + $director::forceSSL(['/^Security/', '/^api/'], $forceDomain); |
|
| 178 | + } else { |
|
| 179 | + $director::forceSSL(['/^Security/', '/^api/']); |
|
| 180 | + } |
|
| 181 | + } |
|
| 182 | + } |
|
| 183 | + |
|
| 184 | + if (Config::inst()->get(__CLASS__, 'test_basicauth_enabled')) { |
|
| 185 | + // Turn on Basic Auth in testing mode |
|
| 186 | + if ($director::isTest()) { |
|
| 187 | + $this->triggerBasicAuthProtection(); |
|
| 188 | + } |
|
| 189 | + } |
|
| 190 | + |
|
| 191 | + if (Config::inst()->get(__CLASS__, 'live_basicauth_enabled')) { |
|
| 192 | + // Turn on Basic Auth in live mode |
|
| 193 | + if ($director::isLive()) { |
|
| 194 | + $this->triggerBasicAuthProtection(); |
|
| 195 | + } |
|
| 196 | + } |
|
| 197 | + } |
|
| 198 | + |
|
| 199 | + /** |
|
| 200 | + * @return array |
|
| 201 | + */ |
|
| 202 | + public function providePermissions() |
|
| 203 | + { |
|
| 204 | + return [ |
|
| 205 | + 'ACCESS_UAT_SERVER' => _t( |
|
| 206 | + __CLASS__ . '.UatServerPermission', |
|
| 207 | + 'Allow users to use their accounts to access the UAT server' |
|
| 208 | + ) |
|
| 209 | + ]; |
|
| 210 | + } |
|
| 211 | 211 | } |
@@ -116,7 +116,7 @@ discard block |
||
| 116 | 116 | |
| 117 | 117 | // First, see if we can get a member to act on, either from a changepassword token or the session |
| 118 | 118 | if (isset($_REQUEST['m']) && isset($_REQUEST['t'])) { |
| 119 | - $member = Member::get()->filter('ID', (int) $_REQUEST['m'])->first(); |
|
| 119 | + $member = Member::get()->filter('ID', (int)$_REQUEST['m'])->first(); |
|
| 120 | 120 | |
| 121 | 121 | if (!$member->validateAutoLoginToken($_REQUEST['t'])) { |
| 122 | 122 | $member = null; |
@@ -130,7 +130,7 @@ discard block |
||
| 130 | 130 | } |
| 131 | 131 | |
| 132 | 132 | // Then, if they have the right permissions, check the allowed URLs |
| 133 | - $existingMemberCanAccessUAT = $member && $this->callWithSubsitesDisabled(function () use ($member) { |
|
| 133 | + $existingMemberCanAccessUAT = $member && $this->callWithSubsitesDisabled(function() use ($member) { |
|
| 134 | 134 | return Permission::checkMember($member, 'ACCESS_UAT_SERVER'); |
| 135 | 135 | }); |
| 136 | 136 | |
@@ -149,7 +149,7 @@ discard block |
||
| 149 | 149 | |
| 150 | 150 | // Finally if they weren't allowed to bypass Basic Auth, trigger it |
| 151 | 151 | if (!$allowWithoutAuth) { |
| 152 | - $this->callWithSubsitesDisabled(function () { |
|
| 152 | + $this->callWithSubsitesDisabled(function() { |
|
| 153 | 153 | BasicAuth::requireLogin( |
| 154 | 154 | $this->owner->getRequest(), |
| 155 | 155 | _t(__CLASS__ . '.LoginPrompt', "Please log in with your CMS credentials"), |
