-
-
Notifications
You must be signed in to change notification settings - Fork 325
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: Identify and fix Authentication issue(s). #1221
Changes from all commits
61f41f2
f19d365
0c9f830
410c911
38bd7a4
6e36e44
5092455
7a52608
d41683e
d9194b1
33e711c
4cebc5e
675507b
f14dc1f
76203b5
a382cc0
9ad2415
6a447cb
b919344
3eeab9e
e3eb48c
4be9abd
4fcd432
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -57,6 +57,25 @@ class Edit extends BackendBaseActionEdit | |
public function execute() | ||
{ | ||
$this->id = $this->getParameter('id', 'int'); | ||
$this->error = $this->getParameter('error', 'string'); | ||
$this->loadAuthenticatedUser(); | ||
|
||
// If id and error parameters are not set we'll assume the user logged in | ||
// and has been redirected to this action by the authentication index action. | ||
// When this is the case the user will be redirected to the index action of this module. | ||
// An action to which he may not have any user rights. | ||
// Redirect to the user's own profile instead to avoid unnessary words. | ||
if ( | ||
$this->id === null && | ||
$this->error === null && | ||
$this->authenticatedUser->getUserId() | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @jeroendesloovere that's not really a rule in the coding styles. I like it more with the '&&' statements in the front, because it's easier to see that it's a multiline if statement, but it is not required. |
||
) { | ||
$this->redirect( | ||
BackendModel::createURLForAction( | ||
'Edit' | ||
) . '&id=' . $this->authenticatedUser->getUserId() | ||
); | ||
} | ||
|
||
// does the user exists | ||
if ($this->id !== null && BackendUsersModel::exists($this->id)) { | ||
|
@@ -71,14 +90,22 @@ public function execute() | |
} | ||
} | ||
|
||
/* | ||
* Load the authenticated user in a seperate method | ||
* so we can load it before the form starts loading. | ||
*/ | ||
private function loadAuthenticatedUser() | ||
{ | ||
$this->authenticatedUser = BackendAuthentication::getUser(); | ||
} | ||
|
||
/** | ||
* Load the form | ||
*/ | ||
private function loadForm() | ||
{ | ||
// create user objects | ||
$this->user = new BackendUser($this->id); | ||
$this->authenticatedUser = BackendAuthentication::getUser(); | ||
$this->allowUserRights = ( | ||
(BackendAuthentication::isAllowedAction('Add') || $this->authenticatedUser->getUserId() != $this->id) || | ||
$this->authenticatedUser->isGod() | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think these credentials are correct. They are not available in the test database. The tests fail with this error: "Your e-mail and password combination is incorrect."
The correct credentials for the user in the testdatabase are user noreply@fork-cms.com with password fork (as tested in the first passing test in this class).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks fixed now 👍