[Backport] FRW-11006 Adjusted the login flow

composer.json

@@ -5,8 +5,8 @@
     "license": "proprietary",
     "require": {
         "php": ">=8.3",
-        "spryker-shop/agent-page-extension": "^1.1.0",
-        "spryker-shop/customer-page-extension": "^1.7.0",
+        "spryker-shop/agent-page-extension": "^1.2.0",
+        "spryker-shop/customer-page-extension": "^1.8.0",
         "spryker/agent": "^1.0.0",
         "spryker/application": "^3.0.0",
         "spryker/customer": "^7.0.0",
@@ -22,7 +22,7 @@
         "spryker/mail-extension": "^1.0.0",
         "spryker/multi-factor-auth-extension": "^1.2.0",
         "spryker/propel-orm": "^1.16.0",
-        "spryker/security-gui-extension": "^1.3.0",
+        "spryker/security-gui-extension": "^1.4.0",
         "spryker/session": "^4.0.0",
         "spryker/symfony": "^3.15.0",
         "spryker/transfer": "^3.27.0",

src/Spryker/Client/MultiFactorAuth/MultiFactorAuthClient.php

@@ -205,4 +205,24 @@ public function findCustomerMultiFactorAuthType(
     ): MultiFactorAuthCodeTransfer {
         return $this->getFactory()->createCustomerMultiFactorAuthStub()->findCustomerMultiFactorAuthType($multiFactorAuthCodeCriteriaTransfer);
     }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @api
+     */
+    public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void
+    {
+        $this->getFactory()->createCustomerMultiFactorAuthStub()->invalidateCustomerCodes($multiFactorAuthTransfer);
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @api
+     */
+    public function invalidateAgentCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void
+    {
+        $this->getFactory()->createAgentMultiFactorAuthStub()->invalidateAgentCodes($multiFactorAuthTransfer);
+    }
 }

src/Spryker/Client/MultiFactorAuth/MultiFactorAuthClientInterface.php

@@ -201,4 +201,24 @@ public function deactivateAgentMultiFactorAuth(MultiFactorAuthTransfer $multiFac
     public function findCustomerMultiFactorAuthType(
         MultiFactorAuthCodeCriteriaTransfer $multiFactorAuthCodeCriteriaTransfer
     ): MultiFactorAuthCodeTransfer;
+
+    /**
+     * Specification:
+     * - Makes Zed request.
+     * - Invalidates all active multi-factor authentication codes for a customer.
+     * - Sets all active codes status to invalidated.
+     *
+     * @api
+     */
+    public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void;
+
+    /**
+     * Specification:
+     * - Makes Zed request.
+     * - Invalidates all active multi-factor authentication codes for a user.
+     * - Sets all active codes status to invalidated.
+     *
+     * @api
+     */
+    public function invalidateAgentCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void;
 }

src/Spryker/Client/MultiFactorAuth/Zed/Agent/AgentMultiFactorAuthStub.php

@@ -113,4 +113,12 @@ public function deactivateAgentMultiFactorAuth(MultiFactorAuthTransfer $multiFac
 
         return $multiFactorAuthTransfer;
     }
+
+    /**
+     * @uses {@link \Spryker\Zed\MultiFactorAuth\Communication\Controller\GatewayController::invalidateUserCodesAction()}
+     */
+    public function invalidateAgentCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void
+    {
+        $this->zedStub->call('/multi-factor-auth/gateway/invalidate-user-codes', $multiFactorAuthTransfer);
+    }
 }

src/Spryker/Client/MultiFactorAuth/Zed/Agent/AgentMultiFactorAuthStubInterface.php

@@ -58,4 +58,6 @@ public function activateAgentMultiFactorAuth(MultiFactorAuthTransfer $multiFacto
      * @return \Generated\Shared\Transfer\MultiFactorAuthTransfer
      */
     public function deactivateAgentMultiFactorAuth(MultiFactorAuthTransfer $multiFactorAuthTransfer): MultiFactorAuthTransfer;
+
+    public function invalidateAgentCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void;
 }

src/Spryker/Client/MultiFactorAuth/Zed/Customer/CustomerMultiFactorAuthStub.php

@@ -131,4 +131,12 @@ public function findCustomerMultiFactorAuthType(
 
         return $multiFactorAuthCodeTransfer;
     }
+
+    /**
+     * @uses {@link \Spryker\Zed\MultiFactorAuth\Communication\Controller\GatewayController::invalidateCustomerCodesAction()}
+     */
+    public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void
+    {
+        $this->zedStub->call('/multi-factor-auth/gateway/invalidate-customer-codes', $multiFactorAuthTransfer);
+    }
 }

src/Spryker/Client/MultiFactorAuth/Zed/Customer/CustomerMultiFactorAuthStubInterface.php

@@ -69,4 +69,6 @@ public function deactivateCustomerMultiFactorAuth(MultiFactorAuthTransfer $multi
     public function findCustomerMultiFactorAuthType(
         MultiFactorAuthCodeCriteriaTransfer $multiFactorAuthCodeCriteriaTransfer
     ): MultiFactorAuthCodeTransfer;
+
+    public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void;
 }

src/Spryker/Shared/MultiFactorAuth/Transfer/multi_factor_auth.transfer.xml

@@ -42,6 +42,7 @@
         <property name="type" type="string"/>
         <property name="isDeactivation" type="bool"/>
         <property name="isActivation" type="bool"/>
+        <property name="isLogin" type="bool"/>
         <property name="additionalStatuses" type="array" singular="additionalStatus"/>
     </transfer>
 

src/Spryker/Yves/MultiFactorAuth/Plugin/AuthenticationHandler/Agent/AgentUserMultiFactorAuthenticationHandlerPlugin.php

@@ -7,16 +7,18 @@
 
 namespace Spryker\Yves\MultiFactorAuth\Plugin\AuthenticationHandler\Agent;
 
+use Generated\Shared\Transfer\MultiFactorAuthTransfer;
 use Generated\Shared\Transfer\MultiFactorAuthValidationRequestTransfer;
 use Generated\Shared\Transfer\MultiFactorAuthValidationResponseTransfer;
 use Spryker\Yves\Kernel\AbstractPlugin;
+use SprykerShop\Yves\AgentPageExtension\Dependency\Plugin\AuthenticationCodeInvalidatorPluginInterface;
 use SprykerShop\Yves\AgentPageExtension\Dependency\Plugin\AuthenticationHandlerPluginInterface;
 
 /**
  * @method \Spryker\Yves\MultiFactorAuth\MultiFactorAuthFactory getFactory()
  * @method \Spryker\Client\MultiFactorAuth\MultiFactorAuthClientInterface getClient()
  */
-class AgentUserMultiFactorAuthenticationHandlerPlugin extends AbstractPlugin implements AuthenticationHandlerPluginInterface
+class AgentUserMultiFactorAuthenticationHandlerPlugin extends AbstractPlugin implements AuthenticationHandlerPluginInterface, AuthenticationCodeInvalidatorPluginInterface
 {
     /**
      * @var string
@@ -52,4 +54,15 @@ public function validateAgentMultiFactorStatus(
     ): MultiFactorAuthValidationResponseTransfer {
         return $this->getClient()->validateAgentMultiFactorAuthStatus($multiFactorAuthValidationRequestTransfer);
     }
+
+    /**
+     * {@inheritDoc}
+     * - Invalidates all multi-factor authentication codes for the provided agent user.
+     *
+     * @api
+     */
+    public function invalidateAgentCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void
+    {
+        $this->getClient()->invalidateAgentCodes($multiFactorAuthTransfer);
+    }
 }

src/Spryker/Yves/MultiFactorAuth/Plugin/AuthenticationHandler/Customer/CustomerMultiFactorAuthenticationHandlerPlugin.php

@@ -7,15 +7,17 @@
 
 namespace Spryker\Yves\MultiFactorAuth\Plugin\AuthenticationHandler\Customer;
 
+use Generated\Shared\Transfer\MultiFactorAuthTransfer;
 use Generated\Shared\Transfer\MultiFactorAuthValidationRequestTransfer;
 use Generated\Shared\Transfer\MultiFactorAuthValidationResponseTransfer;
 use Spryker\Yves\Kernel\AbstractPlugin;
+use SprykerShop\Yves\CustomerPageExtension\Dependency\Plugin\AuthenticationCodeInvalidatorPluginInterface;
 use SprykerShop\Yves\CustomerPageExtension\Dependency\Plugin\AuthenticationHandlerPluginInterface;
 
 /**
  * @method \Spryker\Client\MultiFactorAuth\MultiFactorAuthClientInterface getClient()
  */
-class CustomerMultiFactorAuthenticationHandlerPlugin extends AbstractPlugin implements AuthenticationHandlerPluginInterface
+class CustomerMultiFactorAuthenticationHandlerPlugin extends AbstractPlugin implements AuthenticationHandlerPluginInterface, AuthenticationCodeInvalidatorPluginInterface
 {
     /**
      * @var string
@@ -51,4 +53,15 @@ public function validateCustomerMultiFactorStatus(
     ): MultiFactorAuthValidationResponseTransfer {
         return $this->getClient()->validateCustomerMultiFactorAuthStatus($multiFactorAuthValidationRequestTransfer);
     }
+
+    /**
+     * {@inheritDoc}
+     * - Invalidates all multi-factor authentication codes for the provided customer.
+     *
+     * @api
+     */
+    public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void
+    {
+        $this->getClient()->invalidateCustomerCodes($multiFactorAuthTransfer);
+    }
 }

src/Spryker/Zed/MultiFactorAuth/Business/MultiFactorAuthFacade.php

@@ -240,4 +240,24 @@ public function getUserMultiFactorAuthTypes(MultiFactorAuthCriteriaTransfer $mul
     {
         return $this->getRepository()->getUserMultiFactorAuthTypes($multiFactorAuthCriteriaTransfer);
     }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @api
+     */
+    public function invalidateUserCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void
+    {
+        $this->getEntityManager()->invalidateUserCodes($multiFactorAuthTransfer);
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @api
+     */
+    public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void
+    {
+        $this->getEntityManager()->invalidateCustomerCodes($multiFactorAuthTransfer);
+    }
 }

src/Spryker/Zed/MultiFactorAuth/Business/MultiFactorAuthFacadeInterface.php

@@ -217,4 +217,28 @@ public function findUserMultiFactorAuthType(
      * @return \Generated\Shared\Transfer\MultiFactorAuthTypesCollectionTransfer
      */
     public function getUserMultiFactorAuthTypes(MultiFactorAuthCriteriaTransfer $multiFactorAuthCriteriaTransfer): MultiFactorAuthTypesCollectionTransfer;
+
+    /**
+     * Specification:
+     * - Invalidates all active multi-factor authentication codes for a user.
+     * - Sets all active codes status to invalidated.
+     * - Called before login MFA flow to ensure fresh codes.
+     *
+     * @api
+     *
+     * @param \Generated\Shared\Transfer\MultiFactorAuthTransfer $multiFactorAuthTransfer
+     *
+     * @return void
+     */
+    public function invalidateUserCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void;
+
+    /**
+     * Specification:
+     * - Invalidates all active multi-factor authentication codes for a customer.
+     * - Sets all active codes status to invalidated.
+     * - Called before login MFA flow to ensure fresh codes.
+     *
+     * @api
+     */
+    public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void;
 }

src/Spryker/Zed/MultiFactorAuth/Business/Validator/AbstractMultiFactorAuthStatusValidator.php

@@ -45,7 +45,8 @@ public function validate(
         if (
             $multiFactorAuthCodeTransfer->getCode() === null ||
             $multiFactorAuthCodeTransfer->getStatus() !== MultiFactorAuthConstants::CODE_VERIFIED ||
-            new DateTime($multiFactorAuthCodeTransfer->getExpirationDateOrFail()) < $currentDateTime
+            new DateTime($multiFactorAuthCodeTransfer->getExpirationDateOrFail()) < $currentDateTime ||
+            $multiFactorAuthValidationRequestTransfer->getIsLogin() === true
         ) {
             return $this->createMultiFactorAuthValidationResponseTransfer(true, $multiFactorAuthCodeTransfer->getStatus());
         }

src/Spryker/Zed/MultiFactorAuth/Communication/Controller/GatewayController.php

@@ -165,4 +165,18 @@ public function deactivateUserMultiFactorAuthAction(MultiFactorAuthTransfer $mul
 
         return $multiFactorAuthTransfer;
     }
+
+    public function invalidateCustomerCodesAction(MultiFactorAuthTransfer $multiFactorAuthTransfer): MultiFactorAuthTransfer
+    {
+        $this->getFacade()->invalidateCustomerCodes($multiFactorAuthTransfer);
+
+        return $multiFactorAuthTransfer;
+    }
+
+    public function invalidateUserCodesAction(MultiFactorAuthTransfer $multiFactorAuthTransfer): MultiFactorAuthTransfer
+    {
+        $this->getFacade()->invalidateUserCodes($multiFactorAuthTransfer);
+
+        return $multiFactorAuthTransfer;
+    }
 }

src/Spryker/Zed/MultiFactorAuth/Communication/Plugin/AuthenticationHandler/User/UserMultiFactorAuthenticationHandlerPlugin.php

@@ -7,17 +7,19 @@
 
 namespace Spryker\Zed\MultiFactorAuth\Communication\Plugin\AuthenticationHandler\User;
 
+use Generated\Shared\Transfer\MultiFactorAuthTransfer;
 use Generated\Shared\Transfer\MultiFactorAuthValidationRequestTransfer;
 use Generated\Shared\Transfer\MultiFactorAuthValidationResponseTransfer;
 use Spryker\Zed\Kernel\Communication\AbstractPlugin;
+use Spryker\Zed\SecurityGuiExtension\Dependency\Plugin\AuthenticationCodeInvalidatorPluginInterface;
 use Spryker\Zed\SecurityGuiExtension\Dependency\Plugin\AuthenticationHandlerPluginInterface;
 
 /**
  * @method \Spryker\Zed\MultiFactorAuth\Communication\MultiFactorAuthCommunicationFactory getFactory()
  * @method \Spryker\Zed\MultiFactorAuth\Business\MultiFactorAuthFacadeInterface getFacade()()
  * @method \Spryker\Zed\MultiFactorAuth\MultiFactorAuthConfig getConfig()
  */
-class UserMultiFactorAuthenticationHandlerPlugin extends AbstractPlugin implements AuthenticationHandlerPluginInterface
+class UserMultiFactorAuthenticationHandlerPlugin extends AbstractPlugin implements AuthenticationHandlerPluginInterface, AuthenticationCodeInvalidatorPluginInterface
 {
     /**
      * @var string
@@ -53,4 +55,15 @@ public function validateUserMultiFactorStatus(
     ): MultiFactorAuthValidationResponseTransfer {
         return $this->getFacade()->validateUserMultiFactorAuthStatus($multiFactorAuthValidationRequestTransfer);
     }
+
+    /**
+     * {@inheritDoc}
+     * - Invalidates all multi-factor authentication codes for the provided user.
+     *
+     * @api
+     */
+    public function invalidateUserCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void
+    {
+        $this->getFacade()->invalidateUserCodes($multiFactorAuthTransfer);
+    }
 }

src/Spryker/Zed/MultiFactorAuth/Persistence/MultiFactorAuthEntityManager.php

@@ -11,6 +11,7 @@
 use Generated\Shared\Transfer\MultiFactorAuthTransfer;
 use Orm\Zed\MultiFactorAuth\Persistence\Map\SpyCustomerMultiFactorAuthCodesTableMap;
 use Orm\Zed\MultiFactorAuth\Persistence\Map\SpyUserMultiFactorAuthCodesTableMap;
+use Propel\Runtime\ActiveQuery\Criteria;
 use Spryker\Shared\MultiFactorAuth\MultiFactorAuthConstants;
 use Spryker\Zed\Kernel\Persistence\AbstractEntityManager;
 
@@ -256,4 +257,63 @@ public function deleteUserMultiFactorAuth(MultiFactorAuthTransfer $multiFactorAu
             $this->updateUserCode($multiFactorAuthTransfer);
         }
     }
+
+    public function invalidateUserCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void
+    {
+        $codeIds = $this->getFactory()
+            ->createSpyUserMultiFactorAuthCodeQuery()
+            ->useSpyUserMultiFactorAuthQuery()
+            ->filterByFkUser($multiFactorAuthTransfer->getUserOrFail()->getIdUserOrFail())
+            ->endUse()
+            ->filterByStatus(
+                [
+                    MultiFactorAuthConstants::CODE_UNVERIFIED,
+                    MultiFactorAuthConstants::CODE_VERIFIED,
+                ],
+                Criteria::IN,
+            )
+            ->select([SpyUserMultiFactorAuthCodesTableMap::COL_ID_USER_MULTI_FACTOR_AUTH_CODE])
+            ->find()
+            ->getData();
+
+        if ($codeIds === []) {
+            return;
+        }
+
+        $this->getFactory()
+            ->createSpyUserMultiFactorAuthCodeQuery()
+            ->filterByIdUserMultiFactorAuthCode_In($codeIds)
+            ->update(['Status' => MultiFactorAuthConstants::CODE_INVALIDATED]);
+    }
+
+    public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void
+    {
+        /** @var \Orm\Zed\MultiFactorAuth\Persistence\SpyCustomerMultiFactorAuthCodesQuery $customerMultiFactorAuthCodesQuery */
+        $customerMultiFactorAuthCodesQuery = $this->getFactory()
+            ->createSpyCustomerMultiFactorAuthCodeQuery()
+            ->useSpyCustomerMultiFactorAuthQuery()
+            ->filterByFkCustomer($multiFactorAuthTransfer->getCustomerOrFail()->getIdCustomerOrFail())
+            ->endUse();
+
+        $codeIds = $customerMultiFactorAuthCodesQuery
+            ->filterByStatus(
+                [
+                    MultiFactorAuthConstants::CODE_UNVERIFIED,
+                    MultiFactorAuthConstants::CODE_VERIFIED,
+                ],
+                Criteria::IN,
+            )
+            ->select([SpyCustomerMultiFactorAuthCodesTableMap::COL_ID_CUSTOMER_MULTI_FACTOR_AUTH_CODE])
+            ->find()
+            ->getData();
+
+        if ($codeIds === []) {
+            return;
+        }
+
+        $this->getFactory()
+            ->createSpyCustomerMultiFactorAuthCodeQuery()
+            ->filterByIdCustomerMultiFactorAuthCode_In($codeIds)
+            ->update(['Status' => MultiFactorAuthConstants::CODE_INVALIDATED]);
+    }
 }

src/Spryker/Zed/MultiFactorAuth/Persistence/MultiFactorAuthEntityManagerInterface.php

@@ -81,4 +81,8 @@ public function saveCustomerMultiFactorAuthCodeAttempt(MultiFactorAuthCodeTransf
      * @return void
      */
     public function saveUserMultiFactorAuthCodeAttempt(MultiFactorAuthCodeTransfer $multiFactorAuthCodeTransfer): void;
+
+    public function invalidateUserCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void;
+
+    public function invalidateCustomerCodes(MultiFactorAuthTransfer $multiFactorAuthTransfer): void;
 }