D3Public/oxtotp
8
0
Fork 1
Code Pull-Requests Releases Aktivität

fix missing redirect on lost session while admin login

Quellcode durchsuchen
Dieser Commit ist enthalten in:
Daniel Seifert 2022-11-26 00:23:04 +01:00
Ursprung c13b1e04a0
Commit 0dc6c49e0b
Signiert von: DanielS
GPG-Schlüssel-ID: 6A513E13AEE66170
5 geänderte Dateien mit 27 neuen und 32 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Vergleichs-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

12
src/Application/Controller/Admin/d3totpadminlogin.php
Datei anzeigen

@ -72,8 +72,8 @@ class d3totpadminlogin extends AdminController
*/
protected function isTotpLoginNotPossible(): bool
{
return !$this->d3TotpGetSession()->hasVariable(d3totp_conf::OXID_ADMIN_AUTH) &&
!$this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_ADMIN_CURRENTUSER);
$user = $this->d3TotpGetUserObject();
return !$user->d3TotpGetCurrentUser();
}
/**
@ -82,10 +82,10 @@ class d3totpadminlogin extends AdminController
*/
public function render(): string
{
if ($this->isTotpIsNotRequired()) {
$this->d3TotpGetUtils()->redirect('index.php?cl=admin_start');
} elseif ($this->isTotpLoginNotPossible()) {
$this->d3TotpGetUtils()->redirect('index.php?cl=login');
if ($this->isTotpLoginNotPossible()) {
$this->d3TotpGetUtils()->redirect('index.php?cl=login', false);
} elseif ($this->isTotpIsNotRequired()) {
$this->d3TotpGetUtils()->redirect('index.php?cl=admin_start', false);
}
$this->addTplParam('selectedProfile', Registry::getRequest()->getRequestEscapedParameter('profile'));

2
src/Application/Controller/d3totplogin.php
Datei anzeigen

@ -29,7 +29,7 @@ class d3totplogin extends FrontendController
public function render()
{
if (!Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER)) {
$this->getUtils()->redirect('index.php?cl=start');
$this->getUtils()->redirect('index.php?cl=start', false);
}
$this->addTplParam('navFormParams', Registry::getSession()->getVariable(d3totp_conf::SESSION_NAVFORMPARAMS));

2
src/Modules/Core/d3_totp_utils.php
Datei anzeigen

@ -51,7 +51,7 @@ class d3_totp_utils extends d3_totp_utils_parent
//staten der prüfung vom einmalpasswort
if ($blAuth && $totp->isActive() && false === $totpAuth) {
$this->redirect('index.php?cl=d3totpadminlogin');
$this->redirect('index.php?cl=d3totpadminlogin', false);
}
return $blAuth;

3
src/Modules/Core/totpSystemEventHandler.php
Datei anzeigen

@ -51,7 +51,8 @@ class totpSystemEventHandler extends totpSystemEventHandler_parent
$this->getUtilsObject()->redirect(
'index.php?cl=d3totpadminlogin&'.
'profile='.$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_ADMIN_PROFILE).'&'.
'chlanguage='.$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_ADMIN_CHLANGUAGE)
'chlanguage='.$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_ADMIN_CHLANGUAGE),
false
);
}
}

40
src/tests/unit/Application/Controller/Admin/d3totpadminloginTest.php
Datei anzeigen

@ -160,35 +160,26 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
/**
* @test
* @param $hasAdminAuth
* @param $hasCurrentUser
* @param $userId
* @param $expected
* @return void
* @throws ReflectionException
* @covers \D3\Totp\Application\Controller\Admin\d3totpadminlogin::isTotpLoginNotPossible
* @dataProvider isTotpLoginNotPossiblePassedDataProvider
*/
public function isTotpLoginNotPossiblePassed($hasAdminAuth, $hasCurrentUser, $expected)
public function isTotpLoginNotPossiblePassed($userId, $expected)
{
/** @var Session|MockObject $oSessionMock */
$oSessionMock = $this->getMockBuilder(Session::class)
->onlyMethods([
'hasVariable',
])
/** @var d3_totp_user|MockObject $oUserMock */
$oUserMock = $this->getMockBuilder(User::class)
->onlyMethods(['d3TotpGetCurrentUser'])
->getMock();
$hasVariableMap = [
[d3totp_conf::OXID_ADMIN_AUTH, $hasAdminAuth],
[d3totp_conf::SESSION_ADMIN_CURRENTUSER, $hasCurrentUser],
];
$oSessionMock->method('hasVariable')->willReturnMap($hasVariableMap);
$oUserMock->method('d3TotpGetCurrentUser')->willReturn($userId);
/** @var d3totpadminlogin|MockObject $oControllerMock */
$oControllerMock = $this->getMockBuilder(d3totpadminlogin::class)
->onlyMethods([
'd3TotpGetSession',
])
->onlyMethods(['d3TotpGetUserObject'])
->getMock();
$oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock);
$oControllerMock->method('d3TotpGetUserObject')->willReturn($oUserMock);
$this->_oController = $oControllerMock;
@ -207,19 +198,22 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
public function isTotpLoginNotPossiblePassedDataProvider(): array
{
return [
'no admin auth, no user' => [false, false, true],
'has admin auth' => [true, false, false],
'has current user' => [false, true, false],
'no user' => [null, true],
'has user' => ['userId', false],
];
}
/**
* @test
* @param $totpNotRequired
* @param $totpNotPossible
* @param $redirect
* @return void
* @throws ReflectionException
* @covers \D3\Totp\Application\Controller\Admin\d3totpadminlogin::render
* @dataProvider canRenderDataProvider
*/
public function canRender($totpRequired, $totpNotPossible, $redirect)
public function canRender($totpNotRequired, $totpNotPossible, $redirect)
{
/** @var Utils|MockObject $oUtilsMock */
$oUtilsMock = $this->getMockBuilder(Utils::class)
@ -247,7 +241,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
'd3GetLoginController',
])
->getMock();
$oControllerMock->method('isTotpIsNotRequired')->willReturn($totpRequired);
$oControllerMock->method('isTotpIsNotRequired')->willReturn($totpNotRequired);
$oControllerMock->method('isTotpLoginNotPossible')->willReturn($totpNotPossible);
$oControllerMock->method('d3TotpGetUtils')->willReturn($oUtilsMock);
$oControllerMock->method('d3GetLoginController')->willReturn($loginControllerMock);
@ -266,7 +260,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
public function canRenderDataProvider(): array
{
return [
'not required' => [true, true, 'admin_start'],
'not required' => [true, false, 'admin_start'],
'not possible' => [false, true, 'login'],
'do auth' => [false, false, null],
];