oxtotp/src/Modules/Core/d3_totp_utils.php

<?php

/**
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 * https://www.d3data.de
 *
 * @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
 * @author    D3 Data Development - Daniel Seifert <info@shopmodule.com>
 * @link      https://www.oxidmodule.com
 */

declare(strict_types=1);

namespace D3\Totp\Modules\Core;

use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\d3totp_conf;
use Doctrine\DBAL\DBALException;
use OxidEsales\Eshop\Core\Config;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Registry;
use OxidEsales\Eshop\Core\Session;

class d3_totp_utils extends d3_totp_utils_parent
{
    /**
     * @return bool
     * @throws DBALException
     * @throws DatabaseConnectionException
     */
    public function checkAccessRights()
    {
        $blAuth = parent::checkAccessRights();
        $blAuth = $this->d3AuthHook($blAuth);
        $userID = $this->d3TotpGetSessionObject()->getVariable(d3totp_conf::OXID_ADMIN_AUTH);
        $totpAuth = (bool) $this->d3TotpGetSessionObject()->getVariable(d3totp_conf::SESSION_ADMIN_AUTH);
        /** @var d3totp $totp */
        $totp = $this->d3GetTotpObject();
        $totp->loadByUserId($userID);

        //check forced 2FA for all admin users
        if (
            $this->d3IsAdminForce2FA()
            && $blAuth
            && $totp->isActive() === false
        ) {
            $this->redirect('index.php?cl=d3force_2fa');
            if (false == defined('OXID_PHP_UNIT')) {
                // @codeCoverageIgnoreStart
                exit;
                // @codeCoverageIgnoreEnd
            }
        }

        //staten der prüfung vom einmalpasswort
        if ($blAuth && $totp->isActive() && false === $totpAuth) {
            $this->redirect('index.php?cl=d3totpadminlogin');
            if (false == defined('OXID_PHP_UNIT')) {
                // @codeCoverageIgnoreStart
                exit;
                // @codeCoverageIgnoreEnd
            }
        }

        return $blAuth;
    }

    /**
     * @return Session
     */
    public function d3TotpGetSessionObject()
    {
        return Registry::getSession();
    }

    /**
     * @return d3totp
     */
    public function d3GetTotpObject()
    {
        return oxNew(d3totp::class);
    }

    /**
     * @return Config
     */
    public function d3GetConfig(): Config
    {
        return Registry::getConfig();
    }

    /**
     * @return bool
     */
    protected function d3IsAdminForce2FA()
    {
        return $this->isAdmin() &&
            $this->d3GetConfig()->getConfigParam('D3_TOTP_ADMIN_FORCE_2FA') === true;
    }

    /**
     * @param bool $blAuth
     * @return bool
     */
    protected function d3AuthHook(bool $blAuth): bool
    {
        return $blAuth;
    }
}
Require administrators to activate 2FA. 2022-09-13 17:00:52 +02:00			`<?php`

			`/**`
adjust license informations 2022-09-26 15:22:26 +02:00			`* For the full copyright and license information, please view the LICENSE`
			`* file that was distributed with this source code.`
			`*`
			`* https://www.d3data.de`
Require administrators to activate 2FA. 2022-09-13 17:00:52 +02:00			`*`
			`* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)`
adjust license informations 2022-09-26 15:22:26 +02:00			`* @author D3 Data Development - Daniel Seifert <info@shopmodule.com>`
			`* @link https://www.oxidmodule.com`
Require administrators to activate 2FA. 2022-09-13 17:00:52 +02:00			`*/`

refactor tests 2022-09-28 00:08:36 +02:00			`declare(strict_types=1);`

Require administrators to activate 2FA. 2022-09-13 17:00:52 +02:00			`namespace D3\Totp\Modules\Core;`

			`use D3\Totp\Application\Model\d3totp;`
extract TOTP check from admin login 2022-11-10 00:00:50 +01:00			`use D3\Totp\Application\Model\d3totp_conf;`
Require administrators to activate 2FA. 2022-09-13 17:00:52 +02:00			`use Doctrine\DBAL\DBALException;`
add missing tests 2022-09-30 00:06:20 +02:00			`use OxidEsales\Eshop\Core\Config;`
Require administrators to activate 2FA. 2022-09-13 17:00:52 +02:00			`use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;`
			`use OxidEsales\Eshop\Core\Registry;`
			`use OxidEsales\Eshop\Core\Session;`

			`class d3_totp_utils extends d3_totp_utils_parent`
			`{`
			`/**`
			`* @return bool`
			`* @throws DBALException`
			`* @throws DatabaseConnectionException`
			`*/`
			`public function checkAccessRights()`
			`{`
			`$blAuth = parent::checkAccessRights();`
add missing tests 2022-09-30 00:06:20 +02:00			`$blAuth = $this->d3AuthHook($blAuth);`
change session admin auth variable to constant 2022-11-24 20:17:50 +01:00			`$userID = $this->d3TotpGetSessionObject()->getVariable(d3totp_conf::OXID_ADMIN_AUTH);`
separate session var names between frontend and backend 2022-11-23 09:21:52 +01:00			`$totpAuth = (bool) $this->d3TotpGetSessionObject()->getVariable(d3totp_conf::SESSION_ADMIN_AUTH);`
Require administrators to activate 2FA. 2022-09-13 17:00:52 +02:00			`/** @var d3totp $totp */`
			`$totp = $this->d3GetTotpObject();`
			`$totp->loadByUserId($userID);`

add missing tests 2022-09-30 00:06:20 +02:00			`//check forced 2FA for all admin users`
Require administrators to activate 2FA. 2022-09-13 17:00:52 +02:00			`if (`
			`$this->d3IsAdminForce2FA()`
			`&& $blAuth`
			`&& $totp->isActive() === false`
			`) {`
refactor tests 2022-09-28 00:08:36 +02:00			`$this->redirect('index.php?cl=d3force_2fa');`
Require administrators to activate 2FA. 2022-09-13 17:00:52 +02:00			`if (false == defined('OXID_PHP_UNIT')) {`
			`// @codeCoverageIgnoreStart`
			`exit;`
			`// @codeCoverageIgnoreEnd`
			`}`
			`}`

			`//staten der prüfung vom einmalpasswort`
			`if ($blAuth && $totp->isActive() && false === $totpAuth) {`
extract TOTP check from admin login 2022-11-10 00:00:50 +01:00			`$this->redirect('index.php?cl=d3totpadminlogin');`
Require administrators to activate 2FA. 2022-09-13 17:00:52 +02:00			`if (false == defined('OXID_PHP_UNIT')) {`
			`// @codeCoverageIgnoreStart`
			`exit;`
			`// @codeCoverageIgnoreEnd`
			`}`
			`}`

			`return $blAuth;`
			`}`

			`/**`
			`* @return Session`
			`*/`
rename module methods in extended OXID classes to prevent conflicts with other modules, move totp check to _afterLogin for webauthn module compatibility 2022-11-09 12:03:16 +01:00			`public function d3TotpGetSessionObject()`
Require administrators to activate 2FA. 2022-09-13 17:00:52 +02:00			`{`
			`return Registry::getSession();`
			`}`

			`/**`
			`* @return d3totp`
			`*/`
			`public function d3GetTotpObject()`
			`{`
			`return oxNew(d3totp::class);`
			`}`

add missing tests 2022-09-30 00:06:20 +02:00			`/**`
			`* @return Config`
			`*/`
			`public function d3GetConfig(): Config`
			`{`
			`return Registry::getConfig();`
			`}`

Require administrators to activate 2FA. 2022-09-13 17:00:52 +02:00			`/**`
			`* @return bool`
			`*/`
add missing tests 2022-09-30 00:06:20 +02:00			`protected function d3IsAdminForce2FA()`
Require administrators to activate 2FA. 2022-09-13 17:00:52 +02:00			`{`
			`return $this->isAdmin() &&`
add missing tests 2022-09-30 00:06:20 +02:00			`$this->d3GetConfig()->getConfigParam('D3_TOTP_ADMIN_FORCE_2FA') === true;`
			`}`

			`/**`
			`* @param bool $blAuth`
			`* @return bool`
			`*/`
			`protected function d3AuthHook(bool $blAuth): bool`
			`{`
			`return $blAuth;`
Require administrators to activate 2FA. 2022-09-13 17:00:52 +02:00			`}`
			`}`