oxtotp/src/Application/Controller/Admin/d3user_totp.php

100 lignes
3.1 KiB
PHP
Brut Vue normale Historique

2018-10-17 23:48:20 +02:00
<?php
/**
* This Software is the property of Data Development and is protected
* by copyright law - it is NOT Freeware.
* Any unauthorized use of this software without a valid license
* is a violation of the license agreement and will be prosecuted by
* civil and criminal law.
* http://www.shopmodule.com
*
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
* @link http://www.oxidmodule.com
*/
namespace D3\Totp\Application\Controller\Admin;
2018-10-18 15:33:59 +02:00
use D3\Totp\Application\Model\d3totp;
use D3\Totp\Modules\Application\Model\d3_totp_user;
2018-10-18 15:33:59 +02:00
use Doctrine\DBAL\DBALException;
2018-10-17 23:48:20 +02:00
use OxidEsales\Eshop\Application\Controller\Admin\AdminDetailsController;
use OxidEsales\Eshop\Application\Model\User;
2018-10-18 15:33:59 +02:00
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Exception\StandardException;
use OxidEsales\Eshop\Core\Registry;
2018-10-17 23:48:20 +02:00
class d3user_totp extends AdminDetailsController
{
protected $_sSaveError = null;
2018-10-17 23:48:20 +02:00
protected $_sThisTemplate = 'd3user_totp.tpl';
2018-10-18 15:33:59 +02:00
/**
* @return string
* @throws DBALException
* @throws DatabaseConnectionException
*/
public function render()
{
parent::render();
$soxId = $this->getEditObjectId();
2018-10-18 15:33:59 +02:00
if (isset($soxId) && $soxId != "-1") {
/** @var d3_totp_user $oUser */
$oUser = oxNew(User::class);
if ($oUser->load($soxId)) {
$this->addTplParam("oxid", $oUser->getId());
} else {
$this->addTplParam("oxid", '-1');
}
$this->addTplParam("edit", $oUser);
2018-10-18 15:33:59 +02:00
}
if ($this->_sSaveError) {
$this->addTplParam("sSaveError", $this->_sSaveError);
2018-10-18 15:33:59 +02:00
}
return $this->_sThisTemplate;
}
/**
* @throws \Exception
*/
public function save()
{
parent::save();
$aParams = Registry::getRequest()->getRequestEscapedParameter("editval");
try {
$pwd = Registry::getRequest()->getRequestEscapedParameter("pwd");
/** @var d3_totp_user $oUser */
$oUser = oxNew(User::class);
if (false == $oUser->d3CheckPasswordPass($this->getEditObjectId(), $pwd)) {
$oException = oxNew(StandardException::class, 'D3_TOTP_ERROR_PWDONTPASS');
throw $oException;
}
/** @var d3totp $oTotp */
$oTotp = oxNew(d3totp::class);
if ($aParams['d3totp__oxid']) {
$oTotp->load($aParams['d3totp__oxid']);
} else {
$aParams['d3totp__usetotp'] = 1;
$seed = Registry::getRequest()->getRequestEscapedParameter("secret");
$otp = Registry::getRequest()->getRequestEscapedParameter("otp");
$oTotp->saveSecret($seed, $pwd);
$oTotp->assign($aParams);
$oTotp->verify($otp, $seed);
$oTotp->setId();
}
$oTotp->save();
} catch (\Exception $oExcp) {
$this->_sSaveError = $oExcp->getMessage();
}
}
2018-10-17 23:48:20 +02:00
}