Merge pull request #5 from BorisovskiP/disable-tfa-mftf

Disable 2FA for MFTF

Author: markshust

Test/Mftf/ActionGroup/AdminLoginActionGroup.xml

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
+ <actionGroup name="AdminLoginActionGroup">
+ <helper class="MarkShust\DisableTwoFactorAuth\Test\Mftf\Helper\SetSharedSecretOverride" method="execute" stepKey="setSharedSecret" before="clickLogin">
+ <argument name="username">{{username}}</argument>
+ </helper>
+ <helper class="MarkShust\DisableTwoFactorAuth\Test\Mftf\Helper\FillOtpOverride" method="execute" stepKey="fillOtp" before="clickDontAllowButtonIfVisible">
+ <argument name="tfaAuthCodeSelector">{{AdminGoogleTfaSection.tfaAuthCode}}</argument>
+ <argument name="confirmSelector">{{AdminGoogleTfaSection.confirm}}</argument>
+ <argument name="errorMessageSelector">{{AdminLoginMessagesSection.messageByType('error')}}</argument>
+ </helper>
+ </actionGroup>
+</actionGroups>

Test/Mftf/Helper/FillOtpOverride.php

@@ -0,0 +1,53 @@
+<?php
+
+declare(strict_types=1);
+
+namespace MarkShust\DisableTwoFactorAuth\Test\Mftf\Helper;
+
+use Magento\FunctionalTestingFramework\Exceptions\TestFrameworkException;
+use Magento\FunctionalTestingFramework\Helper\Helper;
+use Magento\FunctionalTestingFramework\Module\MagentoWebDriver;
+
+class FillOtpOverride extends Helper
+{
+ /**
+ * Fill the OTP form if appropriate
+ *
+ * @param string $tfaAuthCodeSelector
+ * @param string $confirmSelector
+ * @param string $errorMessageSelector
+ */
+ public function execute(string $tfaAuthCodeSelector, string $confirmSelector, string $errorMessageSelector): void
+ {
+ /** @var MagentoWebDriver $webDriver */
+ $webDriver = $this->getModule('\\' . MagentoWebDriver::class);
+ if (!$this->checkIfTwoFactorIsEnabled($webDriver)) {
+ return;
+ }
+ try {
+ $webDriver->seeElementInDOM($errorMessageSelector);
+ // Login failed so don't handle 2fa
+ } catch (\Exception $e) {
+ $otp = $webDriver->getOTP();
+ $webDriver->waitForPageLoad();
+ $webDriver->waitForElementVisible($tfaAuthCodeSelector);
+ $webDriver->fillField($tfaAuthCodeSelector, $otp);
+ $webDriver->click($confirmSelector);
+ $webDriver->waitForPageLoad();
+ }
+ }
+
+ /**
+ * @param MagentoWebDriver $webDriver
+ */
+ private function checkIfTwoFactorIsEnabled(MagentoWebDriver $webDriver): bool
+ {
+ try {
+ return (bool)$webDriver->magentoCLI('config:show twofactorauth/general/enable');
+ } catch (TestFrameworkException $exception) {
+
+ return false;
+ }
+
+ }
+}

Test/Mftf/Helper/SetSharedSecretOverride.php

@@ -0,0 +1,59 @@
+<?php
+
+declare(strict_types=1);
+
+namespace MarkShust\DisableTwoFactorAuth\Test\Mftf\Helper;
+
+use Magento\FunctionalTestingFramework\DataGenerator\Handlers\CredentialStore;
+use Magento\FunctionalTestingFramework\Exceptions\TestFrameworkException;
+use Magento\FunctionalTestingFramework\Helper\Helper;
+use Magento\FunctionalTestingFramework\Module\MagentoWebDriver;
+
+class SetSharedSecretOverride extends Helper
+{
+ /**
+ * Set the shared secret if appropriate
+ *
+ * @param string $username
+ */
+ /**
+ * Set the shared secret if appropriate
+ *
+ * @param string $username
+ */
+ public function execute(string $username): void
+ {
+ /** @var MagentoWebDriver $webDriver */
+ $webDriver = $this->getModule('\\' . MagentoWebDriver::class);
+ $credentialStore = CredentialStore::getInstance();
+ if ($username !== getenv('MAGENTO_ADMIN_USERNAME')) {
+ $sharedSecret = $credentialStore->decryptSecretValue(
+ $credentialStore->getSecret('magento/tfa/OTP_SHARED_SECRET')
+ );
+ if (!$this->checkIfTwoFactorIsEnabled($webDriver)) {
+ return;
+ }
+ try {
+ $webDriver->magentoCLI(
+ 'security:tfa:google:set-secret ' . $username . ' ' . $sharedSecret
+ );
+ } catch (\Throwable $exception) {
+ // Some tests intentionally use bad credentials.
+ }
+ }
+ }
+
+ /**
+ * @param MagentoWebDriver $webDriver
+ */
+ private function checkIfTwoFactorIsEnabled(MagentoWebDriver $webDriver): bool
+ {
+ try {
+ return (bool)$webDriver->magentoCLI('config:show twofactorauth/general/enable');
+ } catch (TestFrameworkException $exception) {
+
+ return false;
+ }
+
+ }
+}