Merge pull request #57 from magento-commerce/imported-anzin-security-package-314

[Imported] Updated endroid/qr-code to 4.3.5

Author: xmav

TwoFactorAuth/Model/Provider/Engine/Google.php

@@ -7,8 +7,10 @@
 
 namespace Magento\TwoFactorAuth\Model\Provider\Engine;
 
-use Endroid\QrCode\ErrorCorrectionLevel;
-use Endroid\QrCode\Exception\ValidationException;
+use Base32\Base32;
+use Endroid\QrCode\Color\Color;
+use Endroid\QrCode\Encoding\Encoding;
+use Endroid\QrCode\ErrorCorrectionLevel\ErrorCorrectionLevelHigh;
 use Endroid\QrCode\QrCode;
 use Endroid\QrCode\Writer\PngWriter;
 use Exception;
@@ -17,11 +19,10 @@
 use Magento\Framework\Encryption\EncryptorInterface;
 use Magento\Framework\Exception\NoSuchEntityException;
 use Magento\Store\Model\StoreManagerInterface;
+use Magento\TwoFactorAuth\Api\EngineInterface;
+use Magento\TwoFactorAuth\Api\UserConfigManagerInterface;
 use Magento\TwoFactorAuth\Model\Provider\Engine\Google\TotpFactory;
 use Magento\User\Api\Data\UserInterface;
-use Magento\TwoFactorAuth\Api\UserConfigManagerInterface;
-use Magento\TwoFactorAuth\Api\EngineInterface;
-use Base32\Base32;
 use OTPHP\TOTPInterface;
 
 /**
@@ -206,27 +207,26 @@ public function verify(UserInterface $user, DataObject $request): bool
      * Render TFA QrCode
      *
      * @param UserInterface $user
+     *
      * @return string
-     * @throws NoSuchEntityException
-     * @throws ValidationException
+     * @throws Exception
      */
     public function getQrCodeAsPng(UserInterface $user): string
     {
         // @codingStandardsIgnoreStart
         $qrCode = new QrCode($this->getProvisioningUrl($user));
         $qrCode->setSize(400);
         $qrCode->setMargin(0);
-        $qrCode->setErrorCorrectionLevel(ErrorCorrectionLevel::HIGH());
-        $qrCode->setForegroundColor(['r' => 0, 'g' => 0, 'b' => 0, 'a' => 0]);
-        $qrCode->setBackgroundColor(['r' => 255, 'g' => 255, 'b' => 255, 'a' => 0]);
-        $qrCode->setLabelFontSize(16);
-        $qrCode->setEncoding('UTF-8');
+        $qrCode->setErrorCorrectionLevel(new ErrorCorrectionLevelHigh());
+        $qrCode->setForegroundColor(new Color(0, 0, 0, 0));
+        $qrCode->setBackgroundColor(new Color(255, 255, 255, 0));
+        $qrCode->setEncoding(new Encoding('UTF-8'));
 
         $writer = new PngWriter();
-        $pngData = $writer->writeString($qrCode);
+        $pngData = $writer->write($qrCode);
         // @codingStandardsIgnoreEnd
 
-        return $pngData;
+        return $pngData->getString();
     }
 
     /**

TwoFactorAuth/Test/Unit/Model/Provider/Engine/GoogleTest.php

@@ -11,6 +11,8 @@
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Framework\DataObject;
 use Magento\Framework\Encryption\EncryptorInterface;
+use Magento\Store\Model\Store;
+use Magento\Store\Model\StoreManagerInterface;
 use Magento\TwoFactorAuth\Api\UserConfigManagerInterface;
 use Magento\TwoFactorAuth\Model\Provider\Engine\Google;
 use Magento\TwoFactorAuth\Model\Provider\Engine\Google\TotpFactory;
@@ -20,6 +22,9 @@
 use PHPUnit\Framework\TestCase;
 use Magento\Framework\TestFramework\Unit\Helper\ObjectManager;
 
+/**
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ */
 class GoogleTest extends TestCase
 {
     /**
@@ -57,6 +62,11 @@ class GoogleTest extends TestCase
      */
     private $encryptor;
 
+    /**
+     * @var StoreManagerInterface|MockObject
+     */
+    private $storeManager;
+
     /**
      * @inheritDoc
      */
@@ -74,13 +84,15 @@ protected function setUp(): void
         $this->user->method('getEmail')
             ->willReturn('[email protected]');
         $this->configManager = $this->createMock(UserConfigManagerInterface::class);
+        $this->storeManager = $this->createMock(StoreManagerInterface::class);
         $this->model = $objectManager->getObject(
             Google::class,
             [
                 'configManager' => $this->configManager,
                 'totpFactory' => $this->totpFactory,
                 'scopeConfig' => $this->scopeConfig,
-                'encryptor' => $this->encryptor
+                'encryptor' => $this->encryptor,
+                'storeManager' => $this->storeManager
             ]
         );
     }
@@ -196,4 +208,24 @@ public function testVerifyWindowFromUserConfigOverridesScopeConfig()
 
         self::assertTrue($valid);
     }
+
+    /**
+     * Check if method not return empty string and image is png.
+     *
+     * @return void
+     * @throws \Exception
+     */
+    public function testGetQrCodeAsPng(): void
+    {
+        $store = $this->createMock(Store::class);
+        $store->method('getBaseUrl')
+            ->willReturn('http://www.example.com/');
+        $this->storeManager->method('getStore')
+            ->willReturn($store);
+
+        $image = $this->model->getQrCodeAsPng($this->user);
+        $this->assertNotEmpty($image);
+        $imageData = getimagesizefromstring($image);
+        $this->assertEquals('image/png', $imageData['mime']);
+    }
 }

TwoFactorAuth/composer.json

@@ -14,7 +14,7 @@
         "magento/module-integration": "*",
         "christian-riesen/base32": "^1.3",
         "spomky-labs/otphp": "^10.0",
-        "endroid/qr-code": "^3.7",
+        "endroid/qr-code": "^4.3.5",
         "2tvenom/cborencode": "^1.0"
     },
     "type": "magento2-module",