PasswordExpirationMiddleware
class PasswordExpirationMiddleware implements HTTPMiddleware (View source)
Check if authenticated user has password expired.
Depending on the configuration there are following outcomes:
- if the current requested URL whitelisted, then allow to process further
- else if the change password form URL is set, then redirect to it
- else set current user to null (deauthenticate for the current request) and process further
Traits
Provides extensions to this object to integrate it with standard config API methods.
Constants
SESSION_KEY_REDIRECT |
Session key for persisting URL of the password change form |
SESSION_KEY_ALLOW_CURRENT_REQUEST |
Session key for persisting a flag allowing to process the current request
without performing password expiration check |
Config options
whitelisted_url_startswith | string[] | List of URL patterns allowed for users to visit where URL starts with the pattern |
|
default_redirect | string | Where users with expired passwords get redirected by default when login form didn't register a custom one with {SilverStripe\Security\AuthenticationMiddleware::setRedirect} |
|
mimetypes_allowing_redirect | string[] | The list of mimetypes allowing a redirect to a change password form. |
Properties
Methods
Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).
Gets the uninherited value for the given config option
Check if the just authenticated member has the password expired.
Check if we have a redirect to a password change form registered and redirect there if possible.
Builds an absolute URL for the given path, adds base url if the path configured as absolute
Preserve the password change URL in the session That URL is to be redirected to to force users change expired passwords
Allow the current request to be finished without password expiration check
Details
static Config_ForClass
config()
Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).
mixed
uninherited(string $name)
Gets the uninherited value for the given config option
HTTPResponse
process(HTTPRequest $request, callable $delegate)
Generate response for the given request
protected HTTPResponse|null
checkForExpiredPassword(HTTPRequest $request)
Check if the just authenticated member has the password expired.
Returns a response if the current request should not be processed as usual.
protected HTTPResponse|null
handleExpiredPassword(HTTPRequest $request)
Check if we have a redirect to a password change form registered and redirect there if possible.
Otherwise, deauthenticate the user by resetting it for this request, since we should treat ones with expired passwords as unauthorised.
static protected string
absoluteUrl(string $url)
Builds an absolute URL for the given path, adds base url if the path configured as absolute
static
setRedirect(Session $session, string $url)
Preserve the password change URL in the session That URL is to be redirected to to force users change expired passwords
static
allowCurrentRequest(Session $session)
Allow the current request to be finished without password expiration check