Merge branch 'b-7.4.x-finalize-oauth-OXDEV-10037' into b-7.4.x-2fa-OXDEV-9078

Author: tkcreateit

assets/out/src/js/module/resend-otp.js

@@ -10,18 +10,22 @@ export class ResendOtp {
             submitButtonId = 'auth_submit',
             attemptsDisplayId = 'remaining-attempts',
             codeInputId = 'auth_code',
-            maxAttempts = 5
+            maxAttempts = 5,
         } = options;
 
         this.btn = button;
         this.hint = document.getElementById(hintId);
         this.submitBtn = document.getElementById(submitButtonId);
         this.attemptsDisplay = document.getElementById(attemptsDisplayId);
         this.codeInput = document.getElementById(codeInputId);
-        this.maxAttempts = maxAttempts;
 
         this.cooldownSeconds = Number(button.dataset.cooldown || 60);
+        this.maxAttempts = maxAttempts;
         this.url = button.dataset.url;
+        this.textDefault = button.dataset.textDefault;
+        this.textSending = button.dataset.textSending;
+        this.textError = button.dataset.textError;
+        this.textCountdown = button.dataset.textCountdown;
         this.storageKey = `otp_resend_until_${this.url}`;
 
         this.timer = null;
@@ -39,17 +43,21 @@ export class ResendOtp {
     }
 
     async resend() {
-        console.log('Resend OTP code requested');
         if (this.btn.disabled) return;
 
-        this.lock('Sending…');
+        this.lock(this.textSending);
 
         try {
-            await fetch(this.url, {
+            const response = await fetch(this.url, {
                 method: 'POST',
                 headers: { 'Content-Type': 'application/json' }
             });
 
+            if (!response.ok) {
+                this.unlock();
+                return;
+            }
+
             const until = Date.now() + this.cooldownSeconds * 1000;
             this.storeUntil(until);
             this.startCooldown(until);
@@ -59,7 +67,7 @@ export class ResendOtp {
         } catch (e) {
             console.error(e);
             this.unlock();
-            this.setHint('Could not resend code.');
+            this.setHint(this.textError);
         }
     }
 
@@ -90,7 +98,6 @@ export class ResendOtp {
 
     startCooldown(until) {
         clearInterval(this.timer);
-        console.log(`Starting OTP resend cooldown until ${new Date(until).toISOString()}`);
         const tick = () => {
             const remaining = Math.ceil((until - Date.now()) / 1000);
 
@@ -99,7 +106,7 @@ export class ResendOtp {
                 this.unlock();
                 clearInterval(this.timer);
             } else {
-                this.lock(`Resend in ${remaining}s`);
+                this.lock(this.textCountdown.replace('%d', remaining));
             }
         };
 
@@ -114,7 +121,7 @@ export class ResendOtp {
 
     unlock() {
         this.btn.disabled = false;
-        this.btn.textContent = 'Resend code';
+        this.btn.textContent = this.textDefault;
     }
 
     setHint(text) {
@@ -134,7 +141,6 @@ export class ResendOtp {
     }
 
     restoreOnRefresh() {
-        console.log('Restoring OTP resend cooldown if needed');
         const until = this.getStoredUntil();
         if (until && until > Date.now()) {
             this.startCooldown(until);

metadata.php

@@ -9,7 +9,6 @@
  * Metadata version
  */
 
-use OxidEsales\SecurityModule\Authentication\OAuth2\Service\ModuleSettingsService;
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\ModuleSettingsService as TwoFactorAuthModuleSettings;
 use OxidEsales\SecurityModule\PasswordPolicy\Service\ModuleSettingsService as PasswordPolicyModuleSettings;
 use OxidEsales\SecurityModule\Captcha\Service\ModuleSettingsService as CaptchaModuleSettings;
@@ -43,7 +42,6 @@
     'controllers' => [
         'captcha' => \OxidEsales\SecurityModule\Captcha\Controller\CaptchaController::class,
         'password' => \OxidEsales\SecurityModule\PasswordPolicy\Controller\PasswordAjaxController::class,
-        'oauth' => \OxidEsales\SecurityModule\Authentication\OAuth2\Controller\OAuthController::class,
     ],
     'templates'   => [
     ],

src/Authentication/OAuth2/Controller/OAuthController.php

@@ -8,36 +8,43 @@
 namespace OxidEsales\SecurityModule\Authentication\OAuth2\Controller;
 
 use OxidEsales\Eshop\Application\Controller\FrontendController;
-use OxidEsales\Eshop\Core\Registry;
-use OxidEsales\SecurityModule\Authentication\OAuth2\Service\ProviderCollectorInterface;
-use OxidEsales\SecurityModule\Authentication\OAuth2\Service\UserServiceInterface;
+use OxidEsales\Eshop\Core\Utils;
+use OxidEsales\SecurityModule\Authentication\OAuth2\Service\AuthenticationServiceInterface;
+use OxidEsales\SecurityModule\Authentication\OAuth2\Transput\OAuthRequestInterface;
+use OxidEsales\SecurityModule\Authentication\Service\InternalRedirectServiceInterface;
 
 class OAuthController extends FrontendController
 {
+    public function __construct(
+        private readonly AuthenticationServiceInterface $authService,
+        private readonly OAuthRequestInterface $oauthRequest,
+        private readonly InternalRedirectServiceInterface $redirectService,
+        private readonly Utils $utils,
+    ) {
+        parent::__construct();
+    }
+
     public function login(): void
     {
-        $providerCollector = $this->getService(ProviderCollectorInterface::class);
-
-        $provider = $providerCollector->getProvider($_GET['provider']);
+        $authorizationUrl = $this->authService->getAuthorizationUrl(
+            $this->oauthRequest->getProvider()
+        );
 
-        Registry::getUtils()->redirect($provider->getAuthorizationUrl());
+        $this->utils->redirect($authorizationUrl);
     }
 
     public function redirect(): void
     {
-        //todo: get provider dynamically
-        $provider = $this
-            ->getService(ProviderCollectorInterface::class)
-            ->getProvider('google');
-
-        $accessToken = $provider->getAccessToken($_GET['code']);
-
-        $userDTO = $provider->getUserInfo($accessToken);
+        if ($this->oauthRequest->hasError()) {
+            $this->utils->redirect($this->redirectService->getRedirectUrl(), false);
+            return;
+        }
 
-        $this
-            ->getService(UserServiceInterface::class)
-            ->login($userDTO);
+        $this->authService->handleCallback(
+            $this->oauthRequest->getProvider(),
+            $this->oauthRequest->getCode()
+        );
 
-        Registry::getUtils()->redirect('');
+        $this->utils->redirect($this->redirectService->getRedirectUrl(), false);
     }
 }

src/Authentication/OAuth2/Controller/services.yaml

@@ -0,0 +1,11 @@
+services:
+  _defaults:
+    autowire: true
+    public: false
+    bind:
+      OxidEsales\Eshop\Core\Utils: '@=service("OxidEsales\\SecurityModule\\Core\\Registry").getUtils()'
+
+  OxidEsales\SecurityModule\Authentication\OAuth2\Controller\OAuthController:
+    public: true
+    tags:
+        - { name: 'oxid.view_controller', controller_key: 'oauth' }

src/Authentication/OAuth2/Infrastructure/Provider/Facebook/FacebookAdapter.php

@@ -46,7 +46,7 @@ public function getAuthorizationUrl(array $options = []): string
         return $this->provider->getAuthorizationUrl($options);
     }
 
-    public function getAccessToken(string $code): AccessTokenInterface
+    public function getAccessToken(#[\SensitiveParameter] string $code): AccessTokenInterface
     {
         return $this->provider->getAccessToken('authorization_code', ['code' => $code]);
     }

src/Authentication/OAuth2/Infrastructure/Provider/Google/GoogleAdapter.php

@@ -47,7 +47,7 @@ public function getAuthorizationUrl(array $options = []): string
         return $this->provider->getAuthorizationUrl($options);
     }
 
-    public function getAccessToken(string $code): AccessTokenInterface
+    public function getAccessToken(#[\SensitiveParameter] string $code): AccessTokenInterface
     {
         return $this->provider->getAccessToken('authorization_code', [
             'code' => $code,

src/Authentication/OAuth2/Infrastructure/Provider/Google/GoogleProviderFactory.php

@@ -26,7 +26,7 @@ public function create(): GoogleProvider
     {
         return new GoogleProvider([
             'clientId'        => $this->moduleSettings->getGoogleClientId(),
-            'clientSecret'    => $this->moduleSettings->getFacebookClientSecret(),
+            'clientSecret'    => $this->moduleSettings->getGoogleClientSecret(),
             'redirectUri'     => $this->moduleSettings->getGoogleRedirectUrl(),
         ]);
     }

src/Authentication/OAuth2/Infrastructure/Provider/ProviderAdapterInterface.php

@@ -31,7 +31,7 @@ public function getAuthorizationUrl(array $options = []): string;
     /**
      * Exchange the authorization code for an access token.
      */
-    public function getAccessToken(string $code): AccessTokenInterface;
+    public function getAccessToken(#[\SensitiveParameter] string $code): AccessTokenInterface;
 
     /**
      * Fetch user information (claims) from the provider using the access token.

src/Authentication/OAuth2/Service/AuthenticationService.php

@@ -0,0 +1,36 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\Service;
+
+readonly class AuthenticationService implements AuthenticationServiceInterface
+{
+    public function __construct(
+        private ProviderCollectorInterface $providerCollector,
+        private UserServiceInterface $userService,
+    ) {
+    }
+
+    public function getAuthorizationUrl(string $providerName): string
+    {
+        $provider = $this->providerCollector->getProvider($providerName);
+
+        return $provider->getAuthorizationUrl();
+    }
+
+    public function handleCallback(string $providerName, #[\SensitiveParameter] string $code): void
+    {
+        $provider = $this->providerCollector->getProvider($providerName);
+
+        $accessToken = $provider->getAccessToken($code);
+        $userDTO = $provider->getUserInfo($accessToken);
+
+        $this->userService->login($userDTO);
+    }
+}

src/Authentication/OAuth2/Service/AuthenticationServiceInterface.php

@@ -0,0 +1,15 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\Service;
+
+interface AuthenticationServiceInterface
+{
+    public function getAuthorizationUrl(string $providerName): string;
+
+    public function handleCallback(string $providerName, #[\SensitiveParameter] string $code): void;
+}