BasicAuth
class BasicAuth
Provides an interface to HTTP basic authentication.
This utility class can be used to secure any request processed by SilverStripe with basic authentication. To do so, {@link BasicAuth::requireLogin()} from your Controller's init() method or action handler method.
It also has a function to protect your entire site. See {@link BasicAuth::protect_entire_site()} for more information. You can control this setting on controller-level by using {@link Controller->basicAuthEnabled}.
CAUTION: Basic Auth is an oudated security measure which passes credentials without encryption over the network. It is considered insecure unless this connection itself is secured (via HTTPS). It also doesn't prevent access to web requests which aren't handled via SilverStripe (e.g. published assets). Consider using additional authentication and authorisation measures to secure access (e.g. IP whitelists).
Traits
Constants
| USE_BASIC_AUTH |
Env var to set to enable basic auth |
| AUTH_PERMISSION |
Default permission code |
Config options
| entire_site_protected | Boolean | ||
| entire_site_protected_code | String|array | ||
| entire_site_protected_message | String |
Methods
Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .
Gets the uninherited value for the given config option
Require basic authentication. Will request a username and password if none is given.
Enable protection of all requests handed by SilverStripe with basic authentication.
Call {@link BasicAuth::requireLogin()} if {@link BasicAuth::protect_entire_site()} has been called.
Details
in Configurable at line 20
static Config_ForClass
config()
Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .
....).
in Configurable at line 32
mixed
stat(string $name)
deprecated
deprecated 5.0 Use ->config()->get() instead
Get inherited config value
in Configurable at line 44
mixed
uninherited(string $name)
Gets the uninherited value for the given config option
in Configurable at line 57
$this
set_stat(string $name, mixed $value)
deprecated
deprecated 5.0 Use ->config()->set() instead
Update the config value for a given property
at line 85
static bool|Member
requireLogin(HTTPRequest $request, string $realm, string|array $permissionCode = null, boolean $tryUsingSessionLogin = true)
Require basic authentication. Will request a username and password if none is given.
Used by {@link Controller::init()}.
at line 191
static
protect_entire_site(boolean $protect = true, string $code = self::AUTH_PERMISSION, string $message = null)
Enable protection of all requests handed by SilverStripe with basic authentication.
This log-in uses the Member database for authentication, but doesn't interfere with the regular log-in form. This can be useful for test sites, where you want to hide the site away from prying eyes, but still be able to test the regular log-in features of the site.
You can also enable this feature by adding this line to your .env. Set this to a permission
code you wish to require: SS_USE_BASIC_AUTH=ADMIN
CAUTION: Basic Auth is an oudated security measure which passes credentials without encryption over the network. It is considered insecure unless this connection itself is secured (via HTTPS). It also doesn't prevent access to web requests which aren't handled via SilverStripe (e.g. published assets). Consider using additional authentication and authorisation measures to secure access (e.g. IP whitelists).
at line 211
static
protect_site_if_necessary(HTTPRequest $request = null)
Call {@link BasicAuth::requireLogin()} if {@link BasicAuth::protect_entire_site()} has been called.
This is a helper function used by {@link Controller::init()}.
If you want to enabled protection (rather than enforcing it), please use {@link protect_entire_site()}.