1. class
  2. SilverStripe
  3. \
  4. Security
  5. \
  6. PasswordExpirationMiddleware

PasswordExpirationMiddleware

class PasswordExpirationMiddleware implements HTTPMiddleware (View source)

Check if authenticated user has password expired.

Depending on the configuration there are following outcomes:

  • if the current requested URL whitelisted, then allow to process further
  • else if the change password form URL is set, then redirect to it
  • else set current user to null (deauthenticate for the current request) and process further

Traits

Configurable

Provides extensions to this object to integrate it with standard config API methods.

Constants

SESSION_KEY_REDIRECT

Session key for persisting URL of the password change form
SESSION_KEY_ALLOW_CURRENT_REQUEST

Session key for persisting a flag allowing to process the current request without performing password expiration check

Properties

static private string[] $whitelisted_url_startswith

List of URL patterns allowed for users to visit where URL starts with the pattern
static private string $default_redirect

Where users with expired passwords get redirected by default when login form didn't register a custom one with {see SilverStripe\Security\AuthenticationMiddleware::setRedirect}
static private string[] $mimetypes_allowing_redirect

The list of mimetypes allowing a redirect to a change password form.

Methods

static Config_ForClass
config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

from  Configurable
mixed
stat(string $name) deprecated

Get inherited config value

from  Configurable
mixed
uninherited(string $name)

Gets the uninherited value for the given config option

from  Configurable
$this
set_stat(string $name, mixed $value) deprecated

Update the config value for a given property

from  Configurable
HTTPResponse
process(HTTPRequest $request, callable $delegate)

Generate response for the given request

static 
setRedirect(Session $session, string $url)

Preserve the password change URL in the session That URL is to be redirected to to force users change expired passwords

static 
allowCurrentRequest(Session $session)

Allow the current request to be finished without password expiration check

Details

in Configurable at line 20
static Config_ForClass config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

Return Value

Config_ForClass

in Configurable at line 32
mixed stat(string $name) deprecated

deprecated 5.0 Use ->config()->get() instead

Get inherited config value

Parameters

string $name

Return Value

mixed

in Configurable at line 44
mixed uninherited(string $name)

Gets the uninherited value for the given config option

Parameters

string $name

Return Value

mixed

in Configurable at line 57
$this set_stat(string $name, mixed $value) deprecated

deprecated 5.0 Use ->config()->set() instead

Update the config value for a given property

Parameters

string $name
mixed $value

Return Value

$this

at line 74
HTTPResponse process(HTTPRequest $request, callable $delegate)

Generate response for the given request

Parameters

HTTPRequest $request
callable $delegate

Return Value

HTTPResponse

at line 232
static setRedirect(Session $session, string $url)

Preserve the password change URL in the session That URL is to be redirected to to force users change expired passwords

Parameters

Session $session

Session where we persist the redirect URL
string $url

change password form address

at line 243
static allowCurrentRequest(Session $session)

Allow the current request to be finished without password expiration check

Parameters

Session $session

Session where we persist the redirect URL