class BasicAuth (View source)

Provides an interface to HTTP basic authentication.

This utility class can be used to secure any request processed by SilverStripe with basic authentication. To do so, BasicAuth::requireLogin() from your Controller's init() method or action handler method.

It also has a function to protect your entire site. See BasicAuth::protect_entire_site() for more information. You can control this setting on controller-level by using Controller->basicAuthEnabled.

CAUTION: Basic Auth is an oudated security measure which passes credentials without encryption over the network. It is considered insecure unless this connection itself is secured (via HTTPS). It also doesn't prevent access to web requests which aren't handled via SilverStripe (e.g. published assets). Consider using additional authentication and authorisation measures to secure access (e.g. IP whitelists).

Traits

Provides extensions to this object to integrate it with standard config API methods.

Constants

USE_BASIC_AUTH

Env var to set to enable basic auth

AUTH_PERMISSION

Default permission code

Config options

entire_site_protected bool
ignore_cli bool

Set to true to ignore in CLI mode

entire_site_protected_code string|array
entire_site_protected_message string

Properties

Methods

public static 
config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

public
mixed
uninherited(string $name)

Gets the uninherited value for the given config option

public static 
bool|Member
requireLogin(HTTPRequest $request, string $realm, string|array $permissionCode = null, bool $tryUsingSessionLogin = true)

Require basic authentication. Will request a username and password if none is given.

public static 
protect_entire_site(bool $protect = true, string $code = BasicAuth::AUTH_PERMISSION, string $message = null)

Enable protection of all requests handed by SilverStripe with basic authentication.

public static 
protect_site_if_necessary(HTTPRequest $request = null)

Call BasicAuth::requireLogin()} if {@link BasicAuth::protect_entire_site() has been called.

Details

static Config_ForClass config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

Return Value

Config_ForClass

mixed uninherited(string $name)

Gets the uninherited value for the given config option

Parameters

string $name

Return Value

mixed

static bool|Member requireLogin(HTTPRequest $request, string $realm, string|array $permissionCode = null, bool $tryUsingSessionLogin = true)

Require basic authentication. Will request a username and password if none is given.

Used by Controller::init().

Parameters

HTTPRequest $request
string $realm
string|array $permissionCode Optional
bool $tryUsingSessionLogin

If true, then the method with authenticate against the session log-in if those credentials are disabled.

Return Value

bool|Member

Exceptions

HTTPResponse_Exception

static protect_entire_site(bool $protect = true, string $code = BasicAuth::AUTH_PERMISSION, string $message = null)

Enable protection of all requests handed by SilverStripe with basic authentication.

This log-in uses the Member database for authentication, but doesn't interfere with the regular log-in form. This can be useful for test sites, where you want to hide the site away from prying eyes, but still be able to test the regular log-in features of the site.

You can also enable this feature by adding this line to your .env. Set this to a permission code you wish to require: SS_USE_BASIC_AUTH=ADMIN

CAUTION: Basic Auth is an oudated security measure which passes credentials without encryption over the network. It is considered insecure unless this connection itself is secured (via HTTPS). It also doesn't prevent access to web requests which aren't handled via SilverStripe (e.g. published assets). Consider using additional authentication and authorisation measures to secure access (e.g. IP whitelists).

Parameters

bool $protect

Set this to false to disable protection.

string $code

Permission code that is required from the user. Defaults to "ADMIN". Set to NULL to just require a valid login, regardless of the permission codes a user has.

string $message

static protect_site_if_necessary(HTTPRequest $request = null)

Call BasicAuth::requireLogin()} if {@link BasicAuth::protect_entire_site() has been called.

This is a helper function used by Controller::init().

If you want to enabled protection (rather than enforcing it), please use protect_entire_site().

Parameters

HTTPRequest $request

Exceptions

HTTPResponse_Exception