Merge branch 'develop' of https://github.com/mage-os/mirror-security-…

…package into develop

TwoFactorAuth/Model/Provider/Engine/DuoSecurity.php

@@ -77,13 +77,21 @@ class DuoSecurity implements EngineInterface
      */
     private $scopeConfig;
 
+    /**
+     * @var string
+     */
+    private $duoSignaturePrefix;
+
     /**
      * @param ScopeConfigInterface $scopeConfig
+     * @param string $duoSignaturePrefix
      */
     public function __construct(
-        ScopeConfigInterface $scopeConfig
+        ScopeConfigInterface $scopeConfig,
+        string $duoSignaturePrefix = self::AUTH_PREFIX
     ) {
         $this->scopeConfig = $scopeConfig;
+        $this->duoSignaturePrefix = $duoSignaturePrefix;
     }
 
     /**
@@ -208,7 +216,7 @@ public function getRequestSignature(UserInterface $user): string
         $duoSignature = $this->signValues(
             $this->getSecretKey(),
             $values,
-            static::DUO_PREFIX,
+            $this->duoSignaturePrefix,
             static::DUO_EXPIRE,
             $time
         );

TwoFactorAuth/Test/Unit/Model/Provider/Engine/DuoSecurityTest.php

@@ -8,6 +8,7 @@
 
 namespace Magento\TwoFactorAuth\Test\Unit\Model\Provider\Engine;
 
+use Magento\User\Api\Data\UserInterface;
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\TwoFactorAuth\Model\Provider\Engine\DuoSecurity;
 use PHPUnit\Framework\MockObject\MockObject;
@@ -21,20 +22,32 @@ class DuoSecurityTest extends TestCase
      */
     private $model;
 
+    /**
+     * @var DuoSecurity
+     */
+    private $modelWithForcedDuoAuth;
+
     /**
      * @var ScopeConfigInterface|MockObject
      */
     private $configMock;
 
+    /**
+     * @var UserInterface|MockObject
+     */
+    private $user;
+
     /**
      * @inheritDoc
      */
     protected function setUp(): void
     {
         $objectManager = new ObjectManager($this);
         $this->configMock = $this->getMockBuilder(ScopeConfigInterface::class)->disableOriginalConstructor()->getMock();
+        $this->user = $this->getMockBuilder(UserInterface::class)->disableOriginalConstructor()->getMock();
 
         $this->model = $objectManager->getObject(DuoSecurity::class, ['scopeConfig' => $this->configMock]);
+        $this->modelWithForcedDuoAuth = new DuoSecurity($this->configMock, $this->model::DUO_PREFIX);
     }
 
     /**
@@ -119,4 +132,26 @@ public function testIsEnabled(
 
         $this->assertEquals($expected, $this->model->isEnabled());
     }
+
+    public function testGetRequestSignature() : void
+    {
+        $this->user->expects($this->any())
+            ->method('getUserName')
+            ->willReturn('admin');
+        $this->configMock->expects($this->any())
+            ->method('getValue')
+            ->willReturn('SECRET');
+
+        $this->assertStringContainsString($this->model::AUTH_PREFIX, $this->model->getRequestSignature($this->user));
+        $this->assertStringNotContainsString($this->model::DUO_PREFIX, $this->model->getRequestSignature($this->user));
+
+        $this->assertStringContainsString(
+            $this->model::DUO_PREFIX,
+            $this->modelWithForcedDuoAuth->getRequestSignature($this->user)
+        );
+        $this->assertStringNotContainsString(
+            $this->model::AUTH_PREFIX,
+            $this->modelWithForcedDuoAuth->getRequestSignature($this->user)
+        );
+    }
 }

TwoFactorAuth/etc/adminhtml/di.xml

@@ -21,4 +21,9 @@
     <type name="Magento\Backend\Model\Auth">
         <plugin name="delete_tfat_cookie" type="Magento\TwoFactorAuth\Plugin\DeleteCookieOnLogout"/>
     </type>
+    <type name="Magento\TwoFactorAuth\Model\Provider\Engine\DuoSecurity">
+        <arguments>
+            <argument name="duoSignaturePrefix" xsi:type="const">Magento\TwoFactorAuth\Model\Provider\Engine\DuoSecurity::DUO_PREFIX</argument>
+        </arguments>
+    </type>
 </config>