Merge branch 'b-7.4.x-change-oauth-pass-OXDEV-10116' into b-7.4.x-2fa-OXDEV-9078

Author: tkcreateit

metadata.php

@@ -34,7 +34,7 @@
     'email'       => 'info@oxid-esales.com',
     'extend'      => [
         \OxidEsales\Eshop\Application\Controller\NewsletterController::class => \OxidEsales\SecurityModule\Captcha\Shop\NewsletterController::class,
-        \OxidEsales\Eshop\Application\Controller\ForgotPasswordController::class => \OxidEsales\SecurityModule\Captcha\Shop\ForgotPasswordController::class,
+        \OxidEsales\Eshop\Application\Controller\ForgotPasswordController::class => \OxidEsales\SecurityModule\Shared\Controller\ForgotPasswordController::class,
         \OxidEsales\Eshop\Application\Model\User::class => \OxidEsales\SecurityModule\Shared\Model\User::class,
         \OxidEsales\Eshop\Core\InputValidator::class    => \OxidEsales\SecurityModule\Shared\Core\InputValidator::class,
         \OxidEsales\Eshop\Core\ViewConfig::class        => \OxidEsales\SecurityModule\Shared\Core\ViewConfig::class

migration/data/Version20251128093245.php

@@ -19,6 +19,8 @@ public function up(Schema $schema): void
         $this->addSql('ALTER TABLE `oxuser` ADD column `OESMOTPCODE` VARCHAR(128) default NULL COMMENT "OTP code"');
         $this->addSql('ALTER TABLE `oxuser` ADD column `OESMOTPEXPTIME` DATETIME default NULL COMMENT "OTP code expiration time"');
         $this->addSql('ALTER TABLE `oxuser` ADD column `OESMOTPATTEMPTS` INT NOT NULL default 0 COMMENT "OTP code attempts"');
+        $this->addSql('ALTER TABLE `oxuser` ADD column `OESMOTPLASTSENT` DATETIME default NULL COMMENT "Last OTP sent timestamp"');
+        $this->addSql('ALTER TABLE `oxuser` ADD column `OESMEXTERNALAUTH` TINYINT(1) NOT NULL default 0 COMMENT "User registered via external authentication"');
     }
 
     public function down(Schema $schema): void

migration/data/Version20260114104913.php

@@ -37,13 +37,26 @@ public function getUserByEmail(string $username): UserDTOInterface
         return $this->userDTOFactory->createFromModel($userModel);
     }
 
+    public function removeExternalAuthFlag(string $userId): void
+    {
+        $userModel = $this->userFactory->create();
+
+        if (!$userModel->load($userId)) {
+            throw new UserNotFoundException();
+        }
+
+        $userModel->assign(['OESMEXTERNALAUTH' => 0]);
+        $userModel->save();
+    }
+
     public function createUser(OAuth2UserDTOInterface $userDTO): UserDTOInterface
     {
         $userModel = $this->userFactory->create();
         $userModel->assign([
-            'OXFNAME'    => $userDTO->getFirstName(),
-            'OXLNAME'    => $userDTO->getLastName(),
-            'OXUSERNAME' => $userDTO->getEmail(),
+            'OXFNAME'          => $userDTO->getFirstName(),
+            'OXLNAME'          => $userDTO->getLastName(),
+            'OXUSERNAME'       => $userDTO->getEmail(),
+            'OESMEXTERNALAUTH' => 1,
         ]);
         $userModel->setPassword($this->passwordGenerator->generatePasswordForOAuthUser());
         $userModel->createUser();

src/Authentication/OAuth2/Infrastructure/Repository/UserRepository.php

@@ -18,5 +18,10 @@ interface UserRepositoryInterface
      */
     public function getUserByEmail(string $username): UserDTOInterface;
 
+    /**
+     * @throws UserNotFoundException
+     */
+    public function removeExternalAuthFlag(string $userId): void;
+
     public function createUser(OAuth2UserDTOInterface $userDTO): UserDTOInterface;
 }

src/Authentication/OAuth2/Infrastructure/Repository/UserRepositoryInterface.php

@@ -42,4 +42,12 @@ public function login(OAuth2UserDTOInterface $auth2UserDTO): void
 
         $this->session->set('usr', $userDTO->getId());
     }
+
+    public function removeExternalAuthFlag(): void
+    {
+        $userId = $this->session->get('usr');
+        if ($userId) {
+            $this->userRepository->removeExternalAuthFlag((string)$userId);
+        }
+    }
 }

src/Authentication/OAuth2/Service/UserService.php

@@ -18,4 +18,6 @@ interface UserServiceInterface
      * @throws UserBlockedException If the user is blocked.
      */
     public function login(OAuth2UserDTOInterface $auth2UserDTO): void;
+
+    public function removeExternalAuthFlag(): void;
 }

src/Authentication/OAuth2/Service/UserServiceInterface.php

@@ -7,13 +7,18 @@
 
 declare(strict_types=1);
 
-namespace OxidEsales\SecurityModule\Captcha\Shop;
+namespace OxidEsales\SecurityModule\Shared\Controller;
 
 use OxidEsales\Eshop\Core\Exception\StandardException;
 use OxidEsales\Eshop\Core\Registry;
+use OxidEsales\SecurityModule\Authentication\OAuth2\Service\UserServiceInterface;
 use OxidEsales\SecurityModule\Captcha\Service\CaptchaServiceInterface;
 use OxidEsales\SecurityModule\Captcha\Service\ModuleSettingsServiceInterface;
 
+/**
+ * @mixin \OxidEsales\Eshop\Application\Controller\ForgotPasswordController
+ * @eshopExtension
+ */
 class ForgotPasswordController extends ForgotPasswordController_parent
 {
     public function forgotPassword(): ?bool
@@ -36,4 +41,16 @@ public function forgotPassword(): ?bool
 
         return parent::forgotPassword();
     }
+
+    public function updatePassword()
+    {
+        $result = parent::updatePassword();
+
+        if ($result === 'forgotpwd?success=1') {
+            $this->getService(UserServiceInterface::class)
+                ->removeExternalAuthFlag();
+        }
+
+        return $result;
+    }
 }

…aptcha/Shop/ForgotPasswordController.php …/Controller/ForgotPasswordController.phpsrc/Captcha/Shop/ForgotPasswordController.php renamed to src/Shared/Controller/ForgotPasswordController.php src/Captcha/Shop/ForgotPasswordController.php renamed to src/Shared/Controller/ForgotPasswordController.php

@@ -64,4 +64,11 @@ public function getRemainingAttempts(): int
     {
         return $this->getService(AuthorizeServiceInterface::class)->getRemainingAttempts();
     }
+
+    public function isExternalAuthUser(): bool
+    {
+        $user = $this->getUser();
+
+        return $user && (bool) $user->getFieldData('oesmexternalauth');
+    }
 }