magento
diff --git a/‎Securitytxt/Model/Config/Backend/SecureUrl.php‎
Lines changed: 36 additions & 0 deletions b/‎Securitytxt/Model/Config/Backend/SecureUrl.php‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎Securitytxt/Model/Config/Backend/Validate.php‎
Lines changed: 0 additions & 126 deletions b/‎Securitytxt/Model/Config/Backend/Validate.php‎
Lines changed: 0 additions & 126 deletions
diff --git a/‎Securitytxt/Model/Config/Signature.php‎
Lines changed: 31 additions & 4 deletions b/‎Securitytxt/Model/Config/Signature.php‎
Lines changed: 31 additions & 4 deletions
diff --git a/‎Securitytxt/etc/adminhtml/system.xml‎
Lines changed: 26 additions & 16 deletions b/‎Securitytxt/etc/adminhtml/system.xml‎
Lines changed: 26 additions & 16 deletions
diff --git a/‎Securitytxt/etc/di.xml‎
Lines changed: 8 additions & 1 deletion b/‎Securitytxt/etc/di.xml‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎Securitytxt/i18n/en_US.csv‎
Lines changed: 2 additions & 1 deletion b/‎Securitytxt/i18n/en_US.csv‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎TwoFactorAuth/Api/AdminTokenServiceInterface.php‎
Lines changed: 19 additions & 0 deletions b/‎TwoFactorAuth/Api/AdminTokenServiceInterface.php‎
Lines changed: 19 additions & 0 deletions
@@ -0,0 +1,36 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Securitytxt\Model\Config\Backend;
+
+use Magento\Framework\Validator\Exception as ValidatorException;
+use Magento\Framework\App\Config\Value;
+
+/**
+ * Security.txt secure URL validator.
+ */
+class SecureUrl extends Value
+{
+    /**
+     * Validate security.txt URL field before saving it.
+     *
+     * @return $this
+     * @throws ValidatorException
+     */
+    public function beforeSave()
+    {
+        $url = $this->getValue();
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
+        $isValid = parse_url($url, PHP_URL_SCHEME) === 'https';
+        if (!$isValid && $url !== '') {
+            throw new ValidatorException(
+                __('URL should be in correct format and must start with HTTPS.')
+            );
+        }
+        return $this;
+    }
+}
@@ -3,18 +3,40 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
 declare(strict_types=1);
 
 namespace Magento\Securitytxt\Model\Config;
 
 use Magento\Config\Model\Config\CommentInterface;
+use Magento\Framework\Escaper;
 
 /**
  * Signature field description
  */
 class Signature implements CommentInterface
 {
+    /**
+     * @var string
+     */
+    private $instructionLink;
+
+    /**
+     * @var Escaper
+     */
+    private $escaper;
+
+    /**
+     * @param Escaper $escaper
+     * @param string $instructionLink
+     */
+    public function __construct(
+        Escaper $escaper,
+        string $instructionLink = ''
+    ) {
+        $this->escaper = $escaper;
+        $this->instructionLink = $instructionLink;
+    }
+
     /**
      * Get comment for signature field of security txt extension.
      *
@@ -24,8 +46,13 @@ class Signature implements CommentInterface
      */
     public function getCommentText($elementValue): string
     {
-        return "<a href='https://devdocs.magento.com/' target='_blank'>
-                    Read instructions on how to generate signature
-                </a>";
+        if ($this->instructionLink === '') {
+            return '';
+        }
+        return sprintf(
+            "<a href='%s' target='_blank'>%s</a>",
+            $this->escaper->escapeUrl($this->instructionLink),
+            __('Read instructions on how to generate signature')
+        );
     }
 }
@@ -12,82 +12,92 @@
             <label>Security</label>
         </tab>
         <section id="magento_securitytxt_securitytxt" translate="label" type="text" sortOrder="520" showInDefault="1"
-                 showInWebsite="1" showInStore="1">
+                 showInWebsite="1" showInStore="0">
             <class>separator-top</class>
             <label>Security.txt</label>
             <tab>security</tab>
             <resource>Magento_Securitytxt::config</resource>
             <group id="general" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="1"
-                   showInStore="1">
+                   showInStore="0">
                 <label>General</label>
                 <field id="enabled" translate="label" type="select" sortOrder="10" showInDefault="1" showInWebsite="1"
-                       showInStore="1">
+                       showInStore="0">
                     <label>Enable</label>
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                 </field>
             </group>
             <group id="contact_information" translate="label" type="text" sortOrder="10" showInDefault="1"
                    showInWebsite="1"
-                   showInStore="1">
+                   showInStore="0">
                 <label>Contact Information</label>
                 <field id="email" translate="label comment" type="text" sortOrder="20" showInDefault="1"
-                       showInWebsite="1" showInStore="1">
+                       showInWebsite="1" showInStore="0">
                     <label>Email</label>
                     <validate>validate-email</validate>
-                    <backend_model>Magento\Securitytxt\Model\Config\Backend\Validate</backend_model>
                 </field>
                 <field id="phone" translate="label comment" type="text" sortOrder="20" showInDefault="1"
-                       showInWebsite="1" showInStore="1">
+                       showInWebsite="1" showInStore="0">
                     <label>Phone</label>
                 </field>
                 <field id="contact_page" translate="label comment" type="text" sortOrder="20" showInDefault="1"
-                       showInWebsite="1" showInStore="1">
+                       showInWebsite="1" showInStore="0">
                     <label>Contact Page</label>
                     <validate>validate-url validate-no-html-tags</validate>
+                    <backend_model>Magento\Securitytxt\Model\Config\Backend\SecureUrl</backend_model>
                     <comment>Example: https://example.com/security-contact.html</comment>
                 </field>
+                <depends>
+                    <field id="magento_securitytxt_securitytxt/general/enabled">1</field>
+                </depends>
             </group>
             <group id="other_information" translate="label" type="text" sortOrder="10" showInDefault="1"
                    showInWebsite="1"
-                   showInStore="1">
+                   showInStore="0">
                 <label>Other Information</label>
                 <field id="encryption" translate="label comment" type="text" sortOrder="40" showInDefault="1"
-                       showInWebsite="1" showInStore="1">
+                       showInWebsite="1" showInStore="0" >
                     <label>Encryption</label>
                     <validate>validate-url validate-no-html-tags</validate>
                     <comment>Example: https://example.com/pgp-key.txt</comment>
+                    <backend_model>Magento\Securitytxt\Model\Config\Backend\SecureUrl</backend_model>
                 </field>
                 <field id="acknowledgements" translate="label comment" type="text" sortOrder="50" showInDefault="1"
-                       showInWebsite="1" showInStore="1">
+                       showInWebsite="1" showInStore="0">
                     <label>Acknowledgements</label>
                     <validate>validate-url validate-no-html-tags</validate>
                     <comment>Example: https://example.com/hall-of-fame.html</comment>
+                    <backend_model>Magento\Securitytxt\Model\Config\Backend\SecureUrl</backend_model>
                 </field>
                 <field id="preferred_languages" translate="label comment" type="text" sortOrder="50" showInDefault="1"
-                       showInWebsite="1" showInStore="1">
+                       showInWebsite="1" showInStore="0">
                     <label>Preferred-Languages</label>
                     <validate>validate-text validate-no-html-tags</validate>
                     <comment>Example: en, es, hi, de, fr</comment>
                 </field>
                 <field id="hiring" translate="label comment" type="text" sortOrder="50" showInDefault="1"
-                       showInWebsite="1" showInStore="1">
+                       showInWebsite="1" showInStore="0">
                     <label>Hiring</label>
                     <validate>validate-url validate-no-html-tags</validate>
                     <comment>Example: https://example.com/jobs.html</comment>
+                    <backend_model>Magento\Securitytxt\Model\Config\Backend\SecureUrl</backend_model>
                 </field>
                 <field id="policy" translate="label comment" type="text" sortOrder="60" showInDefault="1"
-                       showInWebsite="1" showInStore="1">
+                       showInWebsite="1" showInStore="0">
                     <label>Policy</label>
                     <validate>validate-url validate-no-html-tags</validate>
                     <comment>Example: https://example.com/security-policy.html</comment>
+                    <backend_model>Magento\Securitytxt\Model\Config\Backend\SecureUrl</backend_model>
                 </field>
                 <field id="signature_text" translate="label comment" type="textarea" sortOrder="80" showInDefault="1"
-                       showInWebsite="1" showInStore="1">
+                       showInWebsite="1" showInStore="0">
                     <label>Signature</label>
                     <validate>validate-no-html-tags</validate>
                     <comment model="Magento\Securitytxt\Model\Config\Signature"/>
                 </field>
+                <depends>
+                    <field id="magento_securitytxt_securitytxt/general/enabled">1</field>
+                </depends>
             </group>
         </section>
     </system>
-</config>
+</config>
@@ -22,4 +22,11 @@
             <argument name="resultPageFactory" xsi:type="object">securitytxtResultPageFactory</argument>
         </arguments>
     </type>
-</config>
+    <type name="Magento\Securitytxt\Model\Config\Signature">
+        <arguments>
+            <argument name="instructionLink" xsi:type="string">
+                https://github.com/magento/security-package/blob/1.0-develop/Securitytxt/README.md
+            </argument>
+        </arguments>
+    </type>
+</config>
@@ -26,4 +26,5 @@ Hiring,Hiring
 "Example: https://example.com/jobs.html","Example: https://example.com/jobs.html"
 Policy,Policy
 "Example: https://example.com/security-policy.html","Example: https://example.com/security-policy.html"
-Signature,Signature
+Signature,Signature
+"Read instructions on how to generate signature","Read instructions on how to generate signature"
@@ -0,0 +1,19 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\TwoFactorAuth\Api;
+
+use Magento\Integration\Api\AdminTokenServiceInterface as OriginalTokenServiceInterface;
+
+/**
+ * Obtain basic information about the user required to setup or use 2fa
+ */
+interface AdminTokenServiceInterface extends OriginalTokenServiceInterface
+{
+
+}