Merge pull request #353 from creative-commoners/pulls/3.0/subsites-mi…

…n-version FIX Prevent incompatible versions of Subsites from installing alongside MFA 3.0
silverstripe · Sep 11, 2019 · 19bbfef · 19bbfef
2 parents 92db931 + c767721
commit 19bbfef
Show file tree

Hide file tree

Showing 39 changed files with 134 additions and 46 deletions.
diff --git a/composer.json b/composer.json
@@ -39,6 +39,9 @@
         "silverstripe/reports": "^3.7",
         "squizlabs/php_codesniffer": "^3.0"
     },
+    "conflict": {
+        "silverstripe/subsites": "<1.4.2"
+    },
     "suggest": {
         "silverstripe/totp-authenticator": "Adds a method to authenticate with you phone using a time-based one-time password.",
         "silverstripe/webauthn-authenticator": "Adds a method to authenticate with security keys or built-in platform authenticators."

diff --git a/src/Authenticator/LoginForm.php b/src/Authenticator/LoginForm.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Authenticator;
 
@@ -179,7 +181,9 @@ public function startRegistration(): HTTPResponse
         $sessionMember = $store ? $store->getMember() : null;
         $loggedInMember = Member::currentUser();
 
-        if (($loggedInMember === null && $sessionMember === null)
+        if (
+            ($loggedInMember === null
+            && $sessionMember === null)
             || !$this->getSudoModeService()->check($this->controller->getSession())
         ) {
             return $this->jsonResponse(
@@ -242,7 +246,9 @@ public function finishRegistration(): HTTPResponse
         $sessionMember = $store ? $store->getMember() : null;
         $loggedInMember = Member::currentUser();
 
-        if (($loggedInMember === null && $sessionMember === null)
+        if (
+            ($loggedInMember === null
+            && $sessionMember === null)
             || !$this->getSudoModeService()->check($this->controller->getSession() ?: new Session([]))
         ) {
             return $this->jsonResponse(
@@ -275,7 +281,9 @@ public function finishRegistration(): HTTPResponse
         // required to log in though. The "mustLogin" flag is set at the beginning of the MFA process if they have at
         // least one method registered. They should always do that first. In that case we should assert
         // "isLoginComplete"
-        if ((!$mustLogin || $this->isVerificationComplete($store))
+        if (
+            (!$mustLogin
+            || $this->isVerificationComplete($store))
             && $enforcementManager->hasCompletedRegistration($sessionMember)
         ) {
             $this->doPerformLogin($sessionMember);
@@ -323,8 +331,11 @@ public function startVerification(): HTTPResponse
         $request = $this->getRequest();
         $store = $this->getStore();
         // If we don't have a valid member we shouldn't be here, or if sudo mode is not active yet.
-        if (!$store || !$store->getMember() ||
-            !$this->getSudoModeService()->check($this->controller->getSession() ?: new Session([]))) {
+        if (
+            !$store
+            || !$store->getMember()
+            || !$this->getSudoModeService()->check($this->controller->getSession() ?: new Session([]))
+        ) {
             return $this->jsonResponse(['message' => 'Forbidden'], 403);
         }
 
@@ -428,7 +439,8 @@ public function redirectAfterSuccessfulLogin()
         // This is potentially redundant logic as the member should only be logged in if they've fully registered.
         // They're allowed to login if they can skip - so only do assertions if they're not allowed to skip
         // We'll also check that they've registered the required MFA details
-        if (!$enforcementManager->canSkipMFA($member)
+        if (
+            !$enforcementManager->canSkipMFA($member)
             && !$enforcementManager->hasCompletedRegistration($member)
         ) {
             $member->logOut();

diff --git a/src/Authenticator/MemberAuthenticator.php b/src/Authenticator/MemberAuthenticator.php
@@ -1,4 +1,5 @@
 <?php
+
 namespace SilverStripe\MFA\Authenticator;
 
 use Controller;

diff --git a/src/BackupCode/Method.php b/src/BackupCode/Method.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\BackupCode;
 

diff --git a/src/BackupCode/RegisterHandler.php b/src/BackupCode/RegisterHandler.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\BackupCode;
 

diff --git a/src/BackupCode/VerifyHandler.php b/src/BackupCode/VerifyHandler.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\BackupCode;
 

diff --git a/src/Controller/AdminRegistrationController.php b/src/Controller/AdminRegistrationController.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Controller;
 
@@ -185,7 +187,8 @@ public function setDefaultRegisteredMethod(): HTTPResponse
     {
         $request = $this->getRequest();
         // Ensure CSRF and sudo-mode protection
-        if (!SecurityToken::inst()->checkRequest($request)
+        if (
+            !SecurityToken::inst()->checkRequest($request)
             || !$this->getSudoModeService()->check($this->getSession())
         ) {
             return $this->jsonResponse(

diff --git a/src/Exception/InvalidMethodException.php b/src/Exception/InvalidMethodException.php
@@ -1,4 +1,5 @@
 <?php
+
 namespace SilverStripe\MFA\Exception;
 
 use LogicException;

diff --git a/src/Extension/AccountReset/AccountResetHandler.php b/src/Extension/AccountReset/AccountResetHandler.php
@@ -1,6 +1,5 @@
 <?php
 
-
 namespace SilverStripe\MFA\Extension\AccountReset;
 
 use Member;

diff --git a/src/Extension/AccountReset/MFAResetExtension.php b/src/Extension/AccountReset/MFAResetExtension.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Extension\AccountReset;
 

diff --git a/src/Extension/AccountReset/MemberExtension.php b/src/Extension/AccountReset/MemberExtension.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Extension\AccountReset;
 
@@ -45,9 +47,11 @@ public function generateAccountResetTokenAndStoreHash(): string
         do {
             $token = $generator->randomToken();
             $hash = $this->owner->encryptWithUserSettings($token);
-        } while (DataObject::get_one(Member::class, [
+        } while (
+            DataObject::get_one(Member::class, [
             '"Member"."AccountResetHash"' => $hash,
-        ]));
+            ])
+        );
 
         $expiry = DBDatetime::create();
         $expiry->setValue(

diff --git a/src/Extension/AccountReset/SecurityAdminExtension.php b/src/Extension/AccountReset/SecurityAdminExtension.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Extension\AccountReset;
 

diff --git a/src/Extension/AccountReset/SecurityExtension.php b/src/Extension/AccountReset/SecurityExtension.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Extension\AccountReset;
 

diff --git a/src/Extension/ChangePasswordExtension.php b/src/Extension/ChangePasswordExtension.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Extension;
 
@@ -189,7 +191,8 @@ public function handleChangePassword()
         /** @var Member&MemberExtension $member */
         $member = Member::member_from_autologinhash($hash);
 
-        if ($hash
+        if (
+            $hash
             && $member
             && $member->RegisteredMFAMethods()->exists()
             && !$session->get(self::MFA_VERIFIED_ON_CHANGE_PASSWORD)

diff --git a/src/Extension/MemberExtension.php b/src/Extension/MemberExtension.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Extension;
 

diff --git a/src/JSONResponse.php b/src/JSONResponse.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA;
 

diff --git a/src/Method/Handler/RegisterHandlerInterface.php b/src/Method/Handler/RegisterHandlerInterface.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Method\Handler;
 

diff --git a/src/Method/Handler/VerifyHandlerInterface.php b/src/Method/Handler/VerifyHandlerInterface.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Method\Handler;
 

diff --git a/src/Method/MethodInterface.php b/src/Method/MethodInterface.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Method;
 

diff --git a/src/Model/MFARegisteredMethod.php b/src/Model/MFARegisteredMethod.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 use SilverStripe\MFA\Method\Handler\RegisterHandlerInterface;
 use SilverStripe\MFA\Method\Handler\VerifyHandlerInterface;

diff --git a/src/Report/EnabledMembers.php b/src/Report/EnabledMembers.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 use SilverStripe\MFA\Extension\MemberExtension;
 use SilverStripe\MFA\Service\MethodRegistry;

diff --git a/src/Service/BackupCodeGenerator.php b/src/Service/BackupCodeGenerator.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Service;
 

diff --git a/src/Service/BackupCodeGeneratorInterface.php b/src/Service/BackupCodeGeneratorInterface.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Service;
 

diff --git a/src/Service/EncryptionAdapterInterface.php b/src/Service/EncryptionAdapterInterface.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Service;
 

diff --git a/src/Service/EnforcementManager.php b/src/Service/EnforcementManager.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Service;
 
@@ -225,7 +227,8 @@ protected function hasAdminAccess(Member $member): bool
         // Look through all LeftAndMain subclasses to find if one permits the member to view
         $menu = $leftAndMain->MainMenu();
         foreach ($menu as $candidate) {
-            if ($candidate->Link
+            if (
+                $candidate->Link
                 && $candidate->Link !== $leftAndMain->Link()
                 && $candidate->MenuItem->controller
                 && singleton($candidate->MenuItem->controller)->canView($member)

diff --git a/src/Service/MethodRegistry.php b/src/Service/MethodRegistry.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Service;
 

diff --git a/src/Service/Notification.php b/src/Service/Notification.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Service;
 

diff --git a/src/Service/RegisteredMethodManager.php b/src/Service/RegisteredMethodManager.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Service;
 

diff --git a/src/State/AvailableMethodDetails.php b/src/State/AvailableMethodDetails.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\State;
 

diff --git a/src/State/BackupCode.php b/src/State/BackupCode.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\State;
 

diff --git a/src/State/RegisteredMethodDetails.php b/src/State/RegisteredMethodDetails.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\State;
 

diff --git a/src/State/Result.php b/src/State/Result.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\State;
 

diff --git a/src/Store/SessionStore.php b/src/Store/SessionStore.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Store;
 

diff --git a/src/Store/StoreInterface.php b/src/Store/StoreInterface.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Store;
 

diff --git a/tests/Behat/Context/LoginContext.php b/tests/Behat/Context/LoginContext.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Tests\Behat\Context;
 

diff --git a/tests/php/Service/BackupCodeGeneratorTest.php b/tests/php/Service/BackupCodeGeneratorTest.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Service;
 

diff --git a/tests/php/Stub/BasicMath/Method.php b/tests/php/Stub/BasicMath/Method.php
@@ -1,4 +1,5 @@
 <?php
+
 namespace SilverStripe\MFA\Tests\Stub\BasicMath;
 
 use Director;

diff --git a/tests/php/Stub/BasicMath/MethodRegisterHandler.php b/tests/php/Stub/BasicMath/MethodRegisterHandler.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Tests\Stub\BasicMath;