RFC: Identify and fix Authentication issue(s). #1221
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 10 commits
May 21, 2015 13:44
Not setting this results in false information within the same cycle.
The foreach loop sets the module variable each time. If no valid module is present, the last module will find its way to the redirect. Since it is not a valid module for this user, the "no rights" error will appear.
The class retains values in the test and pollutes one login attempt with previously set credentials. The introduction of the tearDown function allows us to "reset" the class in the case that any one process would log in, out and in again with different users. This probably wont be a common real world scenario.
Prepare for the next test.
The test fails. It seems the getParameter method and the lack of GET parameters could have something to do with it.
Perform both authentication checks in the same fashion to avoid confusion. Include the allowed action in the redirect.
The action can be seperately enabled by the admin (in groups). If this is the first available action for the user, it would break. The added checks let the user edit 'self'.
| @@ -427,6 +427,9 @@ public static function loginUser($login, $password) | |||
| \SpoonSession::set('backend_logged_in', true); | |||
| \SpoonSession::set('backend_secret_key', $session['secret_key']); | |||
|
|
|||
| // Update/instantiate the value for the logged_in container. | |||
There was a problem hiding this comment.
we never start comments with capital letters.
| $form = $crawler->selectButton('login')->form(); | ||
| $this->submitForm($client, $form, array( | ||
| 'form' => 'authenticationIndex', | ||
| 'backend_email' => 'users-edit-user@fork-cms.com', |
There was a problem hiding this comment.
I don't think these credentials are correct. They are not available in the test database. The tests fail with this error: "Your e-mail and password combination is incorrect."
The correct credentials for the user in the testdatabase are user noreply@fork-cms.com with password fork (as tested in the first passing test in this class).
added 8 commits
June 2, 2015 20:44
Even if a group has no dashboard rights, consequently no 'value' key in it's setting or no setting at all, the method should return an array.
| if (BackendAuthentication::getUser()->isAuthenticated()) { | ||
| $this->redirect($this->getParameter('querystring', 'string', BackendModel::createUrlForAction(null, 'Dashboard'))); | ||
| if (BackendAuthentication::getUser()->isAuthenticated()) | ||
| { |
There was a problem hiding this comment.
Can you please change this to one line?
if (BackendAuthentication::getUser()->isAuthenticated()) {
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
resolves #1175