ENH Disable temporary sudo mode after login

silverstripe · Feb 10, 2025 · 60f4ea7 · 60f4ea7
1 parent 506aef4
commit 60f4ea7
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/src/Authenticator/LoginHandler.php b/src/Authenticator/LoginHandler.php
@@ -491,6 +491,13 @@ public function redirectAfterSuccessfulLogin(): HTTPResponse
         }
         $request->getSession()->clear(static::SESSION_KEY . '.mustLogin');
 
+        // Deactivate sudo mode that was activated in doLogin()
+        $service = $this->getSudoModeService();
+        // Check if the service has a deactivate method, because it is not defined on the interface
+        if (method_exists($service, 'deactivate')) {
+            call_user_func([$service, 'deactivate'], $this->getRequest()->getSession());
+        }
+
         // Delegate to parent logic
         return parent::redirectAfterSuccessfulLogin();
     }

diff --git a/tests/Behat/features/mfa-enabled.feature b/tests/Behat/features/mfa-enabled.feature
@@ -4,7 +4,8 @@ Feature: MFA is enabled for the site
   So that my site will be more secure
 
   Background:
-    Given I am logged in with "ADMIN" permissions
+    Given I add an extension "SilverStripe\FrameworkTest\SudoMode\DisableSudoModeFormExtension" to the "SilverStripe\Forms\Form" class
+    And I am logged in with "ADMIN" permissions
     And I go to "/admin"
     Then I should see the CMS