Merge remote-tracking branch 'gl_magento2ce/AC-11762' into AC-11762-8MAY

Author: glo05363

TwoFactorAuth/Model/Config/Backend/OtpWindow.php renamed to TwoFactorAuth/Model/Config/Backend/Leeway.php

@@ -12,9 +12,11 @@
 use Magento\Framework\Exception\ValidatorException;
 use OTPHP\TOTPInterface;
 
-class OtpWindow extends Value implements ProcessorInterface
+class Leeway extends Value implements ProcessorInterface
 {
     /**
+     * Fetch Totp default period value
+     *
      * @return int
      */
     private function getDefaultPeriod(): int
@@ -32,7 +34,7 @@ private function getDefaultPeriod(): int
     public function processValue($value)
     {
         if (!is_numeric($value)) {
-            throw new ValidatorException(__('The OTP window must be a numeric value.'));
+            throw new ValidatorException(__('The Leeway must be a numeric value.'));
         }
         $numericValue = (int) $value;
         return $numericValue;
@@ -48,7 +50,13 @@ public function beforeSave()
         $value = $this->getValue();
         $period = $this->getDefaultPeriod();
         if (!is_numeric($value) || $value < 1 || $value >= $period) {
-            throw new ValidatorException(__('Invalid OTP window value. It must be less than the OTP period value '.$period));
+            throw new ValidatorException(
+                __(
+                    'Invalid Leeway value. It must be between 1 and %1 as default period is %2',
+                    $period-1,
+                    $period
+                )
+            );
         }
 
         return parent::beforeSave();

TwoFactorAuth/Model/Provider/Engine/Google.php

@@ -35,7 +35,7 @@ class Google implements EngineInterface
     /**
      * Config path for the OTP window
      */
-    const XML_PATH_OTP_WINDOW = 'twofactorauth/google/otp_window';
+    public const XML_PATH_LEEWAY = 'twofactorauth/google/leeway';
 
     /**
      * Engine code
@@ -199,7 +199,7 @@ public function verify(UserInterface $user, DataObject $request): bool
         return $totp->verify(
             $token,
             null,
-            $config['window'] ?? (int)$this->scopeConfig->getValue(self::XML_PATH_OTP_WINDOW) ?: null
+            $config['window'] ?? (int)$this->scopeConfig->getValue(self::XML_PATH_LEEWAY) ?: null
         );
     }
 

TwoFactorAuth/Setup/Patch/Data/UpdateOtpWindow.php renamed to TwoFactorAuth/Setup/Patch/Data/UpdateLeeway.php

@@ -11,18 +11,26 @@
 use Magento\Framework\Setup\ModuleDataSetupInterface;
 use OTPHP\TOTPInterface;
 
-class UpdateOtpWindow implements DataPatchInterface
+class UpdateLeeway implements DataPatchInterface
 {
     /**
      * @var ModuleDataSetupInterface
      */
     private $moduleDataSetup;
 
+    /**
+     * @param ModuleDataSetupInterface $moduleDataSetup
+     */
     public function __construct(ModuleDataSetupInterface $moduleDataSetup)
     {
         $this->moduleDataSetup = $moduleDataSetup;
     }
 
+    /**
+     * Fetch Totp default period
+     *
+     * @return int
+     */
     public function getDefaultPeriod()
     {
         return TOTPInterface::DEFAULT_PERIOD;
@@ -37,23 +45,21 @@ public function apply()
         $setup->startSetup();
         $select = $setup->select()
             ->from('core_config_data', ['path'])
-            ->where('path = ?', 'twofactorauth/google/otp_window');
+            ->where('path = ?', 'twofactorauth/google/leeway');
 
         $existingValue = $setup->fetchOne($select);
         $period = $this->getDefaultPeriod();
         if ($existingValue && $existingValue >= $period) {
             $newWindowValue = $period - 1;
-        }
-
-        if ($existingValue) {
             $setup->update(
                 'core_config_data',
                 ['value' => $newWindowValue],
-                'path = "twofactorauth/google/otp_window"'
+                'path = "twofactorauth/google/leeway"'
             );
         }
-
         $setup->endSetup();
+
+        return $this;
     }
 
     /**
@@ -71,5 +77,4 @@ public function getAliases()
     {
         return [];
     }
-
 }

TwoFactorAuth/Test/Api/GoogleActivateTest.php

@@ -129,7 +129,7 @@ public function testAlreadyActivatedProvider()
     /**
      * @magentoConfigFixture twofactorauth/general/force_providers google
      * @magentoApiDataFixture Magento/User/_files/user_with_custom_role.php
-     * @magentoConfigFixture twofactorauth/google/otp_window 20
+     * @magentoConfigFixture twofactorauth/google/leeway 29
      */
     public function testActivate()
     {

TwoFactorAuth/Test/Api/GoogleAuthenticateTest.php

@@ -223,7 +223,7 @@ public function testNotConfiguredProvider(): void
     /**
      * @magentoConfigFixture twofactorauth/general/force_providers google
      * @magentoApiDataFixture Magento/User/_files/user_with_custom_role.php
-     * @magentoConfigFixture twofactorauth/google/otp_window 20
+     * @magentoConfigFixture twofactorauth/google/leeway 29
      *
      * @return void
      */

TwoFactorAuth/etc/adminhtml/system.xml

@@ -39,11 +39,11 @@
             <group id="google" translate="label" type="text" sortOrder="30" showInDefault="1" showInWebsite="0"
                    showInStore="0">
                 <label>Google</label>
-                <field id="otp_window" translate="label comment" type="text" sortOrder="10" showInDefault="1"
+                <field id="leeway" translate="label comment" type="text" sortOrder="10" showInDefault="1"
                        showInWebsite="0" showInStore="0" canRestore="1">
-                    <label>OTP Window</label>
-                    <comment>This determines how long the one-time-passwords are valid for. An OTP Window of 1 will result in the current OTP value plus 1 code in the past and 1 code in the future to be valid at any given point in time.</comment>
-                    <backend_model>Magento\TwoFactorAuth\Model\Config\Backend\OtpWindow</backend_model>
+                    <label>Leeway</label>
+                    <comment>This sets the time drift leeway for OTPs. A leeway of 29 with a period of 30 means OTPs are valid within ±29 seconds from the current time. The leeway must be smaller than the period</comment>
+                    <backend_model>Magento\TwoFactorAuth\Model\Config\Backend\Leeway</backend_model>
                 </field>
             </group>
             <group id="duo" translate="label" type="text" sortOrder="40" showInDefault="1" showInWebsite="0"

TwoFactorAuth/etc/config.xml

@@ -21,7 +21,7 @@
                 <application_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
             </duo>
             <google>
-                <otp_window backend_model="Magento\TwoFactorAuth\Model\Config\Backend\OtpWindow">1</otp_window>
+                <leeway backend_model="Magento\TwoFactorAuth\Model\Config\Backend\Leeway">29</leeway>
             </google>
         </twofactorauth>
     </default>