Merge remote-tracking branch 'gl_magento2ce/AC-11762' into AC-11762-8MAY

glo05363 · glo05363 · commit de9c50326ea1 · 2024-05-08T17:47:59.000+05:30
diff --git a/TwoFactorAuth/Model/Config/Backend/OtpWindow.php b/TwoFactorAuth/Model/Config/Backend/OtpWindow.php
@@ -0,0 +1,56 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\TwoFactorAuth\Model\Config\Backend;
+
+use Magento\Framework\App\Config\Value;
+use Magento\Framework\App\Config\Data\ProcessorInterface;
+use Magento\Framework\Exception\ValidatorException;
+use OTPHP\TOTPInterface;
+
+class OtpWindow extends Value implements ProcessorInterface
+{
+    /**
+     * @return int
+     */
+    private function getDefaultPeriod(): int
+    {
+        return TOTPInterface::DEFAULT_PERIOD;
+    }
+
+    /**
+     * Process the value before saving.
+     *
+     * @param mixed $value The configuration value.
+     * @return mixed The processed value.
+     * @throws ValidatorException If the value is invalid.
+     */
+    public function processValue($value)
+    {
+        if (!is_numeric($value)) {
+            throw new ValidatorException(__('The OTP window must be a numeric value.'));
+        }
+        $numericValue = (int) $value;
+        return $numericValue;
+    }
+
+    /**
+     * Validates the value before saving.
+     *
+     * @throws ValidatorException If the value is invalid.
+     */
+    public function beforeSave()
+    {
+        $value = $this->getValue();
+        $period = $this->getDefaultPeriod();
+        if (!is_numeric($value) || $value < 1 || $value >= $period) {
+            throw new ValidatorException(__('Invalid OTP window value. It must be less than the OTP period value '.$period));
+        }
+
+        return parent::beforeSave();
+    }
+}
diff --git a/TwoFactorAuth/Setup/Patch/Data/UpdateOtpWindow.php b/TwoFactorAuth/Setup/Patch/Data/UpdateOtpWindow.php
@@ -0,0 +1,75 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\TwoFactorAuth\Setup\Patch\Data;
+
+use Magento\Framework\Setup\Patch\DataPatchInterface;
+use Magento\Framework\Setup\ModuleDataSetupInterface;
+use OTPHP\TOTPInterface;
+
+class UpdateOtpWindow implements DataPatchInterface
+{
+    /**
+     * @var ModuleDataSetupInterface
+     */
+    private $moduleDataSetup;
+
+    public function __construct(ModuleDataSetupInterface $moduleDataSetup)
+    {
+        $this->moduleDataSetup = $moduleDataSetup;
+    }
+
+    public function getDefaultPeriod()
+    {
+        return TOTPInterface::DEFAULT_PERIOD;
+    }
+
+    /**
+     * Apply the data patch
+     */
+    public function apply()
+    {
+        $setup = $this->moduleDataSetup->getConnection();
+        $setup->startSetup();
+        $select = $setup->select()
+            ->from('core_config_data', ['path'])
+            ->where('path = ?', 'twofactorauth/google/otp_window');
+
+        $existingValue = $setup->fetchOne($select);
+        $period = $this->getDefaultPeriod();
+        if ($existingValue && $existingValue >= $period) {
+            $newWindowValue = $period - 1;
+        }
+
+        if ($existingValue) {
+            $setup->update(
+                'core_config_data',
+                ['value' => $newWindowValue],
+                'path = "twofactorauth/google/otp_window"'
+            );
+        }
+
+        $setup->endSetup();
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public static function getDependencies()
+    {
+        return [];
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getAliases()
+    {
+        return [];
+    }
+
+}
diff --git a/TwoFactorAuth/etc/adminhtml/system.xml b/TwoFactorAuth/etc/adminhtml/system.xml
@@ -43,6 +43,7 @@
                        showInWebsite="0" showInStore="0" canRestore="1">
                     <label>OTP Window</label>
                     <comment>This determines how long the one-time-passwords are valid for. An OTP Window of 1 will result in the current OTP value plus 1 code in the past and 1 code in the future to be valid at any given point in time.</comment>
+                    <backend_model>Magento\TwoFactorAuth\Model\Config\Backend\OtpWindow</backend_model>
                 </field>
             </group>
             <group id="duo" translate="label" type="text" sortOrder="40" showInDefault="1" showInWebsite="0"
diff --git a/TwoFactorAuth/etc/config.xml b/TwoFactorAuth/etc/config.xml
@@ -21,7 +21,7 @@
                 <application_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
             </duo>
             <google>
-                <otp_window>1</otp_window>
+                <otp_window backend_model="Magento\TwoFactorAuth\Model\Config\Backend\OtpWindow">1</otp_window>
             </google>
         </twofactorauth>
     </default>
