Skip to content

Commit

Permalink
Task/Fix tfa email template and enable tfa (#558)
Browse files Browse the repository at this point in the history
* Updated tfa email template and added hook to install tide tfa.

* Updated behat test to check the force tfa option as we are removing the option.
  • Loading branch information
MdNadimHossain authored Nov 27, 2024
1 parent b05c577 commit b560452
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 5 deletions.
16 changes: 13 additions & 3 deletions modules/tide_tfa/src/TideTfaOperation.php
Original file line number Diff line number Diff line change
Expand Up @@ -102,23 +102,33 @@ public static function setupTfaSettings() {
'tfa_email_otp' => [
'code_validity_period' => '600',
'email_setting' => [
'subject' => '[site:name] Authentication code',
'body' => '[user:display-name],\r\n\r\nThis code is valid for [length] minutes. Your code is: [code]\r\n\r\nThis code will expire once you have logged in.',
'subject' => 'Single Digtial Presence CMS two-factor authentication code',
'body' => '[user:display-name],\r\n\r\nThis code is valid for [length] minutes. \r\n\r\nYour code is: [code]\r\n\r\nThis code will expire once you have logged in.',
],
],
];
$mail_settings = [
'tfa_enabled_configuration' => [
'subject' => 'Your Single Digtial Presence CMS account now has two-factor authentication',
'body' => "[user:display-name],\r\n\r\nThanks for configuring two-factor authentication on your Single Digital Presence account!\r\n\r\nThis additional level of security will help to ensure that only you are able to log in to your account.\r\n\r\nIf you ever lose the device you configured, you should act quickly to delete its association with this account.\r\n\r\nFrom the SDP team\r\n\r\nRead more about 2FA: https://digital-vic.atlassian.net/servicedesk/customer/article/2439479507",
],
'tfa_disabled_configuration' => [
'subject' => 'Your Single Digtial Presence CMS account now has two-factor authentication',
'body' => "[user:display-name],\r\n\r\nThanks for configuring two-factor authentication on your Single Digital Presence account!\r\n\r\nThis additional level of security will help to ensure that only you are able to log in to your account.\r\n\r\nIf you ever lose the device you configured, you should act quickly to delete its association with this account.\r\n\r\nFrom the SDP team\r\n\r\nRead more about 2FA: https://digital-vic.atlassian.net/servicedesk/customer/article/2439479507",
],
];

$tfa_settings = \Drupal::configFactory()->getEditable('tfa.settings');
$tfa_settings->set('enabled', FALSE)
->set('required_roles', $tfa_required_roles)
->set('forced', 1)
->set('login_plugin_settings', $login_plugin_settings)
->set('allowed_validation_plugins', $allowed_validation_plugins)
->set('default_validation_plugin', self::DEFAULT_VALIDATION_PLUGIN)
->set('validation_plugin_settings', $validation_plugin_settings)
->set('encryption', self::ENCRYPTION_PROFILE)
->set('users_without_tfa_redirect', TRUE)
->set('reset_pass_skip_enabled', TRUE)
->set('mail', $mail_settings)
->save();
}

Expand Down
2 changes: 0 additions & 2 deletions tests/behat/features/tide_2fa.feature
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,6 @@ Feature: Force 2FA setup
And I see the text "TFA Settings"
And I see field "edit-tfa-enabled"
And the "edit-tfa-enabled" checkbox should not be checked
And I see field "edit-tfa-forced"
And the "edit-tfa-forced" checkbox should be checked
Then I save screenshot
Examples:
| role |
Expand Down
12 changes: 12 additions & 0 deletions tide_core.install
Original file line number Diff line number Diff line change
Expand Up @@ -304,3 +304,15 @@ function tide_core_update_10009() {
}
}
}

/**
* Enable tide_tfa.
*/
function tide_core_update_10010() {
// Enabled tide_tfa module.
if (!\Drupal::moduleHandler()->moduleExists('tide_tfa')) {
/** @var \Drupal\Core\Extension\ModuleInstallerInterface $module_installer */
$module_installer = \Drupal::service('module_installer');
$module_installer->install(['tide_tfa']);
}
}

0 comments on commit b560452

Please sign in to comment.