OXDEV-9078 Add two FA settings in user account

Author: TitaKoleva

src/Authentication/TwoFactorAuth/Controller/AccountSecurityController.php

@@ -0,0 +1,41 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Controller;
+
+use OxidEsales\Eshop\Application\Controller\FrontendController;
+use OxidEsales\Eshop\Core\Registry;
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\TwoFAUserSettingsServiceInterface;
+
+// todo-critical: remove if we go with Change Password extension
+class AccountSecurityController extends FrontendController
+{
+    /**
+     * @var string
+     * @SuppressWarnings("PHPMD.CamelCasePropertyName")
+     */
+    protected $_sThisTemplate = '@oe_security_module/templates/account_security';
+
+    public function __construct(
+        private readonly TwoFAUserSettingsServiceInterface $userSettingsService,
+    ) {
+        parent::__construct();
+    }
+
+    public function saveTwoFactorAuth(): void
+    {
+        $user = $this->getUser();
+        if (!$user) {
+            return;
+        }
+
+        $enabled = (bool) Registry::getRequest()->getRequestParameter('twofa_enabled');
+        $this->userSettingsService->setEnabledForUser($user->getId(), $enabled);
+    }
+}

src/Authentication/TwoFactorAuth/Controller/services.yaml

@@ -9,3 +9,8 @@ services:
     public: true
     tags:
         - { name: 'oxid.view_controller', controller_key: 'twofactorauth' }
+
+  OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Controller\AccountSecurityController:
+    public: true
+    tags:
+        - { name: 'oxid.view_controller', controller_key: 'account_security' }

src/Authentication/TwoFactorAuth/Infrastructure/Repository/UserRepository.php

@@ -32,4 +32,16 @@ public function getUserById(string $userId): UserInterface
 
         return $this->userDtoFactory->createFromModel($userModel);
     }
+
+    public function setTwoFAEnabled(string $userId, bool $enabled): void
+    {
+        $userModel = $this->userFactory->create();
+
+        if (!$userModel->load($userId)) {
+            throw new UserNotFoundException();
+        }
+
+        $userModel->assign(['oe2faenabled' => (int) $enabled]);
+        $userModel->save();
+    }
 }

src/Authentication/TwoFactorAuth/Infrastructure/Repository/UserRepositoryInterface.php

@@ -16,4 +16,7 @@ interface UserRepositoryInterface
 {
     /** @throws UserNotFoundException */
     public function getUserById(string $userId): UserInterface;
+
+    /** @throws UserNotFoundException */
+    public function setTwoFAEnabled(string $userId, bool $enabled): void;
 }

src/Authentication/TwoFactorAuth/Service/TwoFAUserSettingsService.php

@@ -0,0 +1,30 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service;
+
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Infrastructure\Repository\UserRepositoryInterface;
+
+class TwoFAUserSettingsService implements TwoFAUserSettingsServiceInterface
+{
+    public function __construct(
+        private UserRepositoryInterface $userRepository,
+    ) {
+    }
+
+    public function isEnabledForUser(string $userId): bool
+    {
+        return $this->userRepository->getUserById($userId)->isTwoFAEnabled();
+    }
+
+    public function setEnabledForUser(string $userId, bool $enabled): void
+    {
+        $this->userRepository->setTwoFAEnabled($userId, $enabled);
+    }
+}

src/Authentication/TwoFactorAuth/Service/TwoFAUserSettingsServiceInterface.php

@@ -0,0 +1,21 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service;
+
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Exception\UserNotFoundException;
+
+interface TwoFAUserSettingsServiceInterface
+{
+    /** @throws UserNotFoundException */
+    public function isEnabledForUser(string $userId): bool;
+
+    /** @throws UserNotFoundException */
+    public function setEnabledForUser(string $userId, bool $enabled): void;
+}

src/Authentication/TwoFactorAuth/Service/services.yaml

@@ -8,3 +8,7 @@ services:
   OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\TwoFAUserServiceInterface:
     class: OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\TwoFAUserService
     public: true
+
+  OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\TwoFAUserSettingsServiceInterface:
+    class: OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\TwoFAUserSettingsService
+    public: true

src/Shared/Core/ViewConfig.php

@@ -13,6 +13,7 @@
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\TwoFAResendableInterface;
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\TwoFAServiceInterface;
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\TwoFAUserServiceInterface;
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\TwoFAUserSettingsServiceInterface;
 use OxidEsales\SecurityModule\Captcha\Captcha\Image\Service\ImageCaptchaService;
 use OxidEsales\SecurityModule\Captcha\Service\CaptchaServiceInterface;
 use OxidEsales\SecurityModule\PasswordPolicy\Service\ModuleSettingsServiceInterface as PasswordSettingsServiceInterface;
@@ -84,6 +85,16 @@ public function getResendCooldownRemaining(): int
         return $twoFAService->getCooldownRemaining($userId);
     }
 
+    public function isTwoFAEnabled(): bool
+    {
+        $user = $this->getUser();
+        if (!$user) {
+            return false;
+        }
+
+        return $this->getService(TwoFAUserSettingsServiceInterface::class)->isEnabledForUser($user->getId());
+    }
+
     public function isExternalAuthUser(): bool
     {
         $user = $this->getUser();

tests/PhpStan/phpstan-bootstrap.php

@@ -29,5 +29,10 @@ class_alias(
 
 class_alias(
     \OxidEsales\Eshop\Application\Controller\ForgotPasswordController::class,
+    \OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Controller\AccountPasswordController_parent::class
+);
+
+class_alias(
+    \OxidEsales\Eshop\Application\Controller\AccountPasswordController::class,
     \OxidEsales\SecurityModule\Shared\Controller\ForgotPasswordController_parent::class
 );

translations/de/oesecuritymodule_lang.php

@@ -62,4 +62,10 @@
 
     'OE_SECURITY_EXTERNAL_AUTH_PASSWORD_INFO' => 'Sie sind mit einem externen Anbieter angemeldet. Die Passwortverwaltung ist für dieses Konto nicht verfügbar.',
     'OE_SECURITY_RESET_PASSWORD'              => 'Passwort zurücksetzen',
+
+    'OE_SECURITY_PASSWORD_AND_SECURITY'           => 'Passwort & Sicherheit',
+    'OE_SECURITY_SECURITY_TITLE'                  => 'Sicherheit',
+    'OE_SECURITY_TWO_FACTOR_SETTINGS_TITLE'       => 'Zwei-Faktor-Authentifizierung',
+    'OE_SECURITY_TWO_FACTOR_SETTINGS_DESCRIPTION' => 'Fügen Sie Ihrem Konto eine zusätzliche Sicherheitsebene hinzu. Wenn aktiviert, müssen Sie bei jeder Anmeldung einen Bestätigungscode eingeben, der an Ihre E-Mail gesendet wird.',
+    'OE_SECURITY_TWO_FACTOR_ENABLE'               => 'Zwei-Faktor-Authentifizierung aktivieren',
 ];