SilverStripe\Security

Provides an interface to HTTP basic authentication.

Provides a security interface functionality within the cms

Provides access to the default admin

A security group.

Calculates batch permissions for nested objects for:

• canView: Supports 'Anyone' type
• canEdit
• canDelete: Includes special logic for ensuring parent objects can only be deleted if their children can be deleted also.

Provides standard permission fields for inheritable permissions

Record all login attempts through the LoginForm object.

Abstract base class for a login form

Log out form to display to users who arrive at 'Security/logout' without a CSRF token. It's preferable to link to Security::logout_url() directly - we only use a form so that we can preserve the "BackURL" if set

The member class which represents the users of the system

Imports member records, and checks/updates duplicates based on their 'Email' property.

Keep track of users' previous passwords, so that we can check that new passwords aren't changed back to old ones.

Represents a set of Groups attached to a member.

Member Validator

Specialized subclass for disabled security tokens - always returns TRUE for token checks. Use through SecurityToken::disable().

Allows pluggable password encryption.

Provides Password-Based Key Derivation Function hashing for passwords, using the provided algorithm (default is SHA512), which is NZISM compliant under version 3.2 section 17.2.

Blowfish encryption - this is the default from SilverStripe 3.

Encryption using built-in hash types in PHP.

Check if authenticated user has password expired.

Represents a permission assigned to a group.

Shows a categorized list of available permissions (through Permission::get_codes()).

Readonly version of a PermissionCheckboxSetField - uses the same structure, but has all checkboxes disabled.

A PermissionRole represents a collection of permission codes that can be applied to groups.

A PermissionRoleCode represents a single permission code assigned to a PermissionRole.

Permission_Group class

Convenience class for generating cryptographically secure pseudo-random strings/tokens

Persists a token associated with a device for users who opted for the "Remember Me" feature when logging in.

Core authentication handler / store

Implements a basic security model

Cross Site Request Forgery (CSRF) protection for the Form class and other GET links.

An AuthenticationHandler is responsible for providing an identity (in the form of a Member object) for a given HTTPRequest.

Abstract base class for an authentication method

Allows objects to enforce permissions for the "root" level, where permissions can not be tied to a particular database record.

Represents an authentication handler that can have identities logged into & out of it.

Model with permissions that can be checked using PermissionChecker

Calculates edit / view / delete permissions for one or more objects

Used to let classes provide new permission codes.

Throw this exception to register that a user doesn't have permission to do the given action and potentially redirect them to the log-in page. The exception message may be presented to the user, so it shouldn't be in nerd-speak.