Merge branch 'b-7.4.x-generate-exceptions-OXDEV-9992' into b-7.4.x

Author: RahatHameed

CHANGELOG.md

@@ -8,6 +8,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 - Extracted reusable Twig code into captcha.html.twig and password.html.twig
+- Facebook login OAuth-provider
+- Google login OAuth-provider
 
 ### Changed
 - Show multiple errors on invalid password

assets/out/src/css/providers.css

@@ -0,0 +1,9 @@
+.sign-in-providers {
+    padding: 10px 0;
+}
+
+.card-body {
+    .sign-in-providers {
+        text-align: center;
+    }
+}

composer.json

@@ -30,7 +30,11 @@
         "codeception/module-webdriver": "*",
         "oxid-esales/codeception-modules": "dev-b-7.4.x",
         "oxid-esales/codeception-page-objects": "dev-b-7.4.x",
-        "mikey179/vfsstream": "^1.6"
+        "mikey179/vfsstream": "^1.6",
+        "pragmarx/google2fa": "^v8.0.3",
+        "bacon/bacon-qr-code": "v3.0.1",
+        "league/oauth2-google": "4.0.1",
+        "league/oauth2-facebook": "2.2.0"
     },
     "minimum-stability": "dev",
     "prefer-stable": true,

metadata.php

@@ -9,8 +9,11 @@
  * Metadata version
  */
 
+use OxidEsales\SecurityModule\Authentication\OAuth2\Service\ModuleSettingsService;
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\ModuleSettingsService as TwoFactorAuthModuleSettings;
 use OxidEsales\SecurityModule\PasswordPolicy\Service\ModuleSettingsService as PasswordPolicyModuleSettings;
 use OxidEsales\SecurityModule\Captcha\Service\ModuleSettingsService as CaptchaModuleSettings;
+use OxidEsales\SecurityModule\Authentication\OAuth2\Service\ModuleSettingsService as OAuthModuleSettings;
 use OxidEsales\SecurityModule\Core\Module;
 
 $sMetadataVersion = '2.1';
@@ -39,7 +42,9 @@
     ],
     'controllers' => [
         'captcha' => \OxidEsales\SecurityModule\Captcha\Controller\CaptchaController::class,
-        'password' => \OxidEsales\SecurityModule\PasswordPolicy\Controller\PasswordAjaxController::class
+        'password' => \OxidEsales\SecurityModule\PasswordPolicy\Controller\PasswordAjaxController::class,
+        'oauth' => \OxidEsales\SecurityModule\Authentication\OAuth2\Controller\OAuthController::class,
+        'twofactorauth' => \OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Controller\TwoFactorAuthController::class,
     ],
     'templates'   => [
     ],
@@ -109,6 +114,71 @@
             'type'  => 'select',
             'constraints' => '5min|15min|30min',
             'value' => '15min'
-        ]
+        ],
+
+        //OAuth2 settings
+        [
+            'group' => 'oauth',
+            'name'  => OAuthModuleSettings::FACEBOOK_LOGIN_ENABLED,
+            'type'  => 'bool',
+            'value' => false
+        ],
+        [
+            'group' => 'oauth',
+            'name'  => OAuthModuleSettings::FACEBOOK_CLIENT_ID,
+            'type'  => 'str',
+            'value' => ''
+        ],
+        [
+            'group' => 'oauth',
+            'name'  => OAuthModuleSettings::FACEBOOK_CLIENT_SECRET,
+            'type'  => 'str',
+            'value' => ''
+        ],
+        [
+            'group' => 'oauth',
+            'name'  => OAuthModuleSettings::FACEBOOK_REDIRECT_URL,
+            'type'  => 'str',
+            'value' => ''
+        ],
+        [
+            'group' => 'oauth',
+            'name'  => OAuthModuleSettings::GOOGLE_LOGIN_ENABLED,
+            'type'  => 'bool',
+            'value' => true
+        ],
+        [
+            'group' => 'oauth',
+            'name'  => OAuthModuleSettings::GOOGLE_CLIENT_ID,
+            'type'  => 'str',
+            'value' => ''
+        ],
+        [
+            'group' => 'oauth',
+            'name'  => OAuthModuleSettings::GOOGLE_CLIENT_SECRET,
+            'type'  => 'str',
+            'value' => ''
+        ],
+        [
+            'group' => 'oauth',
+            'name'  => OAuthModuleSettings::GOOGLE_REDIRECT_URL,
+            'type'  => 'str',
+            'value' => ''
+        ],
+
+        //TwoFactorAuth settings
+        [
+            'group' => 'two_factor_auth',
+            'name'  => TwoFactorAuthModuleSettings::ACTIVE,
+            'type'  => 'bool',
+            'value' => false
+        ],
+        [
+            'group' => 'two_factor_auth',
+            'name'  => TwoFactorAuthModuleSettings::TWO_FACTOR_TYPE,
+            'type'  => 'select',
+            'constraints' => 'otp|totp',
+            'value' => 'otp'
+        ],
     ],
 ];

migration/data/Version20251128093245.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+namespace OxidEsales\SecurityModule\Migrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+final class Version20251128093245 extends AbstractMigration
+{
+    public function up(Schema $schema): void
+    {
+        $this->addSql('ALTER TABLE `oxuser` ADD column `OESMOTPCODE` VARCHAR(128) default NULL COMMENT "OTP code"');
+        $this->addSql('ALTER TABLE `oxuser` ADD column `OESMOTPEXPTIME` DATETIME default NULL COMMENT "OTP code expiration time"');
+        $this->addSql('ALTER TABLE `oxuser` ADD column `OESMOTPATTEMPTS` INT NOT NULL default 0 COMMENT "OTP code attempts"');
+    }
+
+    public function down(Schema $schema): void
+    {
+    }
+}

migration/migrations.yml

@@ -0,0 +1,4 @@
+table_storage:
+    table_name: oxmigrations_oe_security_module
+migrations_paths:
+    'OxidEsales\SecurityModule\Migrations': data

services.yaml

@@ -1,6 +1,8 @@
 imports:
   - { resource: src/Captcha/services.yaml }
   - { resource: src/PasswordPolicy/services.yaml }
+  - { resource: src/Authentication/services.yaml }
+  - { resource: src/Shared/services.yaml }
 
 services:
   _defaults:

src/Authentication/OAuth2/Controller/OAuthController.php

@@ -0,0 +1,43 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\Controller;
+
+use OxidEsales\Eshop\Application\Controller\FrontendController;
+use OxidEsales\Eshop\Core\Registry;
+use OxidEsales\SecurityModule\Authentication\OAuth2\Service\ProviderCollectorInterface;
+use OxidEsales\SecurityModule\Authentication\OAuth2\Service\UserServiceInterface;
+
+class OAuthController extends FrontendController
+{
+    public function login(): void
+    {
+        $providerCollector = $this->getService(ProviderCollectorInterface::class);
+
+        $provider = $providerCollector->getProvider($_GET['provider']);
+
+        Registry::getUtils()->redirect($provider->getAuthorizationUrl());
+    }
+
+    public function redirect(): void
+    {
+        //todo: get provider dynamically
+        $provider = $this
+            ->getService(ProviderCollectorInterface::class)
+            ->getProvider('google');
+
+        $accessToken = $provider->getAccessToken($_GET['code']);
+
+        $userDTO = $provider->getUserInfo($accessToken);
+
+        $this
+            ->getService(UserServiceInterface::class)
+            ->login($userDTO);
+
+        Registry::getUtils()->redirect('');
+    }
+}

src/Authentication/OAuth2/DTO/OAuth2UserDTO.php

@@ -0,0 +1,35 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\DTO;
+
+readonly class OAuth2UserDTO implements OAuth2UserDTOInterface
+{
+    public function __construct(
+        private ?string $firstName,
+        private ?string $lastName,
+        private ?string $email,
+    ) {
+    }
+
+    public function getFirstName(): ?string
+    {
+        return $this->firstName;
+    }
+
+    public function getLastName(): ?string
+    {
+        return $this->lastName;
+    }
+
+    public function getEmail(): ?string
+    {
+        return $this->email;
+    }
+}

src/Authentication/OAuth2/DTO/OAuth2UserDTOInterface.php

@@ -0,0 +1,17 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\DTO;
+
+interface OAuth2UserDTOInterface
+{
+    public function getFirstName(): ?string;
+
+    public function getLastName(): ?string;
+
+    public function getEmail(): ?string;
+}