Skip to content

Commit

Permalink
Magento 2.4 support
Browse files Browse the repository at this point in the history
  • Loading branch information
@sashas777
sashas777 committed Aug 9, 2020
1 parent 6e3d5bd commit 0e5f43d
Show file tree
Hide file tree
Showing 20 changed files with 315 additions and 256 deletions.
2 changes: 1 addition & 1 deletion .gitlab-ci.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
image: "sashas777/magento-php:7.3-cli"
image: "sashas777/magento-php:7.4-cli"

stages:
- build
Expand Down
1 change: 0 additions & 1 deletion Controller/Customer/ResetPost.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@
use Magento\Framework\Data\Form\FormKey\Validator;
use Magento\Framework\App\ResponseInterface;
use Magento\Framework\Controller\ResultInterface;
use MSP\TwoFactorAuth\Model\Provider\Engine\Google as MspGoogle;
use Magetarian\CustomerTwoFactorAuth\Controller\Customer;
use Magetarian\CustomerTwoFactorAuth\Api\ProviderPoolInterface;

Expand Down
2 changes: 1 addition & 1 deletion Model/Config/ConfigProvider.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
*/
class ConfigProvider
{
const XML_PATH_CUSTOMER_FORCE_TFA = 'msp_securitysuite_twofactorauth/general/customer_force_tfa';
const XML_PATH_CUSTOMER_FORCE_TFA = 'twofactorauth/general/customer_force_tfa';

/**
* @var ScopeConfigInterface
Expand Down
26 changes: 15 additions & 11 deletions Model/Provider/Engine/Authy.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,11 @@
use Magento\Framework\Exception\LocalizedException;
use Magetarian\CustomerTwoFactorAuth\Api\CustomerConfigManagerInterface;
use Magetarian\CustomerTwoFactorAuth\Api\EngineInterface;
use MSP\TwoFactorAuth\Model\Provider\Engine\Authy as MspAuthy;
use MSP\TwoFactorAuth\Model\Provider\Engine\Authy\Service as MspAuthyService;
use Magento\TwoFactorAuth\Model\Provider\Engine\Authy as MagentoAuthy;
use Magento\TwoFactorAuth\Model\Provider\Engine\Authy\Service as MagentoAuthyService;
use Magento\Framework\HTTP\Client\CurlFactory;
use Magento\Framework\Serialize\Serializer\Json;
use MSP\TwoFactorAuth\Model\ResourceModel\Country\CollectionFactory as CountryCollectionFactory;
use Magento\TwoFactorAuth\Model\ResourceModel\Country\CollectionFactory as CountryCollectionFactory;

/**
* Class Authy
Expand All @@ -29,7 +29,7 @@ class Authy implements EngineInterface
/**
* Enabled for customer XML Path
*/
const XML_PATH_ENABLED_CUSTOMER = 'msp_securitysuite_twofactorauth/authy/enabled_customer';
const XML_PATH_ENABLED_CUSTOMER = 'twofactorauth/authy/enabled_customer';

/**
* Key for customer id field
Expand Down Expand Up @@ -135,12 +135,14 @@ private function authenticate(CustomerInterface $customer, array $providerInfo,
if (!isset($providerInfo[static::CONFIG_CUSTOMER_KEY])) {
throw new LocalizedException(__('Missing customer information'));
}

if (isset($providerInfo[static::CONFIG_PENDING_APPROVAL_KEY])) {
$this->verifyOneTouch($customer, $providerInfo);
} else {
$url = $this->getProtectedApiEndpoint('verify/' . $code . '/' . $providerInfo[static::CONFIG_CUSTOMER_KEY]);
$this->makeApiRequest($url, [], 'GET');
}

}

/**
Expand All @@ -150,7 +152,6 @@ private function authenticate(CustomerInterface $customer, array $providerInfo,
public function isEnabled()
{
return
!!$this->scopeConfig->getValue(MspAuthy::XML_PATH_ENABLED) &&
!!$this->scopeConfig->getValue(static::XML_PATH_ENABLED_CUSTOMER) &&
!!$this->getApiKey();
}
Expand Down Expand Up @@ -323,9 +324,12 @@ private function verifyOneTouch(CustomerInterface $customer, array $providerInfo
{
$approvalCode = $providerInfo[static::CONFIG_PENDING_APPROVAL_KEY];
$status = $this->validateOneTouch($customer, $providerInfo, $approvalCode);
if ($status == 'approved') {

if ($status == 'approved' || $status == 'denied') {
unset($providerInfo[static::CONFIG_PENDING_APPROVAL_KEY]);
$this->customerConfigManager->setProviderConfig((int) $customer->getId(), $this->getCode(), $providerInfo);
} elseif ($status == 'denied') {
throw new LocalizedException(__('Authentication denied.'));
}
}

Expand Down Expand Up @@ -368,7 +372,7 @@ private function makeApiRequest(string $url, $data = [], $type = 'POST')
*/
private function getApiKey(): ?string
{
return $this->scopeConfig->getValue(MspAuthyService::XML_PATH_API_KEY);
return $this->scopeConfig->getValue(MagentoAuthyService::XML_PATH_API_KEY);
}

/**
Expand All @@ -378,7 +382,7 @@ private function getApiKey(): ?string
*/
private function getProtectedApiEndpoint(string $path): string
{
return MspAuthyService::AUTHY_BASE_ENDPOINT . 'protected/json/' . $path;
return MagentoAuthyService::AUTHY_BASE_ENDPOINT . 'protected/json/' . $path;
}

/**
Expand All @@ -388,7 +392,7 @@ private function getProtectedApiEndpoint(string $path): string
*/
private function getOneTouchApiEndpoint(string $path): string
{
return MspAuthyService::AUTHY_BASE_ENDPOINT . 'onetouch/json/' . $path;
return MagentoAuthyService::AUTHY_BASE_ENDPOINT . 'onetouch/json/' . $path;
}

/**
Expand All @@ -399,7 +403,7 @@ private function getCountriesList(): array
{
$countries = [];
$countriesList = $this->countryCollectionFactory->create()->addOrder('name', 'asc')->getItems();
/** @var \MSP\TwoFactorAuth\Api\Data\CountryInterface $country */
/** @var \Magento\TwoFactorAuth\Api\Data\CountryInterface $country */
foreach ($countriesList as $country) {
$countries[] = [
'dial_code' => $country->getDialCode(),
Expand All @@ -414,7 +418,7 @@ private function getCountriesList(): array
*/
public function getCode(): string
{
return MspAuthy::CODE;
return MagentoAuthy::CODE;
}

/**
Expand Down
57 changes: 28 additions & 29 deletions Model/Provider/Engine/DuoSecurity.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
use Magento\Framework\App\Config\ScopeConfigInterface;
use Magento\Framework\DataObject;
use Magetarian\CustomerTwoFactorAuth\Api\EngineInterface;
use MSP\TwoFactorAuth\Model\Provider\Engine\DuoSecurity as MspDuoSecurity;
use Magento\TwoFactorAuth\Model\Provider\Engine\DuoSecurity as MagentoDuoSecurity;

/**
* Class DuoSecurity
Expand All @@ -23,7 +23,7 @@ class DuoSecurity implements EngineInterface
/**
* Enabled for customer XML Path
*/
const XML_PATH_ENABLED_CUSTOMER = 'msp_securitysuite_twofactorauth/duo/enabled_customer';
const XML_PATH_ENABLED_CUSTOMER = 'twofactorauth/duo/enabled_customer';

/**
* @var ScopeConfigInterface
Expand All @@ -46,7 +46,7 @@ public function __construct(
*/
public function getApiHostname()
{
return $this->scopeConfig->getValue(MspDuoSecurity::XML_PATH_API_HOSTNAME);
return $this->scopeConfig->getValue(MagentoDuoSecurity::XML_PATH_API_HOSTNAME);
}

/**
Expand All @@ -55,7 +55,7 @@ public function getApiHostname()
*/
private function getApplicationKey()
{
return $this->scopeConfig->getValue(MspDuoSecurity::XML_PATH_APPLICATION_KEY);
return $this->scopeConfig->getValue(MagentoDuoSecurity::XML_PATH_APPLICATION_KEY);
}

/**
Expand All @@ -64,7 +64,7 @@ private function getApplicationKey()
*/
private function getSecretKey()
{
return $this->scopeConfig->getValue(MspDuoSecurity::XML_PATH_SECRET_KEY);
return $this->scopeConfig->getValue(MagentoDuoSecurity::XML_PATH_SECRET_KEY);
}

/**
Expand All @@ -73,7 +73,7 @@ private function getSecretKey()
*/
private function getIntegrationKey()
{
return $this->scopeConfig->getValue(MspDuoSecurity::XML_PATH_INTEGRATION_KEY);
return $this->scopeConfig->getValue(MagentoDuoSecurity::XML_PATH_INTEGRATION_KEY);
}

/**
Expand All @@ -85,12 +85,12 @@ private function getIntegrationKey()
* @param int $time
* @return string
*/
private function signValues($key, $values, $prefix, $expire, $time)
private function signValues(string $key, string $values, string $prefix, int $expire, int $time): string
{
$exp = $time + $expire;
$cookie = $prefix . '|' . base64_encode($values . '|' . $exp);

$sig = hash_hmac("sha1", $cookie, $key);
$sig = hash_hmac('sha1', $cookie, $key);
return $cookie . '|' . $sig;
}

Expand All @@ -102,41 +102,41 @@ private function signValues($key, $values, $prefix, $expire, $time)
* @param int $time
* @return string|false
*/
private function parseValues($key, $val, $prefix, $time)
private function parseValues(string $key, string $val, string $prefix, int $time): ?string
{
$integrationKey = $this->getIntegrationKey();

$timestamp = ($time ? $time : time());

$parts = explode('|', $val);
if (count($parts) !== 3) {
return false;
return null;
}
list($uPrefix, $uB64, $uSig) = $parts;
[$uPrefix, $uB64, $uSig] = $parts;

$sig = hash_hmac("sha1", $uPrefix . '|' . $uB64, $key);
if (hash_hmac("sha1", $sig, $key) !== hash_hmac("sha1", $uSig, $key)) {
return false;
$sig = hash_hmac('sha1', $uPrefix . '|' . $uB64, $key);
if (hash_hmac('sha1', $sig, $key) !== hash_hmac('sha1', $uSig, $key)) {
return null;
}

if ($uPrefix !== $prefix) {
return false;
return null;
}

// @codingStandardsIgnoreStart
$cookieParts = explode('|', base64_decode($uB64));
// @codingStandardsIgnoreEnd

if (count($cookieParts) !== 3) {
return false;
return null;
}
list($user, $uIkey, $exp) = $cookieParts;
[$user, $uIkey, $exp] = $cookieParts;

if ($uIkey !== $integrationKey) {
return false;
return null;
}
if ($timestamp >= (int) $exp) {
return false;
return null;
}

return $user;
Expand All @@ -147,23 +147,23 @@ private function parseValues($key, $val, $prefix, $time)
* @param CustomerInterface $customer
* @return string
*/
public function getRequestSignature(CustomerInterface $customer)
public function getRequestSignature(CustomerInterface $customer): string
{
$time = time();

$values = $customer->getEmail(). $customer->getId() . '|' . $this->getIntegrationKey();
$duoSignature = $this->signValues(
$this->getSecretKey(),
$values,
MspDuoSecurity::DUO_PREFIX,
MspDuoSecurity::DUO_EXPIRE,
MagentoDuoSecurity::DUO_PREFIX,
MagentoDuoSecurity::DUO_EXPIRE,
$time
);
$appSignature = $this->signValues(
$this->getApplicationKey(),
$values,
MspDuoSecurity::APP_PREFIX,
MspDuoSecurity::APP_EXPIRE,
MagentoDuoSecurity::APP_PREFIX,
MagentoDuoSecurity::APP_EXPIRE,
$time
);

Expand All @@ -176,14 +176,14 @@ public function getRequestSignature(CustomerInterface $customer)
* @param DataObject $request
* @return bool
*/
public function verify(CustomerInterface $customer, DataObject $request)
public function verify(CustomerInterface $customer, DataObject $request): bool
{
$time = time();

list($authSig, $appSig) = explode(':', $request->getData('tfa_code'));

$authUser = $this->parseValues($this->getSecretKey(), $authSig, MspDuoSecurity::AUTH_PREFIX, $time);
$appUser = $this->parseValues($this->getApplicationKey(), $appSig, MspDuoSecurity::APP_PREFIX, $time);
$authUser = $this->parseValues($this->getSecretKey(), $authSig, MagentoDuoSecurity::AUTH_PREFIX, $time);
$appUser = $this->parseValues($this->getApplicationKey(), $appSig, MagentoDuoSecurity::APP_PREFIX, $time);

return (($authUser === $appUser) && ($appUser === $customer->getEmail().$customer->getId()));
}
Expand All @@ -195,7 +195,6 @@ public function verify(CustomerInterface $customer, DataObject $request)
public function isEnabled()
{
return
!!$this->scopeConfig->getValue(MspDuoSecurity::XML_PATH_ENABLED) &&
!!$this->scopeConfig->getValue(static::XML_PATH_ENABLED_CUSTOMER) &&
!!$this->getApiHostname() &&
!!$this->getIntegrationKey() &&
Expand All @@ -208,7 +207,7 @@ public function isEnabled()
*/
public function getCode(): string
{
return MspDuoSecurity::CODE;
return MagentoDuoSecurity::CODE;
}

/**
Expand Down
Loading

0 comments on commit 0e5f43d

Please sign in to comment.