From b560452e09682eb7d06f80b6d3e962b1b4693563 Mon Sep 17 00:00:00 2001
From: Md Nadim Hossain <getovic@gmail.com>
Date: Wed, 27 Nov 2024 16:52:04 +1100
Subject: [PATCH] Task/Fix tfa email template and enable tfa (#558)

* Updated tfa email template and added hook to install tide tfa.

* Updated behat test to check the force tfa option as we are removing the option.
---
 modules/tide_tfa/src/TideTfaOperation.php | 16 +++++++++++++---
 tests/behat/features/tide_2fa.feature     |  2 --
 tide_core.install                         | 12 ++++++++++++
 3 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/modules/tide_tfa/src/TideTfaOperation.php b/modules/tide_tfa/src/TideTfaOperation.php
index 281c7f2c8..31da59282 100644
--- a/modules/tide_tfa/src/TideTfaOperation.php
+++ b/modules/tide_tfa/src/TideTfaOperation.php
@@ -102,16 +102,25 @@ public static function setupTfaSettings() {
       'tfa_email_otp' => [
         'code_validity_period' => '600',
         'email_setting' => [
-          'subject' => '[site:name] Authentication code',
-          'body' => '[user:display-name],\r\n\r\nThis code is valid for [length] minutes. Your code is: [code]\r\n\r\nThis code will expire once you have logged in.',
+          'subject' => 'Single Digtial Presence CMS two-factor authentication code',
+          'body' => '[user:display-name],\r\n\r\nThis code is valid for [length] minutes. \r\n\r\nYour code is: [code]\r\n\r\nThis code will expire once you have logged in.',
         ],
       ],
     ];
+    $mail_settings = [
+      'tfa_enabled_configuration' => [
+        'subject' => 'Your Single Digtial Presence CMS account now has two-factor authentication',
+        'body' => "[user:display-name],\r\n\r\nThanks for configuring two-factor authentication on your Single Digital Presence account!\r\n\r\nThis additional level of security will help to ensure that only you are able to log in to your account.\r\n\r\nIf you ever lose the device you configured, you should act quickly to delete its association with this account.\r\n\r\nFrom the SDP team\r\n\r\nRead more about 2FA: https://digital-vic.atlassian.net/servicedesk/customer/article/2439479507",
+      ],
+      'tfa_disabled_configuration' => [
+        'subject' => 'Your Single Digtial Presence CMS account now has two-factor authentication',
+        'body' => "[user:display-name],\r\n\r\nThanks for configuring two-factor authentication on your Single Digital Presence account!\r\n\r\nThis additional level of security will help to ensure that only you are able to log in to your account.\r\n\r\nIf you ever lose the device you configured, you should act quickly to delete its association with this account.\r\n\r\nFrom the SDP team\r\n\r\nRead more about 2FA: https://digital-vic.atlassian.net/servicedesk/customer/article/2439479507",
+      ],
+    ];
 
     $tfa_settings = \Drupal::configFactory()->getEditable('tfa.settings');
     $tfa_settings->set('enabled', FALSE)
       ->set('required_roles', $tfa_required_roles)
-      ->set('forced', 1)
       ->set('login_plugin_settings', $login_plugin_settings)
       ->set('allowed_validation_plugins', $allowed_validation_plugins)
       ->set('default_validation_plugin', self::DEFAULT_VALIDATION_PLUGIN)
@@ -119,6 +128,7 @@ public static function setupTfaSettings() {
       ->set('encryption', self::ENCRYPTION_PROFILE)
       ->set('users_without_tfa_redirect', TRUE)
       ->set('reset_pass_skip_enabled', TRUE)
+      ->set('mail', $mail_settings)
       ->save();
   }
 
diff --git a/tests/behat/features/tide_2fa.feature b/tests/behat/features/tide_2fa.feature
index 08b2f5c5d..e6c59a924 100644
--- a/tests/behat/features/tide_2fa.feature
+++ b/tests/behat/features/tide_2fa.feature
@@ -25,8 +25,6 @@ Feature: Force 2FA setup
     And I see the text "TFA Settings"
     And I see field "edit-tfa-enabled"
     And the "edit-tfa-enabled" checkbox should not be checked
-    And I see field "edit-tfa-forced"
-    And the "edit-tfa-forced" checkbox should be checked
     Then I save screenshot
     Examples:
       | role               |
diff --git a/tide_core.install b/tide_core.install
index 394aa131a..a60005191 100644
--- a/tide_core.install
+++ b/tide_core.install
@@ -304,3 +304,15 @@ function tide_core_update_10009() {
     }
   }
 }
+
+/**
+ * Enable tide_tfa.
+ */
+function tide_core_update_10010() {
+  // Enabled tide_tfa module.
+  if (!\Drupal::moduleHandler()->moduleExists('tide_tfa')) {
+    /** @var \Drupal\Core\Extension\ModuleInstallerInterface $module_installer */
+    $module_installer = \Drupal::service('module_installer');
+    $module_installer->install(['tide_tfa']);
+  }
+}