OXDEV-9927 Add target url to session

Author: TitaKoleva

src/Authentication/TwoFactorAuth/Service/AuthorizeService.php

@@ -15,6 +15,8 @@ class AuthorizeService implements AuthorizeServiceInterface
 {
     public const USER_SESSION_KEY = 'pending_authorized_user';
 
+    public const OTP_TARGET_URL = 'otp_target_url';
+
     public function __construct(
         private ModuleSettingsServiceInterface $moduleSettings,
         private VerificationCollectorServiceInterface $verificationCollectorService,

src/Authentication/TwoFactorAuth/Service/UserService.php

@@ -9,6 +9,7 @@
 
 namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service;
 
+use OxidEsales\Eshop\Core\Registry;
 use OxidEsales\EshopCommunity\Internal\Domain\Authentication\Bridge\PasswordServiceBridgeInterface;
 use OxidEsales\EshopCommunity\Internal\Framework\Session\SessionInterface;
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Infrastructure\Repository\UserRepositoryInterface;
@@ -26,20 +27,24 @@ public function __construct(
     public function handleLogin($userName): void
     {
         $this->session->set(AuthorizeService::USER_SESSION_KEY, $userName);
+        $this->session->set(
+            AuthorizeService::OTP_TARGET_URL,
+            //todo: bind registry
+            Registry::getRequest()->getRequestUrl()
+        );
 
         $this->authorizeService->generate();
-        // redirect to controller and rende template
-        // use template renderer to render the template
+
+        //todo: return full url
+        $redirectUrl = $this->authorizeService->getVerificationUrl();
+        Registry::getUtils()->redirect(Registry::getConfig()->getShopHomeUrl() . 'cl=' . $redirectUrl);
     }
 
     public function checkPassword(string $userName, string $password): bool
     {
-//        $userModel = $this->userFactory->create();
-//        $userModel->load($userId);
-
         //todo: got exception if user not found
         $userPasswordHash = $this->userRepository->getUserPasswordHash($userName);
-//        var_dump($userPasswordHash);
+
         return $this->passwordServiceBridge
             ->verifyPassword($password, $userPasswordHash);
     }

src/Authentication/TwoFactorAuth/Service/Verificator/OTP/OTPVerificator.php

@@ -9,6 +9,7 @@
 
 namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\Verificator\OTP;
 
+use OxidEsales\Eshop\Core\Registry;
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Exception\InvalidCodeException;
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Infrastructure\Repository\UserRepositoryInterface;
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\Verificator\OTP\Generator\OTPGeneratorInterface;
@@ -62,7 +63,6 @@ public function generate(string $userName): string
 
     public function getVerificationUrl(): string
     {
-        //todo: this should be called from User Model or AuthorizeService
         return 'twofactorauth';
     }
 }

src/Shared/Model/User.php

@@ -65,7 +65,6 @@ public function login($userName, $password, $setSessionCookie = false): bool
         if (!$this->isCaptchaEnabled()) {
 //            return parent::login($userName, $password, $setSessionCookie);
         }
-
         if (!$this->isAdmin()) {
             $captchaService = $this->getService(CaptchaServiceInterface::class);
 
@@ -84,14 +83,12 @@ public function login($userName, $password, $setSessionCookie = false): bool
 
         $userService = $this->getService(UserServiceInterface::class);
         if (!$userService->checkPassword($userName, $password)) {
+            //todo: log invalid login attempt and throw exception
             return false; // invalid login
         }
 
         $userService->handleLogin($userName);
 
-        //todo: redirect to correct page decided by verificator method? (otp: otp page, TOTP: totp page, etc)
-        Registry::getUtils()->redirect(Registry::getConfig()->getShopHomeUrl() . 'cl=twofactorauth');
-
         return false;
     }