1. class
  2. SilverStripe
  3. \
  4. Security
  5. \
  6. PasswordExpirationMiddleware

PasswordExpirationMiddleware

class PasswordExpirationMiddleware implements HTTPMiddleware

Check if authenticated user has password expired.

Depending on the configuration there are following outcomes: - if the current requested URL whitelisted, then allow to process further - else if the change password form URL is set, then redirect to it - else set current user to null (deauthenticate for the current request) and process further

Traits

Configurable
Provides extensions to this object to integrate it with standard config API methods.

Constants

SESSION_KEY_REDIRECT

Session key for persisting URL of the password change form
SESSION_KEY_ALLOW_CURRENT_REQUEST

Session key for persisting a flag allowing to process the current request without performing password expiration check

Config options

whitelisted_url_startswith string[] List of URL patterns allowed for users to visit where URL starts with the pattern
default_redirect string Where users with expired passwords get redirected by default when login form didn't register a custom one with {see SilverStripe\Security\AuthenticationMiddleware::setRedirect}
mimetypes_allowing_redirect string[] The list of mimetypes allowing a redirect to a change password form.

Methods

static Config_ForClass
config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .

from Configurable
mixed
stat(string $name) deprecated

Get inherited config value

from Configurable
mixed
uninherited(string $name)

Gets the uninherited value for the given config option

from Configurable
$this
set_stat(string $name, mixed $value) deprecated

Update the config value for a given property

from Configurable
HTTPResponse
process(HTTPRequest $request, callable $delegate)

Generate response for the given request

static 
setRedirect(Session $session, string $url)

Preserve the password change URL in the session That URL is to be redirected to to force users change expired passwords

static 
allowCurrentRequest(Session $session)

Allow the current request to be finished without password expiration check

Details

in Configurable at line 20
static Config_ForClass config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .

....).

Return Value

Config_ForClass

in Configurable at line 32
mixed stat(string $name) deprecated

deprecated 5.0 Use ->config()->get() instead

Get inherited config value

Parameters

string $name

Return Value

mixed

in Configurable at line 44
mixed uninherited(string $name)

Gets the uninherited value for the given config option

Parameters

string $name

Return Value

mixed

in Configurable at line 57
$this set_stat(string $name, mixed $value) deprecated

deprecated 5.0 Use ->config()->set() instead

Update the config value for a given property

Parameters

string $name
mixed $value

Return Value

$this

at line 74
HTTPResponse process(HTTPRequest $request, callable $delegate)

Generate response for the given request

Parameters

HTTPRequest $request
callable $delegate

Return Value

HTTPResponse

at line 232
static setRedirect(Session $session, string $url)

Preserve the password change URL in the session That URL is to be redirected to to force users change expired passwords

Parameters

Session $session Session where we persist the redirect URL
string $url change password form address

at line 243
static allowCurrentRequest(Session $session)

Allow the current request to be finished without password expiration check

Parameters

Session $session