REST API + Fixed _isAllowed

magespecialist · Oct 22, 2017 · 566e0c3 · 566e0c3
1 parent e5370c0
commit 566e0c3
Show file tree

Hide file tree

Showing 50 changed files with 272 additions and 106 deletions.
diff --git a/Api/TfaInterface.php b/Api/TfaInterface.php
@@ -98,4 +98,35 @@ public function getProvidersToActivate($userId);
      * @return boolean
      */
     public function getProviderIsAllowed($userId, $providerCode);
+
+    /**
+     * Get default provider code
+     * @param int $userId
+     * @return string
+     */
+    public function getDefaultProviderCode($userId);
+
+    /**
+     * Set default provider code
+     * @param int $userId
+     * @param string $providerCode
+     * @return boolean
+     */
+    public function setDefaultProviderCode($userId, $providerCode);
+
+    /**
+     * Set providers
+     * @param int $userId
+     * @param string $providersCodes
+     * @return boolean
+     */
+    public function setProvidersCodes($userId, $providersCodes);
+
+    /**
+     * Reset default provider code
+     * @param int $userId
+     * @param string $providerCode
+     * @return boolean
+     */
+    public function resetProviderConfig($userId, $providerCode);
 }
diff --git a/Block/Provider/Authy/Configure.php b/Block/Provider/Authy/Configure.php
@@ -23,6 +23,9 @@
 use Magento\Backend\Block\Template;
 use MSP\TwoFactorAuth\Model\ResourceModel\Country\CollectionFactory as CountryCollectionFactory;
 
+/**
+ * @SuppressWarnings(PHPMD.LongVariable)
+ */
 class Configure extends Template
 {
     /**

diff --git a/Controller/Adminhtml/AbstractAction.php b/Controller/Adminhtml/AbstractAction.php
@@ -0,0 +1,15 @@
+<?php
+namespace MSP\TwoFactorAuth\Controller\Adminhtml;
+
+abstract class AbstractAction extends \Magento\Backend\App\Action
+{
+    public function dispatch(\Magento\Framework\App\RequestInterface $request)
+    {
+        if (!$this->_isAllowed()) {
+            $this->_response->setStatusHeader(403, '1.1', 'Forbidden');
+            return $this->_redirect('*/auth/login');
+        }
+
+        return parent::dispatch($request);
+    }
+}
diff --git a/Controller/Adminhtml/Authy/Auth.php b/Controller/Adminhtml/Authy/Auth.php
@@ -25,9 +25,13 @@
 use Magento\Framework\View\Result\PageFactory;
 use MSP\TwoFactorAuth\Api\TfaInterface;
 use MSP\TwoFactorAuth\Api\UserConfigManagerInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\Authy;
 
-class Auth extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Auth extends AbstractAction
 {
     /**
      * @var TfaInterface

diff --git a/Controller/Adminhtml/Authy/Authpost.php b/Controller/Adminhtml/Authy/Authpost.php
@@ -28,10 +28,14 @@
 use MSP\TwoFactorAuth\Api\TfaInterface;
 use MSP\TwoFactorAuth\Api\TfaSessionInterface;
 use MSP\TwoFactorAuth\Api\TrustedManagerInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\Authy;
 use Magento\Framework\Event\ManagerInterface as EventInterface;
 
-class Authpost extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Authpost extends AbstractAction
 {
     /**
      * @var TfaInterface

diff --git a/Controller/Adminhtml/Authy/Configure.php b/Controller/Adminhtml/Authy/Configure.php
@@ -25,9 +25,13 @@
 use Magento\Framework\App\ResponseInterface;
 use Magento\Framework\View\Result\PageFactory;
 use MSP\TwoFactorAuth\Api\TfaInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\Authy;
 
-class Configure extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Configure extends AbstractAction
 {
     /**
      * @var PageFactory

diff --git a/Controller/Adminhtml/Authy/Configurepost.php b/Controller/Adminhtml/Authy/Configurepost.php
@@ -26,9 +26,13 @@
 use Magento\Framework\View\Result\PageFactory;
 use MSP\SecuritySuiteCommon\Api\SecuritySuiteInterface;
 use MSP\TwoFactorAuth\Api\TfaInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\Authy;
 
-class Configurepost extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Configurepost extends AbstractAction
 {
     /**
      * @var PageFactory

diff --git a/Controller/Adminhtml/Authy/Onetouch.php b/Controller/Adminhtml/Authy/Onetouch.php
@@ -24,9 +24,13 @@
 use Magento\Backend\App\Action;
 use Magento\Framework\Controller\Result\JsonFactory;
 use MSP\TwoFactorAuth\Api\TfaInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\Authy;
 
-class Onetouch extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Onetouch extends AbstractAction
 {
     /**
      * @var Authy

diff --git a/Controller/Adminhtml/Authy/Token.php b/Controller/Adminhtml/Authy/Token.php
@@ -24,9 +24,13 @@
 use Magento\Backend\App\Action;
 use Magento\Framework\Controller\Result\JsonFactory;
 use MSP\TwoFactorAuth\Api\TfaInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\Authy;
 
-class Token extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Token extends AbstractAction
 {
     /**
      * @var Authy

diff --git a/Controller/Adminhtml/Authy/Verify.php b/Controller/Adminhtml/Authy/Verify.php
@@ -27,9 +27,13 @@
 use Magento\Framework\View\Result\PageFactory;
 use MSP\TwoFactorAuth\Api\TfaInterface;
 use MSP\TwoFactorAuth\Api\UserConfigManagerInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\Authy;
 
-class Verify extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Verify extends AbstractAction
 {
     /**
      * @var PageFactory

diff --git a/Controller/Adminhtml/Authy/Verifyonetouch.php b/Controller/Adminhtml/Authy/Verifyonetouch.php
@@ -27,10 +27,14 @@
 use MSP\TwoFactorAuth\Api\TfaInterface;
 use MSP\TwoFactorAuth\Api\TfaSessionInterface;
 use MSP\TwoFactorAuth\Api\TrustedManagerInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\Authy;
 use Magento\Framework\Event\ManagerInterface as EventInterface;
 
-class Verifyonetouch extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Verifyonetouch extends AbstractAction
 {
     /**
      * @var Authy

diff --git a/Controller/Adminhtml/Authy/Verifypost.php b/Controller/Adminhtml/Authy/Verifypost.php
@@ -28,9 +28,13 @@
 use MSP\SecuritySuiteCommon\Api\SecuritySuiteInterface;
 use MSP\TwoFactorAuth\Api\TfaInterface;
 use MSP\TwoFactorAuth\Api\TfaSessionInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\Authy;
 
-class Verifypost extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Verifypost extends AbstractAction
 {
     /**
      * @var PageFactory

diff --git a/Controller/Adminhtml/Duo/Auth.php b/Controller/Adminhtml/Duo/Auth.php
@@ -25,9 +25,13 @@
 use Magento\Framework\View\Result\PageFactory;
 use MSP\TwoFactorAuth\Api\TfaInterface;
 use MSP\TwoFactorAuth\Api\UserConfigManagerInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\DuoSecurity;
 
-class Auth extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Auth extends AbstractAction
 {
     /**
      * @var TfaInterface

diff --git a/Controller/Adminhtml/Duo/Authpost.php b/Controller/Adminhtml/Duo/Authpost.php
@@ -27,10 +27,14 @@
 use MSP\SecuritySuiteCommon\Api\SecuritySuiteInterface;
 use MSP\TwoFactorAuth\Api\TfaInterface;
 use MSP\TwoFactorAuth\Api\TfaSessionInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\DuoSecurity;
 use Magento\Framework\Event\ManagerInterface as EventInterface;
 
-class Authpost extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Authpost extends AbstractAction
 {
     /**
      * @var TfaInterface

diff --git a/Controller/Adminhtml/Duo/Configure.php b/Controller/Adminhtml/Duo/Configure.php
@@ -23,8 +23,9 @@
 use Magento\Backend\Model\Auth\Session;
 use Magento\Backend\App\Action;
 use MSP\TwoFactorAuth\Api\TfaInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 
-class Configure extends Action
+class Configure extends AbstractAction
 {
     /**
      * @var TfaInterface

diff --git a/Controller/Adminhtml/Google/Auth.php b/Controller/Adminhtml/Google/Auth.php
@@ -25,9 +25,13 @@
 use Magento\Framework\View\Result\PageFactory;
 use MSP\TwoFactorAuth\Api\TfaInterface;
 use MSP\TwoFactorAuth\Api\UserConfigManagerInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\Google;
 
-class Auth extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Auth extends AbstractAction
 {
     /**
      * @var TfaInterface

diff --git a/Controller/Adminhtml/Google/Authpost.php b/Controller/Adminhtml/Google/Authpost.php
@@ -28,10 +28,14 @@
 use MSP\TwoFactorAuth\Api\TfaInterface;
 use MSP\TwoFactorAuth\Api\TfaSessionInterface;
 use MSP\TwoFactorAuth\Api\TrustedManagerInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\Google;
 use Magento\Framework\Event\ManagerInterface as EventInterface;
 
-class Authpost extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Authpost extends AbstractAction
 {
     /**
      * @var TfaInterface

diff --git a/Controller/Adminhtml/Google/Configure.php b/Controller/Adminhtml/Google/Configure.php
@@ -24,9 +24,13 @@
 use Magento\Backend\App\Action;
 use Magento\Framework\View\Result\PageFactory;
 use MSP\TwoFactorAuth\Api\TfaInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\Google;
 
-class Configure extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Configure extends AbstractAction
 {
     /**
      * @var TfaInterface

diff --git a/Controller/Adminhtml/Google/Configurepost.php b/Controller/Adminhtml/Google/Configurepost.php
@@ -27,10 +27,14 @@
 use MSP\SecuritySuiteCommon\Api\SecuritySuiteInterface;
 use MSP\TwoFactorAuth\Api\TfaInterface;
 use MSP\TwoFactorAuth\Api\TfaSessionInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\Google;
 use Magento\Framework\Event\ManagerInterface as EventInterface;
 
-class Configurepost extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Configurepost extends AbstractAction
 {
     /**
      * @var TfaInterface

diff --git a/Controller/Adminhtml/Google/Qr.php b/Controller/Adminhtml/Google/Qr.php
@@ -25,9 +25,13 @@
 use Magento\Framework\Controller\Result\Raw;
 use Magento\Framework\View\Result\PageFactory;
 use MSP\TwoFactorAuth\Api\TfaInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\Google;
 
-class Qr extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Qr extends AbstractAction
 {
     /**
      * @var TfaInterface

diff --git a/Controller/Adminhtml/Tfa/Index.php b/Controller/Adminhtml/Tfa/Index.php
@@ -25,8 +25,9 @@
 use Magento\Framework\Exception\LocalizedException;
 use MSP\TwoFactorAuth\Api\TfaInterface;
 use MSP\TwoFactorAuth\Api\UserConfigManagerInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 
-class Index extends Action
+class Index extends AbstractAction
 {
     /**
      * @var TfaInterface

diff --git a/Controller/Adminhtml/Tfa/Reset.php b/Controller/Adminhtml/Tfa/Reset.php
@@ -26,8 +26,12 @@
 use Magento\User\Model\UserFactory;
 use Magento\User\Model\ResourceModel\User as UserResourceModel;
 use MSP\TwoFactorAuth\Api\TfaInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 
-class Reset extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Reset extends AbstractAction
 {
     /**
      * @var UserResourceModel
@@ -73,7 +77,7 @@ public function execute()
             throw new LocalizedException(__('Unknown provider'));
         }
 
-        $provider->resetConfiguration($user);
+        $provider->resetConfiguration($user->getId());
 
         $this->messageManager->addSuccessMessage(__('Configuration has been reset for this user'));
         return $this->_redirect('adminhtml/user/edit', ['user_id' => $userId]);

diff --git a/Controller/Adminhtml/Tfa/Revoke.php b/Controller/Adminhtml/Tfa/Revoke.php
@@ -23,8 +23,9 @@
 use Magento\Backend\App\Action;
 use Magento\Framework\App\ResponseInterface;
 use MSP\TwoFactorAuth\Api\TrustedManagerInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 
-class Revoke extends Action
+class Revoke extends AbstractAction
 {
     /**
      * @var TrustedManagerInterface

diff --git a/Controller/Adminhtml/U2f/Auth.php b/Controller/Adminhtml/U2f/Auth.php
@@ -25,9 +25,13 @@
 use Magento\Framework\View\Result\PageFactory;
 use MSP\TwoFactorAuth\Api\TfaInterface;
 use MSP\TwoFactorAuth\Api\UserConfigManagerInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\U2fKey;
 
-class Auth extends Action
+/**
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
+ */
+class Auth extends AbstractAction
 {
     /**
      * @var TfaInterface

diff --git a/Controller/Adminhtml/U2f/Authpost.php b/Controller/Adminhtml/U2f/Authpost.php
@@ -26,16 +26,16 @@
 use MSP\SecuritySuiteCommon\Api\SecuritySuiteInterface;
 use MSP\TwoFactorAuth\Api\TfaSessionInterface;
 use MSP\TwoFactorAuth\Api\TrustedManagerInterface;
+use MSP\TwoFactorAuth\Controller\Adminhtml\AbstractAction;
 use MSP\TwoFactorAuth\Model\Provider\Engine\U2fKey;
 use MSP\TwoFactorAuth\Model\Tfa;
 use Magento\Framework\Event\ManagerInterface as EventInterface;
 
 /**
- * Class Authpost
- * @package MSP\TwoFactorAuth\Controller\Adminhtml\U2f
- * @SuppressWarnings("PHPMD.CouplingBetweenObjects")
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ * @SuppressWarnings(PHPMD.CamelCaseMethodName)
  */
-class Authpost extends Action
+class Authpost extends AbstractAction
 {
     /**
      * @var Tfa