AC-10982::[2FA] Integrate with Duo Web SDK to support Universal Prompt-changes done to save duo state using session

Author: glo05363

TwoFactorAuth/Block/Provider/Duo/Auth.php

@@ -81,7 +81,9 @@ public function getJsLayout()
             throw new LocalizedException(__('User session not found.'));
         }
         $username = $user->getUserName();
-        $prompt_uri = $this->duoSecurity->initiateAuth($username, $this->getFormKey().DuoSecurity::AUTH_SUFFIX);
+        $state = $this->duoSecurity->generateDuoState();
+        $this->session->setDuoState($state);
+        $prompt_uri = $this->duoSecurity->initiateAuth($username, $state);
         $this->jsLayout['components']['tfa-auth']['authUrl'] = $prompt_uri;
         return parent::getJsLayout();
     }

TwoFactorAuth/Helper/Data.php

@@ -6,30 +6,30 @@
 
 namespace Magento\TwoFactorAuth\Helper;
 
-use Magento\Framework\Data\Form\FormKey;
+use Magento\Backend\Model\Auth\Session;
 
 class Data
 {
     /**
-     * @var FormKey
+     * @var Session
      */
-    private $formKey;
+    private $session;
 
     /**
-     * @param FormKey $formKey
+     * @param Session $session
      */
-    public function __construct(FormKey $formKey)
+    public function __construct(Session $session)
     {
-        $this->formKey = $formKey;
+        $this->session = $session;
     }
 
     /**
      * Get form key
      *
      * @return string
      */
-    public function getFormKey(): string
+    public function getSavedDuoState(): string
     {
-        return $this->formKey->getFormKey();
+        return $this->session->getDuoState();
     }
 }

TwoFactorAuth/Model/Provider/Engine/DuoSecurity.php

@@ -221,15 +221,17 @@ private function getSkey(): string
      */
     public function verify(UserInterface $user, DataObject $request): bool
     {
-        $savedState = $request->getData('state');
+        $state = $request->getData('state');
         $duoCode = $request->getData('duo_code');
         $username = $user->getUserName();
 
+        $savedState = $this->helper->getSavedDuoState();
+
         if (empty($savedState) || empty($username)) {
             return false;
         }
 
-        if ($this->helper->getFormKey() . self::AUTH_SUFFIX != $savedState) {
+        if ($state != $savedState) {
             return false;
         }
 
@@ -292,6 +294,14 @@ public function healthCheck(): void
         $this->client->healthCheck();
     }
 
+    /**
+     * @return string
+     */
+    public function generateDuoState() : string
+    {
+        return $this->client->generateState();
+    }
+
     /**
      * Enroll a new user for Duo Auth API.
      *