Add two factor authentication flow

osu.Game.Tests/Visual/Gameplay/TestScenePlayerLocalScoreImport.cs

@@ -184,7 +184,11 @@ public void TestGuestScoreIsStoredAsGuest()
             CreateTest();
 
             AddUntilStep("wait for track to start running", () => Beatmap.Value.Track.IsRunning);
-            AddStep("log back in", () => API.Login("username", "password"));
+            AddStep("log back in", () =>
+            {
+                API.Login("username", "password");
+                ((DummyAPIAccess)API).AuthenticateSecondFactor("abcdefgh");
+            });
 
             AddStep("seek to completion", () => Player.GameplayClockContainer.Seek(Player.DrawableRuleset.Objects.Last().GetEndTime()));
 

osu.Game.Tests/Visual/Menus/TestSceneLoginOverlay.cs

@@ -2,14 +2,17 @@
 // See the LICENCE file in the repository root for full licence text.
 
 using System.Linq;
+using System.Net;
 using NUnit.Framework;
 using osu.Framework.Allocation;
 using osu.Framework.Graphics;
 using osu.Framework.Graphics.Containers;
 using osu.Framework.Testing;
 using osu.Game.Graphics.UserInterface;
 using osu.Game.Online.API;
+using osu.Game.Online.API.Requests;
 using osu.Game.Overlays;
+using osu.Game.Overlays.Login;
 using osu.Game.Users.Drawables;
 using osuTK.Input;
 
@@ -18,6 +21,8 @@ namespace osu.Game.Tests.Visual.Menus
     [TestFixture]
     public partial class TestSceneLoginOverlay : OsuManualInputManagerTestScene
     {
+        private DummyAPIAccess dummyAPI => (DummyAPIAccess)API;
+
         private LoginOverlay loginOverlay = null!;
 
         [BackgroundDependencyLoader]
@@ -40,9 +45,69 @@ public void SetUpSteps()
         public void TestLoginSuccess()
         {
             AddStep("logout", () => API.Logout());
+            assertAPIState(APIState.Offline);
+
+            AddStep("enter password", () => loginOverlay.ChildrenOfType<OsuPasswordTextBox>().First().Text = "password");
+            AddStep("submit", () => loginOverlay.ChildrenOfType<OsuButton>().First(b => b.Text.ToString() == "Sign in").TriggerClick());
+
+            assertAPIState(APIState.RequiresSecondFactorAuth);
+            AddUntilStep("wait for second factor auth form", () => loginOverlay.ChildrenOfType<SecondFactorAuthForm>().SingleOrDefault(), () => Is.Not.Null);
+
+            AddStep("set up verification handling", () => dummyAPI.HandleRequest = req =>
+            {
+                switch (req)
+                {
+                    case VerifySessionRequest verifySessionRequest:
+                        if (verifySessionRequest.VerificationKey == "88800088")
+                            verifySessionRequest.TriggerSuccess();
+                        else
+                            verifySessionRequest.TriggerFailure(new WebException());
+                        return true;
+                }
+
+                return false;
+            });
+            AddStep("enter code", () => loginOverlay.ChildrenOfType<OsuTextBox>().First().Text = "88800088");
+            assertAPIState(APIState.Online);
+            AddStep("clear handler", () => dummyAPI.HandleRequest = null);
+        }
+
+        private void assertAPIState(APIState expected) =>
+            AddUntilStep($"login state is {expected}", () => API.State.Value, () => Is.EqualTo(expected));
+
+        [Test]
+        public void TestVerificationFailure()
+        {
+            bool verificationHandled = false;
+            AddStep("reset flag", () => verificationHandled = false);
+            AddStep("logout", () => API.Logout());
+            assertAPIState(APIState.Offline);
 
             AddStep("enter password", () => loginOverlay.ChildrenOfType<OsuPasswordTextBox>().First().Text = "password");
             AddStep("submit", () => loginOverlay.ChildrenOfType<OsuButton>().First(b => b.Text.ToString() == "Sign in").TriggerClick());
+
+            assertAPIState(APIState.RequiresSecondFactorAuth);
+            AddUntilStep("wait for second factor auth form", () => loginOverlay.ChildrenOfType<SecondFactorAuthForm>().SingleOrDefault(), () => Is.Not.Null);
+
+            AddStep("set up verification handling", () => dummyAPI.HandleRequest = req =>
+            {
+                switch (req)
+                {
+                    case VerifySessionRequest verifySessionRequest:
+                        if (verifySessionRequest.VerificationKey == "88800088")
+                            verifySessionRequest.TriggerSuccess();
+                        else
+                            verifySessionRequest.TriggerFailure(new WebException());
+                        verificationHandled = true;
+                        return true;
+                }
+
+                return false;
+            });
+            AddStep("enter code", () => loginOverlay.ChildrenOfType<OsuTextBox>().First().Text = "abcdefgh");
+            AddUntilStep("wait for verification handled", () => verificationHandled);
+            assertAPIState(APIState.RequiresSecondFactorAuth);
+            AddStep("clear handler", () => dummyAPI.HandleRequest = null);
         }
 
         [Test]
@@ -78,6 +143,12 @@ public void TestClickingOnFlagClosesOverlay()
             AddStep("enter password", () => loginOverlay.ChildrenOfType<OsuPasswordTextBox>().First().Text = "password");
             AddStep("submit", () => loginOverlay.ChildrenOfType<OsuButton>().First(b => b.Text.ToString() == "Sign in").TriggerClick());
 
+            assertAPIState(APIState.RequiresSecondFactorAuth);
+            AddUntilStep("wait for second factor auth form", () => loginOverlay.ChildrenOfType<SecondFactorAuthForm>().SingleOrDefault(), () => Is.Not.Null);
+
+            AddStep("enter code", () => loginOverlay.ChildrenOfType<OsuTextBox>().First().Text = "88800088");
+            assertAPIState(APIState.Online);
+
             AddStep("click on flag", () =>
             {
                 InputManager.MoveMouseTo(loginOverlay.ChildrenOfType<UpdateableFlag>().First());

osu.Game.Tests/Visual/Menus/TestSceneToolbarUserButton.cs

@@ -16,6 +16,8 @@ namespace osu.Game.Tests.Visual.Menus
     [TestFixture]
     public partial class TestSceneToolbarUserButton : OsuManualInputManagerTestScene
     {
+        private DummyAPIAccess dummyAPI => (DummyAPIAccess)API;
+
         public TestSceneToolbarUserButton()
         {
             Container mainContainer;
@@ -69,18 +71,20 @@ public TestSceneToolbarUserButton()
         [Test]
         public void TestLoginLogout()
         {
-            AddStep("Log out", () => ((DummyAPIAccess)API).Logout());
-            AddStep("Log in", () => ((DummyAPIAccess)API).Login("wang", "jang"));
+            AddStep("Log out", () => dummyAPI.Logout());
+            AddStep("Log in", () => dummyAPI.Login("wang", "jang"));
+            AddStep("Authenticate via second factor", () => dummyAPI.AuthenticateSecondFactor("abcdefgh"));
         }
 
         [Test]
         public void TestStates()
         {
-            AddStep("Log in", () => ((DummyAPIAccess)API).Login("wang", "jang"));
+            AddStep("Log in", () => dummyAPI.Login("wang", "jang"));
+            AddStep("Authenticate via second factor", () => dummyAPI.AuthenticateSecondFactor("abcdefgh"));
 
             foreach (var state in Enum.GetValues<APIState>())
             {
-                AddStep($"Change state to {state}", () => ((DummyAPIAccess)API).SetState(state));
+                AddStep($"Change state to {state}", () => dummyAPI.SetState(state));
             }
         }
     }

osu.Game.Tests/Visual/Online/TestSceneAccountCreationOverlay.cs

@@ -10,6 +10,7 @@
 using osu.Framework.Graphics;
 using osu.Framework.Graphics.Containers;
 using osu.Framework.Testing;
+using osu.Game.Online.API;
 using osu.Game.Online.API.Requests.Responses;
 using osu.Game.Overlays;
 using osu.Game.Overlays.AccountCreation;
@@ -59,7 +60,11 @@ public void TestOverlayVisibility()
             AddStep("click button", () => accountCreation.ChildrenOfType<SettingsButton>().Single().TriggerClick());
             AddUntilStep("warning screen is present", () => accountCreation.ChildrenOfType<ScreenWarning>().SingleOrDefault()?.IsPresent == true);
 
-            AddStep("log back in", () => API.Login("dummy", "password"));
+            AddStep("log back in", () =>
+            {
+                API.Login("dummy", "password");
+                ((DummyAPIAccess)API).AuthenticateSecondFactor("abcdefgh");
+            });
             AddUntilStep("overlay is hidden", () => accountCreation.State.Value == Visibility.Hidden);
         }
     }

osu.Game.Tests/Visual/Online/TestSceneCommentActions.cs

@@ -67,6 +67,7 @@ public void SetUp()
             Schedule(() =>
             {
                 API.Login("test", "test");
+                dummyAPI.AuthenticateSecondFactor("abcdefgh");
                 Child = commentsContainer = new CommentsContainer();
             });
         }

osu.Game.Tests/Visual/Online/TestSceneFavouriteButton.cs

@@ -6,6 +6,7 @@
 using NUnit.Framework;
 using osu.Framework.Graphics;
 using osu.Framework.Testing;
+using osu.Game.Online.API;
 using osu.Game.Online.API.Requests.Responses;
 using osu.Game.Overlays.BeatmapSet.Buttons;
 using osuTK;
@@ -34,14 +35,22 @@ public void TestLoggedOutIn()
             AddStep("set valid beatmap", () => favourite.BeatmapSet.Value = new APIBeatmapSet { OnlineID = 88 });
             AddStep("log out", () => API.Logout());
             checkEnabled(false);
-            AddStep("log in", () => API.Login("test", "test"));
+            AddStep("log in", () =>
+            {
+                API.Login("test", "test");
+                ((DummyAPIAccess)API).AuthenticateSecondFactor("abcdefgh");
+            });
             checkEnabled(true);
         }
 
         [Test]
         public void TestBeatmapChange()
         {
-            AddStep("log in", () => API.Login("test", "test"));
+            AddStep("log in", () =>
+            {
+                API.Login("test", "test");
+                ((DummyAPIAccess)API).AuthenticateSecondFactor("abcdefgh");
+            });
             AddStep("set valid beatmap", () => favourite.BeatmapSet.Value = new APIBeatmapSet { OnlineID = 88 });
             checkEnabled(true);
             AddStep("set invalid beatmap", () => favourite.BeatmapSet.Value = new APIBeatmapSet());

osu.Game.Tests/Visual/Online/TestSceneSoloStatisticsWatcher.cs

@@ -90,7 +90,7 @@ public void SetUpSteps()
                             else
                             {
                                 int userId = int.Parse(getUserRequest.Lookup);
-                                string rulesetName = getUserRequest.Ruleset.ShortName;
+                                string rulesetName = getUserRequest.Ruleset!.ShortName;
                                 var response = new APIUser
                                 {
                                     Id = userId,
@@ -177,7 +177,11 @@ public void TestStatisticsUpdateNotFiredIfUserLoggedOut()
             AddWaitStep("wait a bit", 5);
             AddAssert("update not received", () => update == null);
 
-            AddStep("log in user", () => dummyAPI.Login("user", "password"));
+            AddStep("log in user", () =>
+            {
+                dummyAPI.Login("user", "password");
+                dummyAPI.AuthenticateSecondFactor("abcdefgh");
+            });
         }
 
         [Test]

osu.Game.Tests/Visual/Online/TestSceneUserProfileOverlay.cs

@@ -52,7 +52,11 @@ public void TestActualUser()
             AddStep("show user", () => profile.ShowUser(new APIUser { Id = 1 }));
             AddToggleStep("toggle visibility", visible => profile.State.Value = visible ? Visibility.Visible : Visibility.Hidden);
             AddStep("log out", () => dummyAPI.Logout());
-            AddStep("log back in", () => dummyAPI.Login("username", "password"));
+            AddStep("log back in", () =>
+            {
+                dummyAPI.Login("username", "password");
+                dummyAPI.AuthenticateSecondFactor("abcdefgh");
+            });
         }
 
         [Test]
@@ -98,7 +102,11 @@ public void TestLogin()
             });
             AddStep("logout", () => dummyAPI.Logout());
             AddStep("show user", () => profile.ShowUser(new APIUser { Id = 1 }));
-            AddStep("login", () => dummyAPI.Login("username", "password"));
+            AddStep("login", () =>
+            {
+                dummyAPI.Login("username", "password");
+                dummyAPI.AuthenticateSecondFactor("abcdefgh");
+            });
             AddWaitStep("wait some", 3);
             AddStep("complete request", () => pendingRequest.TriggerSuccess(TEST_USER));
         }

osu.Game.Tests/Visual/Online/TestSceneVotePill.cs

@@ -11,6 +11,7 @@
 using osu.Game.Overlays;
 using osu.Framework.Graphics.Shapes;
 using osu.Framework.Graphics.Containers;
+using osu.Game.Online.API;
 
 namespace osu.Game.Tests.Visual.Online
 {
@@ -72,7 +73,11 @@ public void TestOfflineRandomCommentPill()
             AddAssert("Login overlay is visible", () => login.State.Value == Visibility.Visible);
         }
 
-        private void logIn() => API.Login("localUser", "password");
+        private void logIn()
+        {
+            API.Login("localUser", "password");
+            ((DummyAPIAccess)API).AuthenticateSecondFactor("abcdefgh");
+        }
 
         private Comment getUserComment() => new Comment
         {

osu.Game.Tests/Visual/UserInterface/TestSceneCommentEditor.cs

@@ -125,7 +125,11 @@ void assertLoggedOutState()
             assertLoggedOutState();
 
             // moving from logged out -> logged in
-            AddStep("log back in", () => dummyAPI.Login("username", "password"));
+            AddStep("log back in", () =>
+            {
+                dummyAPI.Login("username", "password");
+                dummyAPI.AuthenticateSecondFactor("abcdefgh");
+            });
             assertLoggedInState();
         }