chore: remove otp reminder email

fix: add to otp email reset password request if user has blank password

Change-Id: Ica3d73103be9d0d93dd7e74d4b7974d50588d008

Author: smarcet

app/Jobs/GenerateOTPRegistrationReminder.php

@@ -50,21 +50,34 @@ class OAuth2PasswordlessOTPMail extends Mailable
     public $subject;
 
     /**
-     * OAuth2PasswordlessOTPMail constructor.
+     * @var string|null
+     */
+    public $reset_password_link;
+
+    /**
+     * @var int|null
+     */
+    public $reset_password_link_lifetime;
+
+    /**
      * @param string $to
      * @param string $otp
      * @param int $lifetime
+     * @param string|null $reset_password_link
      */
     public function __construct
     (
         string $to,
         string $otp,
-        int $lifetime
+        int $lifetime,
+        string $reset_password_link = null
     )
     {
         $this->email = trim($to);
         $this->otp = trim($otp);
         $this->lifetime = $lifetime / 60;
+        $this->reset_password_link = $reset_password_link;
+        $this->reset_password_link_lifetime = Config::get("auth.password_reset_lifetime")/60;
     }
     /**
      * Build the message.

app/Mail/OAuth2PasswordlessOTPMail.php

@@ -130,10 +130,4 @@ public function initializeUser(int $user_id):?User;
      */
     public function updateRegistrationRequest(int $id, array $payload):UserRegistrationRequest;
 
-    /**
-     * @param int $user_id
-     * @return void
-     * @throws \Exception
-     */
-    public function sendOTPRegistrationReminder(int $user_id);
 }

app/Mail/OTPRegistrationReminderEmail.php

@@ -11,7 +11,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  **/
-
 use App\Events\UserPasswordResetSuccessful;
 use App\Jobs\PublishUserCreated;
 use App\Jobs\PublishUserUpdated;
@@ -23,7 +22,6 @@
 use App\libs\Auth\Repositories\ISpamEstimatorFeedRepository;
 use App\libs\Auth\Repositories\IUserPasswordResetRequestRepository;
 use App\libs\Auth\Repositories\IUserRegistrationRequestRepository;
-use App\Mail\OTPRegistrationReminderEmail;
 use App\Mail\UserEmailVerificationRequest;
 use App\Mail\UserEmailVerificationSuccess;
 use App\Mail\UserPasswordResetRequestMail;
@@ -604,24 +602,4 @@ public function initializeUser(int $user_id): ?User
             return $user;
         });
     }
-
-    /**
-     * @param int $user_id
-     * @return void
-     * @throws \Exception
-     */
-    public function sendOTPRegistrationReminder(int $user_id){
-        $this->tx_service->transaction(function() use($user_id) {
-            Log::debug(sprintf("UserService::sendOTPRegistrationReminder %s", $user_id));
-            $user = $this->user_repository->getById($user_id);
-            if( !$user instanceof User)
-                throw new EntityNotFoundException(sprintf("User %s not found.", $user_id));
-
-            if ($user->hasPasswordSet())
-                throw new ValidationException(sprintf("User %s already has password set.", $user->getId()));
-
-            $request = $this->generatePasswordResetRequest($user->getEmail());
-            Mail::queue(new OTPRegistrationReminderEmail($user, $request->getResetLink()));
-        });
-    }
 }

app/Services/Auth/IUserService.php

@@ -13,17 +13,42 @@
  **/
 
 use App\Mail\OAuth2PasswordlessOTPMail;
+use App\Services\Auth\IUserService;
+use Auth\User;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Mail;
 use Models\OAuth2\OAuth2OTP;
+use Auth\Repositories\IUserRepository;
 /**
  * Class OTPChannelEmailStrategy
  * @package App\Strategies\OTP
  */
 final class OTPChannelEmailStrategy
 implements IOTPChannelStrategy
 {
+    /**
+     * @var IUserRepository
+     */
+    private $user_repository;
+
+    /**
+     * @var IUserService
+     */
+    private $user_service;
 
+    /**
+     * @param IUserService $user_service
+     * @param IUserRepository $user_repository
+     */
+    public function __construct
+    (
+        IUserService $user_service,
+        IUserRepository $user_repository
+    )
+    {
+        $this->user_repository = $user_repository;
+        $this->user_service = $user_service;
+    }
     /**
      * @param IOTPTypeBuilderStrategy $typeBuilderStrategy
      * @param OAuth2OTP $otp
@@ -34,13 +59,30 @@ public function send(IOTPTypeBuilderStrategy $typeBuilderStrategy, OAuth2OTP $ot
         $value = $typeBuilderStrategy->generate($otp);
         // send email
         try{
+            $reset_password_link = null;
+            $user = $this->user_repository->getByEmailOrName($otp->getUserName());
+            if($user instanceof User && !$user->hasPasswordSet()){
+                // create a password reset request
+                Log::debug
+                (
+                    sprintf
+                    (
+                        "OTPChannelEmailStrategy::send user %s has no password set",
+                        $user->getId()
+                    )
+                );
+                $request =  $this->user_service->generatePasswordResetRequest($user->getEmail());
+                $reset_password_link = $request->getResetLink();
+            }
+
             Mail::queue
             (
                 new OAuth2PasswordlessOTPMail
                 (
                     $otp->getUserName(),
                     $value,
-                    $otp->getLifetime()
+                    $otp->getLifetime(),
+                    $reset_password_link
                 )
             );
         }

app/Services/Auth/UserService.php

@@ -12,6 +12,9 @@
  * limitations under the License.
  **/
 
+use App\Services\Auth\IUserService;
+use Auth\Repositories\IUserRepository;
+use Illuminate\Support\Facades\App;
 use OAuth2\Exceptions\InvalidOAuth2Request;
 use OAuth2\OAuth2Protocol;
 /**
@@ -24,7 +27,11 @@ public static function build(string $connection):IOTPChannelStrategy{
 
         switch ($connection) {
             case OAuth2Protocol::OAuth2PasswordlessConnectionEmail:
-                return new OTPChannelEmailStrategy();
+                return new OTPChannelEmailStrategy
+                (
+                    App::make(IUserService::class),
+                    App::make(IUserRepository::class),
+                );
             case OAuth2Protocol::OAuth2PasswordlessConnectionInline:
                 return new OTPChannelNullStrategy();
         }

app/Strategies/OTP/OTPChannelEmailStrategy.php

@@ -12,7 +12,6 @@
  * limitations under the License.
  **/
 
-use App\Jobs\GenerateOTPRegistrationReminder;
 use App\libs\OAuth2\Exceptions\ReloadSessionException;
 use App\libs\OAuth2\Repositories\IOAuth2OTPRepository;
 use App\Services\AbstractService;
@@ -278,10 +277,6 @@ public function loginWithOTP(OAuth2OTP $otpClaim, ?Client $client = null, bool $
 
             Auth::login($user, $remember);
 
-            if (!$user->hasPasswordSet() && !$new_user) {
-                // trigger background job
-                GenerateOTPRegistrationReminder::dispatch($user);
-            }
             Log::debug(sprintf("AuthService::loginWithOTP user %s logged in.", $user->getId()));
             return $otp;
         });

app/Strategies/OTP/OTPChannelStrategyFactory.php

@@ -31,6 +31,17 @@
                 <div style="font-family:open Sans Helvetica, Arial, sans-serif;font-size:16px;line-height:1;text-align:center;color:#000000;">Thanks! <br/><br/>{{Config::get('app.tenant_name')}} Support Team</div>
             </td>
         </tr>
+        @if(!empty($reset_password_link))
+        <tr>
+            <td align="center" style="font-size:0px;padding:10px 25px;word-break:break-word;">
+                <div style="font-family:open Sans Helvetica, Arial, sans-serif;font-size:16px;line-height:1;text-align:justify;color:#000000;">
+                    In order to login more quickly in the future you can <a href="{!! $reset_password_link !!}" target="_blank">set a password</a>(this link expires in {!! $reset_password_link_lifetime !!} min but you can always use the <a
+                            href="{!! URL::action("Auth\ForgotPasswordController@showLinkRequestForm") !!}?email={!! $email !!}"
+                            target="_blank">reset your password</a> option to get a new one).
+                </div>
+            </td>
+        </tr>
+        @endif
         </tbody>
     </table>
 @stop