If a user has already registered for MFA, enforce use of it even if they are not in an MFA group

Minor PR changes

Update src/Extension/SiteConfigExtension.php

Co-authored-by: Guy Marriott <guy.the.person@gmail.com>

Author: 2 people

src/Extension/SiteConfigExtension.php

@@ -69,16 +69,12 @@ public function updateCMSFields(FieldList $fields)
         ));
         $mfaGraceEnd->addExtraClass('mfa-settings__grace-period');
 
-        $mapFn = function ($groups = []) {
-            $map = [];
-            foreach ($groups as $group) {
-                // Listboxfield values are escaped, use ASCII char instead of »
-                $map[$group->ID] = $group->getBreadcrumbs(' > ');
-            }
-            asort($map);
-            return $map;
-        };
-        $groupsMap = $mapFn(Group::get());
+        $groupsMap = [];
+        foreach (Group::get() as $group) {
+            // Listboxfield values are escaped, use ASCII char instead of »
+            $groupsMap[$group->ID] = $group->getBreadcrumbs(' > ');
+        }
+        asort($groupsMap);
 
         $mfaGroupRestrict = ListboxField::create(
             "MFAGroupRestrictions",
@@ -88,7 +84,8 @@ public function updateCMSFields(FieldList $fields)
             ->setAttribute(
                 'data-placeholder',
                 _t(__CLASS__ . '.MFA_GROUP_RESTRICTIONS_PLACEHOLDER', 'Click to select group')
-            )->setDescription(_t(
+            )
+            ->setDescription(_t(
                 __CLASS__ . '.MFA_GROUP_RESTRICTIONS_DESCRIPTION',
                 'MFA will only be enabled for members of these selected groups. ' .
                 'If no groups are selected, MFA will be enabled for all users'

src/Service/EnforcementManager.php

@@ -108,7 +108,7 @@ public function shouldRedirectToMFA(Member $member): bool
             return false;
         }
 
-        if (!$this->isUserInMFAEnabledGroup($member)) {
+        if (!$this->isUserInMFAEnabledGroup($member) && !$this->hasCompletedRegistration($member)) {
             return false;
         }
 
@@ -271,7 +271,7 @@ protected function isEnabled(): bool
         return true;
     }
 
-    protected function isUserInMFAEnabledGroup(Member $member)
+    protected function isUserInMFAEnabledGroup(Member $member): bool
     {
         /** @var SiteConfig&SiteConfigExtension $siteConfig */
         $siteConfig = SiteConfig::current_site_config();

tests/Behat/features/mfa-enabled.feature

@@ -14,4 +14,4 @@ Feature: MFA is enabled for the site
     Then I should see "Multi-factor authentication (MFA)"
     When I select "MFA is required for everyone" from the MFA settings
     And I press "Save"
-    Then I should see "Saved"
+    Then I should see a "Saved" success toast