OXDEV-9927 Add check on get code and fix typos

TitaKoleva · TitaKoleva · commit d321f631b34d · 2026-01-15T17:13:49.000+02:00
diff --git a/src/Authentication/TwoFactorAuth/Controller/TwoFactorAuthController.php b/src/Authentication/TwoFactorAuth/Controller/TwoFactorAuthController.php
@@ -5,6 +5,8 @@
  * See LICENSE file for license details.
  */
 
+declare(strict_types=1);
+
 namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Controller;
 
 use OxidEsales\Eshop\Application\Controller\FrontendController;
diff --git a/src/Authentication/TwoFactorAuth/Exception/AttemptLimitExceededException.php b/src/Authentication/TwoFactorAuth/Exception/AttemptLimitExceededException.php
@@ -5,6 +5,8 @@
  * See LICENSE file for license details.
  */
 
+declare(strict_types=1);
+
 namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Exception;
 
 class AttemptLimitExceededException extends \Exception
diff --git a/src/Authentication/TwoFactorAuth/Transput/AuthCodeRequest.php b/src/Authentication/TwoFactorAuth/Transput/AuthCodeRequest.php
@@ -10,6 +10,7 @@
 namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Transput;
 
 use OxidEsales\EshopCommunity\Internal\Framework\Request\RequestInterface;
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Exception\InvalidCodeException;
 
 readonly class AuthCodeRequest implements AuthCodeRequestInterface
 {
@@ -20,6 +21,12 @@ public function __construct(
 
     public function getCode(): string
     {
-        return $this->request->get('auth_code');
+        $code = $this->request->get('auth_code');
+
+        if (!is_string($code) || $code === '') {
+            throw new InvalidCodeException();
+        }
+
+        return $code;
     }
 }
diff --git a/translations/de/oesecuritymodule_lang.php b/translations/de/oesecuritymodule_lang.php
@@ -45,5 +45,5 @@
     'TWO_FACTOR_AUTHENTICATION_TITLE'       => 'Two Factor Authentication',
     'TWO_FACTOR_AUTHENTICATION_DESCRIPTION' => 'Code has been sent to your email. Please enter it below to proceed.',
 
-    'RESENT_CODE' => 'Code erneut senden'
+    'RESEND_CODE' => 'Code erneut senden'
 ];
diff --git a/translations/en/oesecuritymodule_lang.php b/translations/en/oesecuritymodule_lang.php
@@ -45,5 +45,5 @@
     'TWO_FACTOR_AUTHENTICATION_TITLE'       => 'Two Factor Authentication',
     'TWO_FACTOR_AUTHENTICATION_DESCRIPTION' => 'Code has been sent to your email. Please enter it below to proceed.',
 
-    'RESENT_CODE' => 'Resend Code'
+    'RESEND_CODE' => 'Resend Code'
 ];
diff --git a/views/twig/templates/two_factor_auth.html.twig b/views/twig/templates/two_factor_auth.html.twig
@@ -13,7 +13,7 @@
             <button class="btn btn-primary submitButton largeButton" type="submit" id="auth_submit" class="submitButton">{{ translate({ ident: "SUBMIT" }) }}</button>
         </div>
         <div>
-            <button class="btn btn-secondary submitButton largeButton" type="button">{{ translate({ ident: "RESENT_CODE" }) }}</button>
+            <button class="btn btn-secondary submitButton largeButton" type="button">{{ translate({ ident: "RESEND_CODE" }) }}</button>
         </div>
     </form>
     <br>

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@`
`10`	`10`	`namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Transput;`
`11`	`11`
`12`	`12`	`use OxidEsales\EshopCommunity\Internal\Framework\Request\RequestInterface;`
	`13`	`+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Exception\InvalidCodeException;`
`13`	`14`
`14`	`15`	`readonly class AuthCodeRequest implements AuthCodeRequestInterface`
`15`	`16`	`{`
`@@ -20,6 +21,12 @@ public function __construct(`
`20`	`21`
`21`	`22`	`public function getCode(): string`
`22`	`23`	`{`
`23`		`- return $this->request->get('auth_code');`
	`24`	`+ $code = $this->request->get('auth_code');`
	`25`	`+`
	`26`	`+ if (!is_string($code) \|\| $code === '') {`
	`27`	`+ throw new InvalidCodeException();`
	`28`	`+ }`
	`29`	`+`
	`30`	`+ return $code;`
`24`	`31`	`}`
`25`	`32`	`}`