OXDEV-9078 Set challenge as verified if there are no verification errors

Author: Sieg

src/Authentication/TwoFactorAuth/OTP/OtpFacade.php

@@ -60,6 +60,7 @@ public function invalidateChallenge(string $userId): void
     public function verify(string $userId, #[\SensitiveParameter] string $code): void
     {
         $this->codeValidator->validateCode($userId, $code);
+        $this->stateService->markVerified($userId);
     }
 
     public function resend(string $userId): void

tests/Unit/Authentication/TwoFactorAuth/OTP/OtpFacadeTest.php

@@ -118,6 +118,39 @@ public function verifyTriggersCodeValidator(): void
         $sut->verify(userId: $userId, code: $code);
     }
 
+    #[Test]
+    public function verifyMarksChallengAsVerifiedIfValidationOk(): void
+    {
+        $stateServiceSpy = $this->createMock(OtpChallengeStateServiceInterface::class);
+        $stateServiceSpy->expects($this->once())
+            ->method('markVerified')
+            ->with($userId = uniqid());
+
+        $sut = $this->getSut(stateService: $stateServiceSpy);
+
+        $sut->verify(userId: $userId, code: uniqid());
+    }
+
+    #[Test]
+    public function verifyDoesNotMarkVerifiedWhenValidationFails(): void
+    {
+        $codeValidatorStub = $this->createStub(OtpCodeValidatorServiceInterface::class);
+        $codeValidatorStub->method('validateCode')->willThrowException(new InvalidCodeException());
+
+        $stateServiceSpy = $this->createMock(OtpChallengeStateServiceInterface::class);
+        $stateServiceSpy->expects($this->never())
+            ->method('markVerified');
+
+        $sut = $this->getSut(
+            stateService: $stateServiceSpy,
+            codeValidator: $codeValidatorStub,
+        );
+
+        $this->expectException(InvalidCodeException::class);
+
+        $sut->verify(userId: uniqid(), code: uniqid());
+    }
+
     #[Test]
     public function triggerChallengeGeneratesCodeCreatesStateAndNotifies(): void
     {