MC-37886: 2FA fixes

OlgaVasyltsun · OlgaVasyltsun · commit ae070bfa330b · 2021-01-12T10:49:54.000+02:00
diff --git a/TwoFactorAuth/Controller/Adminhtml/Tfa/Requestconfig.php b/TwoFactorAuth/Controller/Adminhtml/Tfa/Requestconfig.php
@@ -19,6 +19,9 @@
 use Magento\TwoFactorAuth\Api\UserConfigRequestManagerInterface;
 use Magento\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use Magento\TwoFactorAuth\Model\UserConfig\HtmlAreaTokenVerifier;
+use Magento\TwoFactorAuth\Model\TfaSession;
+use Magento\Framework\App\ObjectManager;
+use Magento\TwoFactorAuth\Model\Exception\NotificationException;
 
 /**
  * Request 2FA config from the user.
@@ -50,25 +53,33 @@ class Requestconfig extends AbstractAction implements HttpGetActionInterface, Ht
      */
     private $session;
 
+    /**
+     * @var TfaSession
+     */
+    private $tfaSession;
+
     /**
      * @param Context $context
      * @param UserConfigRequestManagerInterface $configRequestManager
      * @param HtmlAreaTokenVerifier $tokenVerifier
      * @param TfaInterface $tfa
      * @param Session $session
+     * @param TfaSession $tfaSession
      */
     public function __construct(
         Context $context,
         UserConfigRequestManagerInterface $configRequestManager,
         HtmlAreaTokenVerifier $tokenVerifier,
         TfaInterface $tfa,
-        Session $session
+        Session $session,
+        TfaSession $tfaSession
     ) {
         parent::__construct($context);
         $this->configRequestManager = $configRequestManager;
         $this->tokenVerifier = $tokenVerifier;
         $this->tfa = $tfa;
         $this->session = $session;
+        $this->tfaSession = $tfaSession ?? ObjectManager::getInstance()->get(TfaSession::class);
     }
 
     /**
@@ -89,7 +100,11 @@ public function execute()
         }
 
         try {
+            if ($this->tfaSession->isTfaEmailSent()) {
+                throw new NotificationException();
+            }
             $this->configRequestManager->sendConfigRequestTo($user);
+            $this->tfaSession->setTfaEmailSentFlag();
         } catch (AuthorizationException $exception) {
             $this->messageManager->addErrorMessage(
                 'Please ask an administrator with sufficient access to configure 2FA first'
diff --git a/TwoFactorAuth/Model/TfaSession.php b/TwoFactorAuth/Model/TfaSession.php
@@ -17,7 +17,7 @@
  */
 class TfaSession extends SessionManager implements TfaSessionInterface
 {
-    private const SKIPPED_PROVIDERS_KEY = 'tfa_skipped_config';
+    const SKIPPED_PROVIDERS_KEY = 'tfa_skipped_config';
 
     private const TFA_EMAIL_SENT = 'tfa_email_sent';
 
@@ -44,15 +44,15 @@ public function isGranted(): bool
      */
     public function getSkippedProviderConfig(): array
     {
-        return $this->getData(self::SKIPPED_PROVIDERS_KEY) ?? [];
+        return $this->getData(static::SKIPPED_PROVIDERS_KEY) ?? [];
     }
 
     /**
      * @inheritDoc
      */
     public function setSkippedProviderConfig(array $config): void
     {
-        $this->storage->setData(self::SKIPPED_PROVIDERS_KEY, $config);
+        $this->storage->setData(static::SKIPPED_PROVIDERS_KEY, $config);
     }
 
     /**
diff --git a/TwoFactorAuth/Model/UserConfig/SignedTokenManager.php b/TwoFactorAuth/Model/UserConfig/SignedTokenManager.php
@@ -13,8 +13,6 @@
 use Magento\Framework\Serialize\Serializer\Json;
 use Magento\Framework\Stdlib\DateTime\DateTime;
 use Magento\TwoFactorAuth\Api\UserConfigTokenManagerInterface;
-use Magento\Framework\App\ObjectManager;
-use Magento\TwoFactorAuth\Model\TfaSession;
 
 /**
  * @inheritDoc
@@ -36,27 +34,16 @@ class SignedTokenManager implements UserConfigTokenManagerInterface
      */
     private $dateTime;
 
-    /**
-     * @var TfaSession
-     */
-    private $tfaSession;
-
     /**
      * @param EncryptorInterface $encryptor
      * @param Json $json
      * @param DateTime $dateTime
-     * @param TfaSession|null $tfaSession
      */
-    public function __construct(
-        EncryptorInterface $encryptor,
-        Json $json,
-        DateTime $dateTime,
-        TfaSession $tfaSession = null
-    ) {
+    public function __construct(EncryptorInterface $encryptor, Json $json, DateTime $dateTime)
+    {
         $this->encryptor = $encryptor;
         $this->json = $json;
         $this->dateTime = $dateTime;
-        $this->tfaSession = $tfaSession ?? ObjectManager::getInstance()->get(TfaSession::class);
     }
 
     /**
@@ -67,7 +54,7 @@ public function issueFor(int $userId): string
         $data = ['user_id' => $userId, 'tfa_configuration' => true, 'iss' => $this->dateTime->timestamp()];
         $encodedData = $this->json->serialize($data);
         $signature = base64_encode($this->encryptor->hash($encodedData));
-        $this->tfaSession->setTfaEmailSentFlag();
+
         return base64_encode($encodedData .'.' .$signature);
     }
 
diff --git a/TwoFactorAuth/Model/UserConfig/UserConfigRequestManager.php b/TwoFactorAuth/Model/UserConfig/UserConfigRequestManager.php
@@ -15,8 +15,6 @@
 use Magento\TwoFactorAuth\Api\UserConfigTokenManagerInterface;
 use Magento\TwoFactorAuth\Api\UserNotifierInterface;
 use Magento\Framework\Authorization\PolicyInterface as Authorization;
-use Magento\Framework\App\ObjectManager;
-use Magento\TwoFactorAuth\Model\TfaSession;
 
 /**
  * @inheritDoc
@@ -43,30 +41,22 @@ class UserConfigRequestManager implements UserConfigRequestManagerInterface
      */
     private $auth;
 
-    /**
-     * @var TfaSession
-     */
-    private $tfaSession;
-
     /**
      * @param TfaInterface $tfa
      * @param UserNotifierInterface $notifier
      * @param UserConfigTokenManagerInterface $tokenManager
      * @param Authorization $auth
-     * @param TfaSession|null $tfaSession
      */
     public function __construct(
         TfaInterface $tfa,
         UserNotifierInterface $notifier,
         UserConfigTokenManagerInterface $tokenManager,
-        Authorization $auth,
-        TfaSession $tfaSession = null
+        Authorization $auth
     ) {
         $this->tfa = $tfa;
         $this->notifier = $notifier;
         $this->tokenManager = $tokenManager;
         $this->auth = $auth;
-        $this->tfaSession = $tfaSession ?? ObjectManager::getInstance()->get(TfaSession::class);
     }
 
     /**
@@ -89,9 +79,7 @@ public function sendConfigRequestTo(User $user): void
             if (!$this->auth->isAllowed($user->getAclRole(), 'Magento_TwoFactorAuth::config')) {
                 throw new AuthorizationException(__('User is not authorized to edit 2FA configuration'));
             }
-            if (!$this->tfaSession->isTfaEmailSent()) {
-                $this->notifier->sendAppConfigRequestMessage($user, $this->tokenManager->issueFor($userId));
-            }
+            $this->notifier->sendAppConfigRequestMessage($user, $this->tokenManager->issueFor($userId));
         } else {
             //Personal provider config required.
             $this->notifier->sendUserConfigRequestMessage($user, $this->tokenManager->issueFor($userId));

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@`
`17`	`17`	`*/`
`18`	`18`	`class TfaSession extends SessionManager implements TfaSessionInterface`
`19`	`19`	`{`
`20`		`- private const SKIPPED_PROVIDERS_KEY = 'tfa_skipped_config';`
	`20`	`+ const SKIPPED_PROVIDERS_KEY = 'tfa_skipped_config';`
`21`	`21`
`22`	`22`	`private const TFA_EMAIL_SENT = 'tfa_email_sent';`
`23`	`23`
`@@ -44,15 +44,15 @@ public function isGranted(): bool`
`44`	`44`	`*/`
`45`	`45`	`public function getSkippedProviderConfig(): array`
`46`	`46`	`{`
`47`		`- return $this->getData(self::SKIPPED_PROVIDERS_KEY) ?? [];`
	`47`	`+ return $this->getData(static::SKIPPED_PROVIDERS_KEY) ?? [];`
`48`	`48`	`}`
`49`	`49`
`50`	`50`	`/**`
`51`	`51`	`* @inheritDoc`
`52`	`52`	`*/`
`53`	`53`	`public function setSkippedProviderConfig(array $config): void`
`54`	`54`	`{`
`55`		`- $this->storage->setData(self::SKIPPED_PROVIDERS_KEY, $config);`
	`55`	`+ $this->storage->setData(static::SKIPPED_PROVIDERS_KEY, $config);`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`/**`