ChangePasswordExtension
class ChangePasswordExtension extends Extension (View source)
Wraps the changepassword method in Security in order to allow MFA to be inserted into the flow when an AutoLoginHash is being used - that is when the user has clicked a reset password link in an email after using the "forgot password" functionality. When an "auto login" is not being used (a user is already logged in), it is existing functionality to ask a user for their password before allowing a change - so this flow does not require MFA.
Traits
This trait encapsulates logic that can be added to a RequestHandler
to work with logging in using MFA front-end
app. It provides two main methods; createStartVerificationResponse - a response that can be easily consumed by
the MFA app to prompt a login, and completeVerificationRequest - used to verify a request sent by the MFA app
containing the login attempt.
Provides a simplified method for creating JSON-based HTTPResponses.
Constants
MFA_VERIFIED_ON_CHANGE_PASSWORD |
Session key used to track whether multi-factor authentication has been verified during a change password request flow. |
Properties
protected | SS_Object | $owner | The object this extension is applied to. |
from Extension |
protected | DataObject | $ownerBaseClass | The base class that this extension was applied to; $this->owner must be one of these |
from Extension |
public | $class | from Extension | ||
protected | StoreInterface | $store | A "session store" object that helps contain MFA specific session detail |
from BaseHandlerTrait |
Methods
Called when this extension is added to a particular class
Helper method to strip eval'ed arguments from a string thats passed to DataObject::$extensions or Object::add_extension().
Perform the necessary "Requirements" calls to ensure client side scripts are available in the response
Returns a sudo mode service instance
Create an HTTPResponse that provides information to the client side React MFA app to prompt the user to login with their configured MFA method
Attempt to verify a login attempt provided by the given request
Indicates the current member has verified with MFA methods enough to be considered "verified"
Supply JavaScript application configuration details, required for an MFA check
Render the JavaScript app responsible for initiating an MFA check
Initiates the session for the user attempting to log in, in preparation for an MFA check
Checks the MFA JavaScript app input to validate the user attempting to log in
Details
__construct()
No description
static
add_to_class(string $class, string $extensionClass, mixed $args = null)
Called when this extension is added to a particular class
setOwner(SS_Object $owner, string $ownerBaseClass = null)
Set the owner of this extension.
clearOwner()
No description
SS_Object
getOwner()
Returns the owner of this extension.
static string
get_classname_without_arguments(string $extensionStr)
Helper method to strip eval'ed arguments from a string thats passed to DataObject::$extensions or Object::add_extension().
protected void
applyRequirements(bool $frontEndRequirements = true)
Perform the necessary "Requirements" calls to ensure client side scripts are available in the response
protected StoreInterface|null
getStore()
No description
BaseHandlerTrait
setStore(StoreInterface $store)
No description
protected StoreInterface
createStore(Member $member)
No description
protected SudoModeServiceInterface
getSudoModeService()
Returns a sudo mode service instance
protected SS_HTTPResponse
createStartVerificationResponse(StoreInterface $store, MethodInterface|null $requestedMethod = null)
Create an HTTPResponse that provides information to the client side React MFA app to prompt the user to login with their configured MFA method
protected Result
completeVerificationRequest(StoreInterface $store, SS_HTTPRequest $request)
Attempt to verify a login attempt provided by the given request
protected bool
isVerificationComplete(StoreInterface $store)
Indicates the current member has verified with MFA methods enough to be considered "verified"
SS_HTTPResponse
jsonResponse(array $body, int $status = 200)
No description
SS_HTTPResponse
getSchema()
Supply JavaScript application configuration details, required for an MFA check
SS_HTTPResponse|array
mfa()
Render the JavaScript app responsible for initiating an MFA check
SS_HTTPResponse
startMFACheck()
Initiates the session for the user attempting to log in, in preparation for an MFA check
SS_HTTPResponse
verifyMFACheck()
Checks the MFA JavaScript app input to validate the user attempting to log in
handleChangePassword()
No description
protected NullHTTPRequest|SS_HTTPRequest
getRequest()
Glue to support BaseHandlerTrait
protected
extend($name, ...$data)
No description