From 48a4dfa74e51a0f2481940e44f6e9ddd61c40bbf Mon Sep 17 00:00:00 2001
From: Garion Herman <garion@silverstripe.com>
Date: Tue, 10 Sep 2019 11:23:06 +1200
Subject: [PATCH 1/2] FIX Prevent incompatible versions of Subsites from
 installing alongside MFA

---
 composer.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/composer.json b/composer.json
index 89f348e7..7858f78c 100644
--- a/composer.json
+++ b/composer.json
@@ -39,6 +39,9 @@
         "silverstripe/reports": "^3.7",
         "squizlabs/php_codesniffer": "^3.0"
     },
+    "conflict": {
+        "silverstripe/subsites": "<1.4.2"
+    },
     "suggest": {
         "silverstripe/totp-authenticator": "Adds a method to authenticate with you phone using a time-based one-time password.",
         "silverstripe/webauthn-authenticator": "Adds a method to authenticate with security keys or built-in platform authenticators."

From c7677217b47273e1d3c2ee54a90e7347e98e971a Mon Sep 17 00:00:00 2001
From: Garion Herman <garion@silverstripe.com>
Date: Thu, 12 Sep 2019 10:44:58 +1200
Subject: [PATCH 2/2] FIX Resolve new PSR-12 linting violations

---
 src/Authenticator/LoginForm.php               | 26 ++++++++++++++-----
 src/Authenticator/MemberAuthenticator.php     |  1 +
 src/BackupCode/Method.php                     |  4 ++-
 src/BackupCode/RegisterHandler.php            |  4 ++-
 src/BackupCode/VerifyHandler.php              |  4 ++-
 .../AdminRegistrationController.php           |  7 +++--
 src/Exception/InvalidMethodException.php      |  1 +
 .../AccountReset/AccountResetHandler.php      |  1 -
 .../AccountReset/MFAResetExtension.php        |  4 ++-
 .../AccountReset/MemberExtension.php          | 10 ++++---
 .../AccountReset/SecurityAdminExtension.php   |  4 ++-
 .../AccountReset/SecurityExtension.php        |  4 ++-
 src/Extension/ChangePasswordExtension.php     |  7 +++--
 src/Extension/MemberExtension.php             |  4 ++-
 src/JSONResponse.php                          |  4 ++-
 .../Handler/RegisterHandlerInterface.php      |  4 ++-
 src/Method/Handler/VerifyHandlerInterface.php |  4 ++-
 src/Method/MethodInterface.php                |  4 ++-
 src/Model/MFARegisteredMethod.php             |  4 ++-
 src/Report/EnabledMembers.php                 |  4 ++-
 src/Service/BackupCodeGenerator.php           |  4 ++-
 src/Service/BackupCodeGeneratorInterface.php  |  4 ++-
 src/Service/EncryptionAdapterInterface.php    |  4 ++-
 src/Service/EnforcementManager.php            |  7 +++--
 src/Service/MethodRegistry.php                |  4 ++-
 src/Service/Notification.php                  |  4 ++-
 src/Service/RegisteredMethodManager.php       |  4 ++-
 src/State/AvailableMethodDetails.php          |  4 ++-
 src/State/BackupCode.php                      |  4 ++-
 src/State/RegisteredMethodDetails.php         |  4 ++-
 src/State/Result.php                          |  4 ++-
 src/Store/SessionStore.php                    |  4 ++-
 src/Store/StoreInterface.php                  |  4 ++-
 tests/Behat/Context/LoginContext.php          |  4 ++-
 tests/php/Service/BackupCodeGeneratorTest.php |  4 ++-
 tests/php/Stub/BasicMath/Method.php           |  1 +
 .../Stub/BasicMath/MethodRegisterHandler.php  |  4 ++-
 .../Stub/BasicMath/MethodVerifyHandler.php    |  4 ++-
 38 files changed, 131 insertions(+), 46 deletions(-)

diff --git a/src/Authenticator/LoginForm.php b/src/Authenticator/LoginForm.php
index 32394322..550a1b79 100644
--- a/src/Authenticator/LoginForm.php
+++ b/src/Authenticator/LoginForm.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Authenticator;
 
@@ -179,7 +181,9 @@ public function startRegistration(): HTTPResponse
         $sessionMember = $store ? $store->getMember() : null;
         $loggedInMember = Member::currentUser();
 
-        if (($loggedInMember === null && $sessionMember === null)
+        if (
+            ($loggedInMember === null
+            && $sessionMember === null)
             || !$this->getSudoModeService()->check($this->controller->getSession())
         ) {
             return $this->jsonResponse(
@@ -242,7 +246,9 @@ public function finishRegistration(): HTTPResponse
         $sessionMember = $store ? $store->getMember() : null;
         $loggedInMember = Member::currentUser();
 
-        if (($loggedInMember === null && $sessionMember === null)
+        if (
+            ($loggedInMember === null
+            && $sessionMember === null)
             || !$this->getSudoModeService()->check($this->controller->getSession() ?: new Session([]))
         ) {
             return $this->jsonResponse(
@@ -275,7 +281,9 @@ public function finishRegistration(): HTTPResponse
         // required to log in though. The "mustLogin" flag is set at the beginning of the MFA process if they have at
         // least one method registered. They should always do that first. In that case we should assert
         // "isLoginComplete"
-        if ((!$mustLogin || $this->isVerificationComplete($store))
+        if (
+            (!$mustLogin
+            || $this->isVerificationComplete($store))
             && $enforcementManager->hasCompletedRegistration($sessionMember)
         ) {
             $this->doPerformLogin($sessionMember);
@@ -323,8 +331,11 @@ public function startVerification(): HTTPResponse
         $request = $this->getRequest();
         $store = $this->getStore();
         // If we don't have a valid member we shouldn't be here, or if sudo mode is not active yet.
-        if (!$store || !$store->getMember() ||
-            !$this->getSudoModeService()->check($this->controller->getSession() ?: new Session([]))) {
+        if (
+            !$store
+            || !$store->getMember()
+            || !$this->getSudoModeService()->check($this->controller->getSession() ?: new Session([]))
+        ) {
             return $this->jsonResponse(['message' => 'Forbidden'], 403);
         }
 
@@ -428,7 +439,8 @@ public function redirectAfterSuccessfulLogin()
         // This is potentially redundant logic as the member should only be logged in if they've fully registered.
         // They're allowed to login if they can skip - so only do assertions if they're not allowed to skip
         // We'll also check that they've registered the required MFA details
-        if (!$enforcementManager->canSkipMFA($member)
+        if (
+            !$enforcementManager->canSkipMFA($member)
             && !$enforcementManager->hasCompletedRegistration($member)
         ) {
             $member->logOut();
diff --git a/src/Authenticator/MemberAuthenticator.php b/src/Authenticator/MemberAuthenticator.php
index 74f53069..75bbd582 100644
--- a/src/Authenticator/MemberAuthenticator.php
+++ b/src/Authenticator/MemberAuthenticator.php
@@ -1,4 +1,5 @@
 <?php
+
 namespace SilverStripe\MFA\Authenticator;
 
 use Controller;
diff --git a/src/BackupCode/Method.php b/src/BackupCode/Method.php
index 22a3a322..42d95b52 100644
--- a/src/BackupCode/Method.php
+++ b/src/BackupCode/Method.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\BackupCode;
 
diff --git a/src/BackupCode/RegisterHandler.php b/src/BackupCode/RegisterHandler.php
index 5f7b6955..8a213878 100644
--- a/src/BackupCode/RegisterHandler.php
+++ b/src/BackupCode/RegisterHandler.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\BackupCode;
 
diff --git a/src/BackupCode/VerifyHandler.php b/src/BackupCode/VerifyHandler.php
index 4ffc5612..d6193b6e 100644
--- a/src/BackupCode/VerifyHandler.php
+++ b/src/BackupCode/VerifyHandler.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\BackupCode;
 
diff --git a/src/Controller/AdminRegistrationController.php b/src/Controller/AdminRegistrationController.php
index 7883f400..b482c0e2 100644
--- a/src/Controller/AdminRegistrationController.php
+++ b/src/Controller/AdminRegistrationController.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Controller;
 
@@ -185,7 +187,8 @@ public function setDefaultRegisteredMethod(): HTTPResponse
     {
         $request = $this->getRequest();
         // Ensure CSRF and sudo-mode protection
-        if (!SecurityToken::inst()->checkRequest($request)
+        if (
+            !SecurityToken::inst()->checkRequest($request)
             || !$this->getSudoModeService()->check($this->getSession())
         ) {
             return $this->jsonResponse(
diff --git a/src/Exception/InvalidMethodException.php b/src/Exception/InvalidMethodException.php
index d9cf4051..e4645956 100644
--- a/src/Exception/InvalidMethodException.php
+++ b/src/Exception/InvalidMethodException.php
@@ -1,4 +1,5 @@
 <?php
+
 namespace SilverStripe\MFA\Exception;
 
 use LogicException;
diff --git a/src/Extension/AccountReset/AccountResetHandler.php b/src/Extension/AccountReset/AccountResetHandler.php
index a642842b..b245187a 100644
--- a/src/Extension/AccountReset/AccountResetHandler.php
+++ b/src/Extension/AccountReset/AccountResetHandler.php
@@ -1,6 +1,5 @@
 <?php
 
-
 namespace SilverStripe\MFA\Extension\AccountReset;
 
 use Member;
diff --git a/src/Extension/AccountReset/MFAResetExtension.php b/src/Extension/AccountReset/MFAResetExtension.php
index 19ab1111..4de9fc02 100644
--- a/src/Extension/AccountReset/MFAResetExtension.php
+++ b/src/Extension/AccountReset/MFAResetExtension.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Extension\AccountReset;
 
diff --git a/src/Extension/AccountReset/MemberExtension.php b/src/Extension/AccountReset/MemberExtension.php
index 1ccd039d..9e4627e5 100644
--- a/src/Extension/AccountReset/MemberExtension.php
+++ b/src/Extension/AccountReset/MemberExtension.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Extension\AccountReset;
 
@@ -45,9 +47,11 @@ public function generateAccountResetTokenAndStoreHash(): string
         do {
             $token = $generator->randomToken();
             $hash = $this->owner->encryptWithUserSettings($token);
-        } while (DataObject::get_one(Member::class, [
+        } while (
+            DataObject::get_one(Member::class, [
             '"Member"."AccountResetHash"' => $hash,
-        ]));
+            ])
+        );
 
         $expiry = DBDatetime::create();
         $expiry->setValue(
diff --git a/src/Extension/AccountReset/SecurityAdminExtension.php b/src/Extension/AccountReset/SecurityAdminExtension.php
index 1edad960..0aeb8e9f 100644
--- a/src/Extension/AccountReset/SecurityAdminExtension.php
+++ b/src/Extension/AccountReset/SecurityAdminExtension.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Extension\AccountReset;
 
diff --git a/src/Extension/AccountReset/SecurityExtension.php b/src/Extension/AccountReset/SecurityExtension.php
index b6192f6a..711df985 100644
--- a/src/Extension/AccountReset/SecurityExtension.php
+++ b/src/Extension/AccountReset/SecurityExtension.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Extension\AccountReset;
 
diff --git a/src/Extension/ChangePasswordExtension.php b/src/Extension/ChangePasswordExtension.php
index 534b6cbf..eedd0818 100644
--- a/src/Extension/ChangePasswordExtension.php
+++ b/src/Extension/ChangePasswordExtension.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Extension;
 
@@ -189,7 +191,8 @@ public function handleChangePassword()
         /** @var Member&MemberExtension $member */
         $member = Member::member_from_autologinhash($hash);
 
-        if ($hash
+        if (
+            $hash
             && $member
             && $member->RegisteredMFAMethods()->exists()
             && !$session->get(self::MFA_VERIFIED_ON_CHANGE_PASSWORD)
diff --git a/src/Extension/MemberExtension.php b/src/Extension/MemberExtension.php
index 95cf365d..9e678348 100644
--- a/src/Extension/MemberExtension.php
+++ b/src/Extension/MemberExtension.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Extension;
 
diff --git a/src/JSONResponse.php b/src/JSONResponse.php
index f2e4eea6..699744ad 100644
--- a/src/JSONResponse.php
+++ b/src/JSONResponse.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA;
 
diff --git a/src/Method/Handler/RegisterHandlerInterface.php b/src/Method/Handler/RegisterHandlerInterface.php
index 5031f3d7..317adf6f 100644
--- a/src/Method/Handler/RegisterHandlerInterface.php
+++ b/src/Method/Handler/RegisterHandlerInterface.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Method\Handler;
 
diff --git a/src/Method/Handler/VerifyHandlerInterface.php b/src/Method/Handler/VerifyHandlerInterface.php
index 7a091366..c13c69c7 100644
--- a/src/Method/Handler/VerifyHandlerInterface.php
+++ b/src/Method/Handler/VerifyHandlerInterface.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Method\Handler;
 
diff --git a/src/Method/MethodInterface.php b/src/Method/MethodInterface.php
index 5997ee46..51dc025a 100644
--- a/src/Method/MethodInterface.php
+++ b/src/Method/MethodInterface.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Method;
 
diff --git a/src/Model/MFARegisteredMethod.php b/src/Model/MFARegisteredMethod.php
index 944da09e..5353241d 100644
--- a/src/Model/MFARegisteredMethod.php
+++ b/src/Model/MFARegisteredMethod.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 use SilverStripe\MFA\Method\Handler\RegisterHandlerInterface;
 use SilverStripe\MFA\Method\Handler\VerifyHandlerInterface;
diff --git a/src/Report/EnabledMembers.php b/src/Report/EnabledMembers.php
index 7fb71109..73c1a0da 100644
--- a/src/Report/EnabledMembers.php
+++ b/src/Report/EnabledMembers.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 use SilverStripe\MFA\Extension\MemberExtension;
 use SilverStripe\MFA\Service\MethodRegistry;
diff --git a/src/Service/BackupCodeGenerator.php b/src/Service/BackupCodeGenerator.php
index a8d5b263..d0552a0f 100644
--- a/src/Service/BackupCodeGenerator.php
+++ b/src/Service/BackupCodeGenerator.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Service;
 
diff --git a/src/Service/BackupCodeGeneratorInterface.php b/src/Service/BackupCodeGeneratorInterface.php
index 9623cc05..2e4d0f68 100644
--- a/src/Service/BackupCodeGeneratorInterface.php
+++ b/src/Service/BackupCodeGeneratorInterface.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Service;
 
diff --git a/src/Service/EncryptionAdapterInterface.php b/src/Service/EncryptionAdapterInterface.php
index 81f361b7..04e800db 100644
--- a/src/Service/EncryptionAdapterInterface.php
+++ b/src/Service/EncryptionAdapterInterface.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Service;
 
diff --git a/src/Service/EnforcementManager.php b/src/Service/EnforcementManager.php
index b3e7bea4..031f5960 100644
--- a/src/Service/EnforcementManager.php
+++ b/src/Service/EnforcementManager.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Service;
 
@@ -225,7 +227,8 @@ protected function hasAdminAccess(Member $member): bool
         // Look through all LeftAndMain subclasses to find if one permits the member to view
         $menu = $leftAndMain->MainMenu();
         foreach ($menu as $candidate) {
-            if ($candidate->Link
+            if (
+                $candidate->Link
                 && $candidate->Link !== $leftAndMain->Link()
                 && $candidate->MenuItem->controller
                 && singleton($candidate->MenuItem->controller)->canView($member)
diff --git a/src/Service/MethodRegistry.php b/src/Service/MethodRegistry.php
index 7dcbd892..88c6cb06 100644
--- a/src/Service/MethodRegistry.php
+++ b/src/Service/MethodRegistry.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Service;
 
diff --git a/src/Service/Notification.php b/src/Service/Notification.php
index 7fc5a3d4..c7283819 100644
--- a/src/Service/Notification.php
+++ b/src/Service/Notification.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Service;
 
diff --git a/src/Service/RegisteredMethodManager.php b/src/Service/RegisteredMethodManager.php
index 0f241758..efe78c10 100644
--- a/src/Service/RegisteredMethodManager.php
+++ b/src/Service/RegisteredMethodManager.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Service;
 
diff --git a/src/State/AvailableMethodDetails.php b/src/State/AvailableMethodDetails.php
index 76fb4d14..586a9044 100644
--- a/src/State/AvailableMethodDetails.php
+++ b/src/State/AvailableMethodDetails.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\State;
 
diff --git a/src/State/BackupCode.php b/src/State/BackupCode.php
index e5ae1cb9..f158e4b2 100644
--- a/src/State/BackupCode.php
+++ b/src/State/BackupCode.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\State;
 
diff --git a/src/State/RegisteredMethodDetails.php b/src/State/RegisteredMethodDetails.php
index 1bb6c92d..a7414eea 100644
--- a/src/State/RegisteredMethodDetails.php
+++ b/src/State/RegisteredMethodDetails.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\State;
 
diff --git a/src/State/Result.php b/src/State/Result.php
index a70e7027..96329002 100644
--- a/src/State/Result.php
+++ b/src/State/Result.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\State;
 
diff --git a/src/Store/SessionStore.php b/src/Store/SessionStore.php
index 334cc036..0b73e2e8 100644
--- a/src/Store/SessionStore.php
+++ b/src/Store/SessionStore.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Store;
 
diff --git a/src/Store/StoreInterface.php b/src/Store/StoreInterface.php
index f49f962c..5b398c94 100644
--- a/src/Store/StoreInterface.php
+++ b/src/Store/StoreInterface.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Store;
 
diff --git a/tests/Behat/Context/LoginContext.php b/tests/Behat/Context/LoginContext.php
index 328245ed..f084ffa5 100644
--- a/tests/Behat/Context/LoginContext.php
+++ b/tests/Behat/Context/LoginContext.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Tests\Behat\Context;
 
diff --git a/tests/php/Service/BackupCodeGeneratorTest.php b/tests/php/Service/BackupCodeGeneratorTest.php
index 9446e233..3f4fadbe 100644
--- a/tests/php/Service/BackupCodeGeneratorTest.php
+++ b/tests/php/Service/BackupCodeGeneratorTest.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Service;
 
diff --git a/tests/php/Stub/BasicMath/Method.php b/tests/php/Stub/BasicMath/Method.php
index df63909f..6dbcd189 100644
--- a/tests/php/Stub/BasicMath/Method.php
+++ b/tests/php/Stub/BasicMath/Method.php
@@ -1,4 +1,5 @@
 <?php
+
 namespace SilverStripe\MFA\Tests\Stub\BasicMath;
 
 use Director;
diff --git a/tests/php/Stub/BasicMath/MethodRegisterHandler.php b/tests/php/Stub/BasicMath/MethodRegisterHandler.php
index 98831eb7..4174c524 100644
--- a/tests/php/Stub/BasicMath/MethodRegisterHandler.php
+++ b/tests/php/Stub/BasicMath/MethodRegisterHandler.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Tests\Stub\BasicMath;
 
diff --git a/tests/php/Stub/BasicMath/MethodVerifyHandler.php b/tests/php/Stub/BasicMath/MethodVerifyHandler.php
index a261aa9d..88a50274 100644
--- a/tests/php/Stub/BasicMath/MethodVerifyHandler.php
+++ b/tests/php/Stub/BasicMath/MethodVerifyHandler.php
@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Tests\Stub\BasicMath;