DEP Add session manager

[emteknetnz]

Issue #47

[maxime-rainville]

Can you update the readme and phpunit.xml.dist?

[maxime-rainville]

The build is still failing and it doesn't look like a pre-existing failure 😢

https://app.travis-ci.com/github/silverstripe/recipe-cms/branches

[emteknetnz]

So the issue here is that unit/functional tests that use Security::setCurrentUser(); doesn't quite work due to LoginSession's not being created, as this relies on SilverStripe\SessionManager\Security\LogInAuthenticationHandler::logIn() being called

This following POC code will get CMSProfileControllerTest::testMemberEditsOwnProfile (a random failing functional test) to pass

This code isn't great :-/ The bit with AssetControlExtension (which is on DataObject) is particularly bad due to it failing because (I think) of Member:actAs()

config.yml (session-manager)

---
Name: session-manager-security
After: '#coresecurity'
---
SilverStripe\Security\Security:
  extensions:
    - 'SilverStripe\SessionManager\Extensions\SecurityExtension'

Security.php (framework)

    public static function setCurrentUser($currentUser = null)
    {
        self::$currentUser = $currentUser;
        static::singleton()->extend('updateSetCurrentUser', self::$currentUser);

SecurityExtension.php (session-manager)

class SecurityExtension extends Extension
{
    public function updateSetCurrentUser(?Member $member)
    {
        if (is_null($member)) {
            $handler = Injector::inst()->get(LogOutAuthenticationHandler::class);
            $handler->logOut();
            return;
        }
        $handler = Injector::inst()->get(LogInAuthenticationHandler::class);
        $handler->logIn($member);
    }
}

AssetControlExtension.php (assets)

    public function onBeforeWrite()
    {
        if ($this->owner instanceof LoginSession) {
            return; // prevent infinite recursion due to the Member::actAs() being called
        }

[maxime-rainville]

If setting Security::setCurrentUser() blows stuff up then that's a major bug. This method can potentially be used for a lot of other things aside from unit tests ... so it's not enough just to patch the affected tests.

[emteknetnz]

I've added a bunch of PR's on the parent issue so that Login sessions are now created/destroyed when calling Security::setCurrentUser()

[emteknetnz]

Update: much better solution, change failing unit tests from using $this->session()->set('loggedInAs', $member->ID); to $this->logInAs($member); which means that LoginSession authenticator LogIn() method is called

[maxime-rainville]

Looks good