Skip to content

Commit

Permalink
If a user has already registered for MFA, enforce use of it even if t…
Browse files Browse the repository at this point in the history
…hey are not in an MFA group

Minor PR changes

Update src/Extension/SiteConfigExtension.php

Co-authored-by: Guy Marriott <guy.the.person@gmail.com>
  • Loading branch information
scott-nz and ScopeyNZ committed Nov 4, 2020
1 parent 60d0a54 commit 0f64f6c
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 14 deletions.
19 changes: 8 additions & 11 deletions src/Extension/SiteConfigExtension.php
Original file line number Diff line number Diff line change
Expand Up @@ -69,16 +69,12 @@ public function updateCMSFields(FieldList $fields)
));
$mfaGraceEnd->addExtraClass('mfa-settings__grace-period');

$mapFn = function ($groups = []) {
$map = [];
foreach ($groups as $group) {
// Listboxfield values are escaped, use ASCII char instead of &raquo;
$map[$group->ID] = $group->getBreadcrumbs(' > ');
}
asort($map);
return $map;
};
$groupsMap = $mapFn(Group::get());
$groupsMap = [];
foreach (Group::get() as $group) {

Check warning on line 73 in src/Extension/SiteConfigExtension.php

View check run for this annotation

Codecov / codecov/patch

src/Extension/SiteConfigExtension.php#L72-L73

Added lines #L72 - L73 were not covered by tests
// Listboxfield values are escaped, use ASCII char instead of &raquo;
$groupsMap[$group->ID] = $group->getBreadcrumbs(' > ');

Check warning on line 75 in src/Extension/SiteConfigExtension.php

View check run for this annotation

Codecov / codecov/patch

src/Extension/SiteConfigExtension.php#L75

Added line #L75 was not covered by tests
}
asort($groupsMap);

Check warning on line 77 in src/Extension/SiteConfigExtension.php

View check run for this annotation

Codecov / codecov/patch

src/Extension/SiteConfigExtension.php#L77

Added line #L77 was not covered by tests

$mfaGroupRestrict = ListboxField::create(
"MFAGroupRestrictions",
Expand All @@ -88,7 +84,8 @@ public function updateCMSFields(FieldList $fields)
->setAttribute(
'data-placeholder',
_t(__CLASS__ . '.MFA_GROUP_RESTRICTIONS_PLACEHOLDER', 'Click to select group')

Check warning on line 86 in src/Extension/SiteConfigExtension.php

View check run for this annotation

Codecov / codecov/patch

src/Extension/SiteConfigExtension.php#L83-L86

Added lines #L83 - L86 were not covered by tests
)->setDescription(_t(
)
->setDescription(_t(
__CLASS__ . '.MFA_GROUP_RESTRICTIONS_DESCRIPTION',

Check warning on line 89 in src/Extension/SiteConfigExtension.php

View check run for this annotation

Codecov / codecov/patch

src/Extension/SiteConfigExtension.php#L88-L89

Added lines #L88 - L89 were not covered by tests
'MFA will only be enabled for members of these selected groups. ' .
'If no groups are selected, MFA will be enabled for all users'

Check warning on line 91 in src/Extension/SiteConfigExtension.php

View check run for this annotation

Codecov / codecov/patch

src/Extension/SiteConfigExtension.php#L91

Added line #L91 was not covered by tests
Expand Down
4 changes: 2 additions & 2 deletions src/Service/EnforcementManager.php
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ public function shouldRedirectToMFA(Member $member): bool
return false;
}

if (!$this->isUserInMFAEnabledGroup($member)) {
if (!$this->isUserInMFAEnabledGroup($member) && !$this->hasCompletedRegistration($member)) {
return false;
}

Expand Down Expand Up @@ -271,7 +271,7 @@ protected function isEnabled(): bool
return true;
}

protected function isUserInMFAEnabledGroup(Member $member)
protected function isUserInMFAEnabledGroup(Member $member): bool
{
/** @var SiteConfig&SiteConfigExtension $siteConfig */
$siteConfig = SiteConfig::current_site_config();
Expand Down
2 changes: 1 addition & 1 deletion tests/Behat/features/mfa-enabled.feature
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,4 @@ Feature: MFA is enabled for the site
Then I should see "Multi-factor authentication (MFA)"
When I select "MFA is required for everyone" from the MFA settings
And I press "Save"
Then I should see "Saved"
Then I should see a "Saved" success toast

0 comments on commit 0f64f6c

Please sign in to comment.