Allow verifying phone from form field

theboxer · theboxer · commit fee6249412b8 · 2023-09-27T15:12:35.000+02:00
diff --git a/core/components/twilio/src/Snippet/SendVerification.php b/core/components/twilio/src/Snippet/SendVerification.php
@@ -29,22 +29,39 @@ public function process()
         $allowedChannels = Utils::explodeAndClean($allowedChannels);
         $limit = intval($this->getOption('twilioSendLimit', '15')) * 60; // to minutes
 
+        $phone = $this->modx->getPlaceholder('twilio.phone');
+
+        $phoneField = $this->getOption('twilioPhoneField', '');
+        if (!empty($phoneField)) {
+            $phone = $hook->getValue($phoneField);
+            if (empty($phone)) {
+                $hook->addError($phoneField, "Phone is required");
+                return false;
+            }
+
+            $_SESSION['twilio_phone'] = $phone;
+        }
+
         $channel = $hook->getValue('channel');
         if (!in_array($channel, $allowedChannels)) {
             $hook->addError('channel', "Invalid channel");
             return false;
         }
 
-        $username = $this->base64urlDecode($_REQUEST['lu']);
+        if (empty($phoneField)) {
+            $username = $this->base64urlDecode($_REQUEST['lu']);
 
-        /** @var modUser $user */
-        $user = $this->modx->getObject(modUser::class, ['username' => $username]);
+            /** @var \modUser $user */
+            $user = $this->modx->getObject(modUser::class, ['username' => $username]);
+        } else {
+            $user = $this->modx->user;
+        }
 
-        /** @var modUserProfile $profile */
+        /** @var \modUserProfile $profile */
         $profile = $user->getOne('Profile');
 
         $extended = $profile->get('extended');
-        $lastSend = !empty($extended['twilio_last_send']) ? (int)$extended['twilio_last_send'] : 0;
+        $lastSend = !empty($extended['twilio_last_send']) ? intval($extended['twilio_last_send']) : 0;
         $now = time();
 
         if ($limit !== 0 && $lastSend !== 0 && ($lastSend + $limit) > $now) {
@@ -59,7 +76,7 @@ public function process()
 
             $verification = $twilio->verify->v2->services($this->service)
                 ->verifications
-                ->create($this->modx->getPlaceholder('twilio.phone'), $channel);
+                ->create($phone, $channel);
 
             if ($verification->status !== 'pending') {
                 $hook->addError('channel', "Requesting verification code failed.");
diff --git a/core/components/twilio/src/Snippet/Verify.php b/core/components/twilio/src/Snippet/Verify.php
@@ -14,6 +14,8 @@ class Verify extends Snippet
     private string $token;
     private string $service;
 
+    private bool $phoneFromSession = false;
+
     public function process()
     {
         $this->sid = $this->modx->getOption('twilio.account_sid');
@@ -40,6 +42,12 @@ private function verifyPhone(): bool
         $hook =& $this->sp['hook'];
         $code = $hook->getValue('code');
         $phone = $this->modx->getPlaceholder('twilio.phone');
+        $this->phoneFromSession = intval($this->getOption('twilioPhoneFromSession', '0')) === 1;
+        $twilioPersistPhone = $this->getOption('twilioPersistPhone', '');
+
+        if ($this->phoneFromSession) {
+            $phone = $_SESSION['twilio_phone'];
+        }
 
         try {
             $twilio = new Client($this->sid, $this->token);
@@ -52,6 +60,7 @@ private function verifyPhone(): bool
                 /** @var modUser $user */
                 $user = $this->getUser();
 
+                if (empty($twilioPersistPhone)) {
                 $user->set('active', true);
                 $user->_fields['cachepwd'] = '';
                 $user->setDirty('cachepwd');
@@ -60,8 +69,22 @@ private function verifyPhone(): bool
                 $this->modx->invokeEvent('OnUserActivate', [
                     'user' => &$user,
                 ]);
+                } else {
+                    if ($twilioPersistPhone !== 'phone') {
+                        $twilioPersistPhone = 'mobilephone';
+                    }
+
+                    $profile = $user->getOne('Profile');
+                    $profile->set($twilioPersistPhone, $phone);
+                    $profile->save();
+
+                    unset($_SESSION['twilio_phone']);
+                }
+
+                if (!$this->phoneFromSession) {
+                    $this->autoLogIn($user);
+                }
 
-                $this->autoLogIn($user);
                 $this->redirect();
 
                 return true;
@@ -129,6 +152,10 @@ private function verifyTotp(): bool
 
     private function getUser()
     {
+        if ($this->phoneFromSession) {
+            return $this->modx->user;
+        }
+
         $username = $this->base64urlDecode($_REQUEST['lu']);
         /** @var modUser $user */
         $user = $this->modx->getObject(modUser::class, ['username' => $username]);
