From e3d2156d4441b91cf081402b7b27862169d58f4c Mon Sep 17 00:00:00 2001 From: Daniel Seifert Date: Thu, 10 Nov 2022 00:00:50 +0100 Subject: [PATCH] extract TOTP check from admin login --- .../Controller/Admin/d3totpadminlogin.php | 179 ++++++++++++++++++ src/Application/Controller/d3totplogin.php | 13 +- src/Application/Model/d3backupcode.php | 2 +- src/Application/Model/d3totp.php | 5 - src/Application/Model/d3totp_conf.php | 24 +++ .../views/admin/tpl/d3totplogin.tpl | 88 +++++++++ src/Application/views/tpl/d3totplogin.tpl | 4 +- .../Component/d3_totp_UserComponent.php | 55 +++--- .../Admin/d3_totp_LoginController.php | 128 ++----------- .../Controller/d3_totp_getUserTrait.php | 3 +- .../Application/Model/d3_totp_user.php | 6 +- src/Modules/Core/d3_totp_utils.php | 6 +- src/metadata.php | 3 + .../Controller/d3totploginTest.php | 13 +- .../Application/Model/d3backupcodeTest.php | 3 +- .../Component/d3_totp_UserComponentTest.php | 141 +++++++------- .../Admin/d3_totp_LoginControllerTest.php | 9 +- .../Application/Model/d3_totp_userTest.php | 8 +- 18 files changed, 445 insertions(+), 245 deletions(-) create mode 100755 src/Application/Controller/Admin/d3totpadminlogin.php create mode 100644 src/Application/Model/d3totp_conf.php create mode 100644 src/Application/views/admin/tpl/d3totplogin.tpl diff --git a/src/Application/Controller/Admin/d3totpadminlogin.php b/src/Application/Controller/Admin/d3totpadminlogin.php new file mode 100755 index 0000000..ecfde7f --- /dev/null +++ b/src/Application/Controller/Admin/d3totpadminlogin.php @@ -0,0 +1,179 @@ + + * @link https://www.oxidmodule.com + */ + +declare(strict_types=1); + +namespace D3\Totp\Application\Controller\Admin; + +use D3\Totp\Application\Model\d3backupcodelist; +use D3\Totp\Application\Model\d3totp; +use D3\Totp\Application\Model\d3totp_conf; +use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException; +use OxidEsales\Eshop\Application\Controller\Admin\AdminController; +use OxidEsales\Eshop\Application\Model\User; +use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; +use OxidEsales\Eshop\Core\Registry; +use OxidEsales\Eshop\Core\Utils; + +class d3totpadminlogin extends AdminController +{ + protected $_sThisTemplate = 'd3totpadminlogin.tpl'; + + /** + * @return bool + */ + protected function _authorize(): bool + { + return true; + } + + /** + * @return string + */ + public function render(): string + { + if (Registry::getSession()->hasVariable(d3totp_conf::SESSION_AUTH) || + !Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER) + ) { + $this->getUtils()->redirect('index.php?cl=admin_start'); + if (!defined('OXID_PHP_UNIT')) { + // @codeCoverageIgnoreStart + exit; + // @codeCoverageIgnoreEnd + } + } + + if (!Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER)) { + $this->getUtils()->redirect('index.php?cl=login'); + } + + return parent::render(); + } + + /** + * @return d3backupcodelist + */ + public function d3GetBackupCodeListObject() + { + return oxNew(d3backupcodelist::class); + } + + /** + * @return string|void + * @throws DatabaseConnectionException + */ + public function getBackupCodeCountMessage() + { + $oBackupCodeList = $this->d3GetBackupCodeListObject(); + $iCount = $oBackupCodeList->getAvailableCodeCount(Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER)); + + if ($iCount < 4) { + return sprintf( + Registry::getLang()->translateString('D3_TOTP_AVAILBACKUPCODECOUNT'), + $iCount + ); + } + } + + public function d3CancelLogin() + { + $oUser = $this->d3GetUserObject(); + $oUser->logout(); + return "login"; + } + + /** + * @return d3totp + */ + public function d3GetTotpObject() + { + return oxNew(d3totp::class); + } + + /** + * @return User + */ + public function d3GetUserObject() + { + return oxNew(User::class); + } + + public function checklogin() + { + $session = Registry::getSession(); + $userId = $session->getVariable(d3totp_conf::SESSION_CURRENTUSER); + + try { + $sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp'); + + $totp = $this->d3GetTotpObject(); + $totp->loadByUserId($userId); + + $this->d3TotpHasValidTotp($sTotp, $totp); + + $adminProfiles = $session->getVariable("aAdminProfiles"); + + $session->initNewSession(); + $session->setVariable("aAdminProfiles", $adminProfiles); + $session->setVariable('auth', $userId); + $session->setVariable(d3totp_conf::SESSION_AUTH, true); + + return "admin_start"; + } catch (d3totp_wrongOtpException $e) { + Registry::getUtilsView()->addErrorToDisplay($e); + Registry::getLogger()->error($e->getMessage(), ['UserId' => $userId]); + Registry::getLogger()->debug($e->getTraceAsString()); + } + } + + /** + * @param string $sTotp + * @param d3totp $totp + * @return bool + * @throws DatabaseConnectionException + * @throws d3totp_wrongOtpException + */ + public function d3TotpHasValidTotp($sTotp, $totp) + { + return Registry::getSession()->getVariable(d3totp_conf::SESSION_AUTH) || + ( + $sTotp && $totp->verify($sTotp) + ); + } + + /** + * @return Utils + */ + public function getUtils(): Utils + { + return Registry::getUtils(); + } + + /** + * Returns Bread Crumb - you are here page1/page2/page3... + * + * @return array + */ + public function getBreadCrumb(): array + { + $aPaths = []; + $aPath = []; + $iBaseLanguage = Registry::getLang()->getBaseLanguage(); + $aPath['title'] = Registry::getLang()->translateString('D3_WEBAUTHN_BREADCRUMB', $iBaseLanguage, false); + $aPath['link'] = $this->getLink(); + + $aPaths[] = $aPath; + + return $aPaths; + } +} \ No newline at end of file diff --git a/src/Application/Controller/d3totplogin.php b/src/Application/Controller/d3totplogin.php index 31e9dc1..45f4c65 100644 --- a/src/Application/Controller/d3totplogin.php +++ b/src/Application/Controller/d3totplogin.php @@ -17,6 +17,7 @@ namespace D3\Totp\Application\Controller; use D3\Totp\Application\Model\d3backupcodelist; use D3\Totp\Application\Model\d3totp; +use D3\Totp\Application\Model\d3totp_conf; use OxidEsales\Eshop\Application\Controller\FrontendController; use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; use OxidEsales\Eshop\Core\Registry; @@ -28,8 +29,8 @@ class d3totplogin extends FrontendController public function render() { - if (Registry::getSession()->hasVariable(d3totp::TOTP_SESSION_VARNAME) || - false == Registry::getSession()->hasVariable(d3totp::TOTP_SESSION_CURRENTUSER) + if (Registry::getSession()->hasVariable(d3totp_conf::SESSION_AUTH) || + false == Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER) ) { $this->getUtils()->redirect('index.php?cl=start'); if (false == defined('OXID_PHP_UNIT')) { @@ -39,7 +40,7 @@ class d3totplogin extends FrontendController } } - $this->addTplParam('navFormParams', Registry::getSession()->getVariable(d3totp::TOTP_SESSION_NAVFORMPARAMS)); + $this->addTplParam('navFormParams', Registry::getSession()->getVariable(d3totp_conf::SESSION_NAVFORMPARAMS)); return parent::render(); } @@ -59,7 +60,7 @@ class d3totplogin extends FrontendController public function getBackupCodeCountMessage() { $oBackupCodeList = $this->getBackupCodeListObject(); - $iCount = $oBackupCodeList->getAvailableCodeCount(Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTUSER)); + $iCount = $oBackupCodeList->getAvailableCodeCount(Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER)); if ($iCount < 4) { return sprintf( @@ -79,12 +80,12 @@ class d3totplogin extends FrontendController public function getPreviousClass() { - return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTCLASS); + return Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTCLASS); } public function previousClassIsOrderStep(): bool { - $sClassKey = Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTCLASS); + $sClassKey = Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTCLASS); $resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey); $resolvedClass = $resolvedClass ?: 'start'; diff --git a/src/Application/Model/d3backupcode.php b/src/Application/Model/d3backupcode.php index 5308943..359bab7 100644 --- a/src/Application/Model/d3backupcode.php +++ b/src/Application/Model/d3backupcode.php @@ -74,7 +74,7 @@ class d3backupcode extends BaseModel return $this->getUser(); } - $sUserId = Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTUSER); + $sUserId = Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER); $oUser = oxNew(User::class); $oUser->load($sUserId); return $oUser; diff --git a/src/Application/Model/d3totp.php b/src/Application/Model/d3totp.php index 7c0a97b..5ac72be 100644 --- a/src/Application/Model/d3totp.php +++ b/src/Application/Model/d3totp.php @@ -29,11 +29,6 @@ use OxidEsales\Eshop\Core\Registry; class d3totp extends BaseModel { - public const TOTP_SESSION_VARNAME = 'totp_auth'; - public const TOTP_SESSION_CURRENTUSER = 'd3totpCurrentUser'; - public const TOTP_SESSION_CURRENTCLASS = 'd3totpCurrentClass'; - public const TOTP_SESSION_NAVFORMPARAMS = 'd3totpNavFormParams'; - public $tableName = 'd3totp'; public $userId; public $totp; diff --git a/src/Application/Model/d3totp_conf.php b/src/Application/Model/d3totp_conf.php new file mode 100644 index 0000000..4f923c1 --- /dev/null +++ b/src/Application/Model/d3totp_conf.php @@ -0,0 +1,24 @@ + + * @link https://www.oxidmodule.com + */ + +declare(strict_types=1); + +namespace D3\Totp\Application\Model; + +class d3totp_conf +{ + public const SESSION_AUTH = 'd3TotpAuth'; // has valid totp, user is logged in completly + public const SESSION_CURRENTUSER = 'd3TotpCurrentUser'; // oxid assigned to user from entered username + public const SESSION_CURRENTCLASS = 'd3TotpCurrentClass'; // oxid assigned to user from entered username + public const SESSION_NAVFORMPARAMS = 'd3totpNavFormParams'; +} \ No newline at end of file diff --git a/src/Application/views/admin/tpl/d3totplogin.tpl b/src/Application/views/admin/tpl/d3totplogin.tpl new file mode 100644 index 0000000..e0233cc --- /dev/null +++ b/src/Application/views/admin/tpl/d3totplogin.tpl @@ -0,0 +1,88 @@ + + + + [{oxmultilang ident="LOGIN_TITLE"}] + + + + + + + + +
+ + + +
+ + [{block name="admin_login_form"}] + [{$oViewConf->getHiddenSid()}] + + + + + [{if !empty($Errors.default)}] + [{include file="inc_error.tpl" Errorlist=$Errors.default}] + [{/if}] + + [{$oView->getBackupCodeCountMessage()}] + + +
+ + [{oxmultilang ident="TOTP_INPUT_HELP"}] + +
+ + + + [{oxstyle include=$oViewConf->getModuleUrl('d3totp', 'out/admin/src/css/d3totplogin.css')}] + [{oxstyle}] + + + +[{** + + + + + + [{$oViewConf->getHiddenSid()}] + + + + + [{if !empty($Errors.default)}] + [{include file="inc_error.tpl" Errorlist=$Errors.default}] + [{/if}] + +
+
+ [{include file=$oViewConf->getModulePath('d3webauthn', 'out/img/fingerprint.svg')}] +
+
[{oxmultilang ident="WEBAUTHN_INPUT_HELP"}]
+
+**}] + [{* prevent cancel button (1st button) action when form is sent via Enter key *}] +[{** + + + + + [{oxstyle include=$oViewConf->getModuleUrl('d3webauthn', 'out/admin/src/css/d3webauthnlogin.css')}] + [{oxstyle}] +**}] + [{/block}] +
+
+ +[{oxscript}] + + + + diff --git a/src/Application/views/tpl/d3totplogin.tpl b/src/Application/views/tpl/d3totplogin.tpl index 49bfa75..d230730 100644 --- a/src/Application/views/tpl/d3totplogin.tpl +++ b/src/Application/views/tpl/d3totplogin.tpl @@ -11,7 +11,7 @@
[{$oViewConf->getHiddenSid()}] - + [{$navFormParams}] @@ -34,7 +34,7 @@ [{$oViewConf->getHiddenSid()}] - + [{$navFormParams}] diff --git a/src/Modules/Application/Component/d3_totp_UserComponent.php b/src/Modules/Application/Component/d3_totp_UserComponent.php index 1c0bc2f..5d5ad08 100644 --- a/src/Modules/Application/Component/d3_totp_UserComponent.php +++ b/src/Modules/Application/Component/d3_totp_UserComponent.php @@ -16,6 +16,7 @@ declare(strict_types=1); namespace D3\Totp\Modules\Application\Component; use D3\Totp\Application\Model\d3totp; +use D3\Totp\Application\Model\d3totp_conf; use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException; use Doctrine\DBAL\DBALException; use InvalidArgumentException; @@ -45,23 +46,23 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent $totp->loadByUserId($oUser->getId()); if ($totp->isActive() - && !$this->d3GetSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) + && !$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_AUTH) ) { - $this->d3GetSession()->setVariable( - d3totp::TOTP_SESSION_CURRENTCLASS, + $this->d3TotpGetSession()->setVariable( + d3totp_conf::SESSION_CURRENTCLASS, $this->getParent()->getClassKey() != 'd3totplogin' ? $this->getParent()->getClassKey() : 'start' ); - $this->d3GetSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, $oUser->getId()); - $this->d3GetSession()->setVariable( - d3totp::TOTP_SESSION_NAVFORMPARAMS, - $this->getParent()->getViewConfig()->getNavFormParams() - ); - $oUser->logout(); + $this->d3TotpGetSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, $oUser->getId()); + $this->d3TotpGetSession()->setVariable( + d3totp_conf::SESSION_NAVFORMPARAMS, + $this->getParent()->getViewConfig()->getNavFormParams() + ); + $sUrl = Registry::getConfig()->getShopHomeUrl() . 'cl=d3totplogin'; - $this->d3GetUtils()->redirect($sUrl, false); + $this->d3TotpGetUtils()->redirect($sUrl, false); } } @@ -80,11 +81,11 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent * @throws DBALException * @throws DatabaseConnectionException */ - public function checkTotplogin() + public function d3TotpCheckTotpLogin() { $sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp', true); - $sUserId = Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTUSER); + $sUserId = Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER); $oUser = oxNew(User::class); $oUser->load($sUserId); @@ -92,10 +93,10 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent $totp->loadByUserId($sUserId); try { - if (!$this->isNoTotpOrNoLogin($totp) && $this->hasValidTotp($sTotp, $totp)) { + if (!$this->d3TotpIsNoTotpOrNoLogin($totp) && $this->d3TotpHasValidTotp($sTotp, $totp)) { // relogin, don't extract from this try block - $this->d3GetSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, $sTotp); - $this->d3GetSession()->setVariable('usr', $oUser->getId()); + $this->d3TotpGetSession()->setVariable(d3totp_conf::SESSION_AUTH, $sTotp); + $this->d3TotpGetSession()->setVariable('usr', $oUser->getId()); $this->setUser(null); $this->setLoginStatus(USER_LOGIN_SUCCESS); $this->_afterLogin($oUser); @@ -105,7 +106,7 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent return false; } } catch (d3totp_wrongOtpException $oEx) { - $this->d3GetUtilsView()->addErrorToDisplay($oEx, false, false, "", 'd3totplogin'); + $this->d3TotpGetUtilsView()->addErrorToDisplay($oEx, false, false, "", 'd3totplogin'); } return 'd3totplogin'; @@ -114,7 +115,7 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent /** * @return UtilsView */ - public function d3GetUtilsView() + public function d3TotpGetUtilsView() { return Registry::getUtilsView(); } @@ -122,12 +123,12 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent /** * @return Utils */ - public function d3GetUtils() + public function d3TotpGetUtils() { return Registry::getUtils(); } - public function cancelTotpLogin() + public function d3TotpCancelTotpLogin() { $this->d3TotpClearSessionVariables(); @@ -138,9 +139,9 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent * @param d3totp $totp * @return bool */ - public function isNoTotpOrNoLogin($totp) + public function d3TotpIsNoTotpOrNoLogin($totp) { - return false == Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTUSER) + return false == Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER) || false == $totp->isActive(); } @@ -151,9 +152,9 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent * @throws DatabaseConnectionException * @throws d3totp_wrongOtpException */ - public function hasValidTotp($sTotp, $totp) + public function d3TotpHasValidTotp($sTotp, $totp) { - return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) || + return Registry::getSession()->getVariable(d3totp_conf::SESSION_AUTH) || ( $sTotp && $totp->verify($sTotp) ); @@ -161,15 +162,15 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent public function d3TotpClearSessionVariables() { - $this->d3GetSession()->deleteVariable(d3totp::TOTP_SESSION_CURRENTCLASS); - $this->d3GetSession()->deleteVariable(d3totp::TOTP_SESSION_CURRENTUSER); - $this->d3GetSession()->deleteVariable(d3totp::TOTP_SESSION_NAVFORMPARAMS); + $this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_CURRENTCLASS); + $this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_CURRENTUSER); + $this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_NAVFORMPARAMS); } /** * @return Session */ - public function d3GetSession() + public function d3TotpGetSession() { return Registry::getSession(); } diff --git a/src/Modules/Application/Controller/Admin/d3_totp_LoginController.php b/src/Modules/Application/Controller/Admin/d3_totp_LoginController.php index 1c1377e..68e5e23 100644 --- a/src/Modules/Application/Controller/Admin/d3_totp_LoginController.php +++ b/src/Modules/Application/Controller/Admin/d3_totp_LoginController.php @@ -16,43 +16,15 @@ declare(strict_types=1); namespace D3\Totp\Modules\Application\Controller\Admin; use D3\Totp\Application\Model\d3totp; -use D3\Totp\Application\Model\d3backupcodelist; -use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException; -use Doctrine\DBAL\DBALException; +use D3\Totp\Application\Model\d3totp_conf; +use D3\Totp\Modules\Application\Model\d3_totp_user; use OxidEsales\Eshop\Application\Model\User; use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; use OxidEsales\Eshop\Core\Registry; use OxidEsales\Eshop\Core\Session; -use OxidEsales\Eshop\Core\UtilsView; class d3_totp_LoginController extends d3_totp_LoginController_parent { - /** - * @return string - * @throws DBALException - * @throws DatabaseConnectionException - */ - public function render() - { - $auth = $this->d3TotpGetSession()->getVariable("auth"); - - $return = parent::render(); - - $totp = $this->d3GetTotpObject(); - $totp->loadByUserId($auth); - - if ($auth - && $totp->isActive() - && !$this->d3TotpGetSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) - ) { - // set auth as secured parameter; - $this->d3TotpGetSession()->setVariable("auth", $auth); - $this->addTplParam('request_totp', true); - } - - return $return; - } - /** * @return d3totp */ @@ -61,22 +33,6 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent return oxNew(d3totp::class); } - /** - * @return d3backupcodelist - */ - public function d3GetBackupCodeListObject() - { - return oxNew(d3backupcodelist::class); - } - - /** - * @return UtilsView - */ - public function d3TotpGetUtilsView() - { - return Registry::getUtilsView(); - } - /** * @return Session */ @@ -87,91 +43,37 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent /** * @return mixed|string - * @throws DBALException * @throws DatabaseConnectionException */ public function checklogin() { - $sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp', true); + $return = parent::checklogin(); $totp = $this->d3GetTotpObject(); $totp->loadByUserId(Registry::getSession()->getVariable("auth")); - $return = 'login'; + if ($this->d3TotpLoginMissing($totp)) { + $userId = $this->d3TotpGetSession()->getVariable('auth'); - try { - if ($this->d3TotpIsNoTotpOrNoLogin($totp) && $this->hasLoginCredentials()) { - $return = parent::checklogin(); - } elseif ($this->d3TotpHasValidTotp($sTotp, $totp)) { - $this->d3TotpGetSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, $sTotp); - $return = "admin_start"; - } - } catch (d3totp_wrongOtpException $oEx) { - $this->d3TotpGetUtilsView()->addErrorToDisplay($oEx); + /** @var d3_totp_user $user */ + $user = oxNew(User::class); + $user->logout(); + + $this->d3TotpGetSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, $userId); + + return "d3totpadminlogin"; } return $return; } - /** - * @return string|void - * @throws DatabaseConnectionException - */ - public function getBackupCodeCountMessage() - { - $oBackupCodeList = $this->d3GetBackupCodeListObject(); - $iCount = $oBackupCodeList->getAvailableCodeCount(Registry::getSession()->getVariable("auth")); - - if ($iCount < 4) { - return sprintf( - Registry::getLang()->translateString('D3_TOTP_AVAILBACKUPCODECOUNT'), - $iCount - ); - } - } - /** * @param d3totp $totp * @return bool */ - public function d3TotpIsNoTotpOrNoLogin($totp) + public function d3TotpLoginMissing($totp) { - return false == $this->d3TotpGetSession()->getVariable("auth") - || false == $totp->isActive(); - } - - protected function hasLoginCredentials() - { - return Registry::getRequest()->getRequestEscapedParameter('user') && - Registry::getRequest()->getRequestEscapedParameter('pwd'); - } - - /** - * @param string $sTotp - * @param d3totp $totp - * @return bool - * @throws DatabaseConnectionException - * @throws d3totp_wrongOtpException - */ - public function d3TotpHasValidTotp($sTotp, $totp) - { - return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) || - ( - $sTotp && $totp->verify($sTotp) - ); - } - - public function d3CancelLogin() - { - $oUser = $this->d3TotpGetUserObject(); - $oUser->logout(); - } - - /** - * @return User - */ - public function d3TotpGetUserObject() - { - return oxNew(User::class); + return $totp->isActive() + && false == $this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_AUTH); } } diff --git a/src/Modules/Application/Controller/d3_totp_getUserTrait.php b/src/Modules/Application/Controller/d3_totp_getUserTrait.php index 5f9d20b..81245c1 100644 --- a/src/Modules/Application/Controller/d3_totp_getUserTrait.php +++ b/src/Modules/Application/Controller/d3_totp_getUserTrait.php @@ -16,6 +16,7 @@ declare(strict_types=1); namespace D3\Totp\Modules\Application\Controller; use D3\Totp\Application\Model\d3totp; +use D3\Totp\Application\Model\d3totp_conf; use OxidEsales\Eshop\Application\Model\User; use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; use OxidEsales\Eshop\Core\Registry; @@ -36,7 +37,7 @@ trait d3_totp_getUserTrait $totp->loadByUserId($oUser->getId()); if ($totp->isActive() - && !$this->d3TotpGetSessionObject()->getVariable(d3totp::TOTP_SESSION_VARNAME) + && !$this->d3TotpGetSessionObject()->getVariable(d3totp_conf::SESSION_AUTH) ) { return false; } diff --git a/src/Modules/Application/Model/d3_totp_user.php b/src/Modules/Application/Model/d3_totp_user.php index 3f4fed5..8cb158e 100644 --- a/src/Modules/Application/Model/d3_totp_user.php +++ b/src/Modules/Application/Model/d3_totp_user.php @@ -16,6 +16,7 @@ declare(strict_types=1); namespace D3\Totp\Modules\Application\Model; use D3\Totp\Application\Model\d3totp; +use D3\Totp\Application\Model\d3totp_conf; use OxidEsales\Eshop\Core\Registry; use OxidEsales\Eshop\Core\Session; @@ -25,7 +26,8 @@ class d3_totp_user extends d3_totp_user_parent { $return = parent::logout(); - $this->d3GetSession()->deleteVariable(d3totp::TOTP_SESSION_VARNAME); + $this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_AUTH); + $this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_CURRENTUSER); return $return; } @@ -41,7 +43,7 @@ class d3_totp_user extends d3_totp_user_parent /** * @return Session */ - public function d3GetSession() + public function d3TotpGetSession() { return Registry::getSession(); } diff --git a/src/Modules/Core/d3_totp_utils.php b/src/Modules/Core/d3_totp_utils.php index 0f0efff..a2b2fce 100644 --- a/src/Modules/Core/d3_totp_utils.php +++ b/src/Modules/Core/d3_totp_utils.php @@ -16,6 +16,7 @@ declare(strict_types=1); namespace D3\Totp\Modules\Core; use D3\Totp\Application\Model\d3totp; +use D3\Totp\Application\Model\d3totp_conf; use Doctrine\DBAL\DBALException; use OxidEsales\Eshop\Core\Config; use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; @@ -32,10 +33,9 @@ class d3_totp_utils extends d3_totp_utils_parent public function checkAccessRights() { $blAuth = parent::checkAccessRights(); - $blAuth = $this->d3AuthHook($blAuth); $userID = $this->d3TotpGetSessionObject()->getVariable("auth"); - $totpAuth = (bool) $this->d3TotpGetSessionObject()->getVariable(d3totp::TOTP_SESSION_VARNAME); + $totpAuth = (bool) $this->d3TotpGetSessionObject()->getVariable(d3totp_conf::SESSION_AUTH); /** @var d3totp $totp */ $totp = $this->d3GetTotpObject(); $totp->loadByUserId($userID); @@ -56,7 +56,7 @@ class d3_totp_utils extends d3_totp_utils_parent //staten der prüfung vom einmalpasswort if ($blAuth && $totp->isActive() && false === $totpAuth) { - $this->redirect('index.php?cl=login'); + $this->redirect('index.php?cl=d3totpadminlogin'); if (false == defined('OXID_PHP_UNIT')) { // @codeCoverageIgnoreStart exit; diff --git a/src/metadata.php b/src/metadata.php index e6683f9..f215d6f 100644 --- a/src/metadata.php +++ b/src/metadata.php @@ -13,6 +13,7 @@ declare(strict_types=1); +use D3\Totp\Application\Controller\Admin\d3totpadminlogin; use D3\Totp\Application\Controller\Admin\d3user_totp; use D3\Totp\Application\Controller\Admin\d3force_2fa; use D3\Totp\Application\Controller\d3_account_totp; @@ -72,11 +73,13 @@ $aModule = [ 'd3force_2fa' => d3force_2fa::class, 'd3totplogin' => d3totplogin::class, 'd3_account_totp' => d3_account_totp::class, + 'd3totpadminlogin' => d3totpadminlogin::class ], 'templates' => [ 'd3user_totp.tpl' => 'd3/totp/Application/views/admin/tpl/d3user_totp.tpl', 'd3totplogin.tpl' => 'd3/totp/Application/views/tpl/d3totplogin.tpl', 'd3_account_totp.tpl' => 'd3/totp/Application/views/tpl/d3_account_totp.tpl', + 'd3totpadminlogin.tpl' => 'd3/totp/Application/views/admin/tpl/d3totplogin.tpl', ], 'settings' => [ [ diff --git a/src/tests/unit/Application/Controller/d3totploginTest.php b/src/tests/unit/Application/Controller/d3totploginTest.php index a9ba979..eb7b770 100644 --- a/src/tests/unit/Application/Controller/d3totploginTest.php +++ b/src/tests/unit/Application/Controller/d3totploginTest.php @@ -16,6 +16,7 @@ namespace D3\Totp\tests\unit\Application\Controller; use D3\Totp\Application\Controller\d3totplogin; use D3\Totp\Application\Model\d3backupcodelist; use D3\Totp\Application\Model\d3totp; +use D3\Totp\Application\Model\d3totp_conf; use D3\Totp\tests\unit\d3TotpUnitTestCase; use OxidEsales\Eshop\Core\Registry; use OxidEsales\Eshop\Core\Utils; @@ -36,8 +37,8 @@ class d3totploginTest extends d3TotpUnitTestCase $this->_oController = oxNew(d3totplogin::class); - Registry::getSession()->deleteVariable(d3totp::TOTP_SESSION_CURRENTUSER); - Registry::getSession()->deleteVariable(d3totp::TOTP_SESSION_CURRENTCLASS); + Registry::getSession()->deleteVariable(d3totp_conf::SESSION_CURRENTUSER); + Registry::getSession()->deleteVariable(d3totp_conf::SESSION_CURRENTCLASS); } public function tearDown(): void @@ -78,7 +79,7 @@ class d3totploginTest extends d3TotpUnitTestCase */ public function renderDontRedirect() { - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, 'foo'); + Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, 'foo'); /** @var Utils|MockObject $oUtilsMock */ $oUtilsMock = $this->getMockBuilder(Utils::class) @@ -193,7 +194,7 @@ class d3totploginTest extends d3TotpUnitTestCase public function canGetPreviousClass() { $className = "testClass"; - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTCLASS, $className); + Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTCLASS, $className); $this->assertSame( $className, @@ -209,7 +210,7 @@ class d3totploginTest extends d3TotpUnitTestCase */ public function classIsOrderStep($className, $expected) { - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTCLASS, $className); + Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTCLASS, $className); $this->assertSame( $expected, @@ -239,7 +240,7 @@ class d3totploginTest extends d3TotpUnitTestCase */ public function getIsOrderStepIsSameLikeOrderClass($className, $expected) { - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTCLASS, $className); + Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTCLASS, $className); $this->assertSame( $expected, diff --git a/src/tests/unit/Application/Model/d3backupcodeTest.php b/src/tests/unit/Application/Model/d3backupcodeTest.php index 9a4313f..2d27719 100644 --- a/src/tests/unit/Application/Model/d3backupcodeTest.php +++ b/src/tests/unit/Application/Model/d3backupcodeTest.php @@ -15,6 +15,7 @@ namespace D3\Totp\tests\unit\Application\Model; use D3\Totp\Application\Model\d3backupcode; use D3\Totp\Application\Model\d3totp; +use D3\Totp\Application\Model\d3totp_conf; use D3\Totp\tests\unit\d3TotpUnitTestCase; use OxidEsales\Eshop\Application\Model\User; use OxidEsales\Eshop\Core\Registry; @@ -153,7 +154,7 @@ class d3backupcodeTest extends d3TotpUnitTestCase */ public function d3GetUserReturnCurrentUser() { - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, 'foobar'); + Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, 'foobar'); $oUser = $this->callMethod($this->_oModel, 'd3GetUser'); diff --git a/src/tests/unit/Modules/Application/Component/d3_totp_UserComponentTest.php b/src/tests/unit/Modules/Application/Component/d3_totp_UserComponentTest.php index 2509a72..453ea4a 100644 --- a/src/tests/unit/Modules/Application/Component/d3_totp_UserComponentTest.php +++ b/src/tests/unit/Modules/Application/Component/d3_totp_UserComponentTest.php @@ -14,6 +14,7 @@ namespace D3\Totp\tests\unit\Modules\Application\Component; use D3\Totp\Application\Model\d3totp; +use D3\Totp\Application\Model\d3totp_conf; use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException; use D3\Totp\Modules\Application\Component\d3_totp_UserComponent; use D3\Totp\tests\unit\d3TotpUnitTestCase; @@ -42,7 +43,7 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase $this->_oController = oxNew(UserComponent::class); - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false); + Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false); } public function tearDown(): void @@ -84,13 +85,13 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase $oControllerMock = $this->getMockBuilder(UserComponent::class) ->onlyMethods([ 'd3GetTotpObject', - 'd3GetSession', - 'd3GetUtils', + 'd3TotpGetSession', + 'd3TotpGetUtils', ]) ->getMock(); $oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock); - $oControllerMock->method('d3GetSession')->willReturn($oSessionMock); - $oControllerMock->method('d3GetUtils')->willReturn($oUtilsMock); + $oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock); + $oControllerMock->method('d3TotpGetUtils')->willReturn($oUtilsMock); $this->_oController = $oControllerMock; @@ -145,13 +146,13 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase $oControllerMock = $this->getMockBuilder(UserComponent::class) ->onlyMethods([ 'd3GetTotpObject', - 'd3GetSession', - 'd3GetUtils', + 'd3TotpGetSession', + 'd3TotpGetUtils', ]) ->getMock(); $oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock); - $oControllerMock->method('d3GetSession')->willReturn($oSessionMock); - $oControllerMock->method('d3GetUtils')->willReturn($oUtilsMock); + $oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock); + $oControllerMock->method('d3TotpGetUtils')->willReturn($oUtilsMock); $this->_oController = $oControllerMock; @@ -221,15 +222,15 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase $oControllerMock = $this->getMockBuilder(UserComponent::class) ->onlyMethods([ 'd3GetTotpObject', - 'd3GetSession', - 'd3GetUtils', + 'd3TotpGetSession', + 'd3TotpGetUtils', 'getParent' ]) ->getMock(); $oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock); $oControllerMock->method('getParent')->willReturn($oParentMock); - $oControllerMock->method('d3GetSession')->willReturn($oSessionMock); - $oControllerMock->method('d3GetUtils')->willReturn($oUtilsMock); + $oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock); + $oControllerMock->method('d3TotpGetUtils')->willReturn($oUtilsMock); $this->_oController = $oControllerMock; @@ -252,7 +253,7 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase /** * @test * @throws ReflectionException - * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::checkTotplogin + * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpCheckTotpLogin */ public function checkTotploginNoTotpLogin() { @@ -272,29 +273,29 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase /** @var UserComponent|MockObject $oControllerMock */ $oControllerMock = $this->getMockBuilder(UserComponent::class) ->onlyMethods([ - 'isNoTotpOrNoLogin', - 'hasValidTotp', + 'd3TotpIsNoTotpOrNoLogin', + 'd3TotpHasValidTotp', 'd3GetTotpObject', - 'd3GetSession', + 'd3TotpGetSession', ]) ->getMock(); - $oControllerMock->method('isNoTotpOrNoLogin')->willReturn(true); - $oControllerMock->expects($this->never())->method('hasValidTotp')->willReturn(false); + $oControllerMock->method('d3TotpIsNoTotpOrNoLogin')->willReturn(true); + $oControllerMock->expects($this->never())->method('d3TotpHasValidTotp')->willReturn(false); $oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock); - $oControllerMock->method('d3GetSession')->willReturn($oSessionMock); + $oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock); $this->_oController = $oControllerMock; $this->assertSame( 'd3totplogin', - $this->callMethod($this->_oController, 'checkTotplogin') + $this->callMethod($this->_oController, 'd3TotpCheckTotpLogin') ); } /** * @test * @throws ReflectionException - * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::checkTotplogin + * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpCheckTotpLogin */ public function checkTotploginUnvalidTotp() { @@ -325,31 +326,31 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase /** @var UserComponent|MockObject $oControllerMock */ $oControllerMock = $this->getMockBuilder(UserComponent::class) ->onlyMethods([ - 'isNoTotpOrNoLogin', - 'hasValidTotp', - 'd3GetUtilsView', + 'd3TotpIsNoTotpOrNoLogin', + 'd3TotpHasValidTotp', + 'd3TotpGetUtilsView', 'd3GetTotpObject', - 'd3GetSession', + 'd3TotpGetSession', ]) ->getMock(); - $oControllerMock->method('isNoTotpOrNoLogin')->willReturn(false); - $oControllerMock->expects($this->once())->method('hasValidTotp')->willThrowException($oTotpExceptionMock); - $oControllerMock->method('d3GetUtilsView')->willReturn($oUtilsViewMock); + $oControllerMock->method('d3TotpIsNoTotpOrNoLogin')->willReturn(false); + $oControllerMock->expects($this->once())->method('d3TotpHasValidTotp')->willThrowException($oTotpExceptionMock); + $oControllerMock->method('d3TotpGetUtilsView')->willReturn($oUtilsViewMock); $oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock); - $oControllerMock->method('d3GetSession')->willReturn($oSessionMock); + $oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock); $this->_oController = $oControllerMock; $this->assertSame( 'd3totplogin', - $this->callMethod($this->_oController, 'checkTotplogin') + $this->callMethod($this->_oController, 'd3TotpCheckTotpLogin') ); } /** * @test * @throws ReflectionException - * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::checkTotplogin + * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpCheckTotpLogin */ public function checkTotploginValidTotp() { @@ -375,19 +376,19 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase /** @var UserComponent|MockObject $oControllerMock */ $oControllerMock = $this->getMockBuilder(UserComponent::class) ->onlyMethods([ - 'isNoTotpOrNoLogin', - 'hasValidTotp', - 'd3GetUtilsView', + 'd3TotpIsNoTotpOrNoLogin', + 'd3TotpHasValidTotp', + 'd3TotpGetUtilsView', 'd3GetTotpObject', - 'd3GetSession', + 'd3TotpGetSession', 'setLoginStatus' ]) ->getMock(); - $oControllerMock->method('isNoTotpOrNoLogin')->willReturn(false); - $oControllerMock->expects($this->once())->method('hasValidTotp')->willReturn(true); - $oControllerMock->method('d3GetUtilsView')->willReturn($oUtilsViewMock); + $oControllerMock->method('d3TotpIsNoTotpOrNoLogin')->willReturn(false); + $oControllerMock->expects($this->once())->method('d3TotpHasValidTotp')->willReturn(true); + $oControllerMock->method('d3TotpGetUtilsView')->willReturn($oUtilsViewMock); $oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock); - $oControllerMock->method('d3GetSession')->willReturn($oSessionMock); + $oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock); $oControllerMock->expects($this->once())->method('setLoginStatus')->with( $this->identicalTo(USER_LOGIN_SUCCESS) ); @@ -395,27 +396,27 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase $this->_oController = $oControllerMock; $this->assertFalse( - $this->callMethod($this->_oController, 'checkTotplogin') + $this->callMethod($this->_oController, 'd3TotpCheckTotpLogin') ); } /** * @test * @throws ReflectionException - * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3GetUtilsView + * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpGetUtilsView */ public function d3GetUtilsViewReturnsRightInstance() { $this->assertInstanceOf( UtilsView::class, - $this->callMethod($this->_oController, 'd3GetUtilsView') + $this->callMethod($this->_oController, 'd3TotpGetUtilsView') ); } /** * @test * @throws ReflectionException - * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::cancelTotpLogin + * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpCancelTotpLogin */ public function canCancelTotpLogin() { @@ -427,17 +428,17 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase $this->_oController = $oControllerMock; - $this->callMethod($this->_oController, 'cancelTotpLogin'); + $this->callMethod($this->_oController, 'd3TotpCancelTotpLogin'); } /** * @test * @throws ReflectionException - * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::isNoTotpOrNoLogin + * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpIsNoTotpOrNoLogin */ public function isNoTotpOrNoLoginTrueNoSessionVariable() { - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, false); + Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, false); /** @var d3totp|MockObject $oTotpMock */ $oTotpMock = $this->getMockBuilder(d3totp::class) @@ -447,18 +448,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase $oTotpMock->method('isActive')->willReturn(true); $this->assertTrue( - $this->callMethod($this->_oController, 'isNoTotpOrNoLogin', [$oTotpMock]) + $this->callMethod($this->_oController, 'd3TotpIsNoTotpOrNoLogin', [$oTotpMock]) ); } /** * @test * @throws ReflectionException - * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::isNoTotpOrNoLogin + * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpIsNoTotpOrNoLogin */ public function isNoTotpOrNoLoginTrueTotpNotActive() { - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, true); + Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, true); /** @var d3totp|MockObject $oTotpMock */ $oTotpMock = $this->getMockBuilder(d3totp::class) @@ -468,18 +469,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase $oTotpMock->method('isActive')->willReturn(false); $this->assertTrue( - $this->callMethod($this->_oController, 'isNoTotpOrNoLogin', [$oTotpMock]) + $this->callMethod($this->_oController, 'd3TotpIsNoTotpOrNoLogin', [$oTotpMock]) ); } /** * @test * @throws ReflectionException - * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::isNoTotpOrNoLogin + * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpIsNoTotpOrNoLogin */ public function isNoTotpOrNoLoginFalse() { - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, true); + Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, true); /** @var d3totp|MockObject $oTotpMock */ $oTotpMock = $this->getMockBuilder(d3totp::class) @@ -489,18 +490,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase $oTotpMock->method('isActive')->willReturn(true); $this->assertFalse( - $this->callMethod($this->_oController, 'isNoTotpOrNoLogin', [$oTotpMock]) + $this->callMethod($this->_oController, 'd3TotpIsNoTotpOrNoLogin', [$oTotpMock]) ); } /** * @test * @throws ReflectionException - * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::hasValidTotp + * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpHasValidTotp */ public function hasValidTotpTrueSessionVarname() { - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, true); + Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, true); /** @var d3totp|MockObject $oTotpMock */ $oTotpMock = $this->getMockBuilder(d3totp::class) @@ -510,18 +511,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase $oTotpMock->method('verify')->willReturn(false); $this->assertTrue( - $this->callMethod($this->_oController, 'hasValidTotp', ['123456', $oTotpMock]) + $this->callMethod($this->_oController, 'd3TotpHasValidTotp', ['123456', $oTotpMock]) ); } /** * @test * @throws ReflectionException - * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::hasValidTotp + * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpHasValidTotp */ public function hasValidTotpTrueValidTotp() { - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false); + Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false); /** @var d3totp|MockObject $oTotpMock */ $oTotpMock = $this->getMockBuilder(d3totp::class) @@ -531,18 +532,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase $oTotpMock->method('verify')->willReturn(true); $this->assertTrue( - $this->callMethod($this->_oController, 'hasValidTotp', ['123456', $oTotpMock]) + $this->callMethod($this->_oController, 'd3TotpHasValidTotp', ['123456', $oTotpMock]) ); } /** * @test * @throws ReflectionException - * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::hasValidTotp + * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpHasValidTotp */ public function hasValidTotpFalseMissingTotp() { - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false); + Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false); /** @var d3totp|MockObject $oTotpMock */ $oTotpMock = $this->getMockBuilder(d3totp::class) @@ -552,18 +553,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase $oTotpMock->method('verify')->willReturn(true); $this->assertFalse( - $this->callMethod($this->_oController, 'hasValidTotp', [null, $oTotpMock]) + $this->callMethod($this->_oController, 'd3TotpHasValidTotp', [null, $oTotpMock]) ); } /** * @test * @throws ReflectionException - * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::hasValidTotp + * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpHasValidTotp */ public function hasValidTotpFalseUnverifiedTotp() { - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false); + Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false); /** @var d3totp|MockObject $oTotpMock */ $oTotpMock = $this->getMockBuilder(d3totp::class) @@ -573,7 +574,7 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase $oTotpMock->method('verify')->willReturn(false); $this->assertFalse( - $this->callMethod($this->_oController, 'hasValidTotp', ['123456', $oTotpMock]) + $this->callMethod($this->_oController, 'd3TotpHasValidTotp', ['123456', $oTotpMock]) ); } @@ -592,9 +593,9 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase /** @var UserComponent|MockObject $oControllerMock */ $oControllerMock = $this->getMockBuilder(UserComponent::class) - ->onlyMethods(['d3GetSession']) + ->onlyMethods(['d3TotpGetSession']) ->getMock(); - $oControllerMock->method('d3GetSession')->willReturn($oSessionMock); + $oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock); $this->_oController = $oControllerMock; @@ -604,13 +605,13 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase /** * @test * @throws ReflectionException - * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3GetSession + * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpGetSession */ public function d3GetSessionReturnsRightInstance() { $this->assertInstanceOf( Session::class, - $this->callMethod($this->_oController, 'd3GetSession') + $this->callMethod($this->_oController, 'd3TotpGetSession') ); } } diff --git a/src/tests/unit/Modules/Application/Controller/Admin/d3_totp_LoginControllerTest.php b/src/tests/unit/Modules/Application/Controller/Admin/d3_totp_LoginControllerTest.php index 3b863af..b6522a1 100644 --- a/src/tests/unit/Modules/Application/Controller/Admin/d3_totp_LoginControllerTest.php +++ b/src/tests/unit/Modules/Application/Controller/Admin/d3_totp_LoginControllerTest.php @@ -15,6 +15,7 @@ namespace D3\Totp\tests\unit\Modules\Application\Controller\Admin; use D3\Totp\Application\Model\d3backupcodelist; use D3\Totp\Application\Model\d3totp; +use D3\Totp\Application\Model\d3totp_conf; use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException; use D3\Totp\Modules\Application\Controller\Admin\d3_totp_LoginController; use D3\Totp\tests\unit\d3TotpUnitTestCase; @@ -599,7 +600,7 @@ class d3_totp_LoginControllerTest extends d3TotpUnitTestCase */ public function hasValidTotpTrueSessionVarname() { - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, true); + Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, true); /** @var d3totp|MockObject $oTotpMock */ $oTotpMock = $this->getMockBuilder(d3totp::class) @@ -620,7 +621,7 @@ class d3_totp_LoginControllerTest extends d3TotpUnitTestCase */ public function hasValidTotpTrueValidTotp() { - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false); + Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false); /** @var d3totp|MockObject $oTotpMock */ $oTotpMock = $this->getMockBuilder(d3totp::class) @@ -641,7 +642,7 @@ class d3_totp_LoginControllerTest extends d3TotpUnitTestCase */ public function hasValidTotpFalseMissingTotp() { - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false); + Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false); /** @var d3totp|MockObject $oTotpMock */ $oTotpMock = $this->getMockBuilder(d3totp::class) @@ -662,7 +663,7 @@ class d3_totp_LoginControllerTest extends d3TotpUnitTestCase */ public function hasValidTotpFalseUnverifiedTotp() { - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false); + Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false); /** @var d3totp|MockObject $oTotpMock */ $oTotpMock = $this->getMockBuilder(d3totp::class) diff --git a/src/tests/unit/Modules/Application/Model/d3_totp_userTest.php b/src/tests/unit/Modules/Application/Model/d3_totp_userTest.php index 1aa5bde..6576bf3 100644 --- a/src/tests/unit/Modules/Application/Model/d3_totp_userTest.php +++ b/src/tests/unit/Modules/Application/Model/d3_totp_userTest.php @@ -58,9 +58,9 @@ class d3_totp_userTest extends d3TotpUnitTestCase /** @var d3_totp_user|MockObject $oModelMock */ $oModelMock = $this->getMockBuilder(User::class) - ->onlyMethods(['d3GetSession']) + ->onlyMethods(['d3TotpGetSession']) ->getMock(); - $oModelMock->method('d3GetSession')->willReturn($oSessionMock); + $oModelMock->method('d3TotpGetSession')->willReturn($oSessionMock); $this->_oModel = $oModelMock; @@ -88,13 +88,13 @@ class d3_totp_userTest extends d3TotpUnitTestCase /** * @test * @throws ReflectionException - * @covers \D3\Totp\Modules\Application\Model\d3_totp_user::d3GetSession + * @covers \D3\Totp\Modules\Application\Model\d3_totp_user::d3TotpGetSession */ public function d3GetSessionReturnsRightInstance() { $this->assertInstanceOf( Session::class, - $this->callMethod($this->_oModel, 'd3GetSession') + $this->callMethod($this->_oModel, 'd3TotpGetSession') ); } }