fix missing redirect on lost session while admin login
This commit is contained in:
parent
c13b1e04a0
commit
0dc6c49e0b
GPG Key ID:
6A513E13AEE66170
@ -72,8 +72,8 @@ class d3totpadminlogin extends AdminController
|
|||||||
*/
|
*/
|
||||||
protected function isTotpLoginNotPossible(): bool
|
protected function isTotpLoginNotPossible(): bool
|
||||||
{
|
{
|
||||||
return !$this->d3TotpGetSession()->hasVariable(d3totp_conf::OXID_ADMIN_AUTH) &&
|
$user = $this->d3TotpGetUserObject();
|
||||||
!$this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_ADMIN_CURRENTUSER);
|
return !$user->d3TotpGetCurrentUser();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -82,10 +82,10 @@ class d3totpadminlogin extends AdminController
|
|||||||
*/
|
*/
|
||||||
public function render(): string
|
public function render(): string
|
||||||
{
|
{
|
||||||
if ($this->isTotpIsNotRequired()) {
|
if ($this->isTotpLoginNotPossible()) {
|
||||||
$this->d3TotpGetUtils()->redirect('index.php?cl=admin_start');
|
$this->d3TotpGetUtils()->redirect('index.php?cl=login', false);
|
||||||
} elseif ($this->isTotpLoginNotPossible()) {
|
} elseif ($this->isTotpIsNotRequired()) {
|
||||||
$this->d3TotpGetUtils()->redirect('index.php?cl=login');
|
$this->d3TotpGetUtils()->redirect('index.php?cl=admin_start', false);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->addTplParam('selectedProfile', Registry::getRequest()->getRequestEscapedParameter('profile'));
|
$this->addTplParam('selectedProfile', Registry::getRequest()->getRequestEscapedParameter('profile'));
|
||||||
|
|||||||
@ -29,7 +29,7 @@ class d3totplogin extends FrontendController
|
|||||||
public function render()
|
public function render()
|
||||||
{
|
{
|
||||||
if (!Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER)) {
|
if (!Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER)) {
|
||||||
$this->getUtils()->redirect('index.php?cl=start');
|
$this->getUtils()->redirect('index.php?cl=start', false);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->addTplParam('navFormParams', Registry::getSession()->getVariable(d3totp_conf::SESSION_NAVFORMPARAMS));
|
$this->addTplParam('navFormParams', Registry::getSession()->getVariable(d3totp_conf::SESSION_NAVFORMPARAMS));
|
||||||
|
|||||||
@ -51,7 +51,7 @@ class d3_totp_utils extends d3_totp_utils_parent
|
|||||||
|
|
||||||
//staten der prüfung vom einmalpasswort
|
//staten der prüfung vom einmalpasswort
|
||||||
if ($blAuth && $totp->isActive() && false === $totpAuth) {
|
if ($blAuth && $totp->isActive() && false === $totpAuth) {
|
||||||
$this->redirect('index.php?cl=d3totpadminlogin');
|
$this->redirect('index.php?cl=d3totpadminlogin', false);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $blAuth;
|
return $blAuth;
|
||||||
|
|||||||
@ -51,7 +51,8 @@ class totpSystemEventHandler extends totpSystemEventHandler_parent
|
|||||||
$this->getUtilsObject()->redirect(
|
$this->getUtilsObject()->redirect(
|
||||||
'index.php?cl=d3totpadminlogin&'.
|
'index.php?cl=d3totpadminlogin&'.
|
||||||
'profile='.$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_ADMIN_PROFILE).'&'.
|
'profile='.$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_ADMIN_PROFILE).'&'.
|
||||||
'chlanguage='.$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_ADMIN_CHLANGUAGE)
|
'chlanguage='.$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_ADMIN_CHLANGUAGE),
|
||||||
|
false
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -160,35 +160,26 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* @test
|
* @test
|
||||||
* @param $hasAdminAuth
|
* @param $userId
|
||||||
* @param $hasCurrentUser
|
|
||||||
* @param $expected
|
* @param $expected
|
||||||
* @return void
|
* @return void
|
||||||
* @throws ReflectionException
|
* @throws ReflectionException
|
||||||
* @covers \D3\Totp\Application\Controller\Admin\d3totpadminlogin::isTotpLoginNotPossible
|
* @covers \D3\Totp\Application\Controller\Admin\d3totpadminlogin::isTotpLoginNotPossible
|
||||||
* @dataProvider isTotpLoginNotPossiblePassedDataProvider
|
* @dataProvider isTotpLoginNotPossiblePassedDataProvider
|
||||||
*/
|
*/
|
||||||
public function isTotpLoginNotPossiblePassed($hasAdminAuth, $hasCurrentUser, $expected)
|
public function isTotpLoginNotPossiblePassed($userId, $expected)
|
||||||
{
|
{
|
||||||
/** @var Session|MockObject $oSessionMock */
|
/** @var d3_totp_user|MockObject $oUserMock */
|
||||||
$oSessionMock = $this->getMockBuilder(Session::class)
|
$oUserMock = $this->getMockBuilder(User::class)
|
||||||
->onlyMethods([
|
->onlyMethods(['d3TotpGetCurrentUser'])
|
||||||
'hasVariable',
|
|
||||||
])
|
|
||||||
->getMock();
|
->getMock();
|
||||||
$hasVariableMap = [
|
$oUserMock->method('d3TotpGetCurrentUser')->willReturn($userId);
|
||||||
[d3totp_conf::OXID_ADMIN_AUTH, $hasAdminAuth],
|
|
||||||
[d3totp_conf::SESSION_ADMIN_CURRENTUSER, $hasCurrentUser],
|
|
||||||
];
|
|
||||||
$oSessionMock->method('hasVariable')->willReturnMap($hasVariableMap);
|
|
||||||
|
|
||||||
/** @var d3totpadminlogin|MockObject $oControllerMock */
|
/** @var d3totpadminlogin|MockObject $oControllerMock */
|
||||||
$oControllerMock = $this->getMockBuilder(d3totpadminlogin::class)
|
$oControllerMock = $this->getMockBuilder(d3totpadminlogin::class)
|
||||||
->onlyMethods([
|
->onlyMethods(['d3TotpGetUserObject'])
|
||||||
'd3TotpGetSession',
|
|
||||||
])
|
|
||||||
->getMock();
|
->getMock();
|
||||||
$oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock);
|
$oControllerMock->method('d3TotpGetUserObject')->willReturn($oUserMock);
|
||||||
|
|
||||||
$this->_oController = $oControllerMock;
|
$this->_oController = $oControllerMock;
|
||||||
|
|
||||||
@ -207,19 +198,22 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
|
|||||||
public function isTotpLoginNotPossiblePassedDataProvider(): array
|
public function isTotpLoginNotPossiblePassedDataProvider(): array
|
||||||
{
|
{
|
||||||
return [
|
return [
|
||||||
'no admin auth, no user' => [false, false, true],
|
'no user' => [null, true],
|
||||||
'has admin auth' => [true, false, false],
|
'has user' => ['userId', false],
|
||||||
'has current user' => [false, true, false],
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @test
|
* @test
|
||||||
|
* @param $totpNotRequired
|
||||||
|
* @param $totpNotPossible
|
||||||
|
* @param $redirect
|
||||||
|
* @return void
|
||||||
* @throws ReflectionException
|
* @throws ReflectionException
|
||||||
* @covers \D3\Totp\Application\Controller\Admin\d3totpadminlogin::render
|
* @covers \D3\Totp\Application\Controller\Admin\d3totpadminlogin::render
|
||||||
* @dataProvider canRenderDataProvider
|
* @dataProvider canRenderDataProvider
|
||||||
*/
|
*/
|
||||||
public function canRender($totpRequired, $totpNotPossible, $redirect)
|
public function canRender($totpNotRequired, $totpNotPossible, $redirect)
|
||||||
{
|
{
|
||||||
/** @var Utils|MockObject $oUtilsMock */
|
/** @var Utils|MockObject $oUtilsMock */
|
||||||
$oUtilsMock = $this->getMockBuilder(Utils::class)
|
$oUtilsMock = $this->getMockBuilder(Utils::class)
|
||||||
@ -247,7 +241,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
|
|||||||
'd3GetLoginController',
|
'd3GetLoginController',
|
||||||
])
|
])
|
||||||
->getMock();
|
->getMock();
|
||||||
$oControllerMock->method('isTotpIsNotRequired')->willReturn($totpRequired);
|
$oControllerMock->method('isTotpIsNotRequired')->willReturn($totpNotRequired);
|
||||||
$oControllerMock->method('isTotpLoginNotPossible')->willReturn($totpNotPossible);
|
$oControllerMock->method('isTotpLoginNotPossible')->willReturn($totpNotPossible);
|
||||||
$oControllerMock->method('d3TotpGetUtils')->willReturn($oUtilsMock);
|
$oControllerMock->method('d3TotpGetUtils')->willReturn($oUtilsMock);
|
||||||
$oControllerMock->method('d3GetLoginController')->willReturn($loginControllerMock);
|
$oControllerMock->method('d3GetLoginController')->willReturn($loginControllerMock);
|
||||||
@ -266,7 +260,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
|
|||||||
public function canRenderDataProvider(): array
|
public function canRenderDataProvider(): array
|
||||||
{
|
{
|
||||||
return [
|
return [
|
||||||
'not required' => [true, true, 'admin_start'],
|
'not required' => [true, false, 'admin_start'],
|
||||||
'not possible' => [false, true, 'login'],
|
'not possible' => [false, true, 'login'],
|
||||||
'do auth' => [false, false, null],
|
'do auth' => [false, false, null],
|
||||||
];
|
];
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user