Merge branch 'b-7.4.x-finalize-validation-OXDEV-10012' into b-7.4.x-2fa-OXDEV-9078

Author: TitaKoleva

src/Authentication/TwoFactorAuth/Controller/TwoFactorAuthController.php

@@ -10,9 +10,10 @@
 namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Controller;
 
 use OxidEsales\Eshop\Application\Controller\FrontendController;
-use OxidEsales\Eshop\Core\Registry;
-use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Infrastructure\Repository\UserRepositoryInterface;
+use OxidEsales\Eshop\Core\UtilsView;
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Exception\OTPValidationException;
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\AuthorizeServiceInterface;
+use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Service\UserServiceInterface;
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Transput\AuthCodeRequestInterface;
 
 class TwoFactorAuthController extends FrontendController
@@ -27,25 +28,26 @@ class TwoFactorAuthController extends FrontendController
 
     public function __construct(
         private readonly AuthorizeServiceInterface $authService,
+        private readonly UserServiceInterface $userService,
         private readonly AuthCodeRequestInterface $authCodeRequest,
+        private readonly UtilsView $utilsView,
     ) {
         parent::__construct();
     }
 
-    public function handleOTP(): void
+    public function handleOTP(): ?string
     {
-        //todo: catch only OTP exception that will be shown to user, maybe some abstract OTP exception?
         try {
             $this->authService->validate(
                 $this->authCodeRequest->getCode()
             );
 
-            //todo: redirect to originally requested page after successful OTP validation
-            //todo: create correct session for logged in user (from service, handleLogin?)
-        } catch (\Exception $e) {
-            //todo: display translated error message to user
-            Registry::getUtilsView()->addErrorToDisplay($e->getMessage());
+            $this->userService->finalizeLogin();
+        } catch (OTPValidationException $e) {
+            $this->utilsView->addErrorToDisplay($e);
         }
+
+        return null;
     }
 
     public function resendCode(): void

src/Authentication/TwoFactorAuth/Controller/services.yaml

@@ -2,6 +2,8 @@ services:
   _defaults:
     autowire: true
     public: false
+    bind:
+      OxidEsales\Eshop\Core\UtilsView: '@=service("OxidEsales\\SecurityModule\\Core\\Registry").getUtilsView()'
 
   OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Controller\TwoFactorAuthController:
     public: true

src/Authentication/TwoFactorAuth/DTO/User.php

@@ -15,6 +15,7 @@ class User implements UserInterface
 {
     public function __construct(
         private readonly string $userId,
+        private readonly string $email,
         private readonly int $attempts,
         private readonly ?string $code,
         private readonly ?DateTimeInterface $expiresAt,
@@ -46,4 +47,9 @@ public function getLastSentAt(): ?DateTimeInterface
     {
         return $this->lastSentAt;
     }
+
+    public function getEmail(): string
+    {
+        return $this->email;
+    }
 }

src/Authentication/TwoFactorAuth/DTO/UserInterface.php

@@ -20,4 +20,6 @@ public function getAttempts(): int;
     public function getExpiresAt(): ?DateTimeInterface;
 
     public function getLastSentAt(): ?DateTimeInterface;
+
+    public function getEmail(): string;
 }

src/Authentication/TwoFactorAuth/Exception/AttemptLimitExceededException.php

@@ -9,7 +9,7 @@
 
 namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Exception;
 
-class AttemptLimitExceededException extends \Exception
+class AttemptLimitExceededException extends OTPValidationException
 {
     public function __construct()
     {

src/Authentication/TwoFactorAuth/Exception/InvalidCodeException.php

@@ -9,7 +9,7 @@
 
 namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Exception;
 
-class InvalidCodeException extends \Exception
+class InvalidCodeException extends OTPValidationException
 {
     public function __construct()
     {

src/Authentication/TwoFactorAuth/Exception/OTPValidationException.php

@@ -0,0 +1,16 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Exception;
+
+use OxidEsales\Eshop\Core\Exception\StandardException;
+
+class OTPValidationException extends StandardException
+{
+}

src/Authentication/TwoFactorAuth/Exception/TimeExpiredException.php

@@ -9,7 +9,7 @@
 
 namespace OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Exception;
 
-class TimeExpiredException extends \Exception
+class TimeExpiredException extends OTPValidationException
 {
     public function __construct()
     {

src/Authentication/TwoFactorAuth/Infrastructure/Repository/UserRepository.php

@@ -13,6 +13,7 @@
 use DateTimeImmutable;
 use Doctrine\DBAL\Result;
 use OxidEsales\EshopCommunity\Internal\Framework\Database\QueryBuilderFactoryInterface;
+use OxidEsales\EshopCommunity\Internal\Transition\Utility\ContextInterface;
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\DTO\UserInterface;
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\DTO\User as UserDTO;
 use OxidEsales\SecurityModule\Authentication\TwoFactorAuth\Exception\UserNotFoundException;
@@ -23,22 +24,26 @@ class UserRepository implements UserRepositoryInterface
     public function __construct(
         private readonly UserFactoryInterface $userFactory,
         private readonly QueryBuilderFactoryInterface $queryBuilderFactory,
+        private readonly ContextInterface $context,
     ) {
     }
 
-    public function getUserOTPData(string $userName): UserInterface
+    public function getUserOTPData(string $userId): UserInterface
     {
         $builder = $this->queryBuilderFactory->create();
         $builder->select([
                 'OXID',
+                'OXUSERNAME',
                 'OESMOTPCODE',
                 'OESMOTPATTEMPTS',
                 'OESMOTPEXPTIME',
                 'OESMOTPLASTSENT',
             ])
             ->from('oxuser')
-            ->where('oxusername = :userName')
-            ->setParameter('userName', $userName);
+            ->where('oxid = :userId')
+            ->andWhere('oxshopid = :shopId')
+            ->setParameter('userId', $userId)
+            ->setParameter('shopId', $this->context->getCurrentShopId());
 
         /** @var Result $queryResult */
         $queryResult = $builder->execute();
@@ -49,7 +54,8 @@ public function getUserOTPData(string $userName): UserInterface
 
         return new UserDTO(
             $userData['OXID'],
-            $userData['OESMOTPATTEMPTS'],
+            $userData['OXUSERNAME'],
+            (int)$userData['OESMOTPATTEMPTS'],
             $userData['OESMOTPCODE'],
             $userData['OESMOTPEXPTIME'] ? new DateTime($userData['OESMOTPEXPTIME']) : null,
             $userData['OESMOTPLASTSENT'] ? new DateTime($userData['OESMOTPLASTSENT']) : null,
@@ -93,21 +99,6 @@ public function resetCodeFields(string $userId): void
         $userModel->save();
     }
 
-    public function getUserPasswordHash(string $userName): ?string
-    {
-        $builder = $this->queryBuilderFactory->create();
-        $builder->select('OXPASSWORD')
-            ->from('oxuser')
-            ->where('oxusername = :userName')
-            ->setParameter('userName', $userName);
-
-        /** @var Result $queryResult */
-        $queryResult = $builder->execute();
-        $userPass = $queryResult->fetchOne();
-
-        return $userPass ?: null;
-    }
-
     public function markOtpAsSent(string $userId): void
     {
         $userModel = $this->userFactory->create();

src/Authentication/TwoFactorAuth/Infrastructure/Repository/UserRepositoryInterface.php

@@ -12,15 +12,13 @@
 
 interface UserRepositoryInterface
 {
-    public function getUserOTPData(string $userName): UserInterface;
+    public function getUserOTPData(string $userId): UserInterface;
 
     public function updateAttempts(string $userId, int $attempts): void;
 
     public function resetCodeFields(string $userId): void;
 
     public function addOTPtoUser(string $userId, string $otp, DateTime $expiresAt): bool;
 
-    public function getUserPasswordHash(string $userId): ?string;
-
     public function markOtpAsSent(string $userId): void;
 }