WIP Add code generation on login

TitaKoleva · TitaKoleva · commit 4027aae0d645 · 2025-12-01T13:59:44.000+02:00
diff --git a/migration/data/Version20251128093245.php b/migration/data/Version20251128093245.php
@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+namespace OxidEsales\SecurityModule\Migrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+final class Version20251128093245 extends AbstractMigration
+{
+    public function up(Schema $schema): void
+    {
+        $this->addSql('ALTER TABLE `oxuser` ADD column `OESMOTPCODE` VARCHAR(128) default NULL COMMENT "OTP code"');
+        $this->addSql('ALTER TABLE `oxuser` ADD column `OESMOTPEXPTIME` DATETIME default NULL COMMENT "OTP code expiration time"');
+        $this->addSql('ALTER TABLE `oxuser` ADD column `OESMOTPATTEMPTS` INT NOT NULL default 0 COMMENT "OTP code attempts"');
+    }
+
+    public function down(Schema $schema): void
+    {
+    }
+}
diff --git a/migration/migrations.yml b/migration/migrations.yml
@@ -0,0 +1,4 @@
+table_storage:
+    table_name: oxmigrations_oe_security_module
+migrations_paths:
+    'OxidEsales\SecurityModule\Migrations': data
diff --git a/src/Authentication/TwoFactorAuth/DataObject/User.php b/src/Authentication/TwoFactorAuth/DataObject/User.php
@@ -11,7 +11,7 @@
 
 use DateTimeInterface;
 
-class UserDTO implements UserDTOInterface
+class User implements UserInterface
 {
     public function __construct(
         private readonly ?string $code,
diff --git a/src/Authentication/TwoFactorAuth/DataObject/UserInterface.php b/src/Authentication/TwoFactorAuth/DataObject/UserInterface.php
@@ -9,7 +9,7 @@
 
 use DateTimeInterface;
 
-interface UserDTOInterface
+interface UserInterface
 {
     public function getCode(): ?string;
 
diff --git a/src/Authentication/TwoFactorAuth/Infrastructure/UserFactory.php b/src/Authentication/TwoFactorAuth/Infrastructure/UserFactory.php
@@ -0,0 +1,23 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Infrastructure;
+
+use OxidEsales\Eshop\Application\Model\User;
+
+class UserFactory implements UserFactoryInterface
+{
+    /**
+     * @inheritDoc
+     */
+    public function create(): User
+    {
+        return oxNew(User::class);
+    }
+}
diff --git a/src/Authentication/TwoFactorAuth/Infrastructure/UserFactoryInterface.php b/src/Authentication/TwoFactorAuth/Infrastructure/UserFactoryInterface.php
@@ -0,0 +1,15 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Infrastructure;
+
+use OxidEsales\Eshop\Application\Model\User;
+
+interface UserFactoryInterface
+{
+    public function create(): User;
+}
diff --git a/src/Authentication/TwoFactorAuth/Repository/UserRepository.php b/src/Authentication/TwoFactorAuth/Repository/UserRepository.php
@@ -0,0 +1,59 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Repository;
+
+use OxidEsales\Eshop\Application\Model\User as UserModel;
+use OxidEsales\SecurityModule\Authentication\OAuth2\DataObject\UserInterface;
+use OxidEsales\SecurityModule\Authentication\OAuth2\Exception\UserNotFoundException;
+use OxidEsales\SecurityModule\Authentication\OAuth2\Infrastructure\UserFactoryInterface;
+
+class UserRepository implements UserRepositoryInterface
+{
+    public function __construct(
+        private UserFactoryInterface $userFactory
+    ) {
+    }
+
+    public function addOTPtoUser(string $userId, string $otp, int $expiresAt): bool
+    {
+        $userModel = $this->userFactory->create();
+        $userModel->load($userId);
+        $userModel->assign([
+            'OESMOTPCODE'       => $otp,
+            'OESMOTPEXPTIME' => $expiresAt,
+            'OESMOTPATTEMPTS'   => 0,
+        ]);
+        $userModel->save();
+
+        return true;
+    }
+
+    public function updateAttempts(string $userId, int $attempts): int
+    {
+        $userModel = $this->userFactory->create();
+        $userModel->load($userId);
+        $userModel->assign([
+            'OESMOTPATTEMPTS' => $attempts
+        ]);
+        $userModel->save();
+    }
+
+    public function resetCodeFields(string $userId): void
+    {
+        $userModel = $this->userFactory->create();
+        $userModel->load($userId);
+        $userModel->assign([
+            'OESMOTPCODE'       => '',
+            'OESMOTPEXPTIME' => 0,
+            'OESMOTPATTEMPTS'   => 0,
+        ]);
+        $userModel->save();
+    }
+}
diff --git a/src/Authentication/TwoFactorAuth/Repository/UserRepositoryInterface.php b/src/Authentication/TwoFactorAuth/Repository/UserRepositoryInterface.php
@@ -0,0 +1,19 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Repository;
+
+use OxidEsales\SecurityModule\Authentication\OAuth2\DataObject\UserInterface;
+
+interface UserRepositoryInterface
+{
+    public function updateAttempts(string $userId, int $attempts): int;
+
+    public function resetCodeFields(string $userId): void;
+
+    public function addOTPtoUser(string $userId, string $otp, int $expiresAt): bool;
+}
diff --git a/src/Authentication/TwoFactorAuth/Service/AuthorizeService.php b/src/Authentication/TwoFactorAuth/Service/AuthorizeService.php
@@ -15,4 +15,9 @@ public function validate()
     {
         //todo: call correct provider service to validate the code
     }
+
+    public function generate($userName)
+    {
+        //todo: call correct provider service to generate the code
+    }
 }
diff --git a/src/Authentication/TwoFactorAuth/Service/Provider/OTP/Generator/OTPGenerator.php b/src/Authentication/TwoFactorAuth/Service/Provider/OTP/Generator/OTPGenerator.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\Provider\OTP\Service;
+
+use OxidEsales\Eshop\Application\Model\User as UserModel;
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\DTO\User;
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Repository\UserRepositoryInterface;
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\Provider\OTP\Validator\OTPValidatorInterface;
+
+readonly class OTPGenerator implements OTPGeneratorInterface
+{
+    private const OTP_LENGTH = 6;
+    private const OTP_EXPIRATION = 300; // 5 minutes
+
+    public function __construct(
+        private UserRepositoryInterface $userRepository,
+    ) {
+    }
+
+    public function generateCode(UserModel $user): User
+    {
+        $otp = str_pad(random_int(0, 999999), self::OTP_LENGTH, '0', STR_PAD_LEFT);
+        $expiresAt = time() + self::OTP_EXPIRATION;
+
+        $this->userRepository->addOTPtoUser($user->getId(), $otp, $expiresAt);
+
+        return new User($otp, 0, $expiresAt);
+    }
+}
diff --git a/src/Authentication/TwoFactorAuth/Service/Provider/OTP/Generator/OTPGeneratorInterface.php b/src/Authentication/TwoFactorAuth/Service/Provider/OTP/Generator/OTPGeneratorInterface.php
@@ -0,0 +1,11 @@
+<?php
+
+namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\Provider\OTP\Service;
+
+use OxidEsales\Eshop\Application\Model\User as UserModel;
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\DTO\User;
+
+interface OTPGeneratorInterface
+{
+    public function generate(UserModel $user): User;
+}
diff --git a/src/Authentication/TwoFactorAuth/Service/Provider/OTP/Service/OTPService.php b/src/Authentication/TwoFactorAuth/Service/Provider/OTP/Service/OTPService.php
@@ -10,20 +10,22 @@
 namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\Provider\OTP\Service;
 
 use OxidEsales\Eshop\Application\Model\User as UserModel;
-use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\DTO\UserDTO;
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\DTO\User;
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Repository\UserRepositoryInterface;
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\Provider\OTP\Validator\OTPValidatorInterface;
 use DateTimeImmutable;
 
 readonly class OTPService implements OTPServiceInterface
 {
     public function __construct(
         private OTPValidatorInterface $otpValidator,
+        private UserRepositoryInterface $userRepository,
     ) {
     }
 
     public function validateCode(UserModel $user, string $inputCode): void
     {
-        $otpData = new UserDTO(
+        $otpData = new User(
             $user->getFieldData('OTPCODE'),
             (int) $user->getFieldData('OTPATTEMPTS'),
             new \DateTime($user->getFieldData('OTPEXPIRETIME'))
@@ -35,20 +37,12 @@ public function validateCode(UserModel $user, string $inputCode): void
         try {
             $this->otpValidator->validateCode($otpData->getCode(), $inputCode);
         } catch (\Exception $e) {
-            // todo: got to repository
-            $user->assign([
-                'OTPATTEMPTS' => $otpData->getAttempts() + 1
-            ]);
+            $this->userRepository->updateAttempts($user->getId(), $otpData->getAttempts() + 1);
             $user->save();
             throw $e;
         }
 
-        // todo: got to repository
-        $user->assign([
-            'OTPCODE'       => '',
-            'OTPEXPIRETIME' => 0,
-            'OTPATTEMPTS'   => 0,
-        ]);
+        $this->userRepository->resetCodeFields($user->getId());
         $user->save();
     }
 }
diff --git a/src/Shared/Model/User.php b/src/Shared/Model/User.php
@@ -12,10 +12,12 @@
 use OxidEsales\Eshop\Core\Exception\InputException;
 use OxidEsales\Eshop\Core\Exception\UserException;
 use OxidEsales\Eshop\Core\Registry;
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\AuthorizeService;
 use OxidEsales\SecurityModule\Captcha\Captcha\Image\Exception\CaptchaValidateException as ImageCaptchaException;
 use OxidEsales\SecurityModule\Captcha\Captcha\HoneyPot\Exception\CaptchaValidateException as HoneyPotCaptchaException;
 use OxidEsales\SecurityModule\Captcha\Service\CaptchaServiceInterface;
-use OxidEsales\SecurityModule\Captcha\Service\ModuleSettingsServiceInterface;
+use OxidEsales\SecurityModule\Captcha\Service\ModuleSettingsServiceInterface as CaptchaSettingsServiceInterface;
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\ModuleSettingsServiceInterface as TwoFASettingsServiceInterface;
 use OxidEsales\SecurityModule\Shared\Core\InputValidator;
 
 /**
@@ -74,15 +76,33 @@ public function login($userName, $password, $setSessionCookie = false): bool
             }
         }
 
-        return parent::login($userName, $password, $setSessionCookie);
+        $login = parent::login($userName, $password, $setSessionCookie);
+
+        //todo: $userService->handleLogin($login);
+
+        if (!$this->isOTPEnabled()) {
+            return $login;
+        }
+
+        $authorizeService = $this->getService(AuthorizeService::class);
+        $authorizeService->generate($userName); //save to db and send to email
+        // redirect to template for code -> submit
+        // validate code on submit
+        //redirect to whatever
     }
 
     private function isCaptchaEnabled(): bool
     {
-        $settingsService = $this->getService(ModuleSettingsServiceInterface::class);
+        $settingsService = $this->getService(CaptchaSettingsServiceInterface::class);
         return $settingsService->isCaptchaEnabled() || $settingsService->isHoneyPotCaptchaEnabled();
     }
 
+    private function isOTPEnabled(): bool
+    {
+        $settingsService = $this->getService(TwoFASettingsServiceInterface::class);
+        return $settingsService->isTwoFactorAuthEnabled();
+    }
+
     protected function shouldValidateCaptcha(): bool
     {
         return !$this->getUser();

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@`
`11`	`11`
`12`	`12`	`use DateTimeInterface;`
`13`	`13`
`14`		`-class UserDTO implements UserDTOInterface`
	`14`	`+class User implements UserInterface`
`15`	`15`	`{`
`16`	`16`	`public function __construct(`
`17`	`17`	`private readonly ?string $code,`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@`
`9`	`9`
`10`	`10`	`use DateTimeInterface;`
`11`	`11`
`12`		`-interface UserDTOInterface`
	`12`	`+interface UserInterface`
`13`	`13`	`{`
`14`	`14`	`public function getCode(): ?string;`
`15`	`15`
Original file line number	Diff line number	Diff line change
`@@ -15,4 +15,9 @@ public function validate()`
`15`	`15`	`{`
`16`	`16`	`//todo: call correct provider service to validate the code`
`17`	`17`	`}`
	`18`	`+`
	`19`	`+ public function generate($userName)`
	`20`	`+ {`
	`21`	`+ //todo: call correct provider service to generate the code`
	`22`	`+ }`
`18`	`23`	`}`