class BasicAuth (View source)

Provides an interface to HTTP basic authentication.

This utility class can be used to secure any request processed by SilverStripe with basic authentication. To do so, {@link BasicAuth::requireLogin()} from your Controller's init() method or action handler method.

It also has a function to protect your entire site. See {@link BasicAuth::protect_entire_site()} for more information. You can control this setting on controller-level by using {@link Controller->basicAuthEnabled}.

CAUTION: Basic Auth is an oudated security measure which passes credentials without encryption over the network. It is considered insecure unless this connection itself is secured (via HTTPS). It also doesn't prevent access to web requests which aren't handled via SilverStripe (e.g. published assets). Consider using additional authentication and authorisation measures to secure access (e.g. IP whitelists).

Traits

Provides extensions to this object to integrate it with standard config API methods.

Constants

USE_BASIC_AUTH

Env var to set to enable basic auth

AUTH_PERMISSION

Default permission code

Properties

static private bool $entire_site_protected
static private string|array $entire_site_protected_code
static private string $entire_site_protected_message

Methods

static Config_ForClass
config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

mixed
stat(string $name) deprecated

Get inherited config value

mixed
uninherited(string $name)

Gets the uninherited value for the given config option

$this
set_stat(string $name, mixed $value) deprecated

Update the config value for a given property

static bool|Member
requireLogin(HTTPRequest $request, string $realm, string|array $permissionCode = null, bool $tryUsingSessionLogin = true)

Require basic authentication. Will request a username and password if none is given.

static 
protect_entire_site(bool $protect = true, string $code = self::AUTH_PERMISSION, string $message = null)

Enable protection of all requests handed by SilverStripe with basic authentication.

static 
protect_site_if_necessary(HTTPRequest $request = null)

Call {@link BasicAuth::requireLogin()} if {@link BasicAuth::protect_entire_site()} has been called.

Details

static Config_ForClass config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

Return Value

Config_ForClass

mixed stat(string $name) deprecated

deprecated 5.0 Use ->config()->get() instead

Get inherited config value

Parameters

string $name

Return Value

mixed

mixed uninherited(string $name)

Gets the uninherited value for the given config option

Parameters

string $name

Return Value

mixed

$this set_stat(string $name, mixed $value) deprecated

deprecated 5.0 Use ->config()->set() instead

Update the config value for a given property

Parameters

string $name
mixed $value

Return Value

$this

static bool|Member requireLogin(HTTPRequest $request, string $realm, string|array $permissionCode = null, bool $tryUsingSessionLogin = true)

Require basic authentication. Will request a username and password if none is given.

Used by {@link Controller::init()}.

Parameters

HTTPRequest $request
string $realm
string|array $permissionCode

Optional

bool $tryUsingSessionLogin

If true, then the method with authenticate against the session log-in if those credentials are disabled.

Return Value

bool|Member

Exceptions

HTTPResponse_Exception

static protect_entire_site(bool $protect = true, string $code = self::AUTH_PERMISSION, string $message = null)

Enable protection of all requests handed by SilverStripe with basic authentication.

This log-in uses the Member database for authentication, but doesn't interfere with the regular log-in form. This can be useful for test sites, where you want to hide the site away from prying eyes, but still be able to test the regular log-in features of the site.

You can also enable this feature by adding this line to your .env. Set this to a permission code you wish to require: SS_USE_BASIC_AUTH=ADMIN

CAUTION: Basic Auth is an oudated security measure which passes credentials without encryption over the network. It is considered insecure unless this connection itself is secured (via HTTPS). It also doesn't prevent access to web requests which aren't handled via SilverStripe (e.g. published assets). Consider using additional authentication and authorisation measures to secure access (e.g. IP whitelists).

Parameters

bool $protect

Set this to false to disable protection.

string $code

{@link Permission} code that is required from the user. Defaults to "ADMIN". Set to NULL to just require a valid login, regardless of the permission codes a user has.

string $message

static protect_site_if_necessary(HTTPRequest $request = null)

Call {@link BasicAuth::requireLogin()} if {@link BasicAuth::protect_entire_site()} has been called.

This is a helper function used by {@link Controller::init()}.

If you want to enabled protection (rather than enforcing it), please use {@link protect_entire_site()}.

Parameters

HTTPRequest $request

Exceptions

HTTPResponse_Exception