ENH Require sudo mode to edit the site config form

silverstripe · Feb 11, 2025 · 7e9783e · 7e9783e
1 parent e467a37
commit 7e9783e
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 2 deletions.
diff --git a/code/SiteConfig.php b/code/SiteConfig.php
@@ -78,6 +78,8 @@ class SiteConfig extends DataObject implements PermissionProvider, TemplateGloba
         'CMS_ACCESS_LeftAndMain'
     ];
 
+    private static bool $require_sudo_mode = true;
+
     public function populateDefaults()
     {
         $this->Title = _t(SiteConfig::class . '.SITENAMEDEFAULT', "Your Site Name");

diff --git a/code/SiteConfigLeftAndMain.php b/code/SiteConfigLeftAndMain.php
@@ -138,6 +138,9 @@ public function getEditForm($id = null, $fields = null)
             }
         }
 
+        // Require sudo mode for the edit form
+        $form->requireSudoMode();
+
         $this->extend('updateEditForm', $form);
 
         return $form;

diff --git a/composer.json b/composer.json
@@ -14,7 +14,7 @@
     ],
     "require": {
         "php": "^8.1",
-        "silverstripe/framework": "^5.2",
+        "silverstripe/framework": "^5.4",
         "silverstripe/admin": "^2.2",
         "silverstripe/vendor-plugin": "^2"
     },

diff --git a/tests/behat/features/manage-page-permissions.feature b/tests/behat/features/manage-page-permissions.feature
@@ -4,7 +4,8 @@ Feature: Manage global page permissions
   In order to set good defaults and avoid repeating myself on each page
 
   Background:
-    Given a "page" "Home" with "Content"="<p>Welcome</p>"
+    Given I add an extension "SilverStripe\FrameworkTest\SudoMode\ActivateSudoModeServiceExtension" to the "SilverStripe\Security\SudoMode\SudoModeService" class
+    And a "page" "Home" with "Content"="<p>Welcome</p>"
     And a "group" "AUTHOR" has permissions "Access to 'Pages' section"
     And a "group" "SECURITY" has permissions "Access to 'Security' section"
     # Have to supply an email address like this for "I am logged in as a member of <name> group" to find this user

diff --git a/tests/behat/features/sudo-mode.feature b/tests/behat/features/sudo-mode.feature
@@ -0,0 +1,34 @@
+@retry @job3
+Feature: Form sudo mode
+  As an site owner
+  I want to have to re-enter my password to make changes to site config data
+  So that my site is more secure
+
+  Background:
+    # Explicitly test with an "ADMIN" user as that's the most important user to test has sudo mode active
+    Given I am logged in with "ADMIN" permissions
+
+  Scenario: Sensitive data is protected by sudo mode
+
+    When I go to "/admin/settings"
+    Then I should see "Verify to continue"
+    And I should see a "#Form_EditForm_action_save_siteconfig[readonly]" element
+
+    # Test other tabs
+    When I click on the ".ui-tabs-tab[aria-controls=Root_Access]" element
+    Then I should see "Verify to continue"
+    And I should see a "#Form_EditForm_action_save_siteconfig[readonly]" element
+
+  Scenario: Data can be edited after activating sudo mode
+
+    When I go to "/admin/settings"
+    And I click on the ".sudo-mode-password-field__notice-button" element
+    And I fill in "SudoModePassword" with "Secret!123"
+    And I click on the ".sudo-mode-password-field__verify-button" element
+    And I wait for 2 seconds
+    Then I should not see a "#action_save[readonly]" element
+
+    # Test other tabs
+    When I click on the ".ui-tabs-tab[aria-controls=Root_Access]" element
+    Then I should not see "Verify to continue"
+    And I should not see a "#Form_EditForm_action_save_siteconfig[readonly]" element