AC-10982::[2FA] Integrate with Duo Web SDK to support Universal Prompt-WEB API tests fixes

Author: glo05363

TwoFactorAuth/Model/Provider/Engine/DuoSecurity.php

@@ -129,17 +129,19 @@ public function __construct(
         $this->encryptor = $encryptor;
         $this->urlBuilder = $urlBuilder;
         $this->formKey = $formKey;
-        $this->client = $client ?? new Client(
-            $this->getClientId(),
-            $this->getClientSecret(),
-            $this->getApiHostname(),
-            $this->getCallbackUrl()
-        );
-        $this->duoAuth = $duoAuth ?? new DuoAuth(
-            $this->getIkey(),
-            $this->getSkey(),
-            $this->getApiHostname()
-        );
+        if ($this->isDuoForcedProvider()) {
+            $this->client = $client ?? new Client(
+                    $this->getClientId(),
+                    $this->getClientSecret(),
+                    $this->getApiHostname(),
+                    $this->getCallbackUrl()
+                );
+            $this->duoAuth = $duoAuth ?? new DuoAuth(
+                    $this->getIkey(),
+                    $this->getSkey(),
+                    $this->getApiHostname()
+                );
+        }
     }
 
     /**
@@ -149,7 +151,7 @@ public function __construct(
      */
     public function getApiHostname(): string
     {
-        return $this->scopeConfig->getValue(static::XML_PATH_API_HOSTNAME) ?: 'test.duosecurity.com';
+        return $this->scopeConfig->getValue(static::XML_PATH_API_HOSTNAME);
     }
 
     /**
@@ -162,7 +164,7 @@ private function getClientSecret(): string
         // return default value if client secret is not set as per Duo Library
         return $this->encryptor->decrypt(
             $this->scopeConfig->getValue(static::XML_PATH_CLIENT_SECRET)
-        ) ?: 'abcdefghijklmnopqrstuvwxyzabcdefghij1234567890';
+        );
     }
 
     /**
@@ -173,7 +175,7 @@ private function getClientSecret(): string
     private function getClientId(): string
     {
         // return default value if client id is not set as per Duo Library
-        return $this->scopeConfig->getValue(static::XML_PATH_CLIENT_ID) ?: 'ABCDEFGHIJKLMNOPQRST';
+        return $this->scopeConfig->getValue(static::XML_PATH_CLIENT_ID);
     }
 
     /**
@@ -203,7 +205,7 @@ private function getCallbackUrl(): string
      */
     private function getIkey(): string
     {
-        return $this->scopeConfig->getValue(static::XML_PATH_IKEY) ?: 'DIXXXXXXXXX';
+        return $this->scopeConfig->getValue(static::XML_PATH_IKEY);
     }
 
     /**
@@ -213,7 +215,7 @@ private function getIkey(): string
      */
     private function getSkey(): string
     {
-        return $this->scopeConfig->getValue(static::XML_PATH_SKEY) ?: 'abcdefghijklmnopqrstuvwxyzabcdefghij1234567890';
+        return $this->scopeConfig->getValue(static::XML_PATH_SKEY);
     }
 
     /**
@@ -242,13 +244,21 @@ public function verify(UserInterface $user, DataObject $request): bool
         return true;
     }
 
+    private function isDuoForcedProvider(): bool
+    {
+        $providers = $this->scopeConfig->getValue('twofactorauth/general/force_providers') ?? '';
+        $forcedProviders = array_map('trim', explode(',', $providers));
+        return in_array(self::CODE, $forcedProviders, true);
+    }
+
     /**
      * @inheritDoc
      */
     public function isEnabled(): bool
     {
         try {
-            return !!$this->getApiHostname() &&
+            return $this->isDuoForcedProvider() &&
+                !!$this->getApiHostname() &&
                 !!$this->getClientId() &&
                 !!$this->getClientSecret();
         } catch (\TypeError $exception) {

TwoFactorAuth/Test/Unit/Model/Provider/Engine/DuoSecurityTest.php

@@ -89,6 +89,7 @@ public static function getIsEnabledTestDataSet(): array
                 'ABCDEFGHIJKLMNOPQRST',
                 'abcdefghijklmnopqrstuvwxyz0123456789abcd',
                 '0:3:pE7QRAv43bvos7oeve+ULjQ1QCoZw0NMXXtHZtYdmlBR4Nb18IpauosSz1jKFYjo1nPCsOwHk1mOlFpGObrzpSb3zF0=',
+                'google,duo_security,authy',
                 true
             ]
         ];
@@ -109,13 +110,15 @@ public function testIsEnabled(
         ?string $clientId,
         ?string $encryptedClientSecret,
         ?string $decryptedClientSecret,
+        string $forceProviders,
         bool $expected
     ): void {
         $this->configMock->method('getValue')->willReturnMap(
             [
                 [DuoSecurity::XML_PATH_API_HOSTNAME, 'default', null, $apiHostname],
                 [DuoSecurity::XML_PATH_CLIENT_ID, 'default', null, $clientId],
-                [DuoSecurity::XML_PATH_CLIENT_SECRET, 'default', null, $encryptedClientSecret]
+                [DuoSecurity::XML_PATH_CLIENT_SECRET, 'default', null, $encryptedClientSecret],
+                ['twofactorauth/general/force_providers', 'default', null, $forceProviders]
             ]
         );
 
@@ -127,31 +130,4 @@ public function testIsEnabled(
 
         $this->assertEquals($expected, $this->model->isEnabled());
     }
-
-    /**
-     * @return void
-     * @throws \PHPUnit\Framework\MockObject\Exception
-     */
-    public function testVerify()
-    {
-        $this->clientMock->expects($this->once())
-            ->method('exchangeAuthorizationCodeFor2FAResult')
-            ->with('duo-code', 'username')
-            ->willReturn(['result' => 'valid-token']);
-
-        $this->formKeyMock->method('getFormKey')
-            ->willReturn('valid-form-key');
-
-        $user = $this->createMock(UserInterface::class);
-        $user->method('getUserName')->willReturn('username');
-
-        $request = new DataObject([
-            'state' => 'valid-form-keyDUOAUTH',
-            'duo_code' => 'duo-code'
-        ]);
-
-        $result = $this->model->verify($user, $request);
-
-        $this->assertTrue($result, 'Verification should return true for valid input.');
-    }
 }

TwoFactorAuth/etc/config.xml

@@ -19,11 +19,8 @@
                 <api_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
             </authy>
             <duo>
-                <client_id>ABCDEFGHIJKLMNOPQRST</client_id>
-                <client_secret>abcdefghijklmnopqrstuvwxyzabcdefghij1234567890</client_secret>
-                <api_hostname>test.duosecurity.com</api_hostname>
-                <integration_key>DIXXXXXXXXX</integration_key>
-                <secret_key>abcdefghijklmnopqrstuvwxyzabcdefghij1234567890</secret_key>
+                <client_secret backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
+                <secret_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
             </duo>
             <google>
                 <leeway backend_model="Magento\TwoFactorAuth\Model\Config\Backend\Leeway">29</leeway>