Merge pull request #220 from mutec/2faenforce

TimWolla · web-flow · commit 6c58073d3634 · 2021-08-25T12:10:51.000+02:00
add section for enforcing Multi-factor Authentication
diff --git a/docs/migration/wsc53/session.md b/docs/migration/wsc53/session.md
@@ -142,6 +142,18 @@ Please check [the version history](https://github.com/WoltLab/WCF/commits/master
 
 !!! warning "Multi-factor authentication is security sensitive. Make sure to carefully read the remarks in `IMultifactorMethod` for possible issues. Also make sure to carefully test your implementation against all sorts of incorrect input and consider attack vectors such as race conditions. It is strongly recommended to generously check the current state by leveraging assertions and exceptions."
 
+#### Enforcing Multi-factor Authentication
+
+To enforce Multi-factor Authentication within your controller you need to:
+
+1. Use the `wcf\system\user\multifactor\TMultifactorRequirementEnforcer` trait.
+2. Call: `$this->enforceMultifactorAuthentication();`
+
+`enforceMultifactorAuthentication()` will check if the user is in a group that requires multi-factor authentication, but does not yet have multi-factor authentication enabled.
+If they did, the request proceeds as usual.
+Otherwise, a `NamedUserException` is thrown.
+
+
 ## Deprecations and Removals
 
 ### SessionHandler
