From dff4774dc1b378f4ad549ad7f7b0b6f5a945756e Mon Sep 17 00:00:00 2001 From: Olha Livitchuk Date: Wed, 26 Nov 2025 13:05:25 +0100 Subject: [PATCH] FRW-11006 Adjusted the login flow --- composer.json | 6 +- .../MultiFactorAuth/MultiFactorAuthClient.php | 20 +++++++ .../MultiFactorAuthClientInterface.php | 20 +++++++ .../Zed/Agent/AgentMultiFactorAuthStub.php | 8 +++ .../AgentMultiFactorAuthStubInterface.php | 2 + .../Customer/CustomerMultiFactorAuthStub.php | 8 +++ .../CustomerMultiFactorAuthStubInterface.php | 2 + .../Transfer/multi_factor_auth.transfer.xml | 1 + ...MultiFactorAuthenticationHandlerPlugin.php | 15 ++++- ...MultiFactorAuthenticationHandlerPlugin.php | 15 ++++- .../Business/MultiFactorAuthFacade.php | 20 +++++++ .../MultiFactorAuthFacadeInterface.php | 24 ++++++++ ...AbstractMultiFactorAuthStatusValidator.php | 3 +- .../Controller/GatewayController.php | 14 +++++ ...MultiFactorAuthenticationHandlerPlugin.php | 15 ++++- .../MultiFactorAuthEntityManager.php | 60 +++++++++++++++++++ .../MultiFactorAuthEntityManagerInterface.php | 4 ++ 17 files changed, 230 insertions(+), 7 deletions(-) diff --git a/composer.json b/composer.json index ae771b7..ea272c6 100644 --- a/composer.json +++ b/composer.json @@ -5,8 +5,8 @@ "license": "proprietary", "require": { "php": ">=8.3", - "spryker-shop/agent-page-extension": "^1.1.0", - "spryker-shop/customer-page-extension": "^1.7.0", + "spryker-shop/agent-page-extension": "^1.2.0", + "spryker-shop/customer-page-extension": "^1.8.0", "spryker/agent": "^1.0.0", "spryker/application": "^3.0.0", "spryker/customer": "^7.0.0", @@ -22,7 +22,7 @@ "spryker/mail-extension": "^1.0.0", "spryker/multi-factor-auth-extension": "^1.2.0", "spryker/propel-orm": "^1.16.0", - "spryker/security-gui-extension": "^1.3.0", + "spryker/security-gui-extension": "^1.4.0", "spryker/session": "^4.0.0", "spryker/symfony": "^3.15.0", "spryker/transfer": "^3.27.0", diff --git a/src/Spryker/Client/MultiFactorAuth/MultiFactorAuthClient.php b/src/Spryker/Client/MultiFactorAuth/MultiFactorAuthClient.php index 9571c19..a71f1e0 100644 --- a/src/Spryker/Client/MultiFactorAuth/MultiFactorAuthClient.php +++ b/src/Spryker/Client/MultiFactorAuth/MultiFactorAuthClient.php @@ -205,4 +205,24 @@ public function findCustomerMultiFactorAuthType( ): MultiFactorAuthCodeTransfer { return $this->getFactory()->createCustomerMultiFactorAuthStub()->findCustomerMultiFactorAuthType($multiFactorAuthCodeCriteriaTransfer); } + + /** + * {@inheritDoc} + * + * @api + */ + public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void + { + $this->getFactory()->createCustomerMultiFactorAuthStub()->invalidateCustomerCodes($multiFactorAuthTransfer); + } + + /** + * {@inheritDoc} + * + * @api + */ + public function invalidateAgentCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void + { + $this->getFactory()->createAgentMultiFactorAuthStub()->invalidateAgentCodes($multiFactorAuthTransfer); + } } diff --git a/src/Spryker/Client/MultiFactorAuth/MultiFactorAuthClientInterface.php b/src/Spryker/Client/MultiFactorAuth/MultiFactorAuthClientInterface.php index 906fee8..dc157af 100644 --- a/src/Spryker/Client/MultiFactorAuth/MultiFactorAuthClientInterface.php +++ b/src/Spryker/Client/MultiFactorAuth/MultiFactorAuthClientInterface.php @@ -201,4 +201,24 @@ public function deactivateAgentMultiFactorAuth(MultiFactorAuthTransfer $multiFac public function findCustomerMultiFactorAuthType( MultiFactorAuthCodeCriteriaTransfer $multiFactorAuthCodeCriteriaTransfer ): MultiFactorAuthCodeTransfer; + + /** + * Specification: + * - Makes Zed request. + * - Invalidates all active multi-factor authentication codes for a customer. + * - Sets all active codes status to invalidated. + * + * @api + */ + public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void; + + /** + * Specification: + * - Makes Zed request. + * - Invalidates all active multi-factor authentication codes for a user. + * - Sets all active codes status to invalidated. + * + * @api + */ + public function invalidateAgentCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void; } diff --git a/src/Spryker/Client/MultiFactorAuth/Zed/Agent/AgentMultiFactorAuthStub.php b/src/Spryker/Client/MultiFactorAuth/Zed/Agent/AgentMultiFactorAuthStub.php index 0427e01..3c26f3c 100644 --- a/src/Spryker/Client/MultiFactorAuth/Zed/Agent/AgentMultiFactorAuthStub.php +++ b/src/Spryker/Client/MultiFactorAuth/Zed/Agent/AgentMultiFactorAuthStub.php @@ -113,4 +113,12 @@ public function deactivateAgentMultiFactorAuth(MultiFactorAuthTransfer $multiFac return $multiFactorAuthTransfer; } + + /** + * @uses {@link \Spryker\Zed\MultiFactorAuth\Communication\Controller\GatewayController::invalidateUserCodesAction()} + */ + public function invalidateAgentCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void + { + $this->zedStub->call('/multi-factor-auth/gateway/invalidate-user-codes', $multiFactorAuthTransfer); + } } diff --git a/src/Spryker/Client/MultiFactorAuth/Zed/Agent/AgentMultiFactorAuthStubInterface.php b/src/Spryker/Client/MultiFactorAuth/Zed/Agent/AgentMultiFactorAuthStubInterface.php index f60804a..05e81e1 100644 --- a/src/Spryker/Client/MultiFactorAuth/Zed/Agent/AgentMultiFactorAuthStubInterface.php +++ b/src/Spryker/Client/MultiFactorAuth/Zed/Agent/AgentMultiFactorAuthStubInterface.php @@ -58,4 +58,6 @@ public function activateAgentMultiFactorAuth(MultiFactorAuthTransfer $multiFacto * @return \Generated\Shared\Transfer\MultiFactorAuthTransfer */ public function deactivateAgentMultiFactorAuth(MultiFactorAuthTransfer $multiFactorAuthTransfer): MultiFactorAuthTransfer; + + public function invalidateAgentCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void; } diff --git a/src/Spryker/Client/MultiFactorAuth/Zed/Customer/CustomerMultiFactorAuthStub.php b/src/Spryker/Client/MultiFactorAuth/Zed/Customer/CustomerMultiFactorAuthStub.php index 107e1f0..2436277 100644 --- a/src/Spryker/Client/MultiFactorAuth/Zed/Customer/CustomerMultiFactorAuthStub.php +++ b/src/Spryker/Client/MultiFactorAuth/Zed/Customer/CustomerMultiFactorAuthStub.php @@ -131,4 +131,12 @@ public function findCustomerMultiFactorAuthType( return $multiFactorAuthCodeTransfer; } + + /** + * @uses {@link \Spryker\Zed\MultiFactorAuth\Communication\Controller\GatewayController::invalidateCustomerCodesAction()} + */ + public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void + { + $this->zedStub->call('/multi-factor-auth/gateway/invalidate-customer-codes', $multiFactorAuthTransfer); + } } diff --git a/src/Spryker/Client/MultiFactorAuth/Zed/Customer/CustomerMultiFactorAuthStubInterface.php b/src/Spryker/Client/MultiFactorAuth/Zed/Customer/CustomerMultiFactorAuthStubInterface.php index f6b9990..c297e61 100644 --- a/src/Spryker/Client/MultiFactorAuth/Zed/Customer/CustomerMultiFactorAuthStubInterface.php +++ b/src/Spryker/Client/MultiFactorAuth/Zed/Customer/CustomerMultiFactorAuthStubInterface.php @@ -69,4 +69,6 @@ public function deactivateCustomerMultiFactorAuth(MultiFactorAuthTransfer $multi public function findCustomerMultiFactorAuthType( MultiFactorAuthCodeCriteriaTransfer $multiFactorAuthCodeCriteriaTransfer ): MultiFactorAuthCodeTransfer; + + public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void; } diff --git a/src/Spryker/Shared/MultiFactorAuth/Transfer/multi_factor_auth.transfer.xml b/src/Spryker/Shared/MultiFactorAuth/Transfer/multi_factor_auth.transfer.xml index a4654bb..5370f4b 100644 --- a/src/Spryker/Shared/MultiFactorAuth/Transfer/multi_factor_auth.transfer.xml +++ b/src/Spryker/Shared/MultiFactorAuth/Transfer/multi_factor_auth.transfer.xml @@ -42,6 +42,7 @@ + diff --git a/src/Spryker/Yves/MultiFactorAuth/Plugin/AuthenticationHandler/Agent/AgentUserMultiFactorAuthenticationHandlerPlugin.php b/src/Spryker/Yves/MultiFactorAuth/Plugin/AuthenticationHandler/Agent/AgentUserMultiFactorAuthenticationHandlerPlugin.php index 50ff69b..e5d5edf 100644 --- a/src/Spryker/Yves/MultiFactorAuth/Plugin/AuthenticationHandler/Agent/AgentUserMultiFactorAuthenticationHandlerPlugin.php +++ b/src/Spryker/Yves/MultiFactorAuth/Plugin/AuthenticationHandler/Agent/AgentUserMultiFactorAuthenticationHandlerPlugin.php @@ -7,16 +7,18 @@ namespace Spryker\Yves\MultiFactorAuth\Plugin\AuthenticationHandler\Agent; +use Generated\Shared\Transfer\MultiFactorAuthTransfer; use Generated\Shared\Transfer\MultiFactorAuthValidationRequestTransfer; use Generated\Shared\Transfer\MultiFactorAuthValidationResponseTransfer; use Spryker\Yves\Kernel\AbstractPlugin; +use SprykerShop\Yves\AgentPageExtension\Dependency\Plugin\AuthenticationCodeInvalidatorPluginInterface; use SprykerShop\Yves\AgentPageExtension\Dependency\Plugin\AuthenticationHandlerPluginInterface; /** * @method \Spryker\Yves\MultiFactorAuth\MultiFactorAuthFactory getFactory() * @method \Spryker\Client\MultiFactorAuth\MultiFactorAuthClientInterface getClient() */ -class AgentUserMultiFactorAuthenticationHandlerPlugin extends AbstractPlugin implements AuthenticationHandlerPluginInterface +class AgentUserMultiFactorAuthenticationHandlerPlugin extends AbstractPlugin implements AuthenticationHandlerPluginInterface, AuthenticationCodeInvalidatorPluginInterface { /** * @var string @@ -52,4 +54,15 @@ public function validateAgentMultiFactorStatus( ): MultiFactorAuthValidationResponseTransfer { return $this->getClient()->validateAgentMultiFactorAuthStatus($multiFactorAuthValidationRequestTransfer); } + + /** + * {@inheritDoc} + * - Invalidates all multi-factor authentication codes for the provided agent user. + * + * @api + */ + public function invalidateAgentCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void + { + $this->getClient()->invalidateAgentCodes($multiFactorAuthTransfer); + } } diff --git a/src/Spryker/Yves/MultiFactorAuth/Plugin/AuthenticationHandler/Customer/CustomerMultiFactorAuthenticationHandlerPlugin.php b/src/Spryker/Yves/MultiFactorAuth/Plugin/AuthenticationHandler/Customer/CustomerMultiFactorAuthenticationHandlerPlugin.php index ad6e5ec..2251658 100644 --- a/src/Spryker/Yves/MultiFactorAuth/Plugin/AuthenticationHandler/Customer/CustomerMultiFactorAuthenticationHandlerPlugin.php +++ b/src/Spryker/Yves/MultiFactorAuth/Plugin/AuthenticationHandler/Customer/CustomerMultiFactorAuthenticationHandlerPlugin.php @@ -7,15 +7,17 @@ namespace Spryker\Yves\MultiFactorAuth\Plugin\AuthenticationHandler\Customer; +use Generated\Shared\Transfer\MultiFactorAuthTransfer; use Generated\Shared\Transfer\MultiFactorAuthValidationRequestTransfer; use Generated\Shared\Transfer\MultiFactorAuthValidationResponseTransfer; use Spryker\Yves\Kernel\AbstractPlugin; +use SprykerShop\Yves\CustomerPageExtension\Dependency\Plugin\AuthenticationCodeInvalidatorPluginInterface; use SprykerShop\Yves\CustomerPageExtension\Dependency\Plugin\AuthenticationHandlerPluginInterface; /** * @method \Spryker\Client\MultiFactorAuth\MultiFactorAuthClientInterface getClient() */ -class CustomerMultiFactorAuthenticationHandlerPlugin extends AbstractPlugin implements AuthenticationHandlerPluginInterface +class CustomerMultiFactorAuthenticationHandlerPlugin extends AbstractPlugin implements AuthenticationHandlerPluginInterface, AuthenticationCodeInvalidatorPluginInterface { /** * @var string @@ -51,4 +53,15 @@ public function validateCustomerMultiFactorStatus( ): MultiFactorAuthValidationResponseTransfer { return $this->getClient()->validateCustomerMultiFactorAuthStatus($multiFactorAuthValidationRequestTransfer); } + + /** + * {@inheritDoc} + * - Invalidates all multi-factor authentication codes for the provided customer. + * + * @api + */ + public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void + { + $this->getClient()->invalidateCustomerCodes($multiFactorAuthTransfer); + } } diff --git a/src/Spryker/Zed/MultiFactorAuth/Business/MultiFactorAuthFacade.php b/src/Spryker/Zed/MultiFactorAuth/Business/MultiFactorAuthFacade.php index 86877bd..1f20a49 100644 --- a/src/Spryker/Zed/MultiFactorAuth/Business/MultiFactorAuthFacade.php +++ b/src/Spryker/Zed/MultiFactorAuth/Business/MultiFactorAuthFacade.php @@ -240,4 +240,24 @@ public function getUserMultiFactorAuthTypes(MultiFactorAuthCriteriaTransfer $mul { return $this->getRepository()->getUserMultiFactorAuthTypes($multiFactorAuthCriteriaTransfer); } + + /** + * {@inheritDoc} + * + * @api + */ + public function invalidateUserCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void + { + $this->getEntityManager()->invalidateUserCodes($multiFactorAuthTransfer); + } + + /** + * {@inheritDoc} + * + * @api + */ + public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void + { + $this->getEntityManager()->invalidateCustomerCodes($multiFactorAuthTransfer); + } } diff --git a/src/Spryker/Zed/MultiFactorAuth/Business/MultiFactorAuthFacadeInterface.php b/src/Spryker/Zed/MultiFactorAuth/Business/MultiFactorAuthFacadeInterface.php index 40bf9c3..63d1c2e 100644 --- a/src/Spryker/Zed/MultiFactorAuth/Business/MultiFactorAuthFacadeInterface.php +++ b/src/Spryker/Zed/MultiFactorAuth/Business/MultiFactorAuthFacadeInterface.php @@ -217,4 +217,28 @@ public function findUserMultiFactorAuthType( * @return \Generated\Shared\Transfer\MultiFactorAuthTypesCollectionTransfer */ public function getUserMultiFactorAuthTypes(MultiFactorAuthCriteriaTransfer $multiFactorAuthCriteriaTransfer): MultiFactorAuthTypesCollectionTransfer; + + /** + * Specification: + * - Invalidates all active multi-factor authentication codes for a user. + * - Sets all active codes status to invalidated. + * - Called before login MFA flow to ensure fresh codes. + * + * @api + * + * @param \Generated\Shared\Transfer\MultiFactorAuthTransfer $multiFactorAuthTransfer + * + * @return void + */ + public function invalidateUserCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void; + + /** + * Specification: + * - Invalidates all active multi-factor authentication codes for a customer. + * - Sets all active codes status to invalidated. + * - Called before login MFA flow to ensure fresh codes. + * + * @api + */ + public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void; } diff --git a/src/Spryker/Zed/MultiFactorAuth/Business/Validator/AbstractMultiFactorAuthStatusValidator.php b/src/Spryker/Zed/MultiFactorAuth/Business/Validator/AbstractMultiFactorAuthStatusValidator.php index 9998e0d..a590eca 100644 --- a/src/Spryker/Zed/MultiFactorAuth/Business/Validator/AbstractMultiFactorAuthStatusValidator.php +++ b/src/Spryker/Zed/MultiFactorAuth/Business/Validator/AbstractMultiFactorAuthStatusValidator.php @@ -45,7 +45,8 @@ public function validate( if ( $multiFactorAuthCodeTransfer->getCode() === null || $multiFactorAuthCodeTransfer->getStatus() !== MultiFactorAuthConstants::CODE_VERIFIED || - new DateTime($multiFactorAuthCodeTransfer->getExpirationDateOrFail()) < $currentDateTime + new DateTime($multiFactorAuthCodeTransfer->getExpirationDateOrFail()) < $currentDateTime || + $multiFactorAuthValidationRequestTransfer->getIsLogin() === true ) { return $this->createMultiFactorAuthValidationResponseTransfer(true, $multiFactorAuthCodeTransfer->getStatus()); } diff --git a/src/Spryker/Zed/MultiFactorAuth/Communication/Controller/GatewayController.php b/src/Spryker/Zed/MultiFactorAuth/Communication/Controller/GatewayController.php index 6ee548e..08f48c7 100644 --- a/src/Spryker/Zed/MultiFactorAuth/Communication/Controller/GatewayController.php +++ b/src/Spryker/Zed/MultiFactorAuth/Communication/Controller/GatewayController.php @@ -165,4 +165,18 @@ public function deactivateUserMultiFactorAuthAction(MultiFactorAuthTransfer $mul return $multiFactorAuthTransfer; } + + public function invalidateCustomerCodesAction(MultiFactorAuthTransfer $multiFactorAuthTransfer): MultiFactorAuthTransfer + { + $this->getFacade()->invalidateCustomerCodes($multiFactorAuthTransfer); + + return $multiFactorAuthTransfer; + } + + public function invalidateUserCodesAction(MultiFactorAuthTransfer $multiFactorAuthTransfer): MultiFactorAuthTransfer + { + $this->getFacade()->invalidateUserCodes($multiFactorAuthTransfer); + + return $multiFactorAuthTransfer; + } } diff --git a/src/Spryker/Zed/MultiFactorAuth/Communication/Plugin/AuthenticationHandler/User/UserMultiFactorAuthenticationHandlerPlugin.php b/src/Spryker/Zed/MultiFactorAuth/Communication/Plugin/AuthenticationHandler/User/UserMultiFactorAuthenticationHandlerPlugin.php index 3d88ca3..6402e7a 100644 --- a/src/Spryker/Zed/MultiFactorAuth/Communication/Plugin/AuthenticationHandler/User/UserMultiFactorAuthenticationHandlerPlugin.php +++ b/src/Spryker/Zed/MultiFactorAuth/Communication/Plugin/AuthenticationHandler/User/UserMultiFactorAuthenticationHandlerPlugin.php @@ -7,9 +7,11 @@ namespace Spryker\Zed\MultiFactorAuth\Communication\Plugin\AuthenticationHandler\User; +use Generated\Shared\Transfer\MultiFactorAuthTransfer; use Generated\Shared\Transfer\MultiFactorAuthValidationRequestTransfer; use Generated\Shared\Transfer\MultiFactorAuthValidationResponseTransfer; use Spryker\Zed\Kernel\Communication\AbstractPlugin; +use Spryker\Zed\SecurityGuiExtension\Dependency\Plugin\AuthenticationCodeInvalidatorPluginInterface; use Spryker\Zed\SecurityGuiExtension\Dependency\Plugin\AuthenticationHandlerPluginInterface; /** @@ -17,7 +19,7 @@ * @method \Spryker\Zed\MultiFactorAuth\Business\MultiFactorAuthFacadeInterface getFacade()() * @method \Spryker\Zed\MultiFactorAuth\MultiFactorAuthConfig getConfig() */ -class UserMultiFactorAuthenticationHandlerPlugin extends AbstractPlugin implements AuthenticationHandlerPluginInterface +class UserMultiFactorAuthenticationHandlerPlugin extends AbstractPlugin implements AuthenticationHandlerPluginInterface, AuthenticationCodeInvalidatorPluginInterface { /** * @var string @@ -53,4 +55,15 @@ public function validateUserMultiFactorStatus( ): MultiFactorAuthValidationResponseTransfer { return $this->getFacade()->validateUserMultiFactorAuthStatus($multiFactorAuthValidationRequestTransfer); } + + /** + * {@inheritDoc} + * - Invalidates all multi-factor authentication codes for the provided user. + * + * @api + */ + public function invalidateUserCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void + { + $this->getFacade()->invalidateUserCodes($multiFactorAuthTransfer); + } } diff --git a/src/Spryker/Zed/MultiFactorAuth/Persistence/MultiFactorAuthEntityManager.php b/src/Spryker/Zed/MultiFactorAuth/Persistence/MultiFactorAuthEntityManager.php index 055c9cf..75c9420 100644 --- a/src/Spryker/Zed/MultiFactorAuth/Persistence/MultiFactorAuthEntityManager.php +++ b/src/Spryker/Zed/MultiFactorAuth/Persistence/MultiFactorAuthEntityManager.php @@ -11,6 +11,7 @@ use Generated\Shared\Transfer\MultiFactorAuthTransfer; use Orm\Zed\MultiFactorAuth\Persistence\Map\SpyCustomerMultiFactorAuthCodesTableMap; use Orm\Zed\MultiFactorAuth\Persistence\Map\SpyUserMultiFactorAuthCodesTableMap; +use Propel\Runtime\ActiveQuery\Criteria; use Spryker\Shared\MultiFactorAuth\MultiFactorAuthConstants; use Spryker\Zed\Kernel\Persistence\AbstractEntityManager; @@ -256,4 +257,63 @@ public function deleteUserMultiFactorAuth(MultiFactorAuthTransfer $multiFactorAu $this->updateUserCode($multiFactorAuthTransfer); } } + + public function invalidateUserCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void + { + $codeIds = $this->getFactory() + ->createSpyUserMultiFactorAuthCodeQuery() + ->useSpyUserMultiFactorAuthQuery() + ->filterByFkUser($multiFactorAuthTransfer->getUserOrFail()->getIdUserOrFail()) + ->endUse() + ->filterByStatus( + [ + MultiFactorAuthConstants::CODE_UNVERIFIED, + MultiFactorAuthConstants::CODE_VERIFIED, + ], + Criteria::IN, + ) + ->select([SpyUserMultiFactorAuthCodesTableMap::COL_ID_USER_MULTI_FACTOR_AUTH_CODE]) + ->find() + ->getData(); + + if ($codeIds === []) { + return; + } + + $this->getFactory() + ->createSpyUserMultiFactorAuthCodeQuery() + ->filterByIdUserMultiFactorAuthCode_In($codeIds) + ->update(['Status' => MultiFactorAuthConstants::CODE_INVALIDATED]); + } + + public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void + { + /** @var \Orm\Zed\MultiFactorAuth\Persistence\SpyCustomerMultiFactorAuthCodesQuery $customerMultiFactorAuthCodesQuery */ + $customerMultiFactorAuthCodesQuery = $this->getFactory() + ->createSpyCustomerMultiFactorAuthCodeQuery() + ->useSpyCustomerMultiFactorAuthQuery() + ->filterByFkCustomer($multiFactorAuthTransfer->getCustomerOrFail()->getIdCustomerOrFail()) + ->endUse(); + + $codeIds = $customerMultiFactorAuthCodesQuery + ->filterByStatus( + [ + MultiFactorAuthConstants::CODE_UNVERIFIED, + MultiFactorAuthConstants::CODE_VERIFIED, + ], + Criteria::IN, + ) + ->select([SpyCustomerMultiFactorAuthCodesTableMap::COL_ID_CUSTOMER_MULTI_FACTOR_AUTH_CODE]) + ->find() + ->getData(); + + if ($codeIds === []) { + return; + } + + $this->getFactory() + ->createSpyCustomerMultiFactorAuthCodeQuery() + ->filterByIdCustomerMultiFactorAuthCode_In($codeIds) + ->update(['Status' => MultiFactorAuthConstants::CODE_INVALIDATED]); + } } diff --git a/src/Spryker/Zed/MultiFactorAuth/Persistence/MultiFactorAuthEntityManagerInterface.php b/src/Spryker/Zed/MultiFactorAuth/Persistence/MultiFactorAuthEntityManagerInterface.php index 57bd35b..a9746d3 100644 --- a/src/Spryker/Zed/MultiFactorAuth/Persistence/MultiFactorAuthEntityManagerInterface.php +++ b/src/Spryker/Zed/MultiFactorAuth/Persistence/MultiFactorAuthEntityManagerInterface.php @@ -81,4 +81,8 @@ public function saveCustomerMultiFactorAuthCodeAttempt(MultiFactorAuthCodeTransf * @return void */ public function saveUserMultiFactorAuthCodeAttempt(MultiFactorAuthCodeTransfer $multiFactorAuthCodeTransfer): void; + + public function invalidateUserCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void; + + public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void; }