Merge pull request #441 from magento-performance/CABPI-390

CABPI-390: Do not allow to enable AdminAdobeIms when 2FA is disabled on IMS

Author: slopukhov

app/code/Magento/AdminAdobeIms/Console/Command/AdminAdobeImsEnableCommand.php

@@ -160,7 +160,7 @@ protected function execute(InputInterface $input, OutputInterface $output): ?int
                 self::TWO_FACTOR_AUTH_ARGUMENT
             );
 
-            if ($clientId && $clientSecret && $organizationId) {
+            if ($clientId && $clientSecret && $organizationId && $isTwoFactorAuthEnabled) {
                 $enabled = $this->enableModule($clientId, $clientSecret, $organizationId, $isTwoFactorAuthEnabled);
                 if ($enabled) {
                     $output->writeln(__('Admin Adobe IMS integration is enabled'));
@@ -169,7 +169,7 @@ protected function execute(InputInterface $input, OutputInterface $output): ?int
             }
 
             throw new LocalizedException(
-                __('The Client ID, Client Secret and Organization ID are required ' .
+                __('The Client ID, Client Secret, Organization ID and 2FA Auth are required ' .
                     'when enabling the Admin Adobe IMS Module')
             );
         } catch (\Exception $e) {
@@ -189,6 +189,7 @@ protected function execute(InputInterface $input, OutputInterface $output): ?int
      * @param string $organizationId
      * @param bool $isTwoFactorAuthEnabled
      * @return bool
+     * @throws LocalizedException
      * @throws InvalidArgumentException
      */
     private function enableModule(

app/code/Magento/AdminAdobeIms/Service/ImsConfig.php

@@ -16,6 +16,7 @@
 use Magento\Framework\App\Config\Storage\WriterInterface;
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Framework\Encryption\EncryptorInterface;
+use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\UrlInterface;
 
 class ImsConfig extends Config
@@ -30,7 +31,6 @@ class ImsConfig extends Config
     public const XML_PATH_VALIDATE_TOKEN_URL = 'adobe_ims/integration/validate_token_url';
     public const XML_PATH_LOGOUT_URL = 'adobe_ims/integration/logout_url';
     public const XML_PATH_CERTIFICATE_PATH = 'adobe_ims/integration/certificate_path';
-    public const XML_PATH_ADOBE_IMS_2FA_ENABLED = 'adobe_ims/integration/adobe_ims_2fa_enabled';
     public const XML_PATH_ADMIN_AUTH_URL_PATTERN = 'adobe_ims/integration/admin/auth_url_pattern';
     public const XML_PATH_ADMIN_REAUTH_URL_PATTERN = 'adobe_ims/integration/admin/reauth_url_pattern';
     public const XML_PATH_ADMIN_ADOBE_IMS_SCOPES = 'adobe_ims/integration/admin/scopes';
@@ -110,13 +110,20 @@ public function loggingEnabled(): bool
      * @param string $organizationId
      * @param bool $isAdobeIms2FAEnabled
      * @return void
+     * @throws LocalizedException
      */
     public function enableModule(
         string $clientId,
         string $clientSecret,
         string $organizationId,
         bool $isAdobeIms2FAEnabled
     ): void {
+        if (!$isAdobeIms2FAEnabled) {
+            throw new LocalizedException(
+                __('2FA Auth is required when enabling the Admin Adobe IMS Module')
+            );
+        }
+
         $this->updateConfig(
             self::XML_PATH_ENABLED,
             '1'
@@ -136,11 +143,6 @@ public function enableModule(
             self::XML_PATH_PRIVATE_KEY,
             $clientSecret
         );
-
-        $this->updateConfig(
-            self::XML_PATH_ADOBE_IMS_2FA_ENABLED,
-            (string) $isAdobeIms2FAEnabled
-        );
     }
 
     /**
@@ -158,7 +160,6 @@ public function disableModule(): void
         $this->deleteConfig(self::XML_PATH_ORGANIZATION_ID);
         $this->deleteConfig(self::XML_PATH_API_KEY);
         $this->deleteConfig(self::XML_PATH_PRIVATE_KEY);
-        $this->deleteConfig(self::XML_PATH_ADOBE_IMS_2FA_ENABLED);
     }
 
     /**
@@ -198,7 +199,7 @@ public function getValidateTokenUrl(string $code, string $tokenType): string
      * @param string $value
      * @return void
      */
-    public function updateConfig(string $path, string $value): void
+    private function updateConfig(string $path, string $value): void
     {
         $this->writer->save(
             $path,
@@ -213,7 +214,7 @@ public function updateConfig(string $path, string $value): void
      * @param string $value
      * @return void
      */
-    public function updateSecureConfig(string $path, string $value): void
+    private function updateSecureConfig(string $path, string $value): void
     {
         $value = str_replace(['\n', '\r'], ["\n", "\r"], $value);
 
@@ -233,7 +234,7 @@ public function updateSecureConfig(string $path, string $value): void
      * @param string $path
      * @return void
      */
-    public function deleteConfig(string $path): void
+    private function deleteConfig(string $path): void
     {
         $this->writer->delete($path);
     }
@@ -286,7 +287,7 @@ public function getAdminAdobeImsReAuthUrl(): string
      *
      * @return string
      */
-    public function getScopes(): string
+    private function getScopes(): string
     {
         return implode(
             ',',

app/code/Magento/AdminAdobeIms/Test/Unit/Command/AdminAdobeImsEnableCommandTest.php

@@ -102,6 +102,7 @@ protected function setUp(): void
      * @param InvokedCountMatcher$enableMethodCallExpection
      * @param InvokedCountMatcher $cleanMethodCallExpection
      * @param string $outputMessage
+     * @param bool $isTwoFactorAuthEnabled
      * @return void
      * @throws Exception
      * @dataProvider cliCommandProvider
@@ -110,7 +111,8 @@ public function testAdminAdobeImsModuleEnableWillClearCacheWhenSuccessful(
         bool $testAuthMode,
         InvokedCountMatcher $enableMethodCallExpection,
         InvokedCountMatcher $cleanMethodCallExpection,
-        string $outputMessage
+        string $outputMessage,
+        bool $isTwoFactorAuthEnabled
     ): void {
         $inputMock = $this->getMockBuilder(InputInterface::class)
             ->getMockForAbstractClass();
@@ -123,6 +125,7 @@ public function testAdminAdobeImsModuleEnableWillClearCacheWhenSuccessful(
         $this->imsCommandOptionService->method('getOrganizationId')->willReturn('orgId');
         $this->imsCommandOptionService->method('getClientId')->willReturn('clientId');
         $this->imsCommandOptionService->method('getClientSecret')->willReturn('clientSecret');
+        $this->imsCommandOptionService->method('isTwoFactorAuthEnabled')->willReturn($isTwoFactorAuthEnabled);
 
         $this->imsConnectionMock->method('testAuth')
             ->willReturn($testAuthMode);
@@ -161,15 +164,33 @@ public function cliCommandProvider(): array
                 true,
                 $this->once(),
                 $this->once(),
-                'Admin Adobe IMS integration is enabled'
+                'Admin Adobe IMS integration is enabled',
+                true
             ],
             [
                 false,
                 $this->never(),
                 $this->never(),
-                '<error>The Client ID, Client Secret and Organization ID are required ' .
-                'when enabling the Admin Adobe IMS Module</error>'
+                '<error>The Client ID, Client Secret, Organization ID and 2FA Auth are required ' .
+                'when enabling the Admin Adobe IMS Module</error>',
+                true
             ],
+            [
+                true,
+                $this->never(),
+                $this->never(),
+                '<error>The Client ID, Client Secret, Organization ID and 2FA Auth are required ' .
+                'when enabling the Admin Adobe IMS Module</error>',
+                false
+            ],
+            [
+                false,
+                $this->never(),
+                $this->never(),
+                '<error>The Client ID, Client Secret, Organization ID and 2FA Auth are required ' .
+                'when enabling the Admin Adobe IMS Module</error>',
+                false
+            ]
         ];
     }