Merge branch 'b-7.4.x-2fa-OXDEV-9078' into b-7.4.x-implement-otp-OXDEV-9927

Author: NikolaIvanovski

CHANGELOG.md

@@ -8,6 +8,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 - Extracted reusable Twig code into captcha.html.twig and password.html.twig
+- Facebook login OAuth-provider
+- Google login OAuth-provider
 
 ### Changed
 - Show multiple errors on invalid password

assets/out/src/css/providers.css

@@ -0,0 +1,9 @@
+.sign-in-providers {
+    padding: 10px 0;
+}
+
+.card-body {
+    .sign-in-providers {
+        text-align: center;
+    }
+}

metadata.php

@@ -13,6 +13,7 @@
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\ModuleSettingsService as TwoFactorAuthModuleSettings;
 use OxidEsales\SecurityModule\PasswordPolicy\Service\ModuleSettingsService as PasswordPolicyModuleSettings;
 use OxidEsales\SecurityModule\Captcha\Service\ModuleSettingsService as CaptchaModuleSettings;
+use OxidEsales\SecurityModule\Authentication\OAuth2\Service\ModuleSettingsService as OAuthModuleSettings;
 use OxidEsales\SecurityModule\Core\Module;
 
 $sMetadataVersion = '2.1';
@@ -42,7 +43,6 @@
     'controllers' => [
         'captcha' => \OxidEsales\SecurityModule\Captcha\Controller\CaptchaController::class,
         'password' => \OxidEsales\SecurityModule\PasswordPolicy\Controller\PasswordAjaxController::class,
-
         'oauth' => \OxidEsales\SecurityModule\Authentication\OAuth2\Controller\OAuthController::class
     ],
     'templates'   => [
@@ -118,25 +118,49 @@
         //OAuth2 settings
         [
             'group' => 'oauth',
-            'name'  => ModuleSettingsService::FACEBOOK_ACTIVE,
+            'name'  => OAuthModuleSettings::FACEBOOK_LOGIN_ENABLED,
             'type'  => 'bool',
             'value' => false
         ],
         [
             'group' => 'oauth',
-            'name'  => ModuleSettingsService::FACEBOOK_CLIENT_ID,
+            'name'  => OAuthModuleSettings::FACEBOOK_CLIENT_ID,
+            'type'  => 'str',
+            'value' => ''
+        ],
+        [
+            'group' => 'oauth',
+            'name'  => OAuthModuleSettings::FACEBOOK_CLIENT_SECRET,
+            'type'  => 'str',
+            'value' => ''
+        ],
+        [
+            'group' => 'oauth',
+            'name'  => OAuthModuleSettings::FACEBOOK_REDIRECT_URL,
+            'type'  => 'str',
+            'value' => ''
+        ],
+        [
+            'group' => 'oauth',
+            'name'  => OAuthModuleSettings::GOOGLE_LOGIN_ENABLED,
+            'type'  => 'bool',
+            'value' => true
+        ],
+        [
+            'group' => 'oauth',
+            'name'  => OAuthModuleSettings::GOOGLE_CLIENT_ID,
             'type'  => 'str',
             'value' => ''
         ],
         [
             'group' => 'oauth',
-            'name'  => ModuleSettingsService::FACEBOOK_CLIENT_SECRET,
+            'name'  => OAuthModuleSettings::GOOGLE_CLIENT_SECRET,
             'type'  => 'str',
             'value' => ''
         ],
         [
             'group' => 'oauth',
-            'name'  => ModuleSettingsService::FACEBOOK_REDIRECT_URL,
+            'name'  => OAuthModuleSettings::GOOGLE_REDIRECT_URL,
             'type'  => 'str',
             'value' => ''
         ],

services.yaml

@@ -2,6 +2,7 @@ imports:
   - { resource: src/Captcha/services.yaml }
   - { resource: src/PasswordPolicy/services.yaml }
   - { resource: src/Authentication/services.yaml }
+  - { resource: src/Shared/services.yaml }
 
 services:
   _defaults:

src/Authentication/OAuth2/Controller/OAuthController.php

@@ -1,5 +1,10 @@
 <?php
 
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
 namespace OxidEsales\SecurityModule\Authentication\OAuth2\Controller;
 
 use OxidEsales\Eshop\Application\Controller\FrontendController;
@@ -14,18 +19,16 @@ public function login(): void
         $providerCollector = $this->getService(ProviderCollectorInterface::class);
 
         $provider = $providerCollector->getProvider($_GET['provider']);
-        $provider->getClient();
 
         Registry::getUtils()->redirect($provider->getAuthorizationUrl());
     }
 
     public function redirect(): void
     {
+        //todo: get provider dynamically
         $provider = $this
             ->getService(ProviderCollectorInterface::class)
-            ->getProvider('facebook');
-
-        $provider->getClient();
+            ->getProvider('google');
 
         $accessToken = $provider->getAccessToken($_GET['code']);
 

src/Authentication/OAuth2/DTO/OAuth2UserDTO.php

@@ -0,0 +1,35 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\DTO;
+
+readonly class OAuth2UserDTO implements OAuth2UserDTOInterface
+{
+    public function __construct(
+        private ?string $firstName,
+        private ?string $lastName,
+        private ?string $email,
+    ) {
+    }
+
+    public function getFirstName(): ?string
+    {
+        return $this->firstName;
+    }
+
+    public function getLastName(): ?string
+    {
+        return $this->lastName;
+    }
+
+    public function getEmail(): ?string
+    {
+        return $this->email;
+    }
+}

src/Authentication/OAuth2/DTO/OAuth2UserDTOInterface.php

@@ -0,0 +1,17 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\DTO;
+
+interface OAuth2UserDTOInterface
+{
+    public function getFirstName(): ?string;
+
+    public function getLastName(): ?string;
+
+    public function getEmail(): ?string;
+}

src/Authentication/OAuth2/DTO/UserDTO.php

@@ -12,24 +12,18 @@
 class UserDTO implements UserDTOInterface
 {
     public function __construct(
-        private readonly ?string $firstName,
-        private readonly ?string $lastName,
-        private readonly ?string $email,
+        private readonly string $userId,
+        private readonly bool $isBlocked
     ) {
     }
 
-    public function getFirstName(): ?string
+    public function getId(): string
     {
-        return $this->firstName;
+        return $this->userId;
     }
 
-    public function getLastName(): ?string
+    public function isBlocked(): bool
     {
-        return $this->lastName;
-    }
-
-    public function getEmail(): ?string
-    {
-        return $this->email;
+        return $this->isBlocked;
     }
 }

src/Authentication/OAuth2/DTO/UserDTOInterface.php

@@ -9,9 +9,7 @@
 
 interface UserDTOInterface
 {
-    public function getFirstName(): ?string;
+    public function getId(): string;
 
-    public function getLastName(): ?string;
-
-    public function getEmail(): ?string;
+    public function isBlocked(): bool;
 }

src/Authentication/OAuth2/Exception/ProviderNotActiveException.php

@@ -0,0 +1,14 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\OAuth2\Exception;
+
+class ProviderNotActiveException extends \Exception
+{
+}