OXDEV-9927 Create Transput and add resend code

NikolaIvanovski · NikolaIvanovski · commit 4381bcac9788 · 2025-12-10T09:00:37.000+02:00
diff --git a/src/Authentication/TwoFactorAuth/Controller/TwoFactorAuthController.php b/src/Authentication/TwoFactorAuth/Controller/TwoFactorAuthController.php
@@ -3,28 +3,35 @@
 namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Controller;
 
 use OxidEsales\Eshop\Application\Controller\FrontendController;
-use OxidEsales\Eshop\Core\Registry;
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\AuthorizeServiceInterface;
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Transput\OTPRequestInterface;
 
 class TwoFactorAuthController extends FrontendController
 {
     protected $_sThisTemplate = '@oe_security_module/templates/two_factor_auth';
 
-    private function handleOTP(): void
+    public function handleOTP(): void
     {
-        $code = Registry::getRequest()->getRequestEscapedParameter('code');
-        $sessionUser =  Registry::getSession()->getVariable('usr');
-        $user = oxNew(User::class);
-        $user->load($sessionUser);
+        $OTPRequest = $this->getService(OTPRequestInterface::class);
 
-        $this->getService(OTPServiceInterface::class)->validateCode($user, $code);
+        //todo: catch only OTP exception that will be shown to user, maybe some abstract OTP exception?
+        try {
+            $authorizeService = $this->getService(AuthorizeServiceInterface::class);
+            $authorizeService->validate(
+                $OTPRequest->getOTPCode()
+            );
+        } catch (\Exception $e) {
+            //todo: display error message to user
+        }
     }
 
-    public function render()
+    public function generate(): void
     {
+        //todo: stop execution if not ajax
+        //todo: prevent spam by rate limiting
+        //todo: should return json response with success or error message
+
         $authorizeService = $this->getService(AuthorizeServiceInterface::class);
         $authorizeService->generate();
-
-        exit;
     }
 }
diff --git a/src/Authentication/TwoFactorAuth/DTO/User.php b/src/Authentication/TwoFactorAuth/DTO/User.php
@@ -38,8 +38,11 @@ public function getAttempts(): ?int
 
     public function getExpiresAt(): ?DateTimeImmutable
     {
+        //todo: possible bug - should be null if not set
+        $expireAt = $this->expiresAt ?? time();
+
         $dateTime = new DateTimeImmutable();
 
-        return $dateTime->setTimestamp($this->expiresAt);
+        return $dateTime->setTimestamp($expireAt);
     }
 }
diff --git a/src/Authentication/TwoFactorAuth/Infrastructure/Repository/UserRepository.php b/src/Authentication/TwoFactorAuth/Infrastructure/Repository/UserRepository.php
@@ -17,7 +17,7 @@
 class UserRepository implements UserRepositoryInterface
 {
     public function __construct(
-        private UserFactoryInterface $userFactory,
+        private readonly UserFactoryInterface $userFactory,
         private readonly QueryBuilderFactoryInterface $queryBuilderFactory,
     ) {
     }
@@ -31,9 +31,9 @@ public function getUserOTPData(string $userId): UserDTO
 
         return new UserDTO(
             $userModel->getId(),
-            $userModel->getFieldData('OTPCODE'),
-            (int) $userModel->getFieldData('OTPATTEMPTS'),
-            new DateTime($userModel->getFieldData('OTPEXPIRETIME'))
+            $userModel->getFieldData('OESMOTPCODE'),
+            (int) $userModel->getFieldData('OESMOTPATTEMPTS'),
+            (int) $userModel->getFieldData('OESMOTPEXPTIME')
         );
     }
 
@@ -66,21 +66,21 @@ public function resetCodeFields(string $userId): void
         $userModel = $this->userFactory->create();
         $userModel->load($userId);
         $userModel->assign([
-            'OESMOTPCODE'       => '',
-            'OESMOTPEXPTIME' => 0,
-            'OESMOTPATTEMPTS'   => 0,
+            'OESMOTPCODE'     => '',
+            'OESMOTPEXPTIME'  => 0,
+            'OESMOTPATTEMPTS' => 0,
         ]);
         $userModel->save();
     }
 
     public function getUserPasswordHash(string $userName): string
     {
-        $qb = $this->queryBuilderFactory->create();
-        $qb->select('OXPASSWORD')
+        $builder = $this->queryBuilderFactory->create();
+        $builder->select('OXPASSWORD')
             ->from('oxuser')
             ->where('oxusername = :userName')
             ->setParameter('userName', $userName);
 
-        return $qb->execute()->fetchOne();
+        return $builder->execute()->fetchOne();
     }
 }
diff --git a/src/Authentication/TwoFactorAuth/Service/AuthorizeService.php b/src/Authentication/TwoFactorAuth/Service/AuthorizeService.php
@@ -18,16 +18,16 @@ public function __construct(
     ) {
     }
 
-    public function validate(): void
+    public function validate(string $inputCode): void
     {
         $activeVerificator = $this->moduleSettings->getTwoFactorAuthType();
 
         $verificator = $this->verificationCollectorService->getVerificator(
             $activeVerificator
         );
-        //todo: use transput to get the code from request
+
         //todo: use session to get user id
-        $verificator->validateCode(uniqid(), uniqid());
+        $verificator->validateCode('7b4dfcca4669a8bbfcbd29c77cbc82f3', $inputCode);
     }
 
     public function generate(): void
diff --git a/src/Authentication/TwoFactorAuth/Service/AuthorizeServiceInterface.php b/src/Authentication/TwoFactorAuth/Service/AuthorizeServiceInterface.php
@@ -9,7 +9,7 @@
 
 interface AuthorizeServiceInterface
 {
-    public function validate(): void;
+    public function validate(string $inputCode): void;
 
     public function generate(): void;
 }
diff --git a/src/Authentication/TwoFactorAuth/Service/Verificator/OTP/OTPVerificator.php b/src/Authentication/TwoFactorAuth/Service/Verificator/OTP/OTPVerificator.php
@@ -49,6 +49,11 @@ public function validateCode(string $userId, string $inputCode): void
 
     public function generate(string $userId): string
     {
+        //todo: stop if user not found?
+        //todo: wait time between generations, in case of abuse like
+        //spamming the generate button or
+        //user hit limit and try to generate new code to bypass it
+
         return $this->otpGenerator->generateCode($userId);
     }
 }
diff --git a/src/Authentication/TwoFactorAuth/Service/Verificator/OTP/Validator/OTPValidator.php b/src/Authentication/TwoFactorAuth/Service/Verificator/OTP/Validator/OTPValidator.php
@@ -12,7 +12,6 @@
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Exception\AttemptLimitExceededException;
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Exception\InvalidCodeException;
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Exception\TimeExpiredException;
-use DateTime;
 
 readonly class OTPValidator implements OTPValidatorInterface
 {
diff --git a/src/Authentication/TwoFactorAuth/Transput/OTPRequest.php b/src/Authentication/TwoFactorAuth/Transput/OTPRequest.php
@@ -0,0 +1,25 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Transput;
+
+use OxidEsales\EshopCommunity\Internal\Framework\Request\RequestInterface;
+
+readonly class OTPRequest implements OTPRequestInterface
+{
+    public function __construct(
+        private RequestInterface $request,
+    ) {
+    }
+
+    public function getOTPCode(): string
+    {
+        return $this->request->get('auth_code');
+    }
+}
diff --git a/src/Authentication/TwoFactorAuth/Transput/OTPRequestInterface.php b/src/Authentication/TwoFactorAuth/Transput/OTPRequestInterface.php
@@ -0,0 +1,13 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Transput;
+
+interface OTPRequestInterface
+{
+    public function getOTPCode(): string;
+}
diff --git a/src/Authentication/TwoFactorAuth/Transput/services.yaml b/src/Authentication/TwoFactorAuth/Transput/services.yaml
@@ -0,0 +1,8 @@
+services:
+  _defaults:
+    autowire: true
+    public: false
+
+  OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Transput\OTPRequestInterface:
+    class: OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Transput\OTPRequest
+    public: true
diff --git a/src/Authentication/TwoFactorAuth/services.yaml b/src/Authentication/TwoFactorAuth/services.yaml
@@ -1,3 +1,4 @@
 imports:
   - { resource: Infrastructure/services.yaml }
   - { resource: Service/services.yaml }
+  - { resource: Transput/services.yaml }
diff --git a/src/Shared/Model/User.php b/src/Shared/Model/User.php
@@ -61,6 +61,7 @@ public function checkValues($sLogin, $sPassword, $sPassword2, $aInvAddress, $aDe
      */
     public function login($userName, $password, $setSessionCookie = false): bool
     {
+        //todo: login should be reworded, disabled captcha is killing OTP login flow
         if (!$this->isCaptchaEnabled()) {
             return parent::login($userName, $password, $setSessionCookie);
         }
diff --git a/tests/Unit/Authentication/TwoFactorAuth/Transput/OTPRequestTest.php b/tests/Unit/Authentication/TwoFactorAuth/Transput/OTPRequestTest.php
@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Tests\Unit\Authentication\TwoFactorAuth\Transput;
+
+use OxidEsales\EshopCommunity\Internal\Framework\Request\RequestInterface;
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Transput\OTPRequest;
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Transput\OTPRequestInterface;
+use PHPUnit\Framework\TestCase;
+
+class OTPRequestTest extends TestCase
+{
+    public function testOTPCode()
+    {
+        $code = uniqid();
+
+        $requestMock = $this->createMock(RequestInterface::class);
+        $requestMock->method('get')->with('auth_code')->willReturn($code);
+
+        $sut = $this->getSut(
+            request: $requestMock,
+        );
+
+        $this->assertSame($code, $sut->getOTPCode());
+    }
+
+    private function getSut(
+        RequestInterface $request,
+    ): OTPRequestInterface {
+        return new OTPRequest(
+            request: $request,
+        );
+    }
+}
diff --git a/translations/de/oesecuritymodule_lang.php b/translations/de/oesecuritymodule_lang.php
@@ -44,4 +44,6 @@
 
     'TWO_FACTOR_AUTHENTICATION_TITLE'       => 'Two Factor Authentication',
     'TWO_FACTOR_AUTHENTICATION_DESCRIPTION' => 'Code has been sent to your email. Please enter it below to proceed.',
+
+    'RESENT_CODE' => 'Code erneut senden'
 ];
diff --git a/translations/en/oesecuritymodule_lang.php b/translations/en/oesecuritymodule_lang.php
@@ -44,4 +44,6 @@
 
     'TWO_FACTOR_AUTHENTICATION_TITLE'       => 'Two Factor Authentication',
     'TWO_FACTOR_AUTHENTICATION_DESCRIPTION' => 'Code has been sent to your email. Please enter it below to proceed.',
+
+    'RESENT_CODE' => 'Resend Code'
 ];
diff --git a/views/twig/templates/two_factor_auth.html.twig b/views/twig/templates/two_factor_auth.html.twig
@@ -12,6 +12,9 @@
             <input type="text" class="editinput" maxlength="254" id="auth_code" name="auth_code" value="">
             <button class="btn btn-primary submitButton largeButton" type="submit" id="auth_submit" class="submitButton">{{ translate({ ident: "SUBMIT" }) }}</button>
         </div>
+        <div>
+            <button class="btn btn-secondary submitButton largeButton" type="button">{{ translate({ ident: "RESENT_CODE" }) }}</button>
+        </div>
     </form>
     <br>
 {% endcapture %}

Original file line number	Diff line number	Diff line change
`@@ -38,8 +38,11 @@ public function getAttempts(): ?int`
`38`	`38`
`39`	`39`	`public function getExpiresAt(): ?DateTimeImmutable`
`40`	`40`	`{`
	`41`	`+ //todo: possible bug - should be null if not set`
	`42`	`+ $expireAt = $this->expiresAt ?? time();`
	`43`	`+`
`41`	`44`	`$dateTime = new DateTimeImmutable();`
`42`	`45`
`43`		`- return $dateTime->setTimestamp($this->expiresAt);`
	`46`	`+ return $dateTime->setTimestamp($expireAt);`
`44`	`47`	`}`
`45`	`48`	`}`
Original file line number	Diff line number	Diff line change
`@@ -18,16 +18,16 @@ public function __construct(`
`18`	`18`	`) {`
`19`	`19`	`}`
`20`	`20`
`21`		`- public function validate(): void`
	`21`	`+ public function validate(string $inputCode): void`
`22`	`22`	`{`
`23`	`23`	`$activeVerificator = $this->moduleSettings->getTwoFactorAuthType();`
`24`	`24`
`25`	`25`	`$verificator = $this->verificationCollectorService->getVerificator(`
`26`	`26`	`$activeVerificator`
`27`	`27`	`);`
`28`		`- //todo: use transput to get the code from request`
	`28`	`+`
`29`	`29`	`//todo: use session to get user id`
`30`		`- $verificator->validateCode(uniqid(), uniqid());`
	`30`	`+ $verificator->validateCode('7b4dfcca4669a8bbfcbd29c77cbc82f3', $inputCode);`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`public function generate(): void`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@`
`9`	`9`
`10`	`10`	`interface AuthorizeServiceInterface`
`11`	`11`	`{`
`12`		`- public function validate(): void;`
	`12`	`+ public function validate(string $inputCode): void;`
`13`	`13`
`14`	`14`	`public function generate(): void;`
`15`	`15`	`}`
Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,11 @@ public function validateCode(string $userId, string $inputCode): void`
`49`	`49`
`50`	`50`	`public function generate(string $userId): string`
`51`	`51`	`{`
	`52`	`+ //todo: stop if user not found?`
	`53`	`+ //todo: wait time between generations, in case of abuse like`
	`54`	`+ //spamming the generate button or`
	`55`	`+ //user hit limit and try to generate new code to bypass it`
	`56`	`+`
`52`	`57`	`return $this->otpGenerator->generateCode($userId);`
`53`	`58`	`}`
`54`	`59`	`}`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,6 @@`
`12`	`12`	`use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Exception\AttemptLimitExceededException;`
`13`	`13`	`use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Exception\InvalidCodeException;`
`14`	`14`	`use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Exception\TimeExpiredException;`
`15`		`-use DateTime;`
`16`	`15`
`17`	`16`	`readonly class OTPValidator implements OTPValidatorInterface`
`18`	`17`	`{`