add section for enforcing Multi-factor Authentication

author mutec <mysterycode@mysterycode.de>

Mon, 23 Aug 2021 14:22:08 +0000 (16:22 +0200)

committer mutec <mysterycode@mysterycode.de>

Wed, 25 Aug 2021 10:05:21 +0000 (12:05 +0200)
author mutec <mysterycode@mysterycode.de>
Mon, 23 Aug 2021 14:22:08 +0000 (16:22 +0200)
committer mutec <mysterycode@mysterycode.de>
Wed, 25 Aug 2021 10:05:21 +0000 (12:05 +0200)
diff --git a/docs/migration/wsc53/session.md b/docs/migration/wsc53/session.md

index e6e5c041da8a87908ba22fdeaa6e144104687ef4..b2ee95640aaf41870dfe412e2781fa48c4589533 100644 (file)
--- a/docs/migration/wsc53/session.md
+++ b/docs/migration/wsc53/session.md
@@ -142,6 +142,18 @@ Please check [the version history](https://github.com/WoltLab/WCF/commits/master
  
  !!! warning "Multi-factor authentication is security sensitive. Make sure to carefully read the remarks in `IMultifactorMethod` for possible issues. Also make sure to carefully test your implementation against all sorts of incorrect input and consider attack vectors such as race conditions. It is strongly recommended to generously check the current state by leveraging assertions and exceptions."
  
+#### Enforcing Multi-factor Authentication
+
+To enforce Multi-factor Authentication within your controller you need to:
+
+1. Use the `wcf\system\user\multifactor\TMultifactorRequirementEnforcer` trait.
+2. Call: `$this->enforceMultifactorAuthentication();`
+
+`enforceMultifactorAuthentication()` will check if the user is in a group that requires multi-factor authentication, but does not yet have multi-factor authentication enabled.
+If they did, the request proceeds as usual.
+Otherwise, a `NamedUserException` is thrown.
+
+
  ## Deprecations and Removals
  
  ### SessionHandler
author	mutec <mysterycode@mysterycode.de>
	Mon, 23 Aug 2021 14:22:08 +0000 (16:22 +0200)
committer	mutec <mysterycode@mysterycode.de>
	Wed, 25 Aug 2021 10:05:21 +0000 (12:05 +0200)