-
-
Notifications
You must be signed in to change notification settings - Fork 326
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: Identify and fix Authentication issue(s). #1221
Conversation
Not setting this results in false information within the same cycle.
The foreach loop sets the module variable each time. If no valid module is present, the last module will find its way to the redirect. Since it is not a valid module for this user, the "no rights" error will appear.
The class retains values in the test and pollutes one login attempt with previously set credentials. The introduction of the tearDown function allows us to "reset" the class in the case that any one process would log in, out and in again with different users. This probably wont be a common real world scenario.
Prepare for the next test.
The test fails. It seems the getParameter method and the lack of GET parameters could have something to do with it.
Perform both authentication checks in the same fashion to avoid confusion. Include the allowed action in the redirect.
The action can be seperately enabled by the admin (in groups). If this is the first available action for the user, it would break. The added checks let the user edit 'self'.
@@ -427,6 +427,9 @@ public static function loginUser($login, $password) | |||
\SpoonSession::set('backend_logged_in', true); | |||
\SpoonSession::set('backend_secret_key', $session['secret_key']); | |||
|
|||
// Update/instantiate the value for the logged_in container. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we never start comments with capital letters.
$form = $crawler->selectButton('login')->form(); | ||
$this->submitForm($client, $form, array( | ||
'form' => 'authenticationIndex', | ||
'backend_email' => 'users-edit-user@fork-cms.com', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think these credentials are correct. They are not available in the test database. The tests fail with this error: "Your e-mail and password combination is incorrect."
The correct credentials for the user in the testdatabase are user noreply@fork-cms.com with password fork (as tested in the first passing test in this class).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks fixed now 👍
Even if a group has no dashboard rights, consequently no 'value' key in it's setting or no setting at all, the method should return an array.
if (BackendAuthentication::getUser()->isAuthenticated()) { | ||
$this->redirect($this->getParameter('querystring', 'string', BackendModel::createUrlForAction(null, 'Dashboard'))); | ||
if (BackendAuthentication::getUser()->isAuthenticated()) | ||
{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please change this to one line?
if (BackendAuthentication::getUser()->isAuthenticated()) {
resolves #1175