Merge pull request #353 from creative-commoners/pulls/3.0/subsites-min-version

FIX Prevent incompatible versions of Subsites from installing alongside MFA 3.0

Author: NightJar

composer.json

@@ -39,6 +39,9 @@
         "silverstripe/reports": "^3.7",
         "squizlabs/php_codesniffer": "^3.0"
     },
+    "conflict": {
+        "silverstripe/subsites": "<1.4.2"
+    },
     "suggest": {
         "silverstripe/totp-authenticator": "Adds a method to authenticate with you phone using a time-based one-time password.",
         "silverstripe/webauthn-authenticator": "Adds a method to authenticate with security keys or built-in platform authenticators."

src/Authenticator/LoginForm.php

@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Authenticator;
 
@@ -179,7 +181,9 @@ public function startRegistration(): HTTPResponse
         $sessionMember = $store ? $store->getMember() : null;
         $loggedInMember = Member::currentUser();
 
-        if (($loggedInMember === null && $sessionMember === null)
+        if (
+            ($loggedInMember === null
+            && $sessionMember === null)
             || !$this->getSudoModeService()->check($this->controller->getSession())
         ) {
             return $this->jsonResponse(
@@ -242,7 +246,9 @@ public function finishRegistration(): HTTPResponse
         $sessionMember = $store ? $store->getMember() : null;
         $loggedInMember = Member::currentUser();
 
-        if (($loggedInMember === null && $sessionMember === null)
+        if (
+            ($loggedInMember === null
+            && $sessionMember === null)
             || !$this->getSudoModeService()->check($this->controller->getSession() ?: new Session([]))
         ) {
             return $this->jsonResponse(
@@ -275,7 +281,9 @@ public function finishRegistration(): HTTPResponse
         // required to log in though. The "mustLogin" flag is set at the beginning of the MFA process if they have at
         // least one method registered. They should always do that first. In that case we should assert
         // "isLoginComplete"
-        if ((!$mustLogin || $this->isVerificationComplete($store))
+        if (
+            (!$mustLogin
+            || $this->isVerificationComplete($store))
             && $enforcementManager->hasCompletedRegistration($sessionMember)
         ) {
             $this->doPerformLogin($sessionMember);
@@ -323,8 +331,11 @@ public function startVerification(): HTTPResponse
         $request = $this->getRequest();
         $store = $this->getStore();
         // If we don't have a valid member we shouldn't be here, or if sudo mode is not active yet.
-        if (!$store || !$store->getMember() ||
-            !$this->getSudoModeService()->check($this->controller->getSession() ?: new Session([]))) {
+        if (
+            !$store
+            || !$store->getMember()
+            || !$this->getSudoModeService()->check($this->controller->getSession() ?: new Session([]))
+        ) {
             return $this->jsonResponse(['message' => 'Forbidden'], 403);
         }
 
@@ -428,7 +439,8 @@ public function redirectAfterSuccessfulLogin()
         // This is potentially redundant logic as the member should only be logged in if they've fully registered.
         // They're allowed to login if they can skip - so only do assertions if they're not allowed to skip
         // We'll also check that they've registered the required MFA details
-        if (!$enforcementManager->canSkipMFA($member)
+        if (
+            !$enforcementManager->canSkipMFA($member)
             && !$enforcementManager->hasCompletedRegistration($member)
         ) {
             $member->logOut();

src/Authenticator/MemberAuthenticator.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace SilverStripe\MFA\Authenticator;
 
 use Controller;

src/BackupCode/Method.php

@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\BackupCode;
 

src/BackupCode/RegisterHandler.php

@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\BackupCode;
 

src/BackupCode/VerifyHandler.php

@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\BackupCode;
 

src/Controller/AdminRegistrationController.php

@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Controller;
 
@@ -185,7 +187,8 @@ public function setDefaultRegisteredMethod(): HTTPResponse
     {
         $request = $this->getRequest();
         // Ensure CSRF and sudo-mode protection
-        if (!SecurityToken::inst()->checkRequest($request)
+        if (
+            !SecurityToken::inst()->checkRequest($request)
             || !$this->getSudoModeService()->check($this->getSession())
         ) {
             return $this->jsonResponse(

src/Exception/InvalidMethodException.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace SilverStripe\MFA\Exception;
 
 use LogicException;

src/Extension/AccountReset/AccountResetHandler.php

@@ -1,6 +1,5 @@
 <?php
 
-
 namespace SilverStripe\MFA\Extension\AccountReset;
 
 use Member;

src/Extension/AccountReset/MFAResetExtension.php

@@ -1,4 +1,6 @@
-<?php declare(strict_types=1);
+<?php
+
+declare(strict_types=1);
 
 namespace SilverStripe\MFA\Extension\AccountReset;