From 77eca02079548e69f15a3ad5ec7430f7240ce0f8 Mon Sep 17 00:00:00 2001
From: Daniel Seifert <git@daniel-seifert.com>
Date: Thu, 24 Nov 2022 20:17:50 +0100
Subject: [PATCH] change session admin auth variable to constant

---
 src/Application/Controller/Admin/d3force_2fa.php      |  5 +++--
 src/Modules/Core/d3_totp_utils.php                    |  2 +-
 src/Modules/Core/totpSystemEventHandler.php           |  2 +-
 .../Application/Controller/Admin/d3force_2faTest.php  |  5 +++--
 src/tests/unit/Modules/Core/d3_totp_utilsTest.php     | 11 ++++++-----
 5 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/src/Application/Controller/Admin/d3force_2fa.php b/src/Application/Controller/Admin/d3force_2fa.php
index 8b9ea95..8bcc12e 100644
--- a/src/Application/Controller/Admin/d3force_2fa.php
+++ b/src/Application/Controller/Admin/d3force_2fa.php
@@ -4,6 +4,7 @@ declare(strict_types=1);
 
 namespace D3\Totp\Application\Controller\Admin;
 
+use D3\Totp\Application\Model\d3totp_conf;
 use OxidEsales\Eshop\Core\Registry;
 use OxidEsales\Eshop\Core\Session;
 
@@ -13,7 +14,7 @@ class d3force_2fa extends d3user_totp
     {
         $this->addTplParam('force2FA', true);
 
-        $userID = $this->d3TotpGetSessionObject()->getVariable("auth");
+        $userID = $this->d3TotpGetSessionObject()->getVariable(d3totp_conf::OXID_ADMIN_AUTH);
         $this->_sEditObjectId = $userID;
 
         return parent::render();
@@ -22,7 +23,7 @@ class d3force_2fa extends d3user_totp
 
     protected function _authorize()
     {
-        $userID = $this->d3TotpGetSessionObject()->getVariable("auth");
+        $userID = $this->d3TotpGetSessionObject()->getVariable(d3totp_conf::OXID_ADMIN_AUTH);
 
         return ($this->d3IsAdminForce2FA() && !empty($userID));
     }
diff --git a/src/Modules/Core/d3_totp_utils.php b/src/Modules/Core/d3_totp_utils.php
index 114e616..b24d343 100644
--- a/src/Modules/Core/d3_totp_utils.php
+++ b/src/Modules/Core/d3_totp_utils.php
@@ -34,7 +34,7 @@ class d3_totp_utils extends d3_totp_utils_parent
     {
         $blAuth = parent::checkAccessRights();
         $blAuth = $this->d3AuthHook($blAuth);
-        $userID = $this->d3TotpGetSessionObject()->getVariable("auth");
+        $userID = $this->d3TotpGetSessionObject()->getVariable(d3totp_conf::OXID_ADMIN_AUTH);
         $totpAuth = (bool) $this->d3TotpGetSessionObject()->getVariable(d3totp_conf::SESSION_ADMIN_AUTH);
         /** @var d3totp $totp */
         $totp = $this->d3GetTotpObject();
diff --git a/src/Modules/Core/totpSystemEventHandler.php b/src/Modules/Core/totpSystemEventHandler.php
index da3eaea..f2582e3 100644
--- a/src/Modules/Core/totpSystemEventHandler.php
+++ b/src/Modules/Core/totpSystemEventHandler.php
@@ -34,7 +34,7 @@ class totpSystemEventHandler extends totpSystemEventHandler_parent
     protected function d3requestTotp()
     {
         $totp = $this->d3GetTotpObject();
-        $userId = $this->d3TotpGetSession()->getVariable('auth');
+        $userId = $this->d3TotpGetSession()->getVariable(d3totp_conf::OXID_ADMIN_AUTH);
         $totp->loadByUserId($userId);
 
         if ($this->d3TotpLoginMissing($totp)) {
diff --git a/src/tests/unit/Application/Controller/Admin/d3force_2faTest.php b/src/tests/unit/Application/Controller/Admin/d3force_2faTest.php
index 7532e90..9eb0bf1 100644
--- a/src/tests/unit/Application/Controller/Admin/d3force_2faTest.php
+++ b/src/tests/unit/Application/Controller/Admin/d3force_2faTest.php
@@ -3,6 +3,7 @@
 namespace D3\Totp\tests\unit\Application\Controller\Admin;
 
 use D3\Totp\Application\Controller\Admin\d3force_2fa;
+use D3\Totp\Application\Model\d3totp_conf;
 use OxidEsales\Eshop\Core\Registry;
 use OxidEsales\Eshop\Core\Session;
 use PHPUnit\Framework\MockObject\MockObject;
@@ -27,7 +28,7 @@ class d3force_2faTest extends d3user_totpTest
     {
         $expected = 'fixture';
 
-        Registry::getSession()->setVariable('auth', $expected);
+        Registry::getSession()->setVariable(d3totp_conf::OXID_ADMIN_AUTH, $expected);
 
         $this->callMethod(
             $this->_oController,
@@ -64,7 +65,7 @@ class d3force_2faTest extends d3user_totpTest
 
         Registry::getConfig()->setConfigParam('D3_TOTP_ADMIN_FORCE_2FA', $force2FA);
 
-        Registry::getSession()->setVariable('auth', $givenUserId);
+        Registry::getSession()->setVariable(d3totp_conf::OXID_ADMIN_AUTH, $givenUserId);
 
         $this->assertSame(
             $expected,
diff --git a/src/tests/unit/Modules/Core/d3_totp_utilsTest.php b/src/tests/unit/Modules/Core/d3_totp_utilsTest.php
index 2486312..1fd7106 100644
--- a/src/tests/unit/Modules/Core/d3_totp_utilsTest.php
+++ b/src/tests/unit/Modules/Core/d3_totp_utilsTest.php
@@ -15,6 +15,7 @@ namespace D3\Totp\tests\unit\Modules\Core;
 
 use D3\TestingTools\Development\CanAccessRestricted;
 use D3\Totp\Application\Model\d3totp;
+use D3\Totp\Application\Model\d3totp_conf;
 use D3\Totp\Modules\Core\d3_totp_utils;
 use D3\Totp\tests\unit\d3TotpUnitTestCase;
 use OxidEsales\Eshop\Core\Config;
@@ -55,7 +56,7 @@ class d3_totp_utilsTest extends d3TotpUnitTestCase
      */
     public function checkAccessRightsNoAuth()
     {
-        Registry::getSession()->setVariable("auth", false);
+        Registry::getSession()->setVariable(d3totp_conf::OXID_ADMIN_AUTH, false);
 
         /** @var d3totp|MockObject $oTotpMock */
         $oTotpMock = $this->getMockBuilder(d3totp::class)
@@ -88,7 +89,7 @@ class d3_totp_utilsTest extends d3TotpUnitTestCase
      */
     public function checkAccessRightsForce2FA()
     {
-        Registry::getSession()->setVariable("auth", false);
+        Registry::getSession()->setVariable(d3totp_conf::OXID_ADMIN_AUTH, false);
 
         /** @var d3totp|MockObject $oTotpMock */
         $oTotpMock = $this->getMockBuilder(d3totp::class)
@@ -125,7 +126,7 @@ class d3_totp_utilsTest extends d3TotpUnitTestCase
      */
     public function checkAccessRightsTotpNotActive()
     {
-        Registry::getSession()->setVariable("auth", 'foo');
+        Registry::getSession()->setVariable(d3totp_conf::OXID_ADMIN_AUTH, 'foo');
 
         /** @var d3totp|MockObject $oTotpMock */
         $oTotpMock = $this->getMockBuilder(d3totp::class)
@@ -162,7 +163,7 @@ class d3_totp_utilsTest extends d3TotpUnitTestCase
      */
     public function checkAccessRightsTotpFinished()
     {
-        Registry::getSession()->setVariable("auth", 'foo');
+        Registry::getSession()->setVariable(d3totp_conf::OXID_ADMIN_AUTH, 'foo');
 
         /** @var Session|MockObject $oSessionMock */
         $oSessionMock = $this->getMockBuilder(Session::class)
@@ -209,7 +210,7 @@ class d3_totp_utilsTest extends d3TotpUnitTestCase
      */
     public function checkAccessRightsTotpUnfinished()
     {
-        Registry::getSession()->setVariable("auth", 'foo');
+        Registry::getSession()->setVariable(d3totp_conf::OXID_ADMIN_AUTH, 'foo');
 
         /** @var Session|MockObject $oSessionMock */
         $oSessionMock = $this->getMockBuilder(Session::class)