OXDEV-10012 Exclude logout from stred urls

TitaKoleva · TitaKoleva · commit b0811502e786 · 2026-01-26T20:13:30.000+02:00
diff --git a/src/Authentication/TwoFactorAuth/Subscriber/StoreCurrentUrlSubscriber.php b/src/Authentication/TwoFactorAuth/Subscriber/StoreCurrentUrlSubscriber.php
@@ -20,6 +20,10 @@ class StoreCurrentUrlSubscriber implements EventSubscriberInterface
         'twofactorauth',
     ];
 
+    private const EXCLUDED_FUNCTIONS = [
+        'logout',
+    ];
+
     public static function getSubscribedEvents(): array
     {
         return [
@@ -34,9 +38,14 @@ public function onViewRendered(ViewRenderedEvent $event): void
         }
 
         $currentController = $this->getCurrentController();
-
-        // Skip widgets (they start with 'oxw') and excluded controllers
-        if ($this->isWidget($currentController) || $this->shouldExcludeController($currentController)) {
+        $currentFunction = $this->getCurrentFunction();
+
+        // Skip widgets, excluded controllers, and excluded functions (like logout)
+        if (
+            $this->isWidget($currentController)
+            || $this->shouldExcludeController($currentController)
+            || $this->shouldExcludeFunction($currentFunction)
+        ) {
             return;
         }
 
@@ -71,6 +80,16 @@ private function shouldExcludeController(string $controller): bool
         return in_array($controller, self::EXCLUDED_CONTROLLERS, true);
     }
 
+    private function getCurrentFunction(): string
+    {
+        return strtolower((string) Registry::getRequest()->getRequestParameter('fnc'));
+    }
+
+    private function shouldExcludeFunction(string $function): bool
+    {
+        return in_array($function, self::EXCLUDED_FUNCTIONS, true);
+    }
+
     private function getCurrentPageUrl(): ?string
     {
         $activeView = Registry::getConfig()->getTopActiveView();
diff --git a/tests/Unit/Authentication/TwoFactorAuth/Subscriber/StoreCurrentUrlSubscriberTest.php b/tests/Unit/Authentication/TwoFactorAuth/Subscriber/StoreCurrentUrlSubscriberTest.php
@@ -11,6 +11,7 @@
 
 use OxidEsales\Eshop\Core\Config;
 use OxidEsales\Eshop\Core\Registry;
+use OxidEsales\Eshop\Core\Request;
 use OxidEsales\Eshop\Core\Session;
 use OxidEsales\EshopCommunity\Application\Controller\FrontendController;
 use OxidEsales\EshopCommunity\Internal\Transition\ShopEvents\ViewRenderedEvent;
@@ -41,6 +42,10 @@ public function testOnViewRenderedStoresCurrentUrl(): void
         $configStub->method('getTopActiveView')->willReturn($viewStub);
         Registry::set(Config::class, $configStub);
 
+        $requestStub = $this->createStub(Request::class);
+        $requestStub->method('getRequestParameter')->with('fnc')->willReturn(null);
+        Registry::set(Request::class, $requestStub);
+
         $sessionMock = $this->createMock(Session::class);
         $sessionMock->expects($this->once())
             ->method('setVariable')
@@ -99,6 +104,10 @@ public function testOnViewRenderedSkipsTwoFactorAuthController(): void
         $configStub->method('getTopActiveView')->willReturn($viewStub);
         Registry::set(Config::class, $configStub);
 
+        $requestStub = $this->createStub(Request::class);
+        $requestStub->method('getRequestParameter')->with('fnc')->willReturn(null);
+        Registry::set(Request::class, $requestStub);
+
         $sessionMock = $this->createMock(Session::class);
         $sessionMock->expects($this->never())->method('setVariable');
         Registry::set(Session::class, $sessionMock);
@@ -137,6 +146,58 @@ public function testOnViewRenderedSkipsWhenGetLinkThrowsException(): void
         $configStub->method('getTopActiveView')->willReturn($viewStub);
         Registry::set(Config::class, $configStub);
 
+        $requestStub = $this->createStub(Request::class);
+        $requestStub->method('getRequestParameter')->with('fnc')->willReturn(null);
+        Registry::set(Request::class, $requestStub);
+
+        $sessionMock = $this->createMock(Session::class);
+        $sessionMock->expects($this->never())->method('setVariable');
+        Registry::set(Session::class, $sessionMock);
+
+        $sut = new StoreCurrentUrlSubscriber();
+        $eventStub = $this->createStub(ViewRenderedEvent::class);
+
+        $sut->onViewRendered($eventStub);
+    }
+
+    public function testOnViewRenderedSkipsLogoutFunction(): void
+    {
+        $viewStub = $this->createStub(FrontendController::class);
+        $viewStub->method('getClassKey')->willReturn('start');
+
+        $configStub = $this->createStub(Config::class);
+        $configStub->method('isAdmin')->willReturn(false);
+        $configStub->method('getTopActiveView')->willReturn($viewStub);
+        Registry::set(Config::class, $configStub);
+
+        $requestStub = $this->createStub(Request::class);
+        $requestStub->method('getRequestParameter')->with('fnc')->willReturn('logout');
+        Registry::set(Request::class, $requestStub);
+
+        $sessionMock = $this->createMock(Session::class);
+        $sessionMock->expects($this->never())->method('setVariable');
+        Registry::set(Session::class, $sessionMock);
+
+        $sut = new StoreCurrentUrlSubscriber();
+        $eventStub = $this->createStub(ViewRenderedEvent::class);
+
+        $sut->onViewRendered($eventStub);
+    }
+
+    public function testOnViewRenderedSkipsLogoutFunctionCaseInsensitive(): void
+    {
+        $viewStub = $this->createStub(FrontendController::class);
+        $viewStub->method('getClassKey')->willReturn('start');
+
+        $configStub = $this->createStub(Config::class);
+        $configStub->method('isAdmin')->willReturn(false);
+        $configStub->method('getTopActiveView')->willReturn($viewStub);
+        Registry::set(Config::class, $configStub);
+
+        $requestStub = $this->createStub(Request::class);
+        $requestStub->method('getRequestParameter')->with('fnc')->willReturn('Logout');
+        Registry::set(Request::class, $requestStub);
+
         $sessionMock = $this->createMock(Session::class);
         $sessionMock->expects($this->never())->method('setVariable');
         Registry::set(Session::class, $sessionMock);
@@ -146,4 +207,33 @@ public function testOnViewRenderedSkipsWhenGetLinkThrowsException(): void
 
         $sut->onViewRendered($eventStub);
     }
+
+    public function testOnViewRenderedStoresUrlWithOtherFunction(): void
+    {
+        $currentUrl = uniqid();
+
+        $viewStub = $this->createStub(FrontendController::class);
+        $viewStub->method('getClassKey')->willReturn('details');
+        $viewStub->method('getLink')->willReturn($currentUrl);
+
+        $configStub = $this->createStub(Config::class);
+        $configStub->method('isAdmin')->willReturn(false);
+        $configStub->method('getTopActiveView')->willReturn($viewStub);
+        Registry::set(Config::class, $configStub);
+
+        $requestStub = $this->createStub(Request::class);
+        $requestStub->method('getRequestParameter')->with('fnc')->willReturn('tobasket');
+        Registry::set(Request::class, $requestStub);
+
+        $sessionMock = $this->createMock(Session::class);
+        $sessionMock->expects($this->once())
+            ->method('setVariable')
+            ->with(AuthorizeService::OTP_TARGET_URL, $currentUrl);
+        Registry::set(Session::class, $sessionMock);
+
+        $sut = new StoreCurrentUrlSubscriber();
+        $eventStub = $this->createStub(ViewRenderedEvent::class);
+
+        $sut->onViewRendered($eventStub);
+    }
 }
diff --git a/translations/de/oesecuritymodule_lang.php b/translations/de/oesecuritymodule_lang.php
@@ -45,7 +45,7 @@
     'TWO_FACTOR_AUTHENTICATION_TITLE'       => 'Zwei-Faktor-Authentifizierung',
     'TWO_FACTOR_AUTHENTICATION_DESCRIPTION' => 'Ein Code wurde an Ihre E-Mail-Adresse gesendet. Bitte geben Sie ihn unten ein, um fortzufahren.',
 
-    'RESENT_CODE' => 'Code erneut senden',
+    'RESEND_CODE' => 'Code erneut senden',
 
     'ERROR_INVALID_CODE'           => 'Der Bestätigungscode ist ungültig. Bitte versuchen Sie es erneut.',
     'ERROR_CODE_TIME_EXPIRED'      => 'Der Bestätigungscode ist abgelaufen. Bitte fordern Sie einen neuen Code an.',
diff --git a/translations/en/oesecuritymodule_lang.php b/translations/en/oesecuritymodule_lang.php
@@ -45,7 +45,7 @@
     'TWO_FACTOR_AUTHENTICATION_TITLE'       => 'Two Factor Authentication',
     'TWO_FACTOR_AUTHENTICATION_DESCRIPTION' => 'Code has been sent to your email. Please enter it below to proceed.',
 
-    'RESENT_CODE' => 'Resend Code',
+    'RESEND_CODE' => 'Resend Code',
 
     'ERROR_INVALID_CODE'           => 'The verification code is invalid. Please try again.',
     'ERROR_CODE_TIME_EXPIRED'      => 'The verification code has expired. Please request a new code.',
