FIX #189 - ensure themes are applied for Security::permissionFailure() calls

[dizzystuff]

Description

This PR addresses issue described in #189 where requests rerouted by Security::permissionFailure are not applying this module's theme.

Manual testing steps

See instructions in linked issue

Issues

• Theme/form not applying for Security::permissionFailure() #189

Pull request checklist

• The target branch is correct
  • See picking the right version
• All commits are relevant to the purpose of the PR (e.g. no debug statements, unrelated refactoring, or arbitrary linting)
  • Small amounts of additional linting are usually okay, but if it makes it hard to concentrate on the relevant changes, ask for the unrelated changes to be reverted, and submitted as a separate PR.
• The commit messages follow our commit message guidelines
• The PR follows our contribution guidelines
• Code changes follow our coding conventions
• This change is covered with tests (or tests aren't necessary for this change)
• Any relevant User Help/Developer documentation is updated; for impactful changes, information is added to the changelog for the intended release
• CI is green

[GuySartorelli]

Hi there,

Thanks for taking the time to submit this pull request.

I've added back the "Manual testing steps" and "Issues" section from the template into your pull request description and filled them in for you. Please don't remove parts of the template, they're there for a reason.

Please tick all of the boxes that apply in the checklist, and make any changes necessary to conform with our guidelines. Make sure to click on the links and read the relevant information - for example the commit message doesn't conform with our guidelines (please add the relevant prefix).

[GuySartorelli]

This is almost there - but I think for this we need to add a new extension hook in framework.

The onBeforeSecurityLogin extension hook is called from Security::preLogin() - but that method is called in two places:

1. Security::login() - which performs additional work including delegating to alternative authenticators if preLogin() doesn't return a response.
2. CMSSecurity::preLogin() which should not have the login forms theming.

I think we need to match the pattern that the beforeCallActionHandler and afterCallActionHandler extension hooks follow in Controller::handleAction() - i.e. in Security::login() the following change should be made:

+        $this->extend('beforePreLogin');
+        $preLoginResponse = $this->preLogin();
+        $this->extend('afterPreLogin');
+        if ($preLoginResponse) {
+            return $preLoginResponse;
-        if ($response = $this->preLogin()) {
-            return $response;
         }

Then in this extension implement the following:

    public function beforePreLogin()
    {
        $config = Config::inst();
        SSViewer::set_themes($config->get(EnablerExtension::class, 'login_themes'));
        $this->defaultPageClass = $config->get(Security::class, 'page_class');
        Config::modify()->remove(Security::class, 'page_class');
    }

    public function afterPreLogin()
    {
        Config::inst()->set(Security::class, 'page_class', $this->defaultPageClass);
    }

[GuySartorelli]

@dizzystuff This pull request hasn't had any activity for a while. Are you going to be doing further work on it, or would you prefer to close it now?