Merge pull request #587 from creative-commoners/pulls/5/form-sudo-mode

ENH Disable temporary sudo mode after login
silverstripe · Feb 20, 2025 · 02b56d5 · 02b56d5
2 parents 506aef4 + 2820fc9
commit 02b56d5
Show file tree

Hide file tree

Showing 7 changed files with 13 additions and 13 deletions.
diff --git a/behat.yml b/behat.yml
@@ -15,6 +15,8 @@ default:
         - SilverStripe\Framework\Tests\Behaviour\CmsUiContext
         - SilverStripe\BehatExtension\Context\BasicContext
         - SilverStripe\BehatExtension\Context\EmailContext
+        - SilverStripe\BehatExtension\Context\FixtureContext:
+            - '%paths.modules.mfa%/tests/Behat/features/files/'
         - SilverStripe\MFA\Tests\Behat\Context\LoginContext
         - SilverStripe\CMS\Tests\Behaviour\ThemeContext
   extensions:

diff --git a/client/dist/js/bundle-cms.js b/client/dist/js/bundle-cms.js
diff --git a/client/src/boot/cms/index.js b/client/src/boot/cms/index.js
@@ -1,10 +1,8 @@
 /* global window */
 import registerComponents from './registerComponents';
 import registerReducers from './registerReducers';
-import registerTransformations from './registerTransformations';
 
 window.document.addEventListener('DOMContentLoaded', () => {
   registerComponents();
   registerReducers();
-  registerTransformations();
 });
diff --git a/client/src/boot/cms/registerTransformations.js b/client/src/boot/cms/registerTransformations.js
diff --git a/src/Authenticator/LoginHandler.php b/src/Authenticator/LoginHandler.php
@@ -26,6 +26,7 @@
 use SilverStripe\Security\MemberAuthenticator\LoginHandler as BaseLoginHandler;
 use SilverStripe\Security\MemberAuthenticator\MemberLoginForm;
 use SilverStripe\Security\Security;
+use SilverStripe\Core\ClassInfo;
 
 class LoginHandler extends BaseLoginHandler
 {
@@ -576,6 +577,13 @@ public function jsonResponse(array $response, int $code = 200): HTTPResponse
      */
     protected function doPerformLogin(HTTPRequest $request, Member $member)
     {
+        // Deactivate sudo mode that was activated in doLogin()
+        $service = $this->getSudoModeService();
+        // Check if the service has a deactivate method, because it is not defined on the interface
+        if (ClassInfo::hasMethod($service, 'deactivate')) {
+            call_user_func([$service, 'deactivate'], $this->getRequest()->getSession());
+        }
+
         // Load the previously stored data from session and perform the login using it...
         $data = $request->getSession()->get(static::SESSION_KEY . '.additionalData') ?: [];
 

diff --git a/tests/Behat/features/files/blank.txt b/tests/Behat/features/files/blank.txt
diff --git a/tests/Behat/features/mfa-enabled.feature b/tests/Behat/features/mfa-enabled.feature
@@ -4,7 +4,8 @@ Feature: MFA is enabled for the site
   So that my site will be more secure
 
   Background:
-    Given I am logged in with "ADMIN" permissions
+    Given I add an extension "SilverStripe\BehatExtension\Extensions\ActivateSudoModeServiceExtension" to the "SilverStripe\Security\SudoMode\SudoModeService" class
+    And I am logged in with "ADMIN" permissions
     And I go to "/admin"
     Then I should see the CMS