Skip to content

Commit

Permalink
If a user has already registered for MFA, enforce use of it even if t…
Browse files Browse the repository at this point in the history
…hey are not in an MFA group

Minor PR changes

Update src/Extension/SiteConfigExtension.php

Co-authored-by: Guy Marriott <[email protected]>
  • Loading branch information
2 people authored and GuySartorelli committed Oct 1, 2023
1 parent f63a652 commit 16c06b1
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 14 deletions.
19 changes: 8 additions & 11 deletions src/Extension/SiteConfigExtension.php
Original file line number Diff line number Diff line change
Expand Up @@ -69,16 +69,12 @@ public function updateCMSFields(FieldList $fields)
));
$mfaGraceEnd->addExtraClass('mfa-settings__grace-period');

$mapFn = function ($groups = []) {
$map = [];
foreach ($groups as $group) {
// Listboxfield values are escaped, use ASCII char instead of &raquo;
$map[$group->ID] = $group->getBreadcrumbs(' > ');
}
asort($map);
return $map;
};
$groupsMap = $mapFn(Group::get());
$groupsMap = [];
foreach (Group::get() as $group) {
// Listboxfield values are escaped, use ASCII char instead of &raquo;
$groupsMap[$group->ID] = $group->getBreadcrumbs(' > ');
}
asort($groupsMap);

$mfaGroupRestrict = ListboxField::create(
"MFAGroupRestrictions",
Expand All @@ -88,7 +84,8 @@ public function updateCMSFields(FieldList $fields)
->setAttribute(
'data-placeholder',
_t(__CLASS__ . '.MFA_GROUP_RESTRICTIONS_PLACEHOLDER', 'Click to select group')
)->setDescription(_t(
)
->setDescription(_t(
__CLASS__ . '.MFA_GROUP_RESTRICTIONS_DESCRIPTION',
'MFA will only be enabled for members of these selected groups. ' .
'If no groups are selected, MFA will be enabled for all users'
Expand Down
4 changes: 2 additions & 2 deletions src/Service/EnforcementManager.php
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ public function shouldRedirectToMFA(Member $member): bool
return false;
}

if (!$this->isUserInMFAEnabledGroup($member)) {
if (!$this->isUserInMFAEnabledGroup($member) && !$this->hasCompletedRegistration($member)) {
return false;
}

Expand Down Expand Up @@ -271,7 +271,7 @@ protected function isEnabled(): bool
return true;
}

protected function isUserInMFAEnabledGroup(Member $member)
protected function isUserInMFAEnabledGroup(Member $member): bool
{
/** @var SiteConfig&SiteConfigExtension $siteConfig */
$siteConfig = SiteConfig::current_site_config();
Expand Down
2 changes: 1 addition & 1 deletion tests/Behat/features/mfa-enabled.feature
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,4 @@ Feature: MFA is enabled for the site
Then I should see "Multi-factor authentication (MFA)"
When I select "MFA is required for everyone" from the MFA settings
And I press "Save"
Then I should see "Saved"
Then I should see a "Saved" success toast

0 comments on commit 16c06b1

Please sign in to comment.