Merge pull request #15 from magento-cia/MC-37956

dvoskoboinikov · web-flow · commit 0c8a8a1620e1 · 2021-03-01T14:18:10.000-06:00
Bugfixes
diff --git a/TwoFactorAuth/Controller/Adminhtml/Tfa/Requestconfig.php b/TwoFactorAuth/Controller/Adminhtml/Tfa/Requestconfig.php
@@ -30,6 +30,8 @@ class Requestconfig extends AbstractAction implements HttpGetActionInterface, Ht
      */
     public const ADMIN_RESOURCE = 'Magento_TwoFactorAuth::tfa';
 
+    private const TFA_EMAIL_SENT = 'tfa_email_sent';
+
     /**
      * @var UserConfigRequestManagerInterface
      */
@@ -89,7 +91,10 @@ public function execute()
         }
 
         try {
-            $this->configRequestManager->sendConfigRequestTo($user);
+            if (!$this->session->getData(self::TFA_EMAIL_SENT)) {
+                $this->configRequestManager->sendConfigRequestTo($user);
+                $this->session->setData(self::TFA_EMAIL_SENT, true);
+            }
         } catch (AuthorizationException $exception) {
             $this->messageManager->addErrorMessage(
                 'Please ask an administrator with sufficient access to configure 2FA first'
diff --git a/TwoFactorAuth/Test/Integration/Controller/Adminhtml/Tfa/RequestconfigTest.php b/TwoFactorAuth/Test/Integration/Controller/Adminhtml/Tfa/RequestconfigTest.php
@@ -13,6 +13,7 @@
 use Magento\TwoFactorAuth\Api\TfaInterface;
 use Magento\TwoFactorAuth\Api\UserConfigTokenManagerInterface;
 use Magento\TwoFactorAuth\Model\Provider\Engine\Google;
+use Magento\Backend\Model\Auth\Session;
 
 /**
  * Testing the controller for the page that requests 2FA config from users.
@@ -37,6 +38,11 @@ class RequestconfigTest extends AbstractBackendController
      */
     private $tokenManager;
 
+    /**
+     * @var Session
+     */
+    private $session;
+
     /**
      * @inheritDoc
      */
@@ -46,6 +52,7 @@ protected function setUp(): void
 
         $this->tfa = Bootstrap::getObjectManager()->get(TfaInterface::class);
         $this->tokenManager = Bootstrap::getObjectManager()->get(UserConfigTokenManagerInterface::class);
+        $this->session = Bootstrap::getObjectManager()->get(Session::class);
     }
 
     /**
@@ -117,4 +124,21 @@ public function testRedirectToUserConfig(): void
         $this->dispatch($this->uri);
         $this->assertRedirect($this->stringContains('tfa/index'));
     }
+
+    /**
+     * Verify that session flag is set when 2FA config email is sent to the user.
+     *
+     * @return void
+     * @magentoConfigFixture default/twofactorauth/general/force_providers google
+     */
+    public function testUserConfigRequestedFlag(): void
+    {
+        $this->assertNull($this->session->getData('tfa_email_sent'));
+        $this->dispatch($this->uri);
+        self::assertMatchesRegularExpression(
+            '/You need to configure Two\-Factor Authorization/',
+            $this->getResponse()->getBody()
+        );
+        $this->assertTrue($this->session->getData('tfa_email_sent'));
+    }
 }
