BasicAuth
class BasicAuth (View source)
Provides an interface to HTTP basic authentication.
This utility class can be used to secure any request processed by SilverStripe with basic authentication. To do so, BasicAuth::requireLogin() from your Controller's init() method or action handler method.
It also has a function to protect your entire site. See BasicAuth::protect_entire_site() for more information. You can control this setting on controller-level by using Controller->basicAuthEnabled.
CAUTION: Basic Auth is an oudated security measure which passes credentials without encryption over the network. It is considered insecure unless this connection itself is secured (via HTTPS). It also doesn't prevent access to web requests which aren't handled via SilverStripe (e.g. published assets). Consider using additional authentication and authorisation measures to secure access (e.g. IP whitelists).
Traits
Provides extensions to this object to integrate it with standard config API methods.
Constants
USE_BASIC_AUTH |
Env var to set to enable basic auth |
AUTH_PERMISSION |
Default permission code |
Config options
entire_site_protected | bool | ||
ignore_cli | bool | Set to true to ignore in CLI mode |
|
entire_site_protected_code | string|array | ||
entire_site_protected_message | string |
Properties
Methods
Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).
Gets the uninherited value for the given config option
Require basic authentication. Will request a username and password if none is given.
Enable protection of all requests handed by SilverStripe with basic authentication.
Call BasicAuth::requireLogin()} if {@link BasicAuth::protect_entire_site() has been called.
Details
static Config_ForClass
config()
Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).
mixed
uninherited(string $name)
Gets the uninherited value for the given config option
static bool|Member
requireLogin(HTTPRequest $request, string $realm, string|array $permissionCode = null, bool $tryUsingSessionLogin = true)
Require basic authentication. Will request a username and password if none is given.
Used by Controller::init().
static
protect_entire_site(bool $protect = true, string $code = BasicAuth::AUTH_PERMISSION, string $message = null)
Enable protection of all requests handed by SilverStripe with basic authentication.
This log-in uses the Member database for authentication, but doesn't interfere with the regular log-in form. This can be useful for test sites, where you want to hide the site away from prying eyes, but still be able to test the regular log-in features of the site.
You can also enable this feature by adding this line to your .env. Set this to a permission
code you wish to require: SS_USE_BASIC_AUTH=ADMIN
CAUTION: Basic Auth is an oudated security measure which passes credentials without encryption over the network. It is considered insecure unless this connection itself is secured (via HTTPS). It also doesn't prevent access to web requests which aren't handled via SilverStripe (e.g. published assets). Consider using additional authentication and authorisation measures to secure access (e.g. IP whitelists).
static
protect_site_if_necessary(HTTPRequest $request = null)
Call BasicAuth::requireLogin()} if {@link BasicAuth::protect_entire_site() has been called.
This is a helper function used by Controller::init().
If you want to enabled protection (rather than enforcing it), please use protect_entire_site().