OXDEV-5014 Add OTP and send as mail

Author: NikolaIvanovski

src/OAuth/Controller/OAuthController.php

@@ -24,6 +24,5 @@ public function render()
                 $provider->authenticate();
             }
         }
-
     }
 }

src/OAuth/Service/Provider/Google.php

@@ -25,9 +25,9 @@ public function isActive(): bool
     public function authenticate(): void
     {
         $provider = new GoogleProvider([
-            'clientId'          => '{google-app-id}',
-            'clientSecret'      => '{google-app-secret}',
-            'redirectUri'  => 'http://127.0.0.1/?cl=captcha&fnc=access'
+            'clientId'     => '29518356239-stt1somdnqn4hkoojuneerotqbdetq5u.apps.googleusercontent.com',
+            'clientSecret' => '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',
+            'redirectUri'  => 'http://localhost.local/?cl=oauth&fnc=register'
         ]);
 
         if (!empty($_GET['error'])) {

src/OAuth/Service/ProviderCollector.php

@@ -12,7 +12,6 @@ class ProviderCollector implements ProviderCollectorInterface
     public function __construct(
         protected iterable $providers,
     ) {
-
     }
 
     public function getProviders(): iterable

src/Shared/Model/User.php

@@ -63,6 +63,10 @@ public function login($userName, $password, $setSessionCookie = false): bool
             return $login;
         }
 
+        Registry::getSession()->setVariable(
+            'usr',
+            $this->getUser()->getId()
+        );
         Registry::getUtils()->redirect(
             Registry::getConfig()->getShopHomeUrl() . 'cl=2fa&setsessioncookie=' . $setSessionCookie
         );

src/TwoFA/Component/UserComponent.php

@@ -8,17 +8,53 @@
 namespace OxidEsales\SecurityModule\TwoFA\Component;
 
 use OxidEsales\Eshop\Core\Registry;
+use OxidEsales\EshopCommunity\Internal\Container\ContainerFactory;
+use OxidEsales\SecurityModule\TwoFA\Service\TwoFactorAuthInterface;
 
 class UserComponent extends UserComponent_parent
 {
     public function registerUser()
     {
         $registration = parent::registerUser();
 
+        //todo: module setting to use OTP (sms, email) or TOTP (time based password)
         if ($registration) {
-            Registry::getUtils()->redirect(
-                Registry::getConfig()->getShopHomeUrl() . 'cl=2faregister&success=1'
-            );
+            $this->handleOTP();
+
+            $this->handleTOTP();
         }
     }
+
+    private function handleOTP()
+    {
+        $user = $this->getUser();
+
+        //This is OTP password, saved to MySQL and send as email/sms
+        $twoFactorAuth = ContainerFactory::getInstance()->getContainer()->get(TwoFactorAuthInterface::class);
+        $OTPCode = $twoFactorAuth->generateOTPCode();
+
+        //Todo: create own field for OTP password
+        $user->assign([
+            'OXADDINFO' => $OTPCode,
+        ]);
+        $user->save();
+
+        $mail = oxNew(\OxidEsales\Eshop\Core\Email::class);
+        $mail->setUser($user);
+        $mail->setRecipient($user->oxuser__oxusername->value);
+        $mail->setBody('your code is ' . $OTPCode);
+        $mail->send();
+
+        Registry::getUtils()->redirect(
+            Registry::getConfig()->getShopHomeUrl() . 'cl=2fa'
+        );
+    }
+
+    private function handleTOTP()
+    {
+        //In case we have TOTP redirect to QR Code page
+        Registry::getUtils()->redirect(
+            Registry::getConfig()->getShopHomeUrl() . 'cl=2faregister&success=1'
+        );
+    }
 }

src/TwoFA/Controller/TwoFactorAuthController.php

@@ -8,38 +8,67 @@
 namespace OxidEsales\SecurityModule\TwoFA\Controller;
 
 use OxidEsales\Eshop\Application\Controller\FrontendController;
-use OxidEsales\Eshop\Core\Exception\UserException;
+use OxidEsales\Eshop\Application\Model\User;
 use OxidEsales\Eshop\Core\Registry;
 use OxidEsales\SecurityModule\TwoFA\Service\TwoFactorAuthInterface;
 use PragmaRX\Google2FA\Google2FA;
 
 class TwoFactorAuthController extends FrontendController
 {
-    protected $_sThisTemplate = '@oe_security_module/templates/2fa/two-factor-auth';
+    protected $template = '@oe_security_module/templates/2fa/two-factor-auth';
 
-    public function render()
+    public function render(): string
     {
         $template = parent::render();
 
         $code = Registry::getRequest()->getRequestEscapedParameter('code');
         if ($code) {
-            $secret = $this->getService(TwoFactorAuthInterface::class)->secretGenerate();
+            $this->handleOTP($code);
 
-            $GA = new Google2FA();
-            $valid = $GA->verify(
-                $code,
-                $secret,
-            );
+            $this->handleTOTP($code);
+        }
+
+        return $template;
+    }
 
-            if ($valid) {
-                //todo: set correct cookies so user is logged in after verification
+    private function handleOTP(string $code): void
+    {
+        //In case OTP is used
+        $sessionUser =  Registry::getSession()->getVariable('usr');
+        $user = oxNew(User::class);
+        $user->load($sessionUser);
 
-                Registry::getUtils()->redirect(
-                    Registry::getConfig()->getShopHomeUrl() . '?cl=account'
-                );
-            }
+        //Todo: create own field for OTP password
+        if (
+            $user->getFieldData('oxaddinfo') == $code
+        ) {
+            $this->redirectToAccount();
         }
+    }
 
-        return $template;
+
+    private function handleTOTP(string $code): void
+    {
+        //In case TOTP is used
+        $secret = $this->getService(TwoFactorAuthInterface::class)->secretGenerate();
+
+        $GA = new Google2FA();
+        $valid = $GA->verify(
+            $code,
+            $secret,
+        );
+
+        if ($valid) {
+            $this->redirectToAccount();
+        }
+    }
+
+    private function redirectToAccount(): void
+    {
+        //todo: set correct cookies so user is logged in after verification
+
+        Registry::getUtils()->redirect(
+            Registry::getConfig()->getShopHomeUrl() . '?cl=account'
+        );
     }
 }

src/TwoFA/Controller/TwoFactorAuthRegisterController.php

@@ -8,18 +8,24 @@
 namespace OxidEsales\SecurityModule\TwoFA\Controller;
 
 use OxidEsales\Eshop\Application\Controller\FrontendController;
+use OxidEsales\Eshop\Core\Registry;
 use OxidEsales\SecurityModule\TwoFA\Service\TwoFactorAuthInterface;
 
 class TwoFactorAuthRegisterController extends FrontendController
 {
-    protected $_sThisTemplate = '@oe_security_module/templates/2fa/two-factor-auth-registration';
+    protected $template = '@oe_security_module/templates/2fa/two-factor-auth-registration';
 
     public function render()
     {
         //Display QR Code after registration
         $template = parent::render();
 
         $user = $this->getUser();
+        if (!$user) {
+            Registry::getUtils()->redirect(
+                Registry::getConfig()->getShopHomeUrl()
+            );
+        }
 
         $this->addTplParam(
             'qrcode',

src/TwoFA/Service/TwoFactorAuth.php

@@ -25,7 +25,7 @@ public function secretGenerate(): string
         return $secret;
     }
 
-    public function QrUrlGenerate(string $username): string
+    public function QRUrlGenerate(string $username): string
     {
         $secret = $this->secretGenerate();
 
@@ -38,11 +38,6 @@ public function QrUrlGenerate(string $username): string
         );
     }
 
-    public function codeVerify(): bool
-    {
-        return true;
-    }
-
     public function QRCodeGenerate(string $username): string
     {
         $writer = new Writer(
@@ -53,9 +48,14 @@ public function QRCodeGenerate(string $username): string
         );
 
         return $writer->writeString(
-            $this->QrUrlGenerate(
+            $this->QRUrlGenerate(
                 $username
             )
         );
     }
+
+    public function generateOTPCode(): int
+    {
+        return rand(100000, 999999);
+    }
 }

src/TwoFA/Service/TwoFactorAuthInterface.php

@@ -5,12 +5,11 @@
  * See LICENSE file for license details.
  */
 
-
 namespace OxidEsales\SecurityModule\TwoFA\Service;
 
 interface TwoFactorAuthInterface
 {
-    public function codeVerify(): bool;
-
     public function QRCodeGenerate(string $username): string;
+
+    public function generateOTPCode(): int;
 }