AC-10982::[2FA] Integrate with Duo Web SDK to support Universal Prompt-unit tests fixes

Author: glo05363

TwoFactorAuth/Model/Provider/Engine/DuoSecurity.php

@@ -12,7 +12,6 @@
 use Magento\Framework\DataObject;
 use Magento\Framework\Data\Form\FormKey;
 use Magento\Framework\Encryption\EncryptorInterface;
-use Magento\Framework\Session\SessionManagerInterface;
 use Magento\Framework\UrlInterface;
 use Magento\User\Api\Data\UserInterface;
 use Magento\TwoFactorAuth\Api\EngineInterface;
@@ -21,7 +20,6 @@
 
 /**
  * Duo Security engine
- * @SuppressWarnings(PHPMD.CookieAndSessionMisuse)
  */
 class DuoSecurity implements EngineInterface
 {
@@ -110,17 +108,11 @@ class DuoSecurity implements EngineInterface
      */
     private $formKey;
 
-    /**
-     * @var SessionManagerInterface
-     */
-    private $session;
-
     /**
      * @param ScopeConfigInterface $scopeConfig
      * @param EncryptorInterface $encryptor
      * @param UrlInterface $urlBuilder
      * @param FormKey $formKey
-     * @param SessionManagerInterface $session
      * @param Client|null $client
      * @param DuoAuth|null $duoAuth
      * @throws \Duo\DuoUniversal\DuoException
@@ -130,15 +122,13 @@ public function __construct(
         EncryptorInterface $encryptor,
         UrlInterface $urlBuilder,
         FormKey $formKey,
-        SessionManagerInterface $session,
         Client $client = null,
         DuoAuth $duoAuth = null
     ) {
         $this->scopeConfig = $scopeConfig;
         $this->encryptor = $encryptor;
         $this->urlBuilder = $urlBuilder;
         $this->formKey = $formKey;
-        $this->session = $session;
         $this->client = $client ?? new Client(
             $this->getClientId(),
             $this->getClientSecret(),
@@ -239,9 +229,8 @@ public function verify(UserInterface $user, DataObject $request): bool
         }
 
         try {
+            // Not saving token as this is just for verificaiton purpose
             $decoded_token = $this->client->exchangeAuthorizationCodeFor2FAResult($duoCode, $username);
-            // Save the token in the session for later use
-            $this->session->setData('duo_token', $decoded_token);
         } catch (LocalizedException $e) {
             return false;
         }

TwoFactorAuth/Test/Unit/Model/Provider/Engine/DuoSecurityTest.php

@@ -12,7 +12,6 @@
 use Magento\Framework\Data\Form\FormKey;
 use Magento\Framework\DataObject;
 use Magento\Framework\Encryption\EncryptorInterface;
-use Magento\Framework\Session\SessionManagerInterface;
 use Magento\Framework\UrlInterface;
 use Magento\TwoFactorAuth\Model\Provider\Engine\DuoSecurity;
 use Magento\User\Api\Data\UserInterface;
@@ -35,9 +34,6 @@ class DuoSecurityTest extends TestCase
     /** @var MockObject|FormKey */
     private $formKeyMock;
 
-    /** @var MockObject|SessionManagerInterface */
-    private $sessionMock;
-
     /** @var MockObject|Client */
     private $clientMock;
 
@@ -67,10 +63,6 @@ protected function setUp(): void
             ->disableOriginalConstructor()
             ->getMock();
 
-        $this->sessionMock = $this->getMockBuilder(SessionManagerInterface::class)
-            ->disableOriginalConstructor()
-            ->getMock();
-
         $this->clientMock = $this->createMock(Client::class);
         $this->duoAuthMock = $this->createMock(DuoAuth::class);
 
@@ -79,7 +71,6 @@ protected function setUp(): void
             $this->encryptorMock,
             $this->urlMock,
             $this->formKeyMock,
-            $this->sessionMock,
             $this->clientMock,
             $this->duoAuthMock
         );