D3Public/oxtotp
8
0
Fork 1
Code Pull Requests Releases Activity

separate session var names between frontend and backend

Browse Source
This commit is contained in:
Daniel Seifert 2022-11-23 09:21:52 +01:00 committed by Daniel Seifert
parent d8be836ed7
commit 46ae7efa32
Signed by: DanielS
GPG Key ID: 6A513E13AEE66170
13 changed files with 39 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/Application/Controller/Admin/d3totpadminlogin.php
View File

@ -60,7 +60,7 @@ class d3totpadminlogin extends AdminController
$totp = $this->d3TotpGetTotpObject(); $totp = $this->d3TotpGetTotpObject();
$totp->loadByUserId($userId); $totp->loadByUserId($userId);
return $this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_AUTH) || return $this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_ADMIN_AUTH) ||
!$totp->isActive(); !$totp->isActive();
} }
@ -70,7 +70,7 @@ class d3totpadminlogin extends AdminController
protected function isTotpLoginNotPossible(): bool protected function isTotpLoginNotPossible(): bool
{ {
return !$this->d3TotpGetSession()->hasVariable(d3totp_conf::OXID_ADMIN_AUTH) && return !$this->d3TotpGetSession()->hasVariable(d3totp_conf::OXID_ADMIN_AUTH) &&
!$this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER); !$this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_ADMIN_CURRENTUSER);
} }
/** /**
@ -159,8 +159,8 @@ class d3totpadminlogin extends AdminController
$session->initNewSession(); $session->initNewSession();
$session->setVariable("aAdminProfiles", $adminProfiles); $session->setVariable("aAdminProfiles", $adminProfiles);
$session->setVariable(d3totp_conf::OXID_ADMIN_AUTH, $userId); $session->setVariable(d3totp_conf::OXID_ADMIN_AUTH, $userId);
$session->setVariable(d3totp_conf::SESSION_AUTH, $userId); $session->setVariable(d3totp_conf::SESSION_ADMIN_AUTH, $userId);
$session->deleteVariable(d3totp_conf::SESSION_CURRENTUSER); $session->deleteVariable(d3totp_conf::SESSION_ADMIN_CURRENTUSER);
return "admin_start"; return "admin_start";
} catch (d3totp_wrongOtpException $e) { } catch (d3totp_wrongOtpException $e) {
@ -179,7 +179,7 @@ class d3totpadminlogin extends AdminController
*/ */
public function d3TotpHasValidTotp(string $sTotp = null, d3totp $totp): bool public function d3TotpHasValidTotp(string $sTotp = null, d3totp $totp): bool
{ {
return $this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_AUTH) return $this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_ADMIN_AUTH)
|| $totp->verify($sTotp); || $totp->verify($sTotp);
} }

1
src/Application/Controller/Admin/d3user_totp.php
View File

@ -17,7 +17,6 @@ namespace D3\Totp\Application\Controller\Admin;
use D3\Totp\Application\Model\d3totp; use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\d3backupcodelist; use D3\Totp\Application\Model\d3backupcodelist;
use D3\Totp\Application\Model\d3totp_conf;
use D3\Totp\Modules\Application\Model\d3_totp_user; use D3\Totp\Modules\Application\Model\d3_totp_user;
use Exception; use Exception;
use OxidEsales\Eshop\Application\Controller\Admin\AdminDetailsController; use OxidEsales\Eshop\Application\Controller\Admin\AdminDetailsController;

1
src/Application/Model/d3backupcode.php
View File

@ -20,7 +20,6 @@ use OxidEsales\Eshop\Application\Model\User;
use OxidEsales\Eshop\Core\DatabaseProvider; use OxidEsales\Eshop\Core\DatabaseProvider;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Model\BaseModel; use OxidEsales\Eshop\Core\Model\BaseModel;
use OxidEsales\Eshop\Core\Registry;
class d3backupcode extends BaseModel class d3backupcode extends BaseModel
{ {

10
src/Application/Model/d3totp_conf.php
View File

@ -19,8 +19,10 @@ class d3totp_conf
{ {
public const OXID_ADMIN_AUTH = 'auth'; public const OXID_ADMIN_AUTH = 'auth';
public const OXID_FRONTEND_AUTH = 'usr'; public const OXID_FRONTEND_AUTH = 'usr';
public const SESSION_AUTH = 'd3TotpAuth'; // has valid totp, user is logged in completly public const SESSION_AUTH = 'd3Totp_auth'; // has valid totp, user is logged in completly
public const SESSION_CURRENTUSER = 'd3TotpCurrentUser'; // oxid assigned to user from entered username public const SESSION_CURRENTUSER = 'd3Totp_currentUser'; // oxid assigned to user from entered username
public const SESSION_CURRENTCLASS = 'd3TotpCurrentClass'; // oxid assigned to user from entered username public const SESSION_CURRENTCLASS = 'd3Totp_currentClass'; // oxid assigned to user from entered username
public const SESSION_NAVFORMPARAMS = 'd3totpNavFormParams'; public const SESSION_NAVFORMPARAMS = 'd3Totp_navFormParams';
public const SESSION_ADMIN_AUTH = 'd3Totp_auth'; // has valid totp, user is logged in completly
public const SESSION_ADMIN_CURRENTUSER = 'd3Totp_currentUser'; // oxid assigned to user from entered username
} }

4
src/Modules/Application/Controller/Admin/d3_totp_LoginController.php
View File

@ -63,7 +63,7 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
$user = $this->d3TotpGetUserObject(); $user = $this->d3TotpGetUserObject();
$user->logout(); $user->logout();
$this->d3TotpGetSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, $userId); $this->d3TotpGetSession()->setVariable(d3totp_conf::SESSION_ADMIN_CURRENTUSER, $userId);
return "d3totpadminlogin"; return "d3totpadminlogin";
} }
@ -77,7 +77,7 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
public function d3TotpLoginMissing($totp) public function d3TotpLoginMissing($totp)
{ {
return $totp->isActive() return $totp->isActive()
&& false == $this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_AUTH); && false == $this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_ADMIN_AUTH);
} }
/** /**

3
src/Modules/Application/Controller/d3_totp_getUserTrait.php
View File

@ -41,7 +41,8 @@ trait d3_totp_getUserTrait
$totp->loadByUserId($oUser->getId()); $totp->loadByUserId($oUser->getId());
if ($totp->isActive() if ($totp->isActive()
&& !$this->d3TotpGetSessionObject()->getVariable(d3totp_conf::SESSION_AUTH) && !$this->d3TotpGetSessionObject()->getVariable(
isAdmin() ? d3totp_conf::SESSION_ADMIN_AUTH : d3totp_conf::SESSION_AUTH)
) { ) {
return false; return false;
} }

11
src/Modules/Application/Model/d3_totp_user.php
View File

@ -28,6 +28,8 @@ class d3_totp_user extends d3_totp_user_parent
$this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_AUTH); $this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_AUTH);
$this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_CURRENTUSER); $this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_CURRENTUSER);
$this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_ADMIN_AUTH);
$this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_ADMIN_CURRENTUSER);
return $return; return $return;
} }
@ -53,10 +55,13 @@ class d3_totp_user extends d3_totp_user_parent
*/ */
public function d3TotpGetCurrentUser(): ?string public function d3TotpGetCurrentUser(): ?string
{ {
return $this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER) ? return $this->isAdmin() ?
($this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_ADMIN_CURRENTUSER) ?
$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_ADMIN_CURRENTUSER) :
$this->d3TotpGetSession()->getVariable(d3totp_conf::OXID_ADMIN_AUTH))
:
($this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER) ?
$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER) : $this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER) :
($this->isAdmin() ?
$this->d3TotpGetSession()->getVariable(d3totp_conf::OXID_ADMIN_AUTH) :
$this->d3TotpGetSession()->getVariable(d3totp_conf::OXID_FRONTEND_AUTH)); $this->d3TotpGetSession()->getVariable(d3totp_conf::OXID_FRONTEND_AUTH));
} }
} }

2
src/Modules/Core/d3_totp_utils.php
View File

@ -35,7 +35,7 @@ class d3_totp_utils extends d3_totp_utils_parent
$blAuth = parent::checkAccessRights(); $blAuth = parent::checkAccessRights();
$blAuth = $this->d3AuthHook($blAuth); $blAuth = $this->d3AuthHook($blAuth);
$userID = $this->d3TotpGetSessionObject()->getVariable("auth"); $userID = $this->d3TotpGetSessionObject()->getVariable("auth");
$totpAuth = (bool) $this->d3TotpGetSessionObject()->getVariable(d3totp_conf::SESSION_AUTH); $totpAuth = (bool) $this->d3TotpGetSessionObject()->getVariable(d3totp_conf::SESSION_ADMIN_AUTH);
/** @var d3totp $totp */ /** @var d3totp $totp */
$totp = $this->d3GetTotpObject(); $totp = $this->d3GetTotpObject();
$totp->loadByUserId($userID); $totp->loadByUserId($userID);

12
src/tests/unit/Application/Controller/Admin/d3totpadminloginTest.php
View File

@ -117,7 +117,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
]) ])
->getMock(); ->getMock();
$hasVariableMap = [ $hasVariableMap = [
[d3totp_conf::SESSION_AUTH, $hasAuthAlready] [d3totp_conf::SESSION_ADMIN_AUTH, $hasAuthAlready]
]; ];
$oSessionMock->method('hasVariable')->willReturnMap($hasVariableMap); $oSessionMock->method('hasVariable')->willReturnMap($hasVariableMap);
@ -174,7 +174,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
->getMock(); ->getMock();
$hasVariableMap = [ $hasVariableMap = [
[d3totp_conf::OXID_ADMIN_AUTH, $hasAdminAuth], [d3totp_conf::OXID_ADMIN_AUTH, $hasAdminAuth],
[d3totp_conf::SESSION_CURRENTUSER, $hasCurrentUser], [d3totp_conf::SESSION_ADMIN_CURRENTUSER, $hasCurrentUser],
]; ];
$oSessionMock->method('hasVariable')->willReturnMap($hasVariableMap); $oSessionMock->method('hasVariable')->willReturnMap($hasVariableMap);
@ -488,7 +488,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
*/ */
public function hasValidTotpTrueSessionVarname() public function hasValidTotpTrueSessionVarname()
{ {
Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, true); Registry::getSession()->setVariable(d3totp_conf::SESSION_ADMIN_AUTH, true);
/** @var d3totp|MockObject $oTotpMock */ /** @var d3totp|MockObject $oTotpMock */
$oTotpMock = $this->getMockBuilder(d3totp::class) $oTotpMock = $this->getMockBuilder(d3totp::class)
@ -509,7 +509,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
*/ */
public function hasValidTotpTrueValidTotp() public function hasValidTotpTrueValidTotp()
{ {
Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false); Registry::getSession()->setVariable(d3totp_conf::SESSION_ADMIN_AUTH, false);
/** @var d3totp|MockObject $oTotpMock */ /** @var d3totp|MockObject $oTotpMock */
$oTotpMock = $this->getMockBuilder(d3totp::class) $oTotpMock = $this->getMockBuilder(d3totp::class)
@ -530,7 +530,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
*/ */
public function hasValidTotpFalseMissingTotp() public function hasValidTotpFalseMissingTotp()
{ {
Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false); Registry::getSession()->setVariable(d3totp_conf::SESSION_ADMIN_AUTH, false);
/** @var d3totp|MockObject $oTotpMock */ /** @var d3totp|MockObject $oTotpMock */
$oTotpMock = $this->getMockBuilder(d3totp::class) $oTotpMock = $this->getMockBuilder(d3totp::class)
@ -550,7 +550,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
*/ */
public function hasValidTotpFalseUnverifiedTotp() public function hasValidTotpFalseUnverifiedTotp()
{ {
Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false); Registry::getSession()->setVariable(d3totp_conf::SESSION_ADMIN_AUTH, false);
/** @var d3totp|MockObject $oTotpMock */ /** @var d3totp|MockObject $oTotpMock */
$oTotpMock = $this->getMockBuilder(d3totp::class) $oTotpMock = $this->getMockBuilder(d3totp::class)

1
src/tests/unit/Application/Controller/d3totploginTest.php
View File

@ -16,7 +16,6 @@ namespace D3\Totp\tests\unit\Application\Controller;
use D3\TestingTools\Development\CanAccessRestricted; use D3\TestingTools\Development\CanAccessRestricted;
use D3\Totp\Application\Controller\d3totplogin; use D3\Totp\Application\Controller\d3totplogin;
use D3\Totp\Application\Model\d3backupcodelist; use D3\Totp\Application\Model\d3backupcodelist;
use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\d3totp_conf; use D3\Totp\Application\Model\d3totp_conf;
use D3\Totp\tests\unit\d3TotpUnitTestCase; use D3\Totp\tests\unit\d3TotpUnitTestCase;
use OxidEsales\Eshop\Core\Registry; use OxidEsales\Eshop\Core\Registry;

1
src/tests/unit/Application/Model/d3backupcodeTest.php
View File

@ -15,7 +15,6 @@ namespace D3\Totp\tests\unit\Application\Model;
use D3\TestingTools\Development\CanAccessRestricted; use D3\TestingTools\Development\CanAccessRestricted;
use D3\Totp\Application\Model\d3backupcode; use D3\Totp\Application\Model\d3backupcode;
use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\d3totp_conf; use D3\Totp\Application\Model\d3totp_conf;
use D3\Totp\tests\unit\d3TotpUnitTestCase; use D3\Totp\tests\unit\d3TotpUnitTestCase;
use OxidEsales\Eshop\Application\Model\User; use OxidEsales\Eshop\Application\Model\User;

2
src/tests/unit/Modules/Application/Controller/Admin/d3_totp_LoginControllerTest.php
View File

@ -193,7 +193,7 @@ class d3_totp_LoginControllerTest extends d3TotpUnitTestCase
$oSessionMock = $this->getMockBuilder(Session::class) $oSessionMock = $this->getMockBuilder(Session::class)
->onlyMethods(['getVariable']) ->onlyMethods(['getVariable'])
->getMock(); ->getMock();
$oSessionMock->method('getVariable')->with(d3totp_conf::SESSION_AUTH)->willReturn($loggedin); $oSessionMock->method('getVariable')->with(d3totp_conf::SESSION_ADMIN_AUTH)->willReturn($loggedin);
/** @var d3_totp_LoginController|MockObject $oControllerMock */ /** @var d3_totp_LoginController|MockObject $oControllerMock */
$oControllerMock = $this->getMockBuilder(d3_totp_LoginController::class) $oControllerMock = $this->getMockBuilder(d3_totp_LoginController::class)

4
src/tests/unit/Modules/Application/Model/d3_totp_userTest.php
View File

@ -123,6 +123,7 @@ class d3_totp_userTest extends d3TotpUnitTestCase
$oSessionMock->expects($this->once())->method('hasVariable')->willReturn((bool) $currentUser); $oSessionMock->expects($this->once())->method('hasVariable')->willReturn((bool) $currentUser);
$getVariableMap = [ $getVariableMap = [
[d3totp_conf::SESSION_CURRENTUSER, $currentUser], [d3totp_conf::SESSION_CURRENTUSER, $currentUser],
[d3totp_conf::SESSION_ADMIN_CURRENTUSER, $currentUser],
[d3totp_conf::OXID_ADMIN_AUTH, $adminAuth], [d3totp_conf::OXID_ADMIN_AUTH, $adminAuth],
[d3totp_conf::OXID_FRONTEND_AUTH, $frontendAuth], [d3totp_conf::OXID_FRONTEND_AUTH, $frontendAuth],
]; ];
@ -152,7 +153,8 @@ class d3_totp_userTest extends d3TotpUnitTestCase
public function d3TotpGetCurrentUserTestDataProvider(): array public function d3TotpGetCurrentUserTestDataProvider(): array
{ {
return [ return [
'login request' => ['currentFixture', true, 'adminFixture', 'frontendFixture', 'currentFixture'], 'adm login request' => ['currentFixture', true, 'adminFixture', 'frontendFixture', 'currentFixture'],
'frnt login request' => ['currentFixture', false, 'adminFixture', 'frontendFixture', 'currentFixture'],
'admin auth' => [null, true, 'adminFixture', 'frontendFixture', 'adminFixture'], 'admin auth' => [null, true, 'adminFixture', 'frontendFixture', 'adminFixture'],
'frontend auth' => [null, false, 'adminFixture', 'frontendFixture', 'frontendFixture'], 'frontend auth' => [null, false, 'adminFixture', 'frontendFixture', 'frontendFixture'],
]; ];