class ChangePasswordExtension extends Extension (View source)

Wraps the changepassword method in Security in order to allow MFA to be inserted into the flow when an AutoLoginHash is being used - that is when the user has clicked a reset password link in an email after using the "forgot password" functionality. When an "auto login" is not being used (a user is already logged in), it is existing functionality to ask a user for their password before allowing a change - so this flow does not require MFA.

Traits

This trait encapsulates logic that can be added to a RequestHandler to work with logging in using MFA front-end app. It provides two main methods; createStartVerificationResponse - a response that can be easily consumed by the MFA app to prompt a login, and completeVerificationRequest - used to verify a request sent by the MFA app containing the login attempt.

Provides a simplified method for creating JSON-based HTTPResponses.

Constants

MFA_VERIFIED_ON_CHANGE_PASSWORD

Session key used to track whether multi-factor authentication has been verified during a change password request flow.

Properties

protected SS_Object $owner

The object this extension is applied to.

from  Extension
protected DataObject $ownerBaseClass

The base class that this extension was applied to; $this->owner must be one of these

from  Extension
public $class from  Extension
protected StoreInterface $store

A "session store" object that helps contain MFA specific session detail

from  BaseHandlerTrait

Methods

public
__construct()

No description

public static 
add_to_class(string $class, string $extensionClass, mixed $args = null)

Called when this extension is added to a particular class

public
setOwner(SS_Object $owner, string $ownerBaseClass = null)

Set the owner of this extension.

public
clearOwner()

No description

public
getOwner()

Returns the owner of this extension.

public static 
string
get_classname_without_arguments(string $extensionStr)

Helper method to strip eval'ed arguments from a string thats passed to DataObject::$extensions or Object::add_extension().

protected
void
applyRequirements(bool $frontEndRequirements = true)

Perform the necessary "Requirements" calls to ensure client side scripts are available in the response

protected
StoreInterface|null
getStore()

No description

public
setStore(StoreInterface $store)

No description

protected
createStore(Member $member)

No description

protected
SudoModeServiceInterface
getSudoModeService()

Returns a sudo mode service instance

protected
createStartVerificationResponse(StoreInterface $store, MethodInterface|null $requestedMethod = null)

Create an HTTPResponse that provides information to the client side React MFA app to prompt the user to login with their configured MFA method

protected
completeVerificationRequest(StoreInterface $store, SS_HTTPRequest $request)

Attempt to verify a login attempt provided by the given request

protected
bool
isVerificationComplete(StoreInterface $store)

Indicates the current member has verified with MFA methods enough to be considered "verified"

public
jsonResponse(array $body, int $status = 200)

No description

public
getSchema()

Supply JavaScript application configuration details, required for an MFA check

public
mfa()

Render the JavaScript app responsible for initiating an MFA check

public
startMFACheck()

Initiates the session for the user attempting to log in, in preparation for an MFA check

public
verifyMFACheck()

Checks the MFA JavaScript app input to validate the user attempting to log in

public
handleChangePassword()

No description

protected
getRequest()

Glue to support BaseHandlerTrait

protected
extend($name, ...$data)

No description

Details

__construct()

No description

static add_to_class(string $class, string $extensionClass, mixed $args = null)

Called when this extension is added to a particular class

Parameters

string $class
string $extensionClass
mixed $args

setOwner(SS_Object $owner, string $ownerBaseClass = null)

Set the owner of this extension.

Parameters

SS_Object $owner

The owner object,

string $ownerBaseClass

The base class that the extension is applied to; this may be the class of owner, or it may be a parent. For example, if Versioned was applied to SiteTree, and then a Page object was instantiated, $owner would be a Page object, but $ownerBaseClass would be 'SiteTree'.

clearOwner()

No description

SS_Object getOwner()

Returns the owner of this extension.

Return Value

SS_Object

static string get_classname_without_arguments(string $extensionStr)

Helper method to strip eval'ed arguments from a string thats passed to DataObject::$extensions or Object::add_extension().

Parameters

string $extensionStr

E.g. "Versioned('Stage','Live')"

Return Value

string

Extension classname, e.g. "Versioned"

protected void applyRequirements(bool $frontEndRequirements = true)

Perform the necessary "Requirements" calls to ensure client side scripts are available in the response

Parameters

bool $frontEndRequirements

Indicates dependencies usually provided by admin should also be required

Return Value

void

protected StoreInterface|null getStore()

No description

Return Value

StoreInterface|null

BaseHandlerTrait setStore(StoreInterface $store)

No description

Parameters

StoreInterface $store

Return Value

BaseHandlerTrait

protected StoreInterface createStore(Member $member)

No description

Parameters

Member $member

Return Value

StoreInterface

protected SudoModeServiceInterface getSudoModeService()

Returns a sudo mode service instance

Return Value

SudoModeServiceInterface

protected SS_HTTPResponse createStartVerificationResponse(StoreInterface $store, MethodInterface|null $requestedMethod = null)

Create an HTTPResponse that provides information to the client side React MFA app to prompt the user to login with their configured MFA method

Parameters

StoreInterface $store
MethodInterface|null $requestedMethod

Return Value

SS_HTTPResponse

protected Result completeVerificationRequest(StoreInterface $store, SS_HTTPRequest $request)

Attempt to verify a login attempt provided by the given request

Parameters

StoreInterface $store
SS_HTTPRequest $request

Return Value

Result

Exceptions

InvalidMethodException

protected bool isVerificationComplete(StoreInterface $store)

Indicates the current member has verified with MFA methods enough to be considered "verified"

Parameters

StoreInterface $store

Return Value

bool

SS_HTTPResponse jsonResponse(array $body, int $status = 200)

No description

Parameters

array $body
int $status

Return Value

SS_HTTPResponse

SS_HTTPResponse getSchema()

Supply JavaScript application configuration details, required for an MFA check

Return Value

SS_HTTPResponse

SS_HTTPResponse|array mfa()

Render the JavaScript app responsible for initiating an MFA check

Return Value

SS_HTTPResponse|array

SS_HTTPResponse startMFACheck()

Initiates the session for the user attempting to log in, in preparation for an MFA check

Return Value

SS_HTTPResponse

Exceptions

LogicException

SS_HTTPResponse verifyMFACheck()

Checks the MFA JavaScript app input to validate the user attempting to log in

Return Value

SS_HTTPResponse

handleChangePassword()

No description

protected NullHTTPRequest|SS_HTTPRequest getRequest()

Glue to support BaseHandlerTrait

protected extend($name, ...$data)

No description

Parameters

$name
...$data