ChangePasswordHandler
class ChangePasswordHandler extends ChangePasswordHandler (View source)
Extends the "MemberAuthenticator version of the ChangePasswordHandler in order to allow MFA to be inserted into the flow when an AutoLoginHash is being used - that is when the user has clicked a reset password link in an email after using the "forgot password" functionality.
When an "auto login" is not being used (a user is already logged in), it is existing functionality to ask a user for their password before allowing a change - so this flow does not require MFA.
Traits
This trait encapsulates logic that can be added to a RequestHandler
to work with logging in using MFA front-end
app. It provides two main methods; createStartVerificationResponse - a response that can be easily consumed by
the MFA app to prompt a login, and completeVerificationRequest - used to verify a request sent by the MFA app
containing the login attempt.
Allows an object to have extensions applied to it.
A class that can be instantiated or replaced via DI
Provides extensions to this object to integrate it with standard config API methods.
Allows an object to declare a set of custom methods
Constants
MFA_VERIFIED_ON_CHANGE_PASSWORD |
Session key used to track whether multi-factor authentication has been verified during a change password
request flow. |
Config options
extensions | array | An array of extension names and parameters to be applied to this object upon construction. |
from Extensible |
unextendable_classes | array | Classes that cannot be extended |
from Extensible |
casting | array | An array of objects to cast certain fields to. This is set up as an array in the format: |
from ViewableData |
default_cast | string | The default object to cast scalar fields to if casting information is not specified, and casting to an object is required. |
from ViewableData |
casting_cache | array | from ViewableData | |
url_segment | string|null | Optional url_segment for this request handler |
from RequestHandler |
url_handlers | |||
allowed_actions | |||
dependencies |
Properties
protected static | array | $extra_methods | Custom method sources |
from CustomMethods |
protected | array | $extra_method_registers | Name of methods to invoke by defineMethods for this instance |
from CustomMethods |
protected static | array | $built_in_methods | Non-custom public methods. |
from CustomMethods |
protected | Extension[] | $extension_instances | from Extensible | |
protected | callable[][] | $beforeExtendCallbacks | List of callbacks to call prior to extensions having extend called on them, each grouped by methodName. |
from Extensible |
protected | callable[][] | $afterExtendCallbacks | List of callbacks to call after extensions having extend called on them, each grouped by methodName. |
from Extensible |
protected | ViewableData | $failover | A failover object to attempt to get data from if it is not present on this object. |
from ViewableData |
protected | ViewableData | $customisedObject | from ViewableData | |
protected | HTTPRequest | $request | from RequestHandler | |
protected | $model | The DataModel for this request |
from RequestHandler | |
protected | bool | $brokenOnConstruct | This variable records whether RequestHandler::construct() was called or not. Useful for checking if subclasses have called parent::construct() |
from RequestHandler |
protected | Authenticator | $authenticator | from ChangePasswordHandler | |
protected | string | $link | Link to this handler |
from ChangePasswordHandler |
protected | StoreInterface | $store | A "session store" object that helps contain MFA specific session detail |
from BaseHandlerTrait |
protected | LoggerInterface | $logger |
Methods
Attempts to locate and call a method dynamically added to a class at runtime if a default cannot be located
Adds any methods from Extension instances attached to this object.
Register an callback to invoke that defines extra methods
Return TRUE if a method exists on this object
Determines if a custom method with this name is defined.
Get meta-data details on a named method
Return the names of all the methods available on this object
Get all public built in methods for this class
Find all methods on the given object.
Add all the methods from an object property.
Add all the methods from an object property (which is an Extension) to this object.
Add a wrapper method - a method which points to another method with a different name. For example, Thumbnail(x) can be wrapped to generateThumbnail(x)
Add callback as a method.
Allows user code to hook into Object::extend prior to control being delegated to extensions. Each callback will be reset once called.
Allows user code to hook into Object::extend after control being delegated to extensions. Each callback will be reset once called.
Adds any methods from Extension instances attached to this object.
Add an extension to a specific class.
No description
Get extra config sources for this class
Return TRUE if a class has a specified extension.
Calls a method if available on both this object and all applied Extensions, and then attempts to merge all results into an array
Run the given function on all of this object's extensions. Note that this method originally returned void, so if you wanted to return results, you're hosed
Get an extension instance attached to this object by name.
Returns TRUE if this object instance has a specific extension applied in $extension_instances. Extension instances are initialized at constructor time, meaning if you use add_extension() afterwards, the added extension will just be added to new instances of the extended class. Use the static method has_extension() to check if a class (not an instance) has a specific extension.
Get all extension instances for this specific object instance.
An implementation of the factory method, allows you to create an instance of a class
Creates a class instance by the "singleton" design pattern.
Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).
Gets the uninherited value for the given config option
Check if a field exists on this object or its failover.
Get the value of a property/field on this object. This will check if a method called get{$property} exists, then check if a field is available using ViewableData::getField(), then fall back on a failover object.
Set a property/field on this object. This will check for the existence of a method called set{$property}, then use the ViewableData::setField() method.
Set a failover object to attempt to get data from if it is not present on this object.
Check if a field exists on this object. This should be overloaded in child classes.
Get the value of a field on this object. This should be overloaded in child classes.
Set a field on this object. This should be overloaded in child classes.
Merge some arbitrary data in with this object. This method returns a ViewableData_Customised instance with references to both this and the new custom data.
Return true if this object "exists" i.e. has a sensible value
Return the "casting helper" (a piece of PHP code that when evaluated creates a casted value object) for a field on this object. This helper will be a subclass of DBField.
Get the class name a field on this object will be casted to.
Return the string-format type for the given field.
Render this object into the template, and get the result as a string. You can pass one of the following as the $template parameter:
- a template name (e.g. Page)
- an array of possible template names - the first valid one will be used
- an SSViewer instance
Generate the cache name for a field
Store a value in the field cache
Get the value of a field on this object, automatically inserting the value into any available casting objects that have been specified.
A simple wrapper around ViewableData::obj() that automatically caches the result so it can be used again without re-running the method.
Checks if a given method/field has a valid value. If the result is an object, this will return the result of the exists method, otherwise will check if the result is not just an empty paragraph tag.
Get the string value of a field on this object that has been suitable escaped to be inserted directly into a template.
Get an array of XML-escaped values by field name
Return a single-item iterator so you can iterate over the fields of a single record.
Find appropriate templates for SSViewer to use to render this object
When rendering some objects it is necessary to iterate over the object being rendered, to do this, you need access to itself.
Get part of the current classes ancestry to be used as a CSS class.
Return debug information about this object that can be rendered into a template
Given a request, and an action name, call that action name on this RequestHandler
Get a array of allowed actions defined on this controller, any parent classes or extensions.
Checks if this request handler has a specific action, even if the current user cannot access it.
Return the class that defines the given action, so that we know where to check allowed_actions.
Check that the given action is allowed to be called from a URL.
Throws a HTTP error response encased in a HTTPResponse_Exception, which is later caught in RequestHandler::handleAction() and returned to the user.
Returns the HTTPRequest object that this controller is using.
Typically the request is set through handleAction() or handleRequest(), but in some based we want to set it manually.
Get the absolute URL for this controller, including protocol and host.
Safely get the value of the BackURL param, if provided via querystring / posted var
Redirect back. Uses either the HTTP-Referer or a manually set request-variable called "BackURL".
Convert an array of data to JSON and wrap it in an HTML tag as pjax is used and jQuery will parse this as an element on the client side in LeftAndMain.js handleAjaxResponse() The attribute type="application/json" denotes this is a data block and won't be processed by a browser https://html.spec.whatwg.org/#the-script-element
Factory method for the lost password form
Something went wrong, go back to the changepassword
Perform the necessary "Requirements" calls to ensure client side scripts are available in the response
Create an HTTPResponse that provides information to the client side React MFA app to prompt the user to login with their configured MFA method
Attempt to verify a login attempt provided by the given request
Indicates the current member has verified with MFA methods enough to be considered "verified"
Respond with the given array as a JSON response
Supply JavaScript application configuration details, required for an MFA check
Initiates the session for the user attempting to log in, in preparation for an MFA check
Checks the MFA JavaScript app input to validate the user attempting to log in
Details
mixed
__call(string $method, array $arguments)
Attempts to locate and call a method dynamically added to a class at runtime if a default cannot be located
You can add extra methods to a class using Extensions}, {@link Object::createMethod() or Object::addWrapperMethod()
protected
defineMethods()
Adds any methods from Extension instances attached to this object.
All these methods can then be called directly on the instance (transparently mapped through __call()}), or called explicitly through {@link extend().
protected
registerExtraMethodCallback(string $name, callable $callback)
Register an callback to invoke that defines extra methods
bool
hasMethod(string $method)
Return TRUE if a method exists on this object
This should be used rather than PHP's inbuild method_exists() as it takes into account methods added via extensions
protected bool
hasCustomMethod($method)
Determines if a custom method with this name is defined.
protected array
getExtraMethodConfig(string $method)
Get meta-data details on a named method
array
allMethodNames(bool $custom = false)
Return the names of all the methods available on this object
static protected array
findBuiltInMethods(string|object $class = null)
Get all public built in methods for this class
protected array
findMethodsFrom(object $object)
Find all methods on the given object.
protected
addMethodsFrom(string $property, string|int $index = null)
Add all the methods from an object property.
protected
removeMethodsFrom(string $property, string|int $index = null)
Add all the methods from an object property (which is an Extension) to this object.
protected
addWrapperMethod(string $method, string $wrap)
Add a wrapper method - a method which points to another method with a different name. For example, Thumbnail(x) can be wrapped to generateThumbnail(x)
protected
addCallbackMethod(string $method, callable $callback)
Add callback as a method.
protected
beforeExtending(string $method, callable $callback)
Allows user code to hook into Object::extend prior to control being delegated to extensions. Each callback will be reset once called.
protected
afterExtending(string $method, callable $callback)
Allows user code to hook into Object::extend after control being delegated to extensions. Each callback will be reset once called.
protected
defineExtensionMethods()
Adds any methods from Extension instances attached to this object.
All these methods can then be called directly on the instance (transparently mapped through __call()}), or called explicitly through {@link extend().
static bool
add_extension(string $classOrExtension, string $extension = null)
Add an extension to a specific class.
The preferred method for adding extensions is through YAML config, since it avoids autoloading the class, and is easier to override in more specific configurations.
As an alternative, extensions can be added to a specific class directly in the Object::$extensions array. See SiteTree::$extensions for examples. Keep in mind that the extension will only be applied to new instances, not existing ones (including all instances created through singleton()).
static
remove_extension(string $extension)
Remove an extension from a class.
Note: This will not remove extensions from parent classes, and must be called directly on the class assigned the extension.
Keep in mind that this won't revert any datamodel additions of the extension at runtime, unless its used before the schema building kicks in (in your _config.php). Doesn't remove the extension from any Object instances which are already created, but will have an effect on new extensions. Clears any previously created singletons through singleton() to avoid side-effects from stale extension information.
static array
get_extensions(string $class = null, bool $includeArgumentString = false)
No description
static array|null
get_extra_config_sources(string $class = null)
Get extra config sources for this class
static bool
has_extension(string $classOrExtension, string $requiredExtension = null, bool $strict = false)
Return TRUE if a class has a specified extension.
This supports backwards-compatible format (static Object::has_extension($requiredExtension)) and new format ($object->has_extension($class, $requiredExtension))
array
invokeWithExtensions(string $method, mixed ...$arguments)
Calls a method if available on both this object and all applied Extensions, and then attempts to merge all results into an array
array
extend(string $method, mixed ...$arguments)
Run the given function on all of this object's extensions. Note that this method originally returned void, so if you wanted to return results, you're hosed
Currently returns an array, with an index resulting every time the function is called. Only adds returns if they're not NULL, to avoid bogus results from methods just defined on the parent extension. This is important for permission-checks through extend, as they use min() to determine if any of the returns is FALSE. As min() doesn't do type checking, an included NULL return would fail the permission checks.
The extension methods are defined during __construct()} in {@link defineMethods().
Extension|null
getExtensionInstance(string $extension)
Get an extension instance attached to this object by name.
bool
hasExtension(string $extension)
Returns TRUE if this object instance has a specific extension applied in $extension_instances. Extension instances are initialized at constructor time, meaning if you use add_extension() afterwards, the added extension will just be added to new instances of the extended class. Use the static method has_extension() to check if a class (not an instance) has a specific extension.
Caution: Don't use singleton(
Extension[]
getExtensionInstances()
Get all extension instances for this specific object instance.
See get_extensions() to get all applied extension classes for this class (not the instance).
This method also provides lazy-population of the extension_instances property.
static Injectable
create(mixed ...$args)
An implementation of the factory method, allows you to create an instance of a class
This method will defer class substitution to the Injector API, which can be customised via the Config API to declare substitution classes.
This can be called in one of two ways - either calling via the class directly, or calling on Object and passing the class name as the first parameter. The following are equivalent: $list = DataList::create(SiteTree::class); $list = SiteTree::get();
static Injectable
singleton(string $class = null)
Creates a class instance by the "singleton" design pattern.
It will always return the same instance for this class, which can be used for performance reasons and as a simple way to access instance methods which don't rely on instance data (e.g. the custom SilverStripe static handling).
static Config_ForClass
config()
Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).
mixed
uninherited(string $name)
Gets the uninherited value for the given config option
__construct(string $link, MemberAuthenticator $authenticator)
No description
bool
__isset(string $property)
Check if a field exists on this object or its failover.
Note that, unlike the core isset() implementation, this will return true if the property is defined and set to null.
mixed
__get(string $property)
Get the value of a property/field on this object. This will check if a method called get{$property} exists, then check if a field is available using ViewableData::getField(), then fall back on a failover object.
__set(string $property, mixed $value)
Set a property/field on this object. This will check for the existence of a method called set{$property}, then use the ViewableData::setField() method.
setFailover(ViewableData $failover)
Set a failover object to attempt to get data from if it is not present on this object.
ViewableData|null
getFailover()
Get the current failover object if set
bool
hasField(string $field)
Check if a field exists on this object. This should be overloaded in child classes.
mixed
getField(string $field)
Get the value of a field on this object. This should be overloaded in child classes.
$this
setField(string $field, mixed $value)
Set a field on this object. This should be overloaded in child classes.
mixed
getDynamicData(string $field)
No description
ViewableData
setDynamicData(string $field, mixed $value)
No description
bool
hasDynamicData(string $field)
No description
ViewableData_Customised
customise(array|ViewableData $data)
Merge some arbitrary data in with this object. This method returns a ViewableData_Customised instance with references to both this and the new custom data.
Note that any fields you specify will take precedence over the fields on this object.
bool
exists()
Return true if this object "exists" i.e. has a sensible value
This method should be overridden in subclasses to provide more context about the classes state. For example, a DataObject class could return false when it is deleted from the database
string
__toString()
No description
ViewableData
getCustomisedObj()
No description
setCustomisedObj(ViewableData $object)
No description
string
castingHelper(string $field)
Return the "casting helper" (a piece of PHP code that when evaluated creates a casted value object) for a field on this object. This helper will be a subclass of DBField.
string
castingClass(string $field)
Get the class name a field on this object will be casted to.
string
escapeTypeForField(string $field)
Return the string-format type for the given field.
DBHTMLText
renderWith(string|array|SSViewer $template, array $customFields = null)
Render this object into the template, and get the result as a string. You can pass one of the following as the $template parameter:
- a template name (e.g. Page)
- an array of possible template names - the first valid one will be used
- an SSViewer instance
protected string
objCacheName(string $fieldName, array $arguments)
Generate the cache name for a field
protected mixed
objCacheGet(string $key)
Get a cached value from the field cache
protected $this
objCacheSet(string $key, mixed $value)
Store a value in the field cache
protected $this
objCacheClear()
Clear object cache
object|DBField
obj(string $fieldName, array $arguments = [], bool $cache = false, string $cacheName = null)
Get the value of a field on this object, automatically inserting the value into any available casting objects that have been specified.
object|DBField
cachedCall(string $fieldName, array $arguments = [], string $identifier = null)
A simple wrapper around ViewableData::obj() that automatically caches the result so it can be used again without re-running the method.
bool
hasValue(string $field, array $arguments = [], bool $cache = true)
Checks if a given method/field has a valid value. If the result is an object, this will return the result of the exists method, otherwise will check if the result is not just an empty paragraph tag.
string
XML_val(string $field, array $arguments = [], bool $cache = false)
Get the string value of a field on this object that has been suitable escaped to be inserted directly into a template.
array
getXMLValues(array $fields)
Get an array of XML-escaped values by field name
Traversable
getIterator()
deprecated
deprecated
Return a single-item iterator so you can iterate over the fields of a single record.
This is useful so you can use a single record inside a <% control %> block in a template - and then use to access individual fields on this object.
array
getViewerTemplates(string $suffix = '')
Find appropriate templates for SSViewer to use to render this object
ViewableData
Me()
When rendering some objects it is necessary to iterate over the object being rendered, to do this, you need access to itself.
string
CSSClasses(string $stopAtClass = ViewableData::class)
Get part of the current classes ancestry to be used as a CSS class.
This method returns an escaped string of CSS classes representing the current classes ancestry until it hits a stop point - e.g. "Page DataObject ViewableData".
ViewableData_Debugger
Debug()
Return debug information about this object that can be rendered into a template
HTTPResponse|RequestHandler|string|array
handleRequest(HTTPRequest $request)
Handles URL requests.
- ViewableData::handleRequest() iterates through each rule in RequestHandler::$url_handlers.
- If the rule matches, the named method will be called.
- If there is still more URL to be processed, then handleRequest() is called on the object that that method returns.
Once all of the URL has been processed, the final result is returned. However, if the final result is an array, this array is interpreted as being additional template data to customise the 2nd to last result with, rather than an object in its own right. This is most frequently used when a Controller's action will return an array of data with which to customise the controller.
protected array
findAction(HTTPRequest $request)
No description
protected string
addBackURLParam(string $link)
No description
protected HTTPResponse
handleAction($request, $action)
Given a request, and an action name, call that action name on this RequestHandler
Must not raise HTTPResponse_Exceptions - instead it should return
array|null
allowedActions(string $limitToClass = null)
Get a array of allowed actions defined on this controller, any parent classes or extensions.
Caution: Since 3.1, allowed_actions definitions only apply to methods on the controller they're defined on, so it is recommended to use the $class argument when invoking this method.
bool
hasAction(string $action)
Checks if this request handler has a specific action, even if the current user cannot access it.
Includes class ancestry and extensions in the checks.
protected string
definingClassForAction(string $actionOrigCasing)
Return the class that defines the given action, so that we know where to check allowed_actions.
bool
checkAccessAction(string $action)
Check that the given action is allowed to be called from a URL.
It will interrogate RequestHandler::$allowed_actions to determine this.
httpError(int $errorCode, string $errorMessage = null)
Throws a HTTP error response encased in a HTTPResponse_Exception, which is later caught in RequestHandler::handleAction() and returned to the user.
HTTPRequest
getRequest()
Returns the HTTPRequest object that this controller is using.
Returns a placeholder NullHTTPRequest object unless handleAction()} or {@link handleRequest() have been called, which adds a reference to an actual HTTPRequest object.
RequestHandler
setRequest(HTTPRequest $request)
Typically the request is set through handleAction() or handleRequest(), but in some based we want to set it manually.
?string
Link(string $action = null)
Return a link to this request handler.
The link returned is supplied in the constructor
?string
AbsoluteLink(string $action = '')
Get the absolute URL for this controller, including protocol and host.
Returns null if no link could be generated.
HTTPResponse
redirect(string $url, int $code = 302)
Redirect to the given URL.
string
getBackURL()
Safely get the value of the BackURL param, if provided via querystring / posted var
string
getReferer()
Get referer
HTTPResponse
redirectBack()
Redirect back. Uses either the HTTP-Referer or a manually set request-variable called "BackURL".
This variable is needed in scenarios where HTTP-Referer is not sent (e.g when calling a page by location.href in IE). If none of the two variables is available, it will redirect to the base URL (see Director::baseURL()).
protected string
prepareDataForPjax(array $data)
Convert an array of data to JSON and wrap it in an HTML tag as pjax is used and jQuery will parse this as an element on the client side in LeftAndMain.js handleAjaxResponse() The attribute type="application/json" denotes this is a data block and won't be processed by a browser https://html.spec.whatwg.org/#the-script-element
array|HTTPResponse
changepassword()
Handle the change password request
protected
setSessionToken(Member $member, string $token)
No description
ChangePasswordForm
changePasswordForm()
Factory method for the lost password form
HTTPResponse
doChangePassword(array $data, ChangePasswordForm $form)
Change the password
HTTPResponse
redirectBackToForm()
Something went wrong, go back to the changepassword
protected bool
checkPassword(Member $member, string $password)
Check if password is ok
protected void
applyRequirements(bool $frontEndRequirements = true)
Perform the necessary "Requirements" calls to ensure client side scripts are available in the response
protected StoreInterface|null
getStore()
No description
BaseHandlerTrait
setStore(StoreInterface $store)
No description
protected StoreInterface
createStore(Member $member)
No description
protected SudoModeServiceInterface
getSudoModeService()
Returns a sudo mode service instance
protected HTTPResponse
createStartVerificationResponse(StoreInterface $store, MethodInterface|null $requestedMethod = null)
Create an HTTPResponse that provides information to the client side React MFA app to prompt the user to login with their configured MFA method
protected Result
completeVerificationRequest(StoreInterface $store, HTTPRequest $request)
Attempt to verify a login attempt provided by the given request
protected bool
isVerificationComplete(StoreInterface $store)
Indicates the current member has verified with MFA methods enough to be considered "verified"
protected HTTPResponse
jsonResponse(array $response, int $code = 200)
Respond with the given array as a JSON response
HTTPResponse
getSchema()
Supply JavaScript application configuration details, required for an MFA check
HTTPResponse|array
mfa()
Render the JavaScript app responsible for initiating an MFA check
HTTPResponse
startMFACheck(HTTPRequest $request)
Initiates the session for the user attempting to log in, in preparation for an MFA check
HTTPResponse
verifyMFACheck(HTTPRequest $request)
Checks the MFA JavaScript app input to validate the user attempting to log in
ChangePasswordHandler
setLogger(LoggerInterface $logger)
No description