extract TOTP check from admin login
Dieser Commit ist enthalten in:
Ursprung
c80b5f626f
Commit
e3d2156d44
GPG-Schlüssel-ID:
6A513E13AEE66170
179
src/Application/Controller/Admin/d3totpadminlogin.php
Ausführbare Datei
179
src/Application/Controller/Admin/d3totpadminlogin.php
Ausführbare Datei
@ -0,0 +1,179 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*
|
||||
* https://www.d3data.de
|
||||
*
|
||||
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
|
||||
* @author D3 Data Development - Daniel Seifert <info@shopmodule.com>
|
||||
* @link https://www.oxidmodule.com
|
||||
*/
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace D3\Totp\Application\Controller\Admin;
|
||||
|
||||
use D3\Totp\Application\Model\d3backupcodelist;
|
||||
use D3\Totp\Application\Model\d3totp;
|
||||
use D3\Totp\Application\Model\d3totp_conf;
|
||||
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
|
||||
use OxidEsales\Eshop\Application\Controller\Admin\AdminController;
|
||||
use OxidEsales\Eshop\Application\Model\User;
|
||||
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
||||
use OxidEsales\Eshop\Core\Registry;
|
||||
use OxidEsales\Eshop\Core\Utils;
|
||||
|
||||
class d3totpadminlogin extends AdminController
|
||||
{
|
||||
protected $_sThisTemplate = 'd3totpadminlogin.tpl';
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
protected function _authorize(): bool
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string
|
||||
*/
|
||||
public function render(): string
|
||||
{
|
||||
if (Registry::getSession()->hasVariable(d3totp_conf::SESSION_AUTH) ||
|
||||
!Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER)
|
||||
) {
|
||||
$this->getUtils()->redirect('index.php?cl=admin_start');
|
||||
if (!defined('OXID_PHP_UNIT')) {
|
||||
// @codeCoverageIgnoreStart
|
||||
exit;
|
||||
// @codeCoverageIgnoreEnd
|
||||
}
|
||||
}
|
||||
|
||||
if (!Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER)) {
|
||||
$this->getUtils()->redirect('index.php?cl=login');
|
||||
}
|
||||
|
||||
return parent::render();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return d3backupcodelist
|
||||
*/
|
||||
public function d3GetBackupCodeListObject()
|
||||
{
|
||||
return oxNew(d3backupcodelist::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string|void
|
||||
* @throws DatabaseConnectionException
|
||||
*/
|
||||
public function getBackupCodeCountMessage()
|
||||
{
|
||||
$oBackupCodeList = $this->d3GetBackupCodeListObject();
|
||||
$iCount = $oBackupCodeList->getAvailableCodeCount(Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER));
|
||||
|
||||
if ($iCount < 4) {
|
||||
return sprintf(
|
||||
Registry::getLang()->translateString('D3_TOTP_AVAILBACKUPCODECOUNT'),
|
||||
$iCount
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
public function d3CancelLogin()
|
||||
{
|
||||
$oUser = $this->d3GetUserObject();
|
||||
$oUser->logout();
|
||||
return "login";
|
||||
}
|
||||
|
||||
/**
|
||||
* @return d3totp
|
||||
*/
|
||||
public function d3GetTotpObject()
|
||||
{
|
||||
return oxNew(d3totp::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return User
|
||||
*/
|
||||
public function d3GetUserObject()
|
||||
{
|
||||
return oxNew(User::class);
|
||||
}
|
||||
|
||||
public function checklogin()
|
||||
{
|
||||
$session = Registry::getSession();
|
||||
$userId = $session->getVariable(d3totp_conf::SESSION_CURRENTUSER);
|
||||
|
||||
try {
|
||||
$sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp');
|
||||
|
||||
$totp = $this->d3GetTotpObject();
|
||||
$totp->loadByUserId($userId);
|
||||
|
||||
$this->d3TotpHasValidTotp($sTotp, $totp);
|
||||
|
||||
$adminProfiles = $session->getVariable("aAdminProfiles");
|
||||
|
||||
$session->initNewSession();
|
||||
$session->setVariable("aAdminProfiles", $adminProfiles);
|
||||
$session->setVariable('auth', $userId);
|
||||
$session->setVariable(d3totp_conf::SESSION_AUTH, true);
|
||||
|
||||
return "admin_start";
|
||||
} catch (d3totp_wrongOtpException $e) {
|
||||
Registry::getUtilsView()->addErrorToDisplay($e);
|
||||
Registry::getLogger()->error($e->getMessage(), ['UserId' => $userId]);
|
||||
Registry::getLogger()->debug($e->getTraceAsString());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $sTotp
|
||||
* @param d3totp $totp
|
||||
* @return bool
|
||||
* @throws DatabaseConnectionException
|
||||
* @throws d3totp_wrongOtpException
|
||||
*/
|
||||
public function d3TotpHasValidTotp($sTotp, $totp)
|
||||
{
|
||||
return Registry::getSession()->getVariable(d3totp_conf::SESSION_AUTH) ||
|
||||
(
|
||||
$sTotp && $totp->verify($sTotp)
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Utils
|
||||
*/
|
||||
public function getUtils(): Utils
|
||||
{
|
||||
return Registry::getUtils();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns Bread Crumb - you are here page1/page2/page3...
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function getBreadCrumb(): array
|
||||
{
|
||||
$aPaths = [];
|
||||
$aPath = [];
|
||||
$iBaseLanguage = Registry::getLang()->getBaseLanguage();
|
||||
$aPath['title'] = Registry::getLang()->translateString('D3_WEBAUTHN_BREADCRUMB', $iBaseLanguage, false);
|
||||
$aPath['link'] = $this->getLink();
|
||||
|
||||
$aPaths[] = $aPath;
|
||||
|
||||
return $aPaths;
|
||||
}
|
||||
}
|
||||
@ -17,6 +17,7 @@ namespace D3\Totp\Application\Controller;
|
||||
|
||||
use D3\Totp\Application\Model\d3backupcodelist;
|
||||
use D3\Totp\Application\Model\d3totp;
|
||||
use D3\Totp\Application\Model\d3totp_conf;
|
||||
use OxidEsales\Eshop\Application\Controller\FrontendController;
|
||||
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
||||
use OxidEsales\Eshop\Core\Registry;
|
||||
@ -28,8 +29,8 @@ class d3totplogin extends FrontendController
|
||||
|
||||
public function render()
|
||||
{
|
||||
if (Registry::getSession()->hasVariable(d3totp::TOTP_SESSION_VARNAME) ||
|
||||
false == Registry::getSession()->hasVariable(d3totp::TOTP_SESSION_CURRENTUSER)
|
||||
if (Registry::getSession()->hasVariable(d3totp_conf::SESSION_AUTH) ||
|
||||
false == Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER)
|
||||
) {
|
||||
$this->getUtils()->redirect('index.php?cl=start');
|
||||
if (false == defined('OXID_PHP_UNIT')) {
|
||||
@ -39,7 +40,7 @@ class d3totplogin extends FrontendController
|
||||
}
|
||||
}
|
||||
|
||||
$this->addTplParam('navFormParams', Registry::getSession()->getVariable(d3totp::TOTP_SESSION_NAVFORMPARAMS));
|
||||
$this->addTplParam('navFormParams', Registry::getSession()->getVariable(d3totp_conf::SESSION_NAVFORMPARAMS));
|
||||
|
||||
return parent::render();
|
||||
}
|
||||
@ -59,7 +60,7 @@ class d3totplogin extends FrontendController
|
||||
public function getBackupCodeCountMessage()
|
||||
{
|
||||
$oBackupCodeList = $this->getBackupCodeListObject();
|
||||
$iCount = $oBackupCodeList->getAvailableCodeCount(Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTUSER));
|
||||
$iCount = $oBackupCodeList->getAvailableCodeCount(Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER));
|
||||
|
||||
if ($iCount < 4) {
|
||||
return sprintf(
|
||||
@ -79,12 +80,12 @@ class d3totplogin extends FrontendController
|
||||
|
||||
public function getPreviousClass()
|
||||
{
|
||||
return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTCLASS);
|
||||
return Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTCLASS);
|
||||
}
|
||||
|
||||
public function previousClassIsOrderStep(): bool
|
||||
{
|
||||
$sClassKey = Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTCLASS);
|
||||
$sClassKey = Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTCLASS);
|
||||
$resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey);
|
||||
$resolvedClass = $resolvedClass ?: 'start';
|
||||
|
||||
|
||||
@ -74,7 +74,7 @@ class d3backupcode extends BaseModel
|
||||
return $this->getUser();
|
||||
}
|
||||
|
||||
$sUserId = Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTUSER);
|
||||
$sUserId = Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER);
|
||||
$oUser = oxNew(User::class);
|
||||
$oUser->load($sUserId);
|
||||
return $oUser;
|
||||
|
||||
@ -29,11 +29,6 @@ use OxidEsales\Eshop\Core\Registry;
|
||||
|
||||
class d3totp extends BaseModel
|
||||
{
|
||||
public const TOTP_SESSION_VARNAME = 'totp_auth';
|
||||
public const TOTP_SESSION_CURRENTUSER = 'd3totpCurrentUser';
|
||||
public const TOTP_SESSION_CURRENTCLASS = 'd3totpCurrentClass';
|
||||
public const TOTP_SESSION_NAVFORMPARAMS = 'd3totpNavFormParams';
|
||||
|
||||
public $tableName = 'd3totp';
|
||||
public $userId;
|
||||
public $totp;
|
||||
|
||||
24
src/Application/Model/d3totp_conf.php
Normale Datei
24
src/Application/Model/d3totp_conf.php
Normale Datei
@ -0,0 +1,24 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*
|
||||
* https://www.d3data.de
|
||||
*
|
||||
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
|
||||
* @author D3 Data Development - Daniel Seifert <info@shopmodule.com>
|
||||
* @link https://www.oxidmodule.com
|
||||
*/
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace D3\Totp\Application\Model;
|
||||
|
||||
class d3totp_conf
|
||||
{
|
||||
public const SESSION_AUTH = 'd3TotpAuth'; // has valid totp, user is logged in completly
|
||||
public const SESSION_CURRENTUSER = 'd3TotpCurrentUser'; // oxid assigned to user from entered username
|
||||
public const SESSION_CURRENTCLASS = 'd3TotpCurrentClass'; // oxid assigned to user from entered username
|
||||
public const SESSION_NAVFORMPARAMS = 'd3totpNavFormParams';
|
||||
}
|
||||
88
src/Application/views/admin/tpl/d3totplogin.tpl
Normale Datei
88
src/Application/views/admin/tpl/d3totplogin.tpl
Normale Datei
@ -0,0 +1,88 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<title>[{oxmultilang ident="LOGIN_TITLE"}]</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=[{$charset}]">
|
||||
<meta name="ROBOTS" content="NOINDEX, NOFOLLOW">
|
||||
<link rel="shortcut icon" href="[{$oViewConf->getImageUrl()}]favicon.ico">
|
||||
<link rel="stylesheet" href="[{$oViewConf->getResourceUrl()}]login.css">
|
||||
<link rel="stylesheet" href="[{$oViewConf->getResourceUrl()}]colors_[{$oViewConf->getEdition()|lower}].css">
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div class="admin-login-box">
|
||||
|
||||
<div id="shopLogo"><img src="[{$oViewConf->getImageUrl('logo_dark.svg')}]" alt="" /></div>
|
||||
|
||||
<form action="[{$oViewConf->getSelfLink()}]" method="post" id="login">
|
||||
|
||||
[{block name="admin_login_form"}]
|
||||
[{$oViewConf->getHiddenSid()}]
|
||||
|
||||
<input type="hidden" name="fnc" value="checklogin">
|
||||
<input type="hidden" name="cl" value="[{$oViewConf->getActiveClassName()}]">
|
||||
|
||||
[{if !empty($Errors.default)}]
|
||||
[{include file="inc_error.tpl" Errorlist=$Errors.default}]
|
||||
[{/if}]
|
||||
|
||||
[{$oView->getBackupCodeCountMessage()}]
|
||||
|
||||
<label for="d3totp">[{oxmultilang ident="TOTP_INPUT"}]</label>
|
||||
<input type="text" name="d3totp" id="d3totp" value="" size="49" autofocus autocomplete="off"><br>
|
||||
|
||||
[{oxmultilang ident="TOTP_INPUT_HELP"}]
|
||||
|
||||
<input type="submit" value="[{oxmultilang ident="LOGIN_START"}]" class="btn"><br>
|
||||
|
||||
<input class="btn btn_cancel" value="[{oxmultilang ident="TOTP_CANCEL_LOGIN"}]" type="submit"
|
||||
onclick="document.getElementById('login').fnc.value='d3CancelLogin'; document.getElementById('login').submit();"
|
||||
>
|
||||
|
||||
[{oxstyle include=$oViewConf->getModuleUrl('d3totp', 'out/admin/src/css/d3totplogin.css')}]
|
||||
[{oxstyle}]
|
||||
|
||||
|
||||
|
||||
[{**
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
[{$oViewConf->getHiddenSid()}]
|
||||
|
||||
<input type="hidden" name="fnc" value="">
|
||||
<input type="hidden" name="cl" value="login">
|
||||
|
||||
[{if !empty($Errors.default)}]
|
||||
[{include file="inc_error.tpl" Errorlist=$Errors.default}]
|
||||
[{/if}]
|
||||
|
||||
<div class="d3webauthn_icon">
|
||||
<div class="svg-container">
|
||||
[{include file=$oViewConf->getModulePath('d3webauthn', 'out/img/fingerprint.svg')}]
|
||||
</div>
|
||||
<div class="message">[{oxmultilang ident="WEBAUTHN_INPUT_HELP"}]</div>
|
||||
</div>
|
||||
**}]
|
||||
[{* prevent cancel button (1st button) action when form is sent via Enter key *}]
|
||||
[{**
|
||||
<input type="submit" style="display:none !important;">
|
||||
|
||||
<input class="btn btn_cancel" value="[{oxmultilang ident="WEBAUTHN_CANCEL_LOGIN"}]" type="submit"
|
||||
onclick="document.getElementById('login').fnc.value='d3WebauthnCancelLogin'; document.getElementById('login').submit();"
|
||||
>
|
||||
|
||||
[{oxstyle include=$oViewConf->getModuleUrl('d3webauthn', 'out/admin/src/css/d3webauthnlogin.css')}]
|
||||
[{oxstyle}]
|
||||
**}]
|
||||
[{/block}]
|
||||
</form>
|
||||
</div>
|
||||
|
||||
[{oxscript}]
|
||||
<script type="text/javascript">if (window !== window.top) top.location.href = document.location.href;</script>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
@ -11,7 +11,7 @@
|
||||
<form action="[{$oViewConf->getSelfActionLink()}]" method="post" name="login" id="login">
|
||||
[{$oViewConf->getHiddenSid()}]
|
||||
|
||||
<input type="hidden" name="fnc" value="checkTotplogin">
|
||||
<input type="hidden" name="fnc" value="d3TotpCheckTotpLogin">
|
||||
<input type="hidden" name="cl" value="[{$oView->getPreviousClass()}]">
|
||||
[{$navFormParams}]
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
<form action="[{$oViewConf->getSelfActionLink()}]" method="post" name="login" id="login">
|
||||
[{$oViewConf->getHiddenSid()}]
|
||||
|
||||
<input type="hidden" name="fnc" value="cancelTotplogin">
|
||||
<input type="hidden" name="fnc" value="d3TotpCancelTotpLogin">
|
||||
<input type="hidden" name="cl" value="[{$oView->getPreviousClass()}]">
|
||||
[{$navFormParams}]
|
||||
|
||||
|
||||
@ -16,6 +16,7 @@ declare(strict_types=1);
|
||||
namespace D3\Totp\Modules\Application\Component;
|
||||
|
||||
use D3\Totp\Application\Model\d3totp;
|
||||
use D3\Totp\Application\Model\d3totp_conf;
|
||||
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
|
||||
use Doctrine\DBAL\DBALException;
|
||||
use InvalidArgumentException;
|
||||
@ -45,23 +46,23 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
|
||||
$totp->loadByUserId($oUser->getId());
|
||||
|
||||
if ($totp->isActive()
|
||||
&& !$this->d3GetSession()->getVariable(d3totp::TOTP_SESSION_VARNAME)
|
||||
&& !$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_AUTH)
|
||||
) {
|
||||
$this->d3GetSession()->setVariable(
|
||||
d3totp::TOTP_SESSION_CURRENTCLASS,
|
||||
$this->d3TotpGetSession()->setVariable(
|
||||
d3totp_conf::SESSION_CURRENTCLASS,
|
||||
$this->getParent()->getClassKey() != 'd3totplogin' ? $this->getParent()->getClassKey() : 'start'
|
||||
);
|
||||
|
||||
$this->d3GetSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, $oUser->getId());
|
||||
$this->d3GetSession()->setVariable(
|
||||
d3totp::TOTP_SESSION_NAVFORMPARAMS,
|
||||
$this->getParent()->getViewConfig()->getNavFormParams()
|
||||
);
|
||||
|
||||
$oUser->logout();
|
||||
|
||||
$this->d3TotpGetSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, $oUser->getId());
|
||||
$this->d3TotpGetSession()->setVariable(
|
||||
d3totp_conf::SESSION_NAVFORMPARAMS,
|
||||
$this->getParent()->getViewConfig()->getNavFormParams()
|
||||
);
|
||||
|
||||
$sUrl = Registry::getConfig()->getShopHomeUrl() . 'cl=d3totplogin';
|
||||
$this->d3GetUtils()->redirect($sUrl, false);
|
||||
$this->d3TotpGetUtils()->redirect($sUrl, false);
|
||||
}
|
||||
}
|
||||
|
||||
@ -80,11 +81,11 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
|
||||
* @throws DBALException
|
||||
* @throws DatabaseConnectionException
|
||||
*/
|
||||
public function checkTotplogin()
|
||||
public function d3TotpCheckTotpLogin()
|
||||
{
|
||||
$sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp', true);
|
||||
|
||||
$sUserId = Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTUSER);
|
||||
$sUserId = Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER);
|
||||
$oUser = oxNew(User::class);
|
||||
$oUser->load($sUserId);
|
||||
|
||||
@ -92,10 +93,10 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
|
||||
$totp->loadByUserId($sUserId);
|
||||
|
||||
try {
|
||||
if (!$this->isNoTotpOrNoLogin($totp) && $this->hasValidTotp($sTotp, $totp)) {
|
||||
if (!$this->d3TotpIsNoTotpOrNoLogin($totp) && $this->d3TotpHasValidTotp($sTotp, $totp)) {
|
||||
// relogin, don't extract from this try block
|
||||
$this->d3GetSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, $sTotp);
|
||||
$this->d3GetSession()->setVariable('usr', $oUser->getId());
|
||||
$this->d3TotpGetSession()->setVariable(d3totp_conf::SESSION_AUTH, $sTotp);
|
||||
$this->d3TotpGetSession()->setVariable('usr', $oUser->getId());
|
||||
$this->setUser(null);
|
||||
$this->setLoginStatus(USER_LOGIN_SUCCESS);
|
||||
$this->_afterLogin($oUser);
|
||||
@ -105,7 +106,7 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
|
||||
return false;
|
||||
}
|
||||
} catch (d3totp_wrongOtpException $oEx) {
|
||||
$this->d3GetUtilsView()->addErrorToDisplay($oEx, false, false, "", 'd3totplogin');
|
||||
$this->d3TotpGetUtilsView()->addErrorToDisplay($oEx, false, false, "", 'd3totplogin');
|
||||
}
|
||||
|
||||
return 'd3totplogin';
|
||||
@ -114,7 +115,7 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
|
||||
/**
|
||||
* @return UtilsView
|
||||
*/
|
||||
public function d3GetUtilsView()
|
||||
public function d3TotpGetUtilsView()
|
||||
{
|
||||
return Registry::getUtilsView();
|
||||
}
|
||||
@ -122,12 +123,12 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
|
||||
/**
|
||||
* @return Utils
|
||||
*/
|
||||
public function d3GetUtils()
|
||||
public function d3TotpGetUtils()
|
||||
{
|
||||
return Registry::getUtils();
|
||||
}
|
||||
|
||||
public function cancelTotpLogin()
|
||||
public function d3TotpCancelTotpLogin()
|
||||
{
|
||||
$this->d3TotpClearSessionVariables();
|
||||
|
||||
@ -138,9 +139,9 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
|
||||
* @param d3totp $totp
|
||||
* @return bool
|
||||
*/
|
||||
public function isNoTotpOrNoLogin($totp)
|
||||
public function d3TotpIsNoTotpOrNoLogin($totp)
|
||||
{
|
||||
return false == Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTUSER)
|
||||
return false == Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER)
|
||||
|| false == $totp->isActive();
|
||||
}
|
||||
|
||||
@ -151,9 +152,9 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
|
||||
* @throws DatabaseConnectionException
|
||||
* @throws d3totp_wrongOtpException
|
||||
*/
|
||||
public function hasValidTotp($sTotp, $totp)
|
||||
public function d3TotpHasValidTotp($sTotp, $totp)
|
||||
{
|
||||
return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) ||
|
||||
return Registry::getSession()->getVariable(d3totp_conf::SESSION_AUTH) ||
|
||||
(
|
||||
$sTotp && $totp->verify($sTotp)
|
||||
);
|
||||
@ -161,15 +162,15 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
|
||||
|
||||
public function d3TotpClearSessionVariables()
|
||||
{
|
||||
$this->d3GetSession()->deleteVariable(d3totp::TOTP_SESSION_CURRENTCLASS);
|
||||
$this->d3GetSession()->deleteVariable(d3totp::TOTP_SESSION_CURRENTUSER);
|
||||
$this->d3GetSession()->deleteVariable(d3totp::TOTP_SESSION_NAVFORMPARAMS);
|
||||
$this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_CURRENTCLASS);
|
||||
$this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_CURRENTUSER);
|
||||
$this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_NAVFORMPARAMS);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Session
|
||||
*/
|
||||
public function d3GetSession()
|
||||
public function d3TotpGetSession()
|
||||
{
|
||||
return Registry::getSession();
|
||||
}
|
||||
|
||||
@ -16,43 +16,15 @@ declare(strict_types=1);
|
||||
namespace D3\Totp\Modules\Application\Controller\Admin;
|
||||
|
||||
use D3\Totp\Application\Model\d3totp;
|
||||
use D3\Totp\Application\Model\d3backupcodelist;
|
||||
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
|
||||
use Doctrine\DBAL\DBALException;
|
||||
use D3\Totp\Application\Model\d3totp_conf;
|
||||
use D3\Totp\Modules\Application\Model\d3_totp_user;
|
||||
use OxidEsales\Eshop\Application\Model\User;
|
||||
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
||||
use OxidEsales\Eshop\Core\Registry;
|
||||
use OxidEsales\Eshop\Core\Session;
|
||||
use OxidEsales\Eshop\Core\UtilsView;
|
||||
|
||||
class d3_totp_LoginController extends d3_totp_LoginController_parent
|
||||
{
|
||||
/**
|
||||
* @return string
|
||||
* @throws DBALException
|
||||
* @throws DatabaseConnectionException
|
||||
*/
|
||||
public function render()
|
||||
{
|
||||
$auth = $this->d3TotpGetSession()->getVariable("auth");
|
||||
|
||||
$return = parent::render();
|
||||
|
||||
$totp = $this->d3GetTotpObject();
|
||||
$totp->loadByUserId($auth);
|
||||
|
||||
if ($auth
|
||||
&& $totp->isActive()
|
||||
&& !$this->d3TotpGetSession()->getVariable(d3totp::TOTP_SESSION_VARNAME)
|
||||
) {
|
||||
// set auth as secured parameter;
|
||||
$this->d3TotpGetSession()->setVariable("auth", $auth);
|
||||
$this->addTplParam('request_totp', true);
|
||||
}
|
||||
|
||||
return $return;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return d3totp
|
||||
*/
|
||||
@ -61,22 +33,6 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
|
||||
return oxNew(d3totp::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return d3backupcodelist
|
||||
*/
|
||||
public function d3GetBackupCodeListObject()
|
||||
{
|
||||
return oxNew(d3backupcodelist::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return UtilsView
|
||||
*/
|
||||
public function d3TotpGetUtilsView()
|
||||
{
|
||||
return Registry::getUtilsView();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Session
|
||||
*/
|
||||
@ -87,91 +43,37 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
|
||||
|
||||
/**
|
||||
* @return mixed|string
|
||||
* @throws DBALException
|
||||
* @throws DatabaseConnectionException
|
||||
*/
|
||||
public function checklogin()
|
||||
{
|
||||
$sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp', true);
|
||||
$return = parent::checklogin();
|
||||
|
||||
$totp = $this->d3GetTotpObject();
|
||||
$totp->loadByUserId(Registry::getSession()->getVariable("auth"));
|
||||
|
||||
$return = 'login';
|
||||
if ($this->d3TotpLoginMissing($totp)) {
|
||||
$userId = $this->d3TotpGetSession()->getVariable('auth');
|
||||
|
||||
try {
|
||||
if ($this->d3TotpIsNoTotpOrNoLogin($totp) && $this->hasLoginCredentials()) {
|
||||
$return = parent::checklogin();
|
||||
} elseif ($this->d3TotpHasValidTotp($sTotp, $totp)) {
|
||||
$this->d3TotpGetSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, $sTotp);
|
||||
$return = "admin_start";
|
||||
}
|
||||
} catch (d3totp_wrongOtpException $oEx) {
|
||||
$this->d3TotpGetUtilsView()->addErrorToDisplay($oEx);
|
||||
/** @var d3_totp_user $user */
|
||||
$user = oxNew(User::class);
|
||||
$user->logout();
|
||||
|
||||
$this->d3TotpGetSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, $userId);
|
||||
|
||||
return "d3totpadminlogin";
|
||||
}
|
||||
|
||||
return $return;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string|void
|
||||
* @throws DatabaseConnectionException
|
||||
*/
|
||||
public function getBackupCodeCountMessage()
|
||||
{
|
||||
$oBackupCodeList = $this->d3GetBackupCodeListObject();
|
||||
$iCount = $oBackupCodeList->getAvailableCodeCount(Registry::getSession()->getVariable("auth"));
|
||||
|
||||
if ($iCount < 4) {
|
||||
return sprintf(
|
||||
Registry::getLang()->translateString('D3_TOTP_AVAILBACKUPCODECOUNT'),
|
||||
$iCount
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param d3totp $totp
|
||||
* @return bool
|
||||
*/
|
||||
public function d3TotpIsNoTotpOrNoLogin($totp)
|
||||
public function d3TotpLoginMissing($totp)
|
||||
{
|
||||
return false == $this->d3TotpGetSession()->getVariable("auth")
|
||||
|| false == $totp->isActive();
|
||||
}
|
||||
|
||||
protected function hasLoginCredentials()
|
||||
{
|
||||
return Registry::getRequest()->getRequestEscapedParameter('user') &&
|
||||
Registry::getRequest()->getRequestEscapedParameter('pwd');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $sTotp
|
||||
* @param d3totp $totp
|
||||
* @return bool
|
||||
* @throws DatabaseConnectionException
|
||||
* @throws d3totp_wrongOtpException
|
||||
*/
|
||||
public function d3TotpHasValidTotp($sTotp, $totp)
|
||||
{
|
||||
return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) ||
|
||||
(
|
||||
$sTotp && $totp->verify($sTotp)
|
||||
);
|
||||
}
|
||||
|
||||
public function d3CancelLogin()
|
||||
{
|
||||
$oUser = $this->d3TotpGetUserObject();
|
||||
$oUser->logout();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return User
|
||||
*/
|
||||
public function d3TotpGetUserObject()
|
||||
{
|
||||
return oxNew(User::class);
|
||||
return $totp->isActive()
|
||||
&& false == $this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_AUTH);
|
||||
}
|
||||
}
|
||||
|
||||
@ -16,6 +16,7 @@ declare(strict_types=1);
|
||||
namespace D3\Totp\Modules\Application\Controller;
|
||||
|
||||
use D3\Totp\Application\Model\d3totp;
|
||||
use D3\Totp\Application\Model\d3totp_conf;
|
||||
use OxidEsales\Eshop\Application\Model\User;
|
||||
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
||||
use OxidEsales\Eshop\Core\Registry;
|
||||
@ -36,7 +37,7 @@ trait d3_totp_getUserTrait
|
||||
$totp->loadByUserId($oUser->getId());
|
||||
|
||||
if ($totp->isActive()
|
||||
&& !$this->d3TotpGetSessionObject()->getVariable(d3totp::TOTP_SESSION_VARNAME)
|
||||
&& !$this->d3TotpGetSessionObject()->getVariable(d3totp_conf::SESSION_AUTH)
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -16,6 +16,7 @@ declare(strict_types=1);
|
||||
namespace D3\Totp\Modules\Application\Model;
|
||||
|
||||
use D3\Totp\Application\Model\d3totp;
|
||||
use D3\Totp\Application\Model\d3totp_conf;
|
||||
use OxidEsales\Eshop\Core\Registry;
|
||||
use OxidEsales\Eshop\Core\Session;
|
||||
|
||||
@ -25,7 +26,8 @@ class d3_totp_user extends d3_totp_user_parent
|
||||
{
|
||||
$return = parent::logout();
|
||||
|
||||
$this->d3GetSession()->deleteVariable(d3totp::TOTP_SESSION_VARNAME);
|
||||
$this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_AUTH);
|
||||
$this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_CURRENTUSER);
|
||||
|
||||
return $return;
|
||||
}
|
||||
@ -41,7 +43,7 @@ class d3_totp_user extends d3_totp_user_parent
|
||||
/**
|
||||
* @return Session
|
||||
*/
|
||||
public function d3GetSession()
|
||||
public function d3TotpGetSession()
|
||||
{
|
||||
return Registry::getSession();
|
||||
}
|
||||
|
||||
@ -16,6 +16,7 @@ declare(strict_types=1);
|
||||
namespace D3\Totp\Modules\Core;
|
||||
|
||||
use D3\Totp\Application\Model\d3totp;
|
||||
use D3\Totp\Application\Model\d3totp_conf;
|
||||
use Doctrine\DBAL\DBALException;
|
||||
use OxidEsales\Eshop\Core\Config;
|
||||
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
||||
@ -32,10 +33,9 @@ class d3_totp_utils extends d3_totp_utils_parent
|
||||
public function checkAccessRights()
|
||||
{
|
||||
$blAuth = parent::checkAccessRights();
|
||||
|
||||
$blAuth = $this->d3AuthHook($blAuth);
|
||||
$userID = $this->d3TotpGetSessionObject()->getVariable("auth");
|
||||
$totpAuth = (bool) $this->d3TotpGetSessionObject()->getVariable(d3totp::TOTP_SESSION_VARNAME);
|
||||
$totpAuth = (bool) $this->d3TotpGetSessionObject()->getVariable(d3totp_conf::SESSION_AUTH);
|
||||
/** @var d3totp $totp */
|
||||
$totp = $this->d3GetTotpObject();
|
||||
$totp->loadByUserId($userID);
|
||||
@ -56,7 +56,7 @@ class d3_totp_utils extends d3_totp_utils_parent
|
||||
|
||||
//staten der prüfung vom einmalpasswort
|
||||
if ($blAuth && $totp->isActive() && false === $totpAuth) {
|
||||
$this->redirect('index.php?cl=login');
|
||||
$this->redirect('index.php?cl=d3totpadminlogin');
|
||||
if (false == defined('OXID_PHP_UNIT')) {
|
||||
// @codeCoverageIgnoreStart
|
||||
exit;
|
||||
|
||||
@ -13,6 +13,7 @@
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use D3\Totp\Application\Controller\Admin\d3totpadminlogin;
|
||||
use D3\Totp\Application\Controller\Admin\d3user_totp;
|
||||
use D3\Totp\Application\Controller\Admin\d3force_2fa;
|
||||
use D3\Totp\Application\Controller\d3_account_totp;
|
||||
@ -72,11 +73,13 @@ $aModule = [
|
||||
'd3force_2fa' => d3force_2fa::class,
|
||||
'd3totplogin' => d3totplogin::class,
|
||||
'd3_account_totp' => d3_account_totp::class,
|
||||
'd3totpadminlogin' => d3totpadminlogin::class
|
||||
],
|
||||
'templates' => [
|
||||
'd3user_totp.tpl' => 'd3/totp/Application/views/admin/tpl/d3user_totp.tpl',
|
||||
'd3totplogin.tpl' => 'd3/totp/Application/views/tpl/d3totplogin.tpl',
|
||||
'd3_account_totp.tpl' => 'd3/totp/Application/views/tpl/d3_account_totp.tpl',
|
||||
'd3totpadminlogin.tpl' => 'd3/totp/Application/views/admin/tpl/d3totplogin.tpl',
|
||||
],
|
||||
'settings' => [
|
||||
[
|
||||
|
||||
@ -16,6 +16,7 @@ namespace D3\Totp\tests\unit\Application\Controller;
|
||||
use D3\Totp\Application\Controller\d3totplogin;
|
||||
use D3\Totp\Application\Model\d3backupcodelist;
|
||||
use D3\Totp\Application\Model\d3totp;
|
||||
use D3\Totp\Application\Model\d3totp_conf;
|
||||
use D3\Totp\tests\unit\d3TotpUnitTestCase;
|
||||
use OxidEsales\Eshop\Core\Registry;
|
||||
use OxidEsales\Eshop\Core\Utils;
|
||||
@ -36,8 +37,8 @@ class d3totploginTest extends d3TotpUnitTestCase
|
||||
|
||||
$this->_oController = oxNew(d3totplogin::class);
|
||||
|
||||
Registry::getSession()->deleteVariable(d3totp::TOTP_SESSION_CURRENTUSER);
|
||||
Registry::getSession()->deleteVariable(d3totp::TOTP_SESSION_CURRENTCLASS);
|
||||
Registry::getSession()->deleteVariable(d3totp_conf::SESSION_CURRENTUSER);
|
||||
Registry::getSession()->deleteVariable(d3totp_conf::SESSION_CURRENTCLASS);
|
||||
}
|
||||
|
||||
public function tearDown(): void
|
||||
@ -78,7 +79,7 @@ class d3totploginTest extends d3TotpUnitTestCase
|
||||
*/
|
||||
public function renderDontRedirect()
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, 'foo');
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, 'foo');
|
||||
|
||||
/** @var Utils|MockObject $oUtilsMock */
|
||||
$oUtilsMock = $this->getMockBuilder(Utils::class)
|
||||
@ -193,7 +194,7 @@ class d3totploginTest extends d3TotpUnitTestCase
|
||||
public function canGetPreviousClass()
|
||||
{
|
||||
$className = "testClass";
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTCLASS, $className);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTCLASS, $className);
|
||||
|
||||
$this->assertSame(
|
||||
$className,
|
||||
@ -209,7 +210,7 @@ class d3totploginTest extends d3TotpUnitTestCase
|
||||
*/
|
||||
public function classIsOrderStep($className, $expected)
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTCLASS, $className);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTCLASS, $className);
|
||||
|
||||
$this->assertSame(
|
||||
$expected,
|
||||
@ -239,7 +240,7 @@ class d3totploginTest extends d3TotpUnitTestCase
|
||||
*/
|
||||
public function getIsOrderStepIsSameLikeOrderClass($className, $expected)
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTCLASS, $className);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTCLASS, $className);
|
||||
|
||||
$this->assertSame(
|
||||
$expected,
|
||||
|
||||
@ -15,6 +15,7 @@ namespace D3\Totp\tests\unit\Application\Model;
|
||||
|
||||
use D3\Totp\Application\Model\d3backupcode;
|
||||
use D3\Totp\Application\Model\d3totp;
|
||||
use D3\Totp\Application\Model\d3totp_conf;
|
||||
use D3\Totp\tests\unit\d3TotpUnitTestCase;
|
||||
use OxidEsales\Eshop\Application\Model\User;
|
||||
use OxidEsales\Eshop\Core\Registry;
|
||||
@ -153,7 +154,7 @@ class d3backupcodeTest extends d3TotpUnitTestCase
|
||||
*/
|
||||
public function d3GetUserReturnCurrentUser()
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, 'foobar');
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, 'foobar');
|
||||
|
||||
$oUser = $this->callMethod($this->_oModel, 'd3GetUser');
|
||||
|
||||
|
||||
@ -14,6 +14,7 @@
|
||||
namespace D3\Totp\tests\unit\Modules\Application\Component;
|
||||
|
||||
use D3\Totp\Application\Model\d3totp;
|
||||
use D3\Totp\Application\Model\d3totp_conf;
|
||||
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
|
||||
use D3\Totp\Modules\Application\Component\d3_totp_UserComponent;
|
||||
use D3\Totp\tests\unit\d3TotpUnitTestCase;
|
||||
@ -42,7 +43,7 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
|
||||
$this->_oController = oxNew(UserComponent::class);
|
||||
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false);
|
||||
}
|
||||
|
||||
public function tearDown(): void
|
||||
@ -84,13 +85,13 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
$oControllerMock = $this->getMockBuilder(UserComponent::class)
|
||||
->onlyMethods([
|
||||
'd3GetTotpObject',
|
||||
'd3GetSession',
|
||||
'd3GetUtils',
|
||||
'd3TotpGetSession',
|
||||
'd3TotpGetUtils',
|
||||
])
|
||||
->getMock();
|
||||
$oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock);
|
||||
$oControllerMock->method('d3GetSession')->willReturn($oSessionMock);
|
||||
$oControllerMock->method('d3GetUtils')->willReturn($oUtilsMock);
|
||||
$oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock);
|
||||
$oControllerMock->method('d3TotpGetUtils')->willReturn($oUtilsMock);
|
||||
|
||||
$this->_oController = $oControllerMock;
|
||||
|
||||
@ -145,13 +146,13 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
$oControllerMock = $this->getMockBuilder(UserComponent::class)
|
||||
->onlyMethods([
|
||||
'd3GetTotpObject',
|
||||
'd3GetSession',
|
||||
'd3GetUtils',
|
||||
'd3TotpGetSession',
|
||||
'd3TotpGetUtils',
|
||||
])
|
||||
->getMock();
|
||||
$oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock);
|
||||
$oControllerMock->method('d3GetSession')->willReturn($oSessionMock);
|
||||
$oControllerMock->method('d3GetUtils')->willReturn($oUtilsMock);
|
||||
$oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock);
|
||||
$oControllerMock->method('d3TotpGetUtils')->willReturn($oUtilsMock);
|
||||
|
||||
$this->_oController = $oControllerMock;
|
||||
|
||||
@ -221,15 +222,15 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
$oControllerMock = $this->getMockBuilder(UserComponent::class)
|
||||
->onlyMethods([
|
||||
'd3GetTotpObject',
|
||||
'd3GetSession',
|
||||
'd3GetUtils',
|
||||
'd3TotpGetSession',
|
||||
'd3TotpGetUtils',
|
||||
'getParent'
|
||||
])
|
||||
->getMock();
|
||||
$oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock);
|
||||
$oControllerMock->method('getParent')->willReturn($oParentMock);
|
||||
$oControllerMock->method('d3GetSession')->willReturn($oSessionMock);
|
||||
$oControllerMock->method('d3GetUtils')->willReturn($oUtilsMock);
|
||||
$oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock);
|
||||
$oControllerMock->method('d3TotpGetUtils')->willReturn($oUtilsMock);
|
||||
|
||||
$this->_oController = $oControllerMock;
|
||||
|
||||
@ -252,7 +253,7 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
/**
|
||||
* @test
|
||||
* @throws ReflectionException
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::checkTotplogin
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpCheckTotpLogin
|
||||
*/
|
||||
public function checkTotploginNoTotpLogin()
|
||||
{
|
||||
@ -272,29 +273,29 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
/** @var UserComponent|MockObject $oControllerMock */
|
||||
$oControllerMock = $this->getMockBuilder(UserComponent::class)
|
||||
->onlyMethods([
|
||||
'isNoTotpOrNoLogin',
|
||||
'hasValidTotp',
|
||||
'd3TotpIsNoTotpOrNoLogin',
|
||||
'd3TotpHasValidTotp',
|
||||
'd3GetTotpObject',
|
||||
'd3GetSession',
|
||||
'd3TotpGetSession',
|
||||
])
|
||||
->getMock();
|
||||
$oControllerMock->method('isNoTotpOrNoLogin')->willReturn(true);
|
||||
$oControllerMock->expects($this->never())->method('hasValidTotp')->willReturn(false);
|
||||
$oControllerMock->method('d3TotpIsNoTotpOrNoLogin')->willReturn(true);
|
||||
$oControllerMock->expects($this->never())->method('d3TotpHasValidTotp')->willReturn(false);
|
||||
$oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock);
|
||||
$oControllerMock->method('d3GetSession')->willReturn($oSessionMock);
|
||||
$oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock);
|
||||
|
||||
$this->_oController = $oControllerMock;
|
||||
|
||||
$this->assertSame(
|
||||
'd3totplogin',
|
||||
$this->callMethod($this->_oController, 'checkTotplogin')
|
||||
$this->callMethod($this->_oController, 'd3TotpCheckTotpLogin')
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @throws ReflectionException
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::checkTotplogin
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpCheckTotpLogin
|
||||
*/
|
||||
public function checkTotploginUnvalidTotp()
|
||||
{
|
||||
@ -325,31 +326,31 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
/** @var UserComponent|MockObject $oControllerMock */
|
||||
$oControllerMock = $this->getMockBuilder(UserComponent::class)
|
||||
->onlyMethods([
|
||||
'isNoTotpOrNoLogin',
|
||||
'hasValidTotp',
|
||||
'd3GetUtilsView',
|
||||
'd3TotpIsNoTotpOrNoLogin',
|
||||
'd3TotpHasValidTotp',
|
||||
'd3TotpGetUtilsView',
|
||||
'd3GetTotpObject',
|
||||
'd3GetSession',
|
||||
'd3TotpGetSession',
|
||||
])
|
||||
->getMock();
|
||||
$oControllerMock->method('isNoTotpOrNoLogin')->willReturn(false);
|
||||
$oControllerMock->expects($this->once())->method('hasValidTotp')->willThrowException($oTotpExceptionMock);
|
||||
$oControllerMock->method('d3GetUtilsView')->willReturn($oUtilsViewMock);
|
||||
$oControllerMock->method('d3TotpIsNoTotpOrNoLogin')->willReturn(false);
|
||||
$oControllerMock->expects($this->once())->method('d3TotpHasValidTotp')->willThrowException($oTotpExceptionMock);
|
||||
$oControllerMock->method('d3TotpGetUtilsView')->willReturn($oUtilsViewMock);
|
||||
$oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock);
|
||||
$oControllerMock->method('d3GetSession')->willReturn($oSessionMock);
|
||||
$oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock);
|
||||
|
||||
$this->_oController = $oControllerMock;
|
||||
|
||||
$this->assertSame(
|
||||
'd3totplogin',
|
||||
$this->callMethod($this->_oController, 'checkTotplogin')
|
||||
$this->callMethod($this->_oController, 'd3TotpCheckTotpLogin')
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @throws ReflectionException
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::checkTotplogin
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpCheckTotpLogin
|
||||
*/
|
||||
public function checkTotploginValidTotp()
|
||||
{
|
||||
@ -375,19 +376,19 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
/** @var UserComponent|MockObject $oControllerMock */
|
||||
$oControllerMock = $this->getMockBuilder(UserComponent::class)
|
||||
->onlyMethods([
|
||||
'isNoTotpOrNoLogin',
|
||||
'hasValidTotp',
|
||||
'd3GetUtilsView',
|
||||
'd3TotpIsNoTotpOrNoLogin',
|
||||
'd3TotpHasValidTotp',
|
||||
'd3TotpGetUtilsView',
|
||||
'd3GetTotpObject',
|
||||
'd3GetSession',
|
||||
'd3TotpGetSession',
|
||||
'setLoginStatus'
|
||||
])
|
||||
->getMock();
|
||||
$oControllerMock->method('isNoTotpOrNoLogin')->willReturn(false);
|
||||
$oControllerMock->expects($this->once())->method('hasValidTotp')->willReturn(true);
|
||||
$oControllerMock->method('d3GetUtilsView')->willReturn($oUtilsViewMock);
|
||||
$oControllerMock->method('d3TotpIsNoTotpOrNoLogin')->willReturn(false);
|
||||
$oControllerMock->expects($this->once())->method('d3TotpHasValidTotp')->willReturn(true);
|
||||
$oControllerMock->method('d3TotpGetUtilsView')->willReturn($oUtilsViewMock);
|
||||
$oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock);
|
||||
$oControllerMock->method('d3GetSession')->willReturn($oSessionMock);
|
||||
$oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock);
|
||||
$oControllerMock->expects($this->once())->method('setLoginStatus')->with(
|
||||
$this->identicalTo(USER_LOGIN_SUCCESS)
|
||||
);
|
||||
@ -395,27 +396,27 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
$this->_oController = $oControllerMock;
|
||||
|
||||
$this->assertFalse(
|
||||
$this->callMethod($this->_oController, 'checkTotplogin')
|
||||
$this->callMethod($this->_oController, 'd3TotpCheckTotpLogin')
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @throws ReflectionException
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3GetUtilsView
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpGetUtilsView
|
||||
*/
|
||||
public function d3GetUtilsViewReturnsRightInstance()
|
||||
{
|
||||
$this->assertInstanceOf(
|
||||
UtilsView::class,
|
||||
$this->callMethod($this->_oController, 'd3GetUtilsView')
|
||||
$this->callMethod($this->_oController, 'd3TotpGetUtilsView')
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @throws ReflectionException
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::cancelTotpLogin
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpCancelTotpLogin
|
||||
*/
|
||||
public function canCancelTotpLogin()
|
||||
{
|
||||
@ -427,17 +428,17 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
|
||||
$this->_oController = $oControllerMock;
|
||||
|
||||
$this->callMethod($this->_oController, 'cancelTotpLogin');
|
||||
$this->callMethod($this->_oController, 'd3TotpCancelTotpLogin');
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @throws ReflectionException
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::isNoTotpOrNoLogin
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpIsNoTotpOrNoLogin
|
||||
*/
|
||||
public function isNoTotpOrNoLoginTrueNoSessionVariable()
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, false);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, false);
|
||||
|
||||
/** @var d3totp|MockObject $oTotpMock */
|
||||
$oTotpMock = $this->getMockBuilder(d3totp::class)
|
||||
@ -447,18 +448,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
$oTotpMock->method('isActive')->willReturn(true);
|
||||
|
||||
$this->assertTrue(
|
||||
$this->callMethod($this->_oController, 'isNoTotpOrNoLogin', [$oTotpMock])
|
||||
$this->callMethod($this->_oController, 'd3TotpIsNoTotpOrNoLogin', [$oTotpMock])
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @throws ReflectionException
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::isNoTotpOrNoLogin
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpIsNoTotpOrNoLogin
|
||||
*/
|
||||
public function isNoTotpOrNoLoginTrueTotpNotActive()
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, true);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, true);
|
||||
|
||||
/** @var d3totp|MockObject $oTotpMock */
|
||||
$oTotpMock = $this->getMockBuilder(d3totp::class)
|
||||
@ -468,18 +469,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
$oTotpMock->method('isActive')->willReturn(false);
|
||||
|
||||
$this->assertTrue(
|
||||
$this->callMethod($this->_oController, 'isNoTotpOrNoLogin', [$oTotpMock])
|
||||
$this->callMethod($this->_oController, 'd3TotpIsNoTotpOrNoLogin', [$oTotpMock])
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @throws ReflectionException
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::isNoTotpOrNoLogin
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpIsNoTotpOrNoLogin
|
||||
*/
|
||||
public function isNoTotpOrNoLoginFalse()
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, true);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, true);
|
||||
|
||||
/** @var d3totp|MockObject $oTotpMock */
|
||||
$oTotpMock = $this->getMockBuilder(d3totp::class)
|
||||
@ -489,18 +490,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
$oTotpMock->method('isActive')->willReturn(true);
|
||||
|
||||
$this->assertFalse(
|
||||
$this->callMethod($this->_oController, 'isNoTotpOrNoLogin', [$oTotpMock])
|
||||
$this->callMethod($this->_oController, 'd3TotpIsNoTotpOrNoLogin', [$oTotpMock])
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @throws ReflectionException
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::hasValidTotp
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpHasValidTotp
|
||||
*/
|
||||
public function hasValidTotpTrueSessionVarname()
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, true);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, true);
|
||||
|
||||
/** @var d3totp|MockObject $oTotpMock */
|
||||
$oTotpMock = $this->getMockBuilder(d3totp::class)
|
||||
@ -510,18 +511,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
$oTotpMock->method('verify')->willReturn(false);
|
||||
|
||||
$this->assertTrue(
|
||||
$this->callMethod($this->_oController, 'hasValidTotp', ['123456', $oTotpMock])
|
||||
$this->callMethod($this->_oController, 'd3TotpHasValidTotp', ['123456', $oTotpMock])
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @throws ReflectionException
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::hasValidTotp
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpHasValidTotp
|
||||
*/
|
||||
public function hasValidTotpTrueValidTotp()
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false);
|
||||
|
||||
/** @var d3totp|MockObject $oTotpMock */
|
||||
$oTotpMock = $this->getMockBuilder(d3totp::class)
|
||||
@ -531,18 +532,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
$oTotpMock->method('verify')->willReturn(true);
|
||||
|
||||
$this->assertTrue(
|
||||
$this->callMethod($this->_oController, 'hasValidTotp', ['123456', $oTotpMock])
|
||||
$this->callMethod($this->_oController, 'd3TotpHasValidTotp', ['123456', $oTotpMock])
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @throws ReflectionException
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::hasValidTotp
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpHasValidTotp
|
||||
*/
|
||||
public function hasValidTotpFalseMissingTotp()
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false);
|
||||
|
||||
/** @var d3totp|MockObject $oTotpMock */
|
||||
$oTotpMock = $this->getMockBuilder(d3totp::class)
|
||||
@ -552,18 +553,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
$oTotpMock->method('verify')->willReturn(true);
|
||||
|
||||
$this->assertFalse(
|
||||
$this->callMethod($this->_oController, 'hasValidTotp', [null, $oTotpMock])
|
||||
$this->callMethod($this->_oController, 'd3TotpHasValidTotp', [null, $oTotpMock])
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @throws ReflectionException
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::hasValidTotp
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpHasValidTotp
|
||||
*/
|
||||
public function hasValidTotpFalseUnverifiedTotp()
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false);
|
||||
|
||||
/** @var d3totp|MockObject $oTotpMock */
|
||||
$oTotpMock = $this->getMockBuilder(d3totp::class)
|
||||
@ -573,7 +574,7 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
$oTotpMock->method('verify')->willReturn(false);
|
||||
|
||||
$this->assertFalse(
|
||||
$this->callMethod($this->_oController, 'hasValidTotp', ['123456', $oTotpMock])
|
||||
$this->callMethod($this->_oController, 'd3TotpHasValidTotp', ['123456', $oTotpMock])
|
||||
);
|
||||
}
|
||||
|
||||
@ -592,9 +593,9 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
|
||||
/** @var UserComponent|MockObject $oControllerMock */
|
||||
$oControllerMock = $this->getMockBuilder(UserComponent::class)
|
||||
->onlyMethods(['d3GetSession'])
|
||||
->onlyMethods(['d3TotpGetSession'])
|
||||
->getMock();
|
||||
$oControllerMock->method('d3GetSession')->willReturn($oSessionMock);
|
||||
$oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock);
|
||||
|
||||
$this->_oController = $oControllerMock;
|
||||
|
||||
@ -604,13 +605,13 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
|
||||
/**
|
||||
* @test
|
||||
* @throws ReflectionException
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3GetSession
|
||||
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpGetSession
|
||||
*/
|
||||
public function d3GetSessionReturnsRightInstance()
|
||||
{
|
||||
$this->assertInstanceOf(
|
||||
Session::class,
|
||||
$this->callMethod($this->_oController, 'd3GetSession')
|
||||
$this->callMethod($this->_oController, 'd3TotpGetSession')
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,6 +15,7 @@ namespace D3\Totp\tests\unit\Modules\Application\Controller\Admin;
|
||||
|
||||
use D3\Totp\Application\Model\d3backupcodelist;
|
||||
use D3\Totp\Application\Model\d3totp;
|
||||
use D3\Totp\Application\Model\d3totp_conf;
|
||||
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
|
||||
use D3\Totp\Modules\Application\Controller\Admin\d3_totp_LoginController;
|
||||
use D3\Totp\tests\unit\d3TotpUnitTestCase;
|
||||
@ -599,7 +600,7 @@ class d3_totp_LoginControllerTest extends d3TotpUnitTestCase
|
||||
*/
|
||||
public function hasValidTotpTrueSessionVarname()
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, true);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, true);
|
||||
|
||||
/** @var d3totp|MockObject $oTotpMock */
|
||||
$oTotpMock = $this->getMockBuilder(d3totp::class)
|
||||
@ -620,7 +621,7 @@ class d3_totp_LoginControllerTest extends d3TotpUnitTestCase
|
||||
*/
|
||||
public function hasValidTotpTrueValidTotp()
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false);
|
||||
|
||||
/** @var d3totp|MockObject $oTotpMock */
|
||||
$oTotpMock = $this->getMockBuilder(d3totp::class)
|
||||
@ -641,7 +642,7 @@ class d3_totp_LoginControllerTest extends d3TotpUnitTestCase
|
||||
*/
|
||||
public function hasValidTotpFalseMissingTotp()
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false);
|
||||
|
||||
/** @var d3totp|MockObject $oTotpMock */
|
||||
$oTotpMock = $this->getMockBuilder(d3totp::class)
|
||||
@ -662,7 +663,7 @@ class d3_totp_LoginControllerTest extends d3TotpUnitTestCase
|
||||
*/
|
||||
public function hasValidTotpFalseUnverifiedTotp()
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false);
|
||||
|
||||
/** @var d3totp|MockObject $oTotpMock */
|
||||
$oTotpMock = $this->getMockBuilder(d3totp::class)
|
||||
|
||||
@ -58,9 +58,9 @@ class d3_totp_userTest extends d3TotpUnitTestCase
|
||||
|
||||
/** @var d3_totp_user|MockObject $oModelMock */
|
||||
$oModelMock = $this->getMockBuilder(User::class)
|
||||
->onlyMethods(['d3GetSession'])
|
||||
->onlyMethods(['d3TotpGetSession'])
|
||||
->getMock();
|
||||
$oModelMock->method('d3GetSession')->willReturn($oSessionMock);
|
||||
$oModelMock->method('d3TotpGetSession')->willReturn($oSessionMock);
|
||||
|
||||
$this->_oModel = $oModelMock;
|
||||
|
||||
@ -88,13 +88,13 @@ class d3_totp_userTest extends d3TotpUnitTestCase
|
||||
/**
|
||||
* @test
|
||||
* @throws ReflectionException
|
||||
* @covers \D3\Totp\Modules\Application\Model\d3_totp_user::d3GetSession
|
||||
* @covers \D3\Totp\Modules\Application\Model\d3_totp_user::d3TotpGetSession
|
||||
*/
|
||||
public function d3GetSessionReturnsRightInstance()
|
||||
{
|
||||
$this->assertInstanceOf(
|
||||
Session::class,
|
||||
$this->callMethod($this->_oModel, 'd3GetSession')
|
||||
$this->callMethod($this->_oModel, 'd3TotpGetSession')
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
Laden…
x
In neuem Issue referenzieren
Einen Benutzer sperren