AC-10982::[2FA] Integrate with Duo Web SDK to support Universal Prompt-fixes for SVC, static and integration failures

glo05363 · glo05363 · commit b84ac593e0ca · 2024-12-20T18:14:37.000+05:30
diff --git a/TwoFactorAuth/Api/Data/DuoDataInterface.php b/TwoFactorAuth/Api/Data/DuoDataInterface.php
@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2020 Adobe
+ * All Rights Reserved.
  */
 declare(strict_types=1);
 
diff --git a/TwoFactorAuth/Api/DuoAuthenticateInterface.php b/TwoFactorAuth/Api/DuoAuthenticateInterface.php
@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2020 Adobe
+ * All Rights Reserved.
  */
 
 declare(strict_types=1);
diff --git a/TwoFactorAuth/Api/DuoConfigureInterface.php b/TwoFactorAuth/Api/DuoConfigureInterface.php
@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2020 Adobe
+ * All Rights Reserved.
  */
 
 declare(strict_types=1);
diff --git a/TwoFactorAuth/Block/Provider/Duo/Auth.php b/TwoFactorAuth/Block/Provider/Duo/Auth.php
@@ -11,47 +11,29 @@
 use Magento\Backend\Block\Template;
 use Magento\Backend\Model\Auth\Session;
 use Magento\Framework\Exception\LocalizedException;
-use Magento\Framework\Message\ManagerInterface;
-use Magento\TwoFactorAuth\Model\Provider\Engine\DuoSecurity;
 
 /**
  * @api
  */
 class Auth extends Template
 {
-    /**
-     * @var DuoSecurity
-     */
-    private $duoSecurity;
-
     /**
      * @var Session
      */
     private $session;
 
-    /**
-     * @var ManagerInterface
-     */
-    private $messageManager;
-
     /**
      * @param Template\Context $context
      * @param Session $session
-     * @param DuoSecurity $duoSecurity
-     * @param ManagerInterface $messageManager
      * @param array $data
      */
     public function __construct(
         Template\Context $context,
         Session $session,
-        DuoSecurity $duoSecurity,
-        ManagerInterface $messageManager,
         array $data = []
     ) {
         parent::__construct($context, $data);
-        $this->duoSecurity = $duoSecurity;
         $this->session = $session;
-        $this->messageManager = $messageManager;
     }
 
     /**
@@ -63,18 +45,10 @@ public function getJsLayout()
         if (!$user) {
             throw new LocalizedException(__('User session not found.'));
         }
-        $username = $user->getUserName();
-        $state = $this->duoSecurity->generateDuoState();
-        $this->session->setDuoState($state);
-        $response = $this->duoSecurity->initiateAuth($username, $state);
-
-        if ($response['status'] == 'open') {
-            $this->messageManager->addErrorMessage($response['message']);
-        } elseif ($response['status'] == 'closed') {
-            $this->messageManager->addErrorMessage($response['message']);
+        $authUrl = $this->getData('auth_url');
+        if ($authUrl) {
+            $this->jsLayout['components']['tfa-auth']['authUrl'] = $authUrl;
         }
-
-        $this->jsLayout['components']['tfa-auth']['authUrl'] = $response['redirect_url'];
         return parent::getJsLayout();
     }
 }
diff --git a/TwoFactorAuth/Controller/Adminhtml/Duo/Auth.php b/TwoFactorAuth/Controller/Adminhtml/Duo/Auth.php
@@ -10,6 +10,8 @@
 use Magento\Backend\Model\Auth\Session;
 use Magento\Backend\App\Action;
 use Magento\Framework\App\Action\HttpGetActionInterface;
+use Magento\Framework\Controller\Result\RedirectFactory;
+use Magento\Framework\Message\ManagerInterface;
 use Magento\Framework\View\Result\PageFactory;
 use Magento\TwoFactorAuth\Api\TfaInterface;
 use Magento\TwoFactorAuth\Api\UserConfigManagerInterface;
@@ -48,28 +50,46 @@ class Auth extends AbstractAction implements HttpGetActionInterface
      */
     private $tokenVerifier;
 
+    /**
+     * @var DuoSecurity
+     */
+    private $duoSecurity;
+    /**
+     * @var ManagerInterface
+     */
+    protected $messageManager;
+    /**
+     * @var RedirectFactory
+     */
+    protected $resultRedirectFactory;
+
     /**
      * @param Action\Context $context
      * @param Session $session
      * @param PageFactory $pageFactory
      * @param UserConfigManagerInterface $userConfigManager
      * @param TfaInterface $tfa
      * @param HtmlAreaTokenVerifier $tokenVerifier
+     * @param DuoSecurity $duoSecurity
      */
     public function __construct(
         Action\Context $context,
         Session $session,
         PageFactory $pageFactory,
         UserConfigManagerInterface $userConfigManager,
         TfaInterface $tfa,
-        HtmlAreaTokenVerifier $tokenVerifier
+        HtmlAreaTokenVerifier $tokenVerifier,
+        DuoSecurity $duoSecurity
     ) {
         parent::__construct($context);
         $this->tfa = $tfa;
         $this->session = $session;
         $this->pageFactory = $pageFactory;
         $this->userConfigManager = $userConfigManager;
         $this->tokenVerifier = $tokenVerifier;
+        $this->duoSecurity = $duoSecurity;
+        $this->messageManager = $context->getMessageManager();
+        $this->resultRedirectFactory = $context->getResultRedirectFactory();
     }
 
     /**
@@ -87,8 +107,31 @@ private function getUser()
      */
     public function execute()
     {
+        $user = $this->getUser();
+        if (!$user) {
+            $this->messageManager->addErrorMessage(__('User session not found.'));
+        }
         $this->userConfigManager->setDefaultProvider((int)$this->getUser()->getId(), DuoSecurity::CODE);
-        return $this->pageFactory->create();
+
+        $username = $this->getUser()->getUserName();
+        $state = $this->duoSecurity->generateDuoState();
+        $this->session->setDuoState($state);
+        $response = $this->duoSecurity->initiateAuth($username, $state);
+        if ($response['status'] === 'open') {
+            // If fail mode is "open", skip the Duo prompt.
+            $this->messageManager->addErrorMessage($response['message']);
+        }
+        if ($response['status'] === 'closed') {
+            // If fail mode is "closed", show an error message.
+            $this->messageManager->addErrorMessage($response['message']);
+        }
+
+        $resultPage = $this->pageFactory->create();
+        $block = $resultPage->getLayout()->getBlock('content');
+        if ($block) {
+            $block->setData('auth_url', $response['redirect_url']);
+        }
+        return $resultPage;
     }
 
     /**
diff --git a/TwoFactorAuth/Model/Data/Provider/Engine/DuoSecurity/Data.php b/TwoFactorAuth/Model/Data/Provider/Engine/DuoSecurity/Data.php
@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2020 Adobe
+ * All Rights Reserved.
  */
 
 declare(strict_types=1);
diff --git a/TwoFactorAuth/Test/Integration/Model/Provider/Engine/DuoSecurity/AuthenticateTest.php b/TwoFactorAuth/Test/Integration/Model/Provider/Engine/DuoSecurity/AuthenticateTest.php
@@ -80,7 +80,7 @@ public function testVerifyInvalidCredentials()
         $this->duo
             ->expects($this->never())
             ->method('authorizeUser');
-        $this->model->createAdminAccessTokenWithCredentials(
+        $this->model->createAdminAccessTokenWithCredentialsAndPasscode(
             'adminUser',
             'abc',
             '123456'
@@ -107,7 +107,7 @@ public function testVerifyNotConfiguredProvider()
         $this->duo
             ->expects($this->never())
             ->method('authorizeUser');
-        $this->model->createAdminAccessTokenWithCredentials(
+        $this->model->createAdminAccessTokenWithCredentialsAndPasscode(
             'adminUser',
             Bootstrap::ADMIN_PASSWORD,
             '123456'
@@ -125,7 +125,7 @@ public function testVerifyUnavailableProvider()
         $this->duo
             ->expects($this->never())
             ->method('authorizeUser');
-        $this->model->createAdminAccessTokenWithCredentials(
+        $this->model->createAdminAccessTokenWithCredentialsAndPasscode(
             'adminUser',
             Bootstrap::ADMIN_PASSWORD,
             '123456'
@@ -163,7 +163,7 @@ public function testVerifyValidRequest()
             ->willReturn(['status' => 'allow']);
 
         // Attempt to create the access token
-        $token = $this->model->createAdminAccessTokenWithCredentials(
+        $token = $this->model->createAdminAccessTokenWithCredentialsAndPasscode(
             $username,
             $password,
             $passcode
@@ -207,7 +207,7 @@ public function testVerifyInvalidRequest()
             ->willReturn(['status' => 'deny', 'msg' => 'Authentication denied']); // Simulate invalid response
 
         // Attempt to create the access token, expecting an exception due to the invalid response
-        $this->model->createAdminAccessTokenWithCredentials(
+        $this->model->createAdminAccessTokenWithCredentialsAndPasscode(
             $username,
             $password,
             $passcode
diff --git a/TwoFactorAuth/Test/Integration/Model/Provider/Engine/DuoSecurity/ConfigureTest.php b/TwoFactorAuth/Test/Integration/Model/Provider/Engine/DuoSecurity/ConfigureTest.php
