fix handle session variables
* attempted login user id will stored in session while totp request only * successful totp login stores user id in totp auth session variable
This commit is contained in:
parent
e3d2156d44
commit
02f2f6a843
GPG Key ID:
8A7C4C6ED1915C6F
@ -19,6 +19,7 @@ use D3\Totp\Application\Model\d3backupcodelist;
|
|||||||
use D3\Totp\Application\Model\d3totp;
|
use D3\Totp\Application\Model\d3totp;
|
||||||
use D3\Totp\Application\Model\d3totp_conf;
|
use D3\Totp\Application\Model\d3totp_conf;
|
||||||
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
|
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
|
||||||
|
use D3\Totp\Modules\Application\Model\d3_totp_user;
|
||||||
use OxidEsales\Eshop\Application\Controller\Admin\AdminController;
|
use OxidEsales\Eshop\Application\Controller\Admin\AdminController;
|
||||||
use OxidEsales\Eshop\Application\Model\User;
|
use OxidEsales\Eshop\Application\Model\User;
|
||||||
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
||||||
@ -42,7 +43,7 @@ class d3totpadminlogin extends AdminController
|
|||||||
*/
|
*/
|
||||||
public function render(): string
|
public function render(): string
|
||||||
{
|
{
|
||||||
if (Registry::getSession()->hasVariable(d3totp_conf::SESSION_AUTH) ||
|
if (Registry::getSession()->hasVariable(d3totp_conf::SESSION_AUTH) &&
|
||||||
!Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER)
|
!Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER)
|
||||||
) {
|
) {
|
||||||
$this->getUtils()->redirect('index.php?cl=admin_start');
|
$this->getUtils()->redirect('index.php?cl=admin_start');
|
||||||
@ -53,7 +54,9 @@ class d3totpadminlogin extends AdminController
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER)) {
|
if (!Registry::getSession()->hasVariable(d3totp_conf::OXID_ADMIN_AUTH) &&
|
||||||
|
!Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER)
|
||||||
|
) {
|
||||||
$this->getUtils()->redirect('index.php?cl=login');
|
$this->getUtils()->redirect('index.php?cl=login');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -74,8 +77,12 @@ class d3totpadminlogin extends AdminController
|
|||||||
*/
|
*/
|
||||||
public function getBackupCodeCountMessage()
|
public function getBackupCodeCountMessage()
|
||||||
{
|
{
|
||||||
|
/** @var d3_totp_user $user */
|
||||||
|
$user = oxNew(User::class);
|
||||||
|
$userId = $user->d3TotpGetCurrentUser();
|
||||||
|
|
||||||
$oBackupCodeList = $this->d3GetBackupCodeListObject();
|
$oBackupCodeList = $this->d3GetBackupCodeListObject();
|
||||||
$iCount = $oBackupCodeList->getAvailableCodeCount(Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER));
|
$iCount = $oBackupCodeList->getAvailableCodeCount($userId);
|
||||||
|
|
||||||
if ($iCount < 4) {
|
if ($iCount < 4) {
|
||||||
return sprintf(
|
return sprintf(
|
||||||
@ -108,10 +115,16 @@ class d3totpadminlogin extends AdminController
|
|||||||
return oxNew(User::class);
|
return oxNew(User::class);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return string|void
|
||||||
|
* @throws DatabaseConnectionException
|
||||||
|
*/
|
||||||
public function checklogin()
|
public function checklogin()
|
||||||
{
|
{
|
||||||
$session = Registry::getSession();
|
$session = Registry::getSession();
|
||||||
$userId = $session->getVariable(d3totp_conf::SESSION_CURRENTUSER);
|
/** @var d3_totp_user $user */
|
||||||
|
$user = oxNew(User::class);
|
||||||
|
$userId = $user->d3TotpGetCurrentUser();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp');
|
$sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp');
|
||||||
@ -125,8 +138,9 @@ class d3totpadminlogin extends AdminController
|
|||||||
|
|
||||||
$session->initNewSession();
|
$session->initNewSession();
|
||||||
$session->setVariable("aAdminProfiles", $adminProfiles);
|
$session->setVariable("aAdminProfiles", $adminProfiles);
|
||||||
$session->setVariable('auth', $userId);
|
$session->setVariable(d3totp_conf::OXID_ADMIN_AUTH, $userId);
|
||||||
$session->setVariable(d3totp_conf::SESSION_AUTH, true);
|
$session->setVariable(d3totp_conf::SESSION_AUTH, $userId);
|
||||||
|
$session->deleteVariable(d3totp_conf::SESSION_CURRENTUSER);
|
||||||
|
|
||||||
return "admin_start";
|
return "admin_start";
|
||||||
} catch (d3totp_wrongOtpException $e) {
|
} catch (d3totp_wrongOtpException $e) {
|
||||||
|
|||||||
@ -17,6 +17,7 @@ namespace D3\Totp\Application\Controller\Admin;
|
|||||||
|
|
||||||
use D3\Totp\Application\Model\d3totp;
|
use D3\Totp\Application\Model\d3totp;
|
||||||
use D3\Totp\Application\Model\d3backupcodelist;
|
use D3\Totp\Application\Model\d3backupcodelist;
|
||||||
|
use D3\Totp\Application\Model\d3totp_conf;
|
||||||
use D3\Totp\Modules\Application\Model\d3_totp_user;
|
use D3\Totp\Modules\Application\Model\d3_totp_user;
|
||||||
use Exception;
|
use Exception;
|
||||||
use OxidEsales\Eshop\Application\Controller\Admin\AdminDetailsController;
|
use OxidEsales\Eshop\Application\Controller\Admin\AdminDetailsController;
|
||||||
|
|||||||
@ -16,7 +16,6 @@ declare(strict_types=1);
|
|||||||
namespace D3\Totp\Application\Controller;
|
namespace D3\Totp\Application\Controller;
|
||||||
|
|
||||||
use D3\Totp\Application\Model\d3backupcodelist;
|
use D3\Totp\Application\Model\d3backupcodelist;
|
||||||
use D3\Totp\Application\Model\d3totp;
|
|
||||||
use D3\Totp\Application\Model\d3totp_conf;
|
use D3\Totp\Application\Model\d3totp_conf;
|
||||||
use OxidEsales\Eshop\Application\Controller\FrontendController;
|
use OxidEsales\Eshop\Application\Controller\FrontendController;
|
||||||
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
||||||
@ -29,9 +28,7 @@ class d3totplogin extends FrontendController
|
|||||||
|
|
||||||
public function render()
|
public function render()
|
||||||
{
|
{
|
||||||
if (Registry::getSession()->hasVariable(d3totp_conf::SESSION_AUTH) ||
|
if (false == Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER)) {
|
||||||
false == Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER)
|
|
||||||
) {
|
|
||||||
$this->getUtils()->redirect('index.php?cl=start');
|
$this->getUtils()->redirect('index.php?cl=start');
|
||||||
if (false == defined('OXID_PHP_UNIT')) {
|
if (false == defined('OXID_PHP_UNIT')) {
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
@ -60,7 +57,8 @@ class d3totplogin extends FrontendController
|
|||||||
public function getBackupCodeCountMessage()
|
public function getBackupCodeCountMessage()
|
||||||
{
|
{
|
||||||
$oBackupCodeList = $this->getBackupCodeListObject();
|
$oBackupCodeList = $this->getBackupCodeListObject();
|
||||||
$iCount = $oBackupCodeList->getAvailableCodeCount(Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER));
|
$userId = Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER);
|
||||||
|
$iCount = $oBackupCodeList->getAvailableCodeCount($userId);
|
||||||
|
|
||||||
if ($iCount < 4) {
|
if ($iCount < 4) {
|
||||||
return sprintf(
|
return sprintf(
|
||||||
|
|||||||
@ -15,6 +15,7 @@ declare(strict_types=1);
|
|||||||
|
|
||||||
namespace D3\Totp\Application\Model;
|
namespace D3\Totp\Application\Model;
|
||||||
|
|
||||||
|
use D3\Totp\Modules\Application\Model\d3_totp_user;
|
||||||
use OxidEsales\Eshop\Application\Model\User;
|
use OxidEsales\Eshop\Application\Model\User;
|
||||||
use OxidEsales\Eshop\Core\DatabaseProvider;
|
use OxidEsales\Eshop\Core\DatabaseProvider;
|
||||||
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
||||||
@ -74,8 +75,9 @@ class d3backupcode extends BaseModel
|
|||||||
return $this->getUser();
|
return $this->getUser();
|
||||||
}
|
}
|
||||||
|
|
||||||
$sUserId = Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER);
|
/** @var d3_totp_user $oUser */
|
||||||
$oUser = oxNew(User::class);
|
$oUser = oxNew(User::class);
|
||||||
|
$sUserId = $oUser->d3TotpGetCurrentUser();
|
||||||
$oUser->load($sUserId);
|
$oUser->load($sUserId);
|
||||||
return $oUser;
|
return $oUser;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -17,6 +17,8 @@ namespace D3\Totp\Application\Model;
|
|||||||
|
|
||||||
class d3totp_conf
|
class d3totp_conf
|
||||||
{
|
{
|
||||||
|
public const OXID_ADMIN_AUTH = 'auth';
|
||||||
|
public const OXID_FRONTEND_AUTH = 'usr';
|
||||||
public const SESSION_AUTH = 'd3TotpAuth'; // has valid totp, user is logged in completly
|
public const SESSION_AUTH = 'd3TotpAuth'; // has valid totp, user is logged in completly
|
||||||
public const SESSION_CURRENTUSER = 'd3TotpCurrentUser'; // oxid assigned to user from entered username
|
public const SESSION_CURRENTUSER = 'd3TotpCurrentUser'; // oxid assigned to user from entered username
|
||||||
public const SESSION_CURRENTCLASS = 'd3TotpCurrentClass'; // oxid assigned to user from entered username
|
public const SESSION_CURRENTCLASS = 'd3TotpCurrentClass'; // oxid assigned to user from entered username
|
||||||
|
|||||||
@ -18,6 +18,7 @@ namespace D3\Totp\Modules\Application\Component;
|
|||||||
use D3\Totp\Application\Model\d3totp;
|
use D3\Totp\Application\Model\d3totp;
|
||||||
use D3\Totp\Application\Model\d3totp_conf;
|
use D3\Totp\Application\Model\d3totp_conf;
|
||||||
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
|
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
|
||||||
|
use D3\Totp\Modules\Application\Model\d3_totp_user;
|
||||||
use Doctrine\DBAL\DBALException;
|
use Doctrine\DBAL\DBALException;
|
||||||
use InvalidArgumentException;
|
use InvalidArgumentException;
|
||||||
use OxidEsales\Eshop\Application\Model\User;
|
use OxidEsales\Eshop\Application\Model\User;
|
||||||
@ -85,8 +86,9 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
|
|||||||
{
|
{
|
||||||
$sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp', true);
|
$sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp', true);
|
||||||
|
|
||||||
$sUserId = Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER);
|
/** @var d3_totp_user $oUser */
|
||||||
$oUser = oxNew(User::class);
|
$oUser = oxNew(User::class);
|
||||||
|
$sUserId = Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER);
|
||||||
$oUser->load($sUserId);
|
$oUser->load($sUserId);
|
||||||
|
|
||||||
$totp = $this->d3GetTotpObject();
|
$totp = $this->d3GetTotpObject();
|
||||||
@ -95,8 +97,8 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
|
|||||||
try {
|
try {
|
||||||
if (!$this->d3TotpIsNoTotpOrNoLogin($totp) && $this->d3TotpHasValidTotp($sTotp, $totp)) {
|
if (!$this->d3TotpIsNoTotpOrNoLogin($totp) && $this->d3TotpHasValidTotp($sTotp, $totp)) {
|
||||||
// relogin, don't extract from this try block
|
// relogin, don't extract from this try block
|
||||||
$this->d3TotpGetSession()->setVariable(d3totp_conf::SESSION_AUTH, $sTotp);
|
$this->d3TotpGetSession()->setVariable(d3totp_conf::SESSION_AUTH, $oUser->getId());
|
||||||
$this->d3TotpGetSession()->setVariable('usr', $oUser->getId());
|
$this->d3TotpGetSession()->setVariable(d3totp_conf::OXID_FRONTEND_AUTH, $oUser->getId());
|
||||||
$this->setUser(null);
|
$this->setUser(null);
|
||||||
$this->setLoginStatus(USER_LOGIN_SUCCESS);
|
$this->setLoginStatus(USER_LOGIN_SUCCESS);
|
||||||
$this->_afterLogin($oUser);
|
$this->_afterLogin($oUser);
|
||||||
|
|||||||
@ -47,4 +47,16 @@ class d3_totp_user extends d3_totp_user_parent
|
|||||||
{
|
{
|
||||||
return Registry::getSession();
|
return Registry::getSession();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return string|null
|
||||||
|
*/
|
||||||
|
public function d3TotpGetCurrentUser(): ?string
|
||||||
|
{
|
||||||
|
return $this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER) ?
|
||||||
|
$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER) :
|
||||||
|
(isAdmin() ?
|
||||||
|
$this->d3TotpGetSession()->getVariable(d3totp_conf::OXID_ADMIN_AUTH) :
|
||||||
|
$this->d3TotpGetSession()->getVariable(d3totp_conf::OXID_FRONTEND_AUTH));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user