From ee3b8cc326ebe3d13c1f25289cc24b7d29207697 Mon Sep 17 00:00:00 2001 From: Garion Herman Date: Mon, 17 Feb 2025 08:56:37 +0900 Subject: [PATCH] FIX Drop already-verified check from SessionStore While ostensibly a useful safety check, this validation step is misplaced. The purpose of SessionStore is to hold context for the verification process, not to verify its integrity, and there exist (extremely hard-to-reproduce) edgecases where this will unhelpfully break the MFA flow. The MFA method verification process is sufficiently idempotent and safe to prevent any negative outcomes from a method being verified multiple times in a single MFA flow. --- src/Store/SessionStore.php | 4 ---- tests/php/Store/SessionStoreTest.php | 9 --------- 2 files changed, 13 deletions(-) diff --git a/src/Store/SessionStore.php b/src/Store/SessionStore.php index 9079213d..c1972b0e 100644 --- a/src/Store/SessionStore.php +++ b/src/Store/SessionStore.php @@ -114,10 +114,6 @@ public function getMethod(): ?string */ public function setMethod(?string $method): StoreInterface { - if (in_array($method, $this->getVerifiedMethods() ?? [])) { - throw new InvalidMethodException('You cannot verify with a method you have already verified'); - } - $this->method = $method; return $this; diff --git a/tests/php/Store/SessionStoreTest.php b/tests/php/Store/SessionStoreTest.php index 1e9a5150..b62378da 100644 --- a/tests/php/Store/SessionStoreTest.php +++ b/tests/php/Store/SessionStoreTest.php @@ -25,15 +25,6 @@ public function testAddState() $this->assertSame(['foo' => 'baz', 'bar' => 'baz'], $store->getState()); } - public function testSetMethodWithVerifiedMethod() - { - $this->expectException(\SilverStripe\MFA\Exception\InvalidMethodException::class); - $this->expectExceptionMessage('You cannot verify with a method you have already verified'); - $store = new SessionStore($this->createMock(Member::class)); - $store->addVerifiedMethod('foobar'); - $store->setMethod('foobar'); - } - public function testSetMethod() { $store = new SessionStore($this->createMock(Member::class));