MC-22950: Enable 2FA by default for Admins

Author: Oleksandr Gorkun

TwoFactorAuth/Api/Data/TrustedInterface.php

@@ -11,6 +11,8 @@
 
 /**
  * Trusted platform entity interface
+ *
+ * @deprecated Trusted Devices functionality was removed.
  */
 interface TrustedInterface extends ExtensibleDataInterface
 {
@@ -51,6 +53,7 @@ interface TrustedInterface extends ExtensibleDataInterface
 
     /**
      * Get value for tfa_trusted_id
+     *
      * @return int
      */
     public function getId(): int;

TwoFactorAuth/Api/Data/TrustedSearchResultsInterface.php

@@ -11,6 +11,8 @@
 
 /**
  * Trusted devices search results interface
+ *
+ * @deprecated Trusted Devices functionality was removed.
  */
 interface TrustedSearchResultsInterface extends SearchResultsInterface
 {

TwoFactorAuth/Api/EngineInterface.php

@@ -17,13 +17,16 @@ interface EngineInterface
 {
     /**
      * Return true if this provider has been enabled by admin
+     *
      * @return bool
      */
     public function isEnabled(): bool;
 
     /**
      * Return true if this provider allows trusted devices
+     *
      * @return bool
+     * @deprecated Trusted Devices functionality is deprecated.
      */
     public function isTrustedDevicesAllowed(): bool;
 

TwoFactorAuth/Api/Exception/NotificationExceptionInterface.php

@@ -0,0 +1,17 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\TwoFactorAuth\Api\Exception;
+
+/**
+ * Occurs when failed to notify a user.
+ */
+interface NotificationExceptionInterface extends \Throwable
+{
+
+}

TwoFactorAuth/Api/ProviderInterface.php

@@ -14,6 +14,7 @@ interface ProviderInterface
 {
     /**
      * Return true if this provider has been enabled by admin
+     *
      * @return bool
      */
     public function isEnabled(): bool;
@@ -50,7 +51,9 @@ public function isResetAllowed(): bool;
 
     /**
      * Return true if this provider allows trusted devices
+     *
      * @return bool
+     * @deprecated Trusted Devices functionality was removed.
      */
     public function isTrustedDevicesAllowed(): bool;
 

TwoFactorAuth/Api/TfaInterface.php

@@ -10,12 +10,14 @@
 use Magento\TwoFactorAuth\Api\Data\TrustedInterface;
 
 /**
- * 2FA interface
+ * 2FA configuration manager.
  */
 interface TfaInterface
 {
     /**
      * Enabled field
+     *
+     * @deprecated 2FA cannot be disabled anymore.
      */
     public const XML_PATH_ENABLED = 'twofactorauth/general/enabled';
 
@@ -26,6 +28,7 @@ interface TfaInterface
 
     /**
      * Return true if 2FA is enabled
+     *
      * @return bool
      */
     public function isEnabled(): bool;
@@ -73,8 +76,10 @@ public function getAllEnabledProviders(): array;
 
     /**
      * Return a list of trusted devices for given user id
+     *
      * @param int $userId
      * @return \Magento\TwoFactorAuth\Api\ProviderInterface[]
+     * @deprecated Trusted Devices functionality was removed.
      */
     public function getTrustedDevices(int $userId): array;
 

TwoFactorAuth/Api/TrustedManagerInterface.php

@@ -12,6 +12,8 @@
 
 /**
  * Trusted management service
+ *
+ * @deprecated Trusted Device functionality was removed.
  */
 interface TrustedManagerInterface
 {
@@ -22,29 +24,37 @@ interface TrustedManagerInterface
 
     /**
      * Rotate secret trust token
+     *
      * @return void
+     * @deprecated Trusted Device functionality was removed.
      */
     public function rotateTrustedDeviceToken(): void;
 
     /**
      * Return true if device is trusted
+     *
      * @return bool
+     * @deprecated Trusted Device functionality was removed.
      */
     public function isTrustedDevice(): bool;
 
     /**
      * Revoke trusted device
+     *
      * @param int $tokenId
      * @return void
      * @throws NoSuchEntityException
+     * @deprecated Trusted Device functionality was removed.
      */
     public function revokeTrustedDevice(int $tokenId): void;
 
     /**
      * Trust a device
+     *
      * @param string $providerCode
      * @param RequestInterface $request
      * @return bool
+     * @deprecated Trusted Device functionality was removed.
      */
     public function handleTrustDeviceRequest(string $providerCode, RequestInterface $request): bool;
 }

TwoFactorAuth/Api/TrustedRepositoryInterface.php

@@ -14,40 +14,52 @@
 /**
  * Trusted repository
  * @SuppressWarnings(PHPMD.ShortVariable)
+ * @deprecated Trusted Devices functionality was removed.
  */
 interface TrustedRepositoryInterface
 {
     /**
      * Save object
+     *
      * @param TrustedInterface $object
      * @return TrustedInterface
+     * @deprecated Trusted Devices functionality was removed.
      */
     public function save(TrustedInterface $object): TrustedInterface;
 
     /**
      * Get object by id
+     *
      * @param int $id
      * @return TrustedInterface
+     * @deprecated Trusted Devices functionality was removed.
      */
     public function getById(int $id): TrustedInterface;
 
     /**
      * Get by UserId value
+     *
      * @param int $value
      * @return TrustedInterface
+     * @deprecated Trusted Devices functionality was removed.
      */
     public function getByUserId(int $value): TrustedInterface;
 
     /**
      * Delete object
+     *
      * @param TrustedInterface $object
+     * @return void
+     * @deprecated Trusted Devices functionality was removed.
      */
     public function delete(TrustedInterface $object): void;
 
     /**
      * Get a list of object
+     *
      * @param SearchCriteriaInterface $searchCriteria
      * @return SearchResultsInterface
+     * @deprecated Trusted Devices functionality was removed.
      */
     public function getList(SearchCriteriaInterface $searchCriteria): SearchResultsInterface;
 }

TwoFactorAuth/Api/UserConfigRequestManagerInterface.php

@@ -0,0 +1,37 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\TwoFactorAuth\Api;
+
+use Magento\Framework\Exception\AuthorizationException;
+use Magento\User\Model\User;
+use Magento\TwoFactorAuth\Api\Exception\NotificationExceptionInterface;
+
+/**
+ * Manages configuration requests for users.
+ */
+interface UserConfigRequestManagerInterface
+{
+    /**
+     * Is user required to configure 2FA?
+     *
+     * @param int $userId
+     * @return bool
+     */
+    public function isConfigurationRequiredFor(int $userId): bool;
+
+    /**
+     * Request configurations from the user.
+     *
+     * @param User $user
+     * @return void
+     * @throws AuthorizationException When user is not allowed to configure 2FA.
+     * @throws NotificationExceptionInterface When failed to send the message.
+     */
+    public function sendConfigRequestTo(User $user): void;
+}

TwoFactorAuth/Api/UserConfigTokenManagerInterface.php

@@ -0,0 +1,32 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\TwoFactorAuth\Api;
+
+/**
+ * Manages tokens issued to users to authorize them to configure 2FA.
+ */
+interface UserConfigTokenManagerInterface
+{
+    /**
+     * Issue token for the user.
+     *
+     * @param int $userId
+     * @return string
+     */
+    public function issueFor(int $userId): string;
+
+    /**
+     * Is given token valid for given user?
+     *
+     * @param int $userId
+     * @param string $token
+     * @return bool
+     */
+    public function isValidFor(int $userId, string $token): bool;
+}