MC-30537: Test automation with the new 2FA enabled by default

- MFTF fixes

Author: nathanjosiah

TwoFactorAuth/Controller/Adminhtml/Duo/Configure.php

@@ -18,7 +18,7 @@ class Configure extends AbstractAction implements HttpGetActionInterface
     /**
      * @see _isAllowed()
      */
-    const ADMIN_RESOURCE = 'Magento_TwoFactorAuth::config';
+    const ADMIN_RESOURCE = 'Magento_TwoFactorAuth::tfa';
 
     /**
      * @inheritdoc

TwoFactorAuth/Observer/ControllerActionPredispatch.php

@@ -122,7 +122,7 @@ public function execute(Observer $observer)
         /** @var $controllerAction AbstractAction */
         $controllerAction = $observer->getEvent()->getData('controller_action');
         $this->action = $controllerAction;
-        $fullActionName = $controllerAction->getRequest()->getFullActionName();
+        $fullActionName = $observer->getEvent()->getData('request')->getFullActionName();
         $userId = $this->userContext->getUserId();
 
         $this->tokenManager->readConfigToken();

TwoFactorAuth/Plugin/FirstAvailableMenu.php

@@ -0,0 +1,34 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\TwoFactorAuth\Plugin;
+
+use Magento\Backend\Model\Url;
+
+/**
+ * Redirect to the correct first available item
+ */
+class FirstAvailableMenu
+{
+    /**
+     * Fix the default admin item for a tfa corner case where the default would be incorrect due to 2fa
+     *
+     * @param Url $subject
+     * @param string|null $result
+     * @return string|null
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    public function afterFindFirstAvailableMenu(Url $subject, ?string $result): ?string
+    {
+        if ($result === '*/denied') {
+            return 'admin/denied';
+        }
+
+        return $result;
+    }
+}

TwoFactorAuth/Test/Integration/_files/overrides.xml

@@ -0,0 +1,11 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+ -->
+<overrides xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="$LOCAL_SCHEMA$"
+           xsi:noNamespaceSchemaLocation="../dev/tests/integration/framework/Magento/TestFramework/Workaround/etc/overrides.xsd">
+
+</overrides>

TwoFactorAuth/Test/Mftf/ActionGroup/AdminCreateRoleActionGroup.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
+    <actionGroup name="AdminCreateRoleActionGroup">
+        <waitForElementVisible stepKey="waitForTfaRole" selector="{{AdminEditRoleInfoSection.checkboxByRole('Magento_TwoFactorAuth::tfa')}}" time="30" after="clickContentBlockCheckbox"/>
+        <click stepKey="clickCheckbox" selector="{{AdminEditRoleInfoSection.checkboxByRole('Magento_TwoFactorAuth::tfa')}}" after="waitForTfaRole"/>
+    </actionGroup>
+</actionGroups>
+
+

TwoFactorAuth/Test/Mftf/ActionGroup/AdminFillUserRoleRequiredDataActionGroup.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
+    <actionGroup name="AdminFillUserRoleRequiredDataActionGroup">
+        <remove keyForRemoval="waitForTfaRole"/>
+        <remove keyForRemoval="clickCheckbox"/>
+    </actionGroup>
+</actionGroups>
+
+

TwoFactorAuth/Test/Mftf/ActionGroup/AdminLoginActionGroup.xml

@@ -8,8 +8,14 @@
 <actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
     <actionGroup name="AdminLoginActionGroup">
-        <getOTP stepKey="getOtp" before="clickDontAllowButtonIfVisible"/>
-        <fillField selector="{{AdminGoogleTfaSection.tfaAuthCode}}" userInput="{$getOtp}" stepKey="fillOtp" after="getOtp"/>
-        <click selector="{{AdminGoogleTfaSection.confirm}}" stepKey="confirmOtp" after="fillOtp"/>
+        <helper class="\Magento\TwoFactorAuth\Test\Mftf\Helper\SetSharedSecret" method="execute" stepKey="setSharedSecret" before="clickLogin">
+            <argument name="username">{{username}}</argument>
+        </helper>
+        <helper class="\Magento\TwoFactorAuth\Test\Mftf\Helper\FillOtp" method="execute" stepKey="fillOtp" before="clickDontAllowButtonIfVisible">
+            <argument name="tfaAuthCodeSelector">{{AdminGoogleTfaSection.tfaAuthCode}}</argument>
+            <argument name="confirmSelector">{{AdminGoogleTfaSection.confirm}}</argument>
+            <argument name="errorMessageSelector">{{AdminLoginMessagesSection.messageByType('error')}}</argument>
+            <argument name="username">{{username}}</argument>
+        </helper>
     </actionGroup>
 </actionGroups>

TwoFactorAuth/Test/Mftf/ActionGroup/CreateInvoiceActionGroup.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
+    <actionGroup name="CreateInvoice">
+        <helper class="\Magento\TwoFactorAuth\Test\Mftf\Helper\FillOtp" method="execute" stepKey="fillOtp" before="closeAdminNotification">
+            <argument name="tfaAuthCodeSelector">{{AdminGoogleTfaSection.tfaAuthCode}}</argument>
+            <argument name="confirmSelector">{{AdminGoogleTfaSection.confirm}}</argument>
+            <argument name="errorMessageSelector">{{AdminLoginMessagesSection.messageByType('error')}}</argument>
+            <argument name="username">{{username}}</argument>
+        </helper>
+    </actionGroup>
+</actionGroups>

TwoFactorAuth/Test/Mftf/Helper/FillOtp.php

@@ -0,0 +1,39 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\TwoFactorAuth\Test\Mftf\Helper;
+
+use Magento\FunctionalTestingFramework\Helper\Helper;
+use Magento\FunctionalTestingFramework\Module\MagentoWebDriver;
+
+/**
+ * Fills in the OTP information
+ */
+class FillOtp extends Helper
+{
+    /**
+     * Fill the OTP form if appropriate
+     *
+     * @param string $tfaAuthCodeSelector
+     * @param string $confirmSelector
+     * @param string $errorMessageSelector
+     */
+    public function execute(string $tfaAuthCodeSelector, string $confirmSelector, string $errorMessageSelector): void {
+        /** @var MagentoWebDriver $webDriver */
+        $webDriver = $this->getModule('\\' . MagentoWebDriver::class);
+        try {
+            $webDriver->seeElementInDOM($errorMessageSelector);
+            // Login failed so don't handle 2fa
+        } catch (\Exception $e) {
+            $otp = $webDriver->getOTP();
+            $webDriver->fillField($tfaAuthCodeSelector, $otp);
+            $webDriver->click($confirmSelector);
+            $webDriver->waitForPageLoad();
+        }
+    }
+}

TwoFactorAuth/Test/Mftf/Helper/SetSharedSecret.php

@@ -0,0 +1,39 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\TwoFactorAuth\Test\Mftf\Helper;
+
+use Magento\FunctionalTestingFramework\DataGenerator\Handlers\CredentialStore;
+use Magento\FunctionalTestingFramework\Helper\Helper;
+use Magento\FunctionalTestingFramework\Module\MagentoWebDriver;
+
+/**
+ * Set the shared secret for OTP generation when needed
+ */
+class SetSharedSecret extends Helper
+{
+    /**
+     * Set the shared secret if appropriate
+     *
+     * @param string $username
+     */
+    public function execute(string $username): void
+    {
+        /** @var MagentoWebDriver $webDriver */
+        $webDriver = $this->getModule('\\' . MagentoWebDriver::class);
+        $credentialStore = CredentialStore::getInstance();
+        if ($username !== getenv('MAGENTO_ADMIN_USERNAME')) {
+            $sharedSecret = $credentialStore->decryptSecretValue(
+                $credentialStore->getSecret('magento/tfa/OTP_SHARED_SECRET')
+            );
+            $webDriver->magentoCLI(
+                'security:tfa:google:set-secret ' . $username .' ' . $sharedSecret
+            );
+        }
+    }
+}