Issue #3316499 by jcnventura: Refactor the TfaContext into a trait, rename the...

use Drupal\Core\Form\FormStateInterface;

use Drupal\Core\Mail\MailManagerInterface;

use Drupal\Core\Password\PasswordInterface;

use Drupal\tfa\TfaDataTrait;

use Drupal\tfa\TfaUserDataTrait;

use Drupal\tfa\TfaValidationPluginManager;

use Drupal\user\Entity\User;

use Drupal\user\UserDataInterface;

 * TFA disable form router.

 */

class TfaDisableForm extends FormBase {

  use TfaDataTrait;

  use TfaUserDataTrait;

  /**

   * The validation plugin manager.

   */

  protected $manager;

  /**

   * Provides the user data service object.

   *

   * @var \Drupal\user\UserDataInterface

   */

  protected $userData;

  /**

   * The password hashing service.

   *

use Drupal\Core\Form\FormStateInterface;

use Drupal\Core\Url;

use Drupal\tfa\Plugin\TfaSendInterface;

use Drupal\tfa\TfaContext;

use Drupal\tfa\TfaLoginContextTrait;

use Drupal\tfa\TfaLoginTrait;

use Drupal\tfa\TfaUserDataTrait;

use Drupal\user\Form\UserLoginForm;

use Symfony\Component\DependencyInjection\ContainerInterface;

 * @noinspection PhpInternalEntityUsedInspection

 */

class TfaLoginForm extends UserLoginForm {

  use TfaLoginContextTrait;

  use TfaLoginTrait;

  /**

   * The validation plugin manager to fetch plugin information.

   *

   * @var \Drupal\tfa\TfaValidationPluginManager

   */

  protected $tfaValidationManager;

  /**

   * The login plugin manager to fetch plugin information.

   *

   * @var \Drupal\tfa\TfaLoginPluginManager

   */

  protected $tfaLoginManager;

  /**

   * The current validation plugin.

   *

   * @var \Drupal\tfa\Plugin\TfaValidationInterface

   */

  protected $tfaValidationPlugin;

  /**

   * The user data service.

   *

   * @var \Drupal\user\UserDataInterface

   */

  protected $userData;

  use TfaUserDataTrait;

  /**

   * Redirect destination service.

   */

  protected $destination;

  /**

   * Tfa login context object.

   *

   * This will be initialized in the submitForm() method.

   *

   * @var \Drupal\tfa\TfaContext

   */

  protected $tfaContext;

  /**

   * {@inheritdoc}

   */

    $instance->tfaValidationManager = $container->get('plugin.manager.tfa.validation');

    $instance->tfaLoginManager = $container->get('plugin.manager.tfa.login');

    $instance->tfaSettings = $container->get('config.factory')->get('tfa.settings');

    $instance->userData = $container->get('user.data');

    $instance->destination = $container->get('redirect.destination');

    return $instance;

    }

    // Similar to tfa_user_login() but not required to force user logout.

    /** @var \Drupal\user\Entity\User $user */

    $user = $this->userStorage->load($uid);

    $this->tfaContext = new TfaContext(

      $this->tfaValidationManager,

      $this->tfaLoginManager,

      $this->configFactory(),

      $user,

      $this->userData,

      $this->getRequest()

    );

    $this->setUser($uid);

    /* Uncomment when things go wrong and you get logged out.

    user_login_finalize($user);

     */

    // Stop processing if Tfa is not enabled.

    if (!$this->tfaContext->isModuleSetup() || !$this->tfaContext->isTfaRequired()) {

    if (!$this->isModuleSetup() || !$this->isTfaRequired()) {

      parent::submitForm($form, $form_state);

    }

    else {

      // Setup TFA.

      if ($this->tfaContext->isReady()) {

      if ($this->isReady()) {

        $this->loginWithTfa($form_state);

      }

      else {

  /**

   * Handle login when TFA is set up for the user.

   *

   * TFA is set up for this user, and $this->tfaContext is initialized.

   *

   * If any of the TFA plugins allows login, then finalize the login. Otherwise,

   * set a redirect to enter a second factor.

   *

   *   The state of the login form.

   */

  public function loginWithTfa(FormStateInterface $form_state) {

    $user = $this->tfaContext->getUser();

    if ($this->tfaContext->pluginAllowsLogin()) {

      $this->tfaContext->doUserLogin();

    $user = $this->getUser();

    if ($this->pluginAllowsLogin()) {

      $this->doUserLogin();

      $this->messenger()->addStatus($this->t('You have logged in on a trusted browser.'));

      $form_state->setRedirect('<front>');

    }

  /**

   * Handle the case where TFA is not yet set up.

   *

   * TFA is not set up for this user, and $this->tfaContext is initialized.

   *

   * If the user has any remaining logins, then finalize the login with a

   * message to set up TFA. Otherwise, leave the user logged out.

   *

  public function loginWithoutTfa(FormStateInterface $form_state) {

    // User may be able to skip TFA, depending on module settings and number of

    // prior attempts.

    $remaining = $this->tfaContext->remainingSkips();

    $remaining = $this->remainingSkips();

    if ($remaining) {

      $user = $this->tfaContext->getUser();

      $user = $this->getUser();

      $tfa_setup_link = Url::fromRoute('tfa.overview', [

        'user' => $user->id(),

      ])->toString();

        ['@remaining' => $remaining - 1, '@link' => $tfa_setup_link]

      );

      $this->messenger()->addError($message);

      $this->tfaContext->hasSkipped();

      $this->tfaContext->doUserLogin();

      $this->hasSkipped();

      $this->doUserLogin();

      $form_state->setRedirect('<front>');

    }

    else {

      $message = $this->config('tfa.settings')->get('help_text');

      $this->messenger()->addError($message);

      $this->logger('tfa')->notice('@name has no more remaining attempts for bypassing the second authentication factor.', ['@name' => $this->tfaContext->getUser()->getAccountName()]);

      $this->logger('tfa')->notice('@name has no more remaining attempts for bypassing the second authentication factor.', ['@name' => $this->getUser()->getAccountName()]);

    }

  }

use Drupal\Core\Form\FormBase;

use Drupal\Core\Form\FormStateInterface;

use Drupal\Core\Url;

use Drupal\tfa\TfaDataTrait;

use Drupal\tfa\TfaUserDataTrait;

use Drupal\tfa\TfaLoginPluginManager;

use Drupal\tfa\TfaSendPluginManager;

use Drupal\tfa\TfaSetupPluginManager;

 * TFA account setup overview page.

 */

class TfaOverviewForm extends FormBase {

  use TfaDataTrait;

  use TfaUserDataTrait;

  /**

   * The setup plugin manager to fetch setup information.

   */

  protected $tfaSend;

  /**

   * Provides the user data service object.

   *

   * @var \Drupal\user\UserDataInterface

   */

  protected $userData;

  /**

   * The date formatter service.

   *

use Drupal\Core\Mail\MailManagerInterface;

use Drupal\Core\Password\PasswordInterface;

use Drupal\Core\StringTranslation\StringTranslationTrait;

use Drupal\tfa\TfaDataTrait;

use Drupal\tfa\TfaUserDataTrait;

use Drupal\tfa\TfaLoginPluginManager;

use Drupal\tfa\TfaSendPluginManager;

use Drupal\tfa\TfaSetupPluginManager;

 * TFA setup form router.

 */

class TfaSetupForm extends FormBase {

  use TfaDataTrait;

  use TfaUserDataTrait;

  use StringTranslationTrait;

  /**

   */

  protected $tfaSend;

  /**

   * Provides the user data service object.

   *

   * @var \Drupal\user\UserDataInterface

   */

  protected $userData;

  /**

   * The password hashing service.

   *

use Drupal\Core\Site\Settings;

use Drupal\encrypt\EncryptionProfileManagerInterface;

use Drupal\encrypt\EncryptServiceInterface;

use Drupal\tfa\TfaDataTrait;

use Drupal\tfa\TfaUserDataTrait;

use Drupal\user\UserDataInterface;

use Drupal\Component\Utility\Crypt;

 */

abstract class TfaBasePlugin extends PluginBase {

  use DependencySerializationTrait;

  use TfaDataTrait;

  use TfaUserDataTrait;

  /**

   * The user submitted code to be validated.

   */

  protected $alreadyAccepted;

  /**

   * Provides the user data service object.

   *

   * @var \Drupal\user\UserDataInterface

   */

  protected $userData;

  /**

   * The user id.

   *