D3Public/oxtotp
8
0
Fork 1
Code Pull Requests Releases Activity

extract TOTP check from admin login

Browse Source
This commit is contained in:
Daniel Seifert 2022-11-10 00:00:50 +01:00
parent c80b5f626f
commit e3d2156d44
Signed by: DanielS
GPG Key ID: 6A513E13AEE66170
18 changed files with 445 additions and 245 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

179
src/Application/Controller/Admin/d3totpadminlogin.php Executable file
View File

@ -0,0 +1,179 @@
<?php
/**
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* https://www.d3data.de
*
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
* @author D3 Data Development - Daniel Seifert <info@shopmodule.com>
* @link https://www.oxidmodule.com
*/
declare(strict_types=1);
namespace D3\Totp\Application\Controller\Admin;
use D3\Totp\Application\Model\d3backupcodelist;
use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\d3totp_conf;
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
use OxidEsales\Eshop\Application\Controller\Admin\AdminController;
use OxidEsales\Eshop\Application\Model\User;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Registry;
use OxidEsales\Eshop\Core\Utils;
class d3totpadminlogin extends AdminController
{
protected $_sThisTemplate = 'd3totpadminlogin.tpl';
/**
* @return bool
*/
protected function _authorize(): bool
{
return true;
}
/**
* @return string
*/
public function render(): string
{
if (Registry::getSession()->hasVariable(d3totp_conf::SESSION_AUTH) ||
!Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER)
) {
$this->getUtils()->redirect('index.php?cl=admin_start');
if (!defined('OXID_PHP_UNIT')) {
// @codeCoverageIgnoreStart
exit;
// @codeCoverageIgnoreEnd
}
}
if (!Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER)) {
$this->getUtils()->redirect('index.php?cl=login');
}
return parent::render();
}
/**
* @return d3backupcodelist
*/
public function d3GetBackupCodeListObject()
{
return oxNew(d3backupcodelist::class);
}
/**
* @return string|void
* @throws DatabaseConnectionException
*/
public function getBackupCodeCountMessage()
{
$oBackupCodeList = $this->d3GetBackupCodeListObject();
$iCount = $oBackupCodeList->getAvailableCodeCount(Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER));
if ($iCount < 4) {
return sprintf(
Registry::getLang()->translateString('D3_TOTP_AVAILBACKUPCODECOUNT'),
$iCount
);
}
}
public function d3CancelLogin()
{
$oUser = $this->d3GetUserObject();
$oUser->logout();
return "login";
}
/**
* @return d3totp
*/
public function d3GetTotpObject()
{
return oxNew(d3totp::class);
}
/**
* @return User
*/
public function d3GetUserObject()
{
return oxNew(User::class);
}
public function checklogin()
{
$session = Registry::getSession();
$userId = $session->getVariable(d3totp_conf::SESSION_CURRENTUSER);
try {
$sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp');
$totp = $this->d3GetTotpObject();
$totp->loadByUserId($userId);
$this->d3TotpHasValidTotp($sTotp, $totp);
$adminProfiles = $session->getVariable("aAdminProfiles");
$session->initNewSession();
$session->setVariable("aAdminProfiles", $adminProfiles);
$session->setVariable('auth', $userId);
$session->setVariable(d3totp_conf::SESSION_AUTH, true);
return "admin_start";
} catch (d3totp_wrongOtpException $e) {
Registry::getUtilsView()->addErrorToDisplay($e);
Registry::getLogger()->error($e->getMessage(), ['UserId' => $userId]);
Registry::getLogger()->debug($e->getTraceAsString());
}
}
/**
* @param string $sTotp
* @param d3totp $totp
* @return bool
* @throws DatabaseConnectionException
* @throws d3totp_wrongOtpException
*/
public function d3TotpHasValidTotp($sTotp, $totp)
{
return Registry::getSession()->getVariable(d3totp_conf::SESSION_AUTH) ||
(
$sTotp && $totp->verify($sTotp)
);
}
/**
* @return Utils
*/
public function getUtils(): Utils
{
return Registry::getUtils();
}
/**
* Returns Bread Crumb - you are here page1/page2/page3...
*
* @return array
*/
public function getBreadCrumb(): array
{
$aPaths = [];
$aPath = [];
$iBaseLanguage = Registry::getLang()->getBaseLanguage();
$aPath['title'] = Registry::getLang()->translateString('D3_WEBAUTHN_BREADCRUMB', $iBaseLanguage, false);
$aPath['link'] = $this->getLink();
$aPaths[] = $aPath;
return $aPaths;
}
}

13
src/Application/Controller/d3totplogin.php
View File

@ -17,6 +17,7 @@ namespace D3\Totp\Application\Controller;
use D3\Totp\Application\Model\d3backupcodelist; use D3\Totp\Application\Model\d3backupcodelist;
use D3\Totp\Application\Model\d3totp; use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\d3totp_conf;
use OxidEsales\Eshop\Application\Controller\FrontendController; use OxidEsales\Eshop\Application\Controller\FrontendController;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Registry; use OxidEsales\Eshop\Core\Registry;
@ -28,8 +29,8 @@ class d3totplogin extends FrontendController
public function render() public function render()
{ {
if (Registry::getSession()->hasVariable(d3totp::TOTP_SESSION_VARNAME) || if (Registry::getSession()->hasVariable(d3totp_conf::SESSION_AUTH) ||
false == Registry::getSession()->hasVariable(d3totp::TOTP_SESSION_CURRENTUSER) false == Registry::getSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER)
) { ) {
$this->getUtils()->redirect('index.php?cl=start'); $this->getUtils()->redirect('index.php?cl=start');
if (false == defined('OXID_PHP_UNIT')) { if (false == defined('OXID_PHP_UNIT')) {
@ -39,7 +40,7 @@ class d3totplogin extends FrontendController
} }
} }
$this->addTplParam('navFormParams', Registry::getSession()->getVariable(d3totp::TOTP_SESSION_NAVFORMPARAMS)); $this->addTplParam('navFormParams', Registry::getSession()->getVariable(d3totp_conf::SESSION_NAVFORMPARAMS));
return parent::render(); return parent::render();
} }
@ -59,7 +60,7 @@ class d3totplogin extends FrontendController
public function getBackupCodeCountMessage() public function getBackupCodeCountMessage()
{ {
$oBackupCodeList = $this->getBackupCodeListObject(); $oBackupCodeList = $this->getBackupCodeListObject();
$iCount = $oBackupCodeList->getAvailableCodeCount(Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTUSER)); $iCount = $oBackupCodeList->getAvailableCodeCount(Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER));
if ($iCount < 4) { if ($iCount < 4) {
return sprintf( return sprintf(
@ -79,12 +80,12 @@ class d3totplogin extends FrontendController
public function getPreviousClass() public function getPreviousClass()
{ {
return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTCLASS); return Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTCLASS);
} }
public function previousClassIsOrderStep(): bool public function previousClassIsOrderStep(): bool
{ {
$sClassKey = Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTCLASS); $sClassKey = Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTCLASS);
$resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey); $resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey);
$resolvedClass = $resolvedClass ?: 'start'; $resolvedClass = $resolvedClass ?: 'start';

2
src/Application/Model/d3backupcode.php
View File

@ -74,7 +74,7 @@ class d3backupcode extends BaseModel
return $this->getUser(); return $this->getUser();
} }
$sUserId = Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTUSER); $sUserId = Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER);
$oUser = oxNew(User::class); $oUser = oxNew(User::class);
$oUser->load($sUserId); $oUser->load($sUserId);
return $oUser; return $oUser;

5
src/Application/Model/d3totp.php
View File

@ -29,11 +29,6 @@ use OxidEsales\Eshop\Core\Registry;
class d3totp extends BaseModel class d3totp extends BaseModel
{ {
public const TOTP_SESSION_VARNAME = 'totp_auth';
public const TOTP_SESSION_CURRENTUSER = 'd3totpCurrentUser';
public const TOTP_SESSION_CURRENTCLASS = 'd3totpCurrentClass';
public const TOTP_SESSION_NAVFORMPARAMS = 'd3totpNavFormParams';
public $tableName = 'd3totp'; public $tableName = 'd3totp';
public $userId; public $userId;
public $totp; public $totp;

24
src/Application/Model/d3totp_conf.php Normal file
View File

@ -0,0 +1,24 @@
<?php
/**
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* https://www.d3data.de
*
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
* @author D3 Data Development - Daniel Seifert <info@shopmodule.com>
* @link https://www.oxidmodule.com
*/
declare(strict_types=1);
namespace D3\Totp\Application\Model;
class d3totp_conf
{
public const SESSION_AUTH = 'd3TotpAuth'; // has valid totp, user is logged in completly
public const SESSION_CURRENTUSER = 'd3TotpCurrentUser'; // oxid assigned to user from entered username
public const SESSION_CURRENTCLASS = 'd3TotpCurrentClass'; // oxid assigned to user from entered username
public const SESSION_NAVFORMPARAMS = 'd3totpNavFormParams';
}

88
src/Application/views/admin/tpl/d3totplogin.tpl Normal file
View File

@ -0,0 +1,88 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>[{oxmultilang ident="LOGIN_TITLE"}]</title>
<meta http-equiv="Content-Type" content="text/html; charset=[{$charset}]">
<meta name="ROBOTS" content="NOINDEX, NOFOLLOW">
<link rel="shortcut icon" href="[{$oViewConf->getImageUrl()}]favicon.ico">
<link rel="stylesheet" href="[{$oViewConf->getResourceUrl()}]login.css">
<link rel="stylesheet" href="[{$oViewConf->getResourceUrl()}]colors_[{$oViewConf->getEdition()|lower}].css">
</head>
<body>
<div class="admin-login-box">
<div id="shopLogo"><img src="[{$oViewConf->getImageUrl('logo_dark.svg')}]" alt="" /></div>
<form action="[{$oViewConf->getSelfLink()}]" method="post" id="login">
[{block name="admin_login_form"}]
[{$oViewConf->getHiddenSid()}]
<input type="hidden" name="fnc" value="checklogin">
<input type="hidden" name="cl" value="[{$oViewConf->getActiveClassName()}]">
[{if !empty($Errors.default)}]
[{include file="inc_error.tpl" Errorlist=$Errors.default}]
[{/if}]
[{$oView->getBackupCodeCountMessage()}]
<label for="d3totp">[{oxmultilang ident="TOTP_INPUT"}]</label>
<input type="text" name="d3totp" id="d3totp" value="" size="49" autofocus autocomplete="off"><br>
[{oxmultilang ident="TOTP_INPUT_HELP"}]
<input type="submit" value="[{oxmultilang ident="LOGIN_START"}]" class="btn"><br>
<input class="btn btn_cancel" value="[{oxmultilang ident="TOTP_CANCEL_LOGIN"}]" type="submit"
onclick="document.getElementById('login').fnc.value='d3CancelLogin'; document.getElementById('login').submit();"
>
[{oxstyle include=$oViewConf->getModuleUrl('d3totp', 'out/admin/src/css/d3totplogin.css')}]
[{oxstyle}]
[{**
[{$oViewConf->getHiddenSid()}]
<input type="hidden" name="fnc" value="">
<input type="hidden" name="cl" value="login">
[{if !empty($Errors.default)}]
[{include file="inc_error.tpl" Errorlist=$Errors.default}]
[{/if}]
<div class="d3webauthn_icon">
<div class="svg-container">
[{include file=$oViewConf->getModulePath('d3webauthn', 'out/img/fingerprint.svg')}]
</div>
<div class="message">[{oxmultilang ident="WEBAUTHN_INPUT_HELP"}]</div>
</div>
**}]
[{* prevent cancel button (1st button) action when form is sent via Enter key *}]
[{**
<input type="submit" style="display:none !important;">
<input class="btn btn_cancel" value="[{oxmultilang ident="WEBAUTHN_CANCEL_LOGIN"}]" type="submit"
onclick="document.getElementById('login').fnc.value='d3WebauthnCancelLogin'; document.getElementById('login').submit();"
>
[{oxstyle include=$oViewConf->getModuleUrl('d3webauthn', 'out/admin/src/css/d3webauthnlogin.css')}]
[{oxstyle}]
**}]
[{/block}]
</form>
</div>
[{oxscript}]
<script type="text/javascript">if (window !== window.top) top.location.href = document.location.href;</script>
</body>
</html>

4
src/Application/views/tpl/d3totplogin.tpl
View File

@ -11,7 +11,7 @@
<form action="[{$oViewConf->getSelfActionLink()}]" method="post" name="login" id="login"> <form action="[{$oViewConf->getSelfActionLink()}]" method="post" name="login" id="login">
[{$oViewConf->getHiddenSid()}] [{$oViewConf->getHiddenSid()}]
<input type="hidden" name="fnc" value="checkTotplogin"> <input type="hidden" name="fnc" value="d3TotpCheckTotpLogin">
<input type="hidden" name="cl" value="[{$oView->getPreviousClass()}]"> <input type="hidden" name="cl" value="[{$oView->getPreviousClass()}]">
[{$navFormParams}] [{$navFormParams}]
@ -34,7 +34,7 @@
<form action="[{$oViewConf->getSelfActionLink()}]" method="post" name="login" id="login"> <form action="[{$oViewConf->getSelfActionLink()}]" method="post" name="login" id="login">
[{$oViewConf->getHiddenSid()}] [{$oViewConf->getHiddenSid()}]
<input type="hidden" name="fnc" value="cancelTotplogin"> <input type="hidden" name="fnc" value="d3TotpCancelTotpLogin">
<input type="hidden" name="cl" value="[{$oView->getPreviousClass()}]"> <input type="hidden" name="cl" value="[{$oView->getPreviousClass()}]">
[{$navFormParams}] [{$navFormParams}]

55
src/Modules/Application/Component/d3_totp_UserComponent.php
View File

@ -16,6 +16,7 @@ declare(strict_types=1);
namespace D3\Totp\Modules\Application\Component; namespace D3\Totp\Modules\Application\Component;
use D3\Totp\Application\Model\d3totp; use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\d3totp_conf;
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException; use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
use Doctrine\DBAL\DBALException; use Doctrine\DBAL\DBALException;
use InvalidArgumentException; use InvalidArgumentException;
@ -45,23 +46,23 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
$totp->loadByUserId($oUser->getId()); $totp->loadByUserId($oUser->getId());
if ($totp->isActive() if ($totp->isActive()
&& !$this->d3GetSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) && !$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_AUTH)
) { ) {
$this->d3GetSession()->setVariable( $this->d3TotpGetSession()->setVariable(
d3totp::TOTP_SESSION_CURRENTCLASS, d3totp_conf::SESSION_CURRENTCLASS,
$this->getParent()->getClassKey() != 'd3totplogin' ? $this->getParent()->getClassKey() : 'start' $this->getParent()->getClassKey() != 'd3totplogin' ? $this->getParent()->getClassKey() : 'start'
); );
$this->d3GetSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, $oUser->getId());
$this->d3GetSession()->setVariable(
d3totp::TOTP_SESSION_NAVFORMPARAMS,
$this->getParent()->getViewConfig()->getNavFormParams()
);
$oUser->logout(); $oUser->logout();
$this->d3TotpGetSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, $oUser->getId());
$this->d3TotpGetSession()->setVariable(
d3totp_conf::SESSION_NAVFORMPARAMS,
$this->getParent()->getViewConfig()->getNavFormParams()
);
$sUrl = Registry::getConfig()->getShopHomeUrl() . 'cl=d3totplogin'; $sUrl = Registry::getConfig()->getShopHomeUrl() . 'cl=d3totplogin';
$this->d3GetUtils()->redirect($sUrl, false); $this->d3TotpGetUtils()->redirect($sUrl, false);
} }
} }
@ -80,11 +81,11 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
* @throws DBALException * @throws DBALException
* @throws DatabaseConnectionException * @throws DatabaseConnectionException
*/ */
public function checkTotplogin() public function d3TotpCheckTotpLogin()
{ {
$sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp', true); $sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp', true);
$sUserId = Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTUSER); $sUserId = Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER);
$oUser = oxNew(User::class); $oUser = oxNew(User::class);
$oUser->load($sUserId); $oUser->load($sUserId);
@ -92,10 +93,10 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
$totp->loadByUserId($sUserId); $totp->loadByUserId($sUserId);
try { try {
if (!$this->isNoTotpOrNoLogin($totp) && $this->hasValidTotp($sTotp, $totp)) { if (!$this->d3TotpIsNoTotpOrNoLogin($totp) && $this->d3TotpHasValidTotp($sTotp, $totp)) {
// relogin, don't extract from this try block // relogin, don't extract from this try block
$this->d3GetSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, $sTotp); $this->d3TotpGetSession()->setVariable(d3totp_conf::SESSION_AUTH, $sTotp);
$this->d3GetSession()->setVariable('usr', $oUser->getId()); $this->d3TotpGetSession()->setVariable('usr', $oUser->getId());
$this->setUser(null); $this->setUser(null);
$this->setLoginStatus(USER_LOGIN_SUCCESS); $this->setLoginStatus(USER_LOGIN_SUCCESS);
$this->_afterLogin($oUser); $this->_afterLogin($oUser);
@ -105,7 +106,7 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
return false; return false;
} }
} catch (d3totp_wrongOtpException $oEx) { } catch (d3totp_wrongOtpException $oEx) {
$this->d3GetUtilsView()->addErrorToDisplay($oEx, false, false, "", 'd3totplogin'); $this->d3TotpGetUtilsView()->addErrorToDisplay($oEx, false, false, "", 'd3totplogin');
} }
return 'd3totplogin'; return 'd3totplogin';
@ -114,7 +115,7 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
/** /**
* @return UtilsView * @return UtilsView
*/ */
public function d3GetUtilsView() public function d3TotpGetUtilsView()
{ {
return Registry::getUtilsView(); return Registry::getUtilsView();
} }
@ -122,12 +123,12 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
/** /**
* @return Utils * @return Utils
*/ */
public function d3GetUtils() public function d3TotpGetUtils()
{ {
return Registry::getUtils(); return Registry::getUtils();
} }
public function cancelTotpLogin() public function d3TotpCancelTotpLogin()
{ {
$this->d3TotpClearSessionVariables(); $this->d3TotpClearSessionVariables();
@ -138,9 +139,9 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
* @param d3totp $totp * @param d3totp $totp
* @return bool * @return bool
*/ */
public function isNoTotpOrNoLogin($totp) public function d3TotpIsNoTotpOrNoLogin($totp)
{ {
return false == Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTUSER) return false == Registry::getSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER)
|| false == $totp->isActive(); || false == $totp->isActive();
} }
@ -151,9 +152,9 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
* @throws DatabaseConnectionException * @throws DatabaseConnectionException
* @throws d3totp_wrongOtpException * @throws d3totp_wrongOtpException
*/ */
public function hasValidTotp($sTotp, $totp) public function d3TotpHasValidTotp($sTotp, $totp)
{ {
return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) || return Registry::getSession()->getVariable(d3totp_conf::SESSION_AUTH) ||
( (
$sTotp && $totp->verify($sTotp) $sTotp && $totp->verify($sTotp)
); );
@ -161,15 +162,15 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent
public function d3TotpClearSessionVariables() public function d3TotpClearSessionVariables()
{ {
$this->d3GetSession()->deleteVariable(d3totp::TOTP_SESSION_CURRENTCLASS); $this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_CURRENTCLASS);
$this->d3GetSession()->deleteVariable(d3totp::TOTP_SESSION_CURRENTUSER); $this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_CURRENTUSER);
$this->d3GetSession()->deleteVariable(d3totp::TOTP_SESSION_NAVFORMPARAMS); $this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_NAVFORMPARAMS);
} }
/** /**
* @return Session * @return Session
*/ */
public function d3GetSession() public function d3TotpGetSession()
{ {
return Registry::getSession(); return Registry::getSession();
} }

128
src/Modules/Application/Controller/Admin/d3_totp_LoginController.php
View File

@ -16,43 +16,15 @@ declare(strict_types=1);
namespace D3\Totp\Modules\Application\Controller\Admin; namespace D3\Totp\Modules\Application\Controller\Admin;
use D3\Totp\Application\Model\d3totp; use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\d3backupcodelist; use D3\Totp\Application\Model\d3totp_conf;
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException; use D3\Totp\Modules\Application\Model\d3_totp_user;
use Doctrine\DBAL\DBALException;
use OxidEsales\Eshop\Application\Model\User; use OxidEsales\Eshop\Application\Model\User;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Registry; use OxidEsales\Eshop\Core\Registry;
use OxidEsales\Eshop\Core\Session; use OxidEsales\Eshop\Core\Session;
use OxidEsales\Eshop\Core\UtilsView;
class d3_totp_LoginController extends d3_totp_LoginController_parent class d3_totp_LoginController extends d3_totp_LoginController_parent
{ {
/**
* @return string
* @throws DBALException
* @throws DatabaseConnectionException
*/
public function render()
{
$auth = $this->d3TotpGetSession()->getVariable("auth");
$return = parent::render();
$totp = $this->d3GetTotpObject();
$totp->loadByUserId($auth);
if ($auth
&& $totp->isActive()
&& !$this->d3TotpGetSession()->getVariable(d3totp::TOTP_SESSION_VARNAME)
) {
// set auth as secured parameter;
$this->d3TotpGetSession()->setVariable("auth", $auth);
$this->addTplParam('request_totp', true);
}
return $return;
}
/** /**
* @return d3totp * @return d3totp
*/ */
@ -61,22 +33,6 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
return oxNew(d3totp::class); return oxNew(d3totp::class);
} }
/**
* @return d3backupcodelist
*/
public function d3GetBackupCodeListObject()
{
return oxNew(d3backupcodelist::class);
}
/**
* @return UtilsView
*/
public function d3TotpGetUtilsView()
{
return Registry::getUtilsView();
}
/** /**
* @return Session * @return Session
*/ */
@ -87,91 +43,37 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
/** /**
* @return mixed|string * @return mixed|string
* @throws DBALException
* @throws DatabaseConnectionException * @throws DatabaseConnectionException
*/ */
public function checklogin() public function checklogin()
{ {
$sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp', true); $return = parent::checklogin();
$totp = $this->d3GetTotpObject(); $totp = $this->d3GetTotpObject();
$totp->loadByUserId(Registry::getSession()->getVariable("auth")); $totp->loadByUserId(Registry::getSession()->getVariable("auth"));
$return = 'login'; if ($this->d3TotpLoginMissing($totp)) {
$userId = $this->d3TotpGetSession()->getVariable('auth');
try { /** @var d3_totp_user $user */
if ($this->d3TotpIsNoTotpOrNoLogin($totp) && $this->hasLoginCredentials()) { $user = oxNew(User::class);
$return = parent::checklogin(); $user->logout();
} elseif ($this->d3TotpHasValidTotp($sTotp, $totp)) {
$this->d3TotpGetSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, $sTotp); $this->d3TotpGetSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, $userId);
$return = "admin_start";
} return "d3totpadminlogin";
} catch (d3totp_wrongOtpException $oEx) {
$this->d3TotpGetUtilsView()->addErrorToDisplay($oEx);
} }
return $return; return $return;
} }
/**
* @return string|void
* @throws DatabaseConnectionException
*/
public function getBackupCodeCountMessage()
{
$oBackupCodeList = $this->d3GetBackupCodeListObject();
$iCount = $oBackupCodeList->getAvailableCodeCount(Registry::getSession()->getVariable("auth"));
if ($iCount < 4) {
return sprintf(
Registry::getLang()->translateString('D3_TOTP_AVAILBACKUPCODECOUNT'),
$iCount
);
}
}
/** /**
* @param d3totp $totp * @param d3totp $totp
* @return bool * @return bool
*/ */
public function d3TotpIsNoTotpOrNoLogin($totp) public function d3TotpLoginMissing($totp)
{ {
return false == $this->d3TotpGetSession()->getVariable("auth") return $totp->isActive()
|| false == $totp->isActive(); && false == $this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_AUTH);
}
protected function hasLoginCredentials()
{
return Registry::getRequest()->getRequestEscapedParameter('user') &&
Registry::getRequest()->getRequestEscapedParameter('pwd');
}
/**
* @param string $sTotp
* @param d3totp $totp
* @return bool
* @throws DatabaseConnectionException
* @throws d3totp_wrongOtpException
*/
public function d3TotpHasValidTotp($sTotp, $totp)
{
return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) ||
(
$sTotp && $totp->verify($sTotp)
);
}
public function d3CancelLogin()
{
$oUser = $this->d3TotpGetUserObject();
$oUser->logout();
}
/**
* @return User
*/
public function d3TotpGetUserObject()
{
return oxNew(User::class);
} }
} }

3
src/Modules/Application/Controller/d3_totp_getUserTrait.php
View File

@ -16,6 +16,7 @@ declare(strict_types=1);
namespace D3\Totp\Modules\Application\Controller; namespace D3\Totp\Modules\Application\Controller;
use D3\Totp\Application\Model\d3totp; use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\d3totp_conf;
use OxidEsales\Eshop\Application\Model\User; use OxidEsales\Eshop\Application\Model\User;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Registry; use OxidEsales\Eshop\Core\Registry;
@ -36,7 +37,7 @@ trait d3_totp_getUserTrait
$totp->loadByUserId($oUser->getId()); $totp->loadByUserId($oUser->getId());
if ($totp->isActive() if ($totp->isActive()
&& !$this->d3TotpGetSessionObject()->getVariable(d3totp::TOTP_SESSION_VARNAME) && !$this->d3TotpGetSessionObject()->getVariable(d3totp_conf::SESSION_AUTH)
) { ) {
return false; return false;
} }

6
src/Modules/Application/Model/d3_totp_user.php
View File

@ -16,6 +16,7 @@ declare(strict_types=1);
namespace D3\Totp\Modules\Application\Model; namespace D3\Totp\Modules\Application\Model;
use D3\Totp\Application\Model\d3totp; use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\d3totp_conf;
use OxidEsales\Eshop\Core\Registry; use OxidEsales\Eshop\Core\Registry;
use OxidEsales\Eshop\Core\Session; use OxidEsales\Eshop\Core\Session;
@ -25,7 +26,8 @@ class d3_totp_user extends d3_totp_user_parent
{ {
$return = parent::logout(); $return = parent::logout();
$this->d3GetSession()->deleteVariable(d3totp::TOTP_SESSION_VARNAME); $this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_AUTH);
$this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_CURRENTUSER);
return $return; return $return;
} }
@ -41,7 +43,7 @@ class d3_totp_user extends d3_totp_user_parent
/** /**
* @return Session * @return Session
*/ */
public function d3GetSession() public function d3TotpGetSession()
{ {
return Registry::getSession(); return Registry::getSession();
} }

6
src/Modules/Core/d3_totp_utils.php
View File

@ -16,6 +16,7 @@ declare(strict_types=1);
namespace D3\Totp\Modules\Core; namespace D3\Totp\Modules\Core;
use D3\Totp\Application\Model\d3totp; use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\d3totp_conf;
use Doctrine\DBAL\DBALException; use Doctrine\DBAL\DBALException;
use OxidEsales\Eshop\Core\Config; use OxidEsales\Eshop\Core\Config;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
@ -32,10 +33,9 @@ class d3_totp_utils extends d3_totp_utils_parent
public function checkAccessRights() public function checkAccessRights()
{ {
$blAuth = parent::checkAccessRights(); $blAuth = parent::checkAccessRights();
$blAuth = $this->d3AuthHook($blAuth); $blAuth = $this->d3AuthHook($blAuth);
$userID = $this->d3TotpGetSessionObject()->getVariable("auth"); $userID = $this->d3TotpGetSessionObject()->getVariable("auth");
$totpAuth = (bool) $this->d3TotpGetSessionObject()->getVariable(d3totp::TOTP_SESSION_VARNAME); $totpAuth = (bool) $this->d3TotpGetSessionObject()->getVariable(d3totp_conf::SESSION_AUTH);
/** @var d3totp $totp */ /** @var d3totp $totp */
$totp = $this->d3GetTotpObject(); $totp = $this->d3GetTotpObject();
$totp->loadByUserId($userID); $totp->loadByUserId($userID);
@ -56,7 +56,7 @@ class d3_totp_utils extends d3_totp_utils_parent
//staten der prüfung vom einmalpasswort //staten der prüfung vom einmalpasswort
if ($blAuth && $totp->isActive() && false === $totpAuth) { if ($blAuth && $totp->isActive() && false === $totpAuth) {
$this->redirect('index.php?cl=login'); $this->redirect('index.php?cl=d3totpadminlogin');
if (false == defined('OXID_PHP_UNIT')) { if (false == defined('OXID_PHP_UNIT')) {
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart
exit; exit;

3
src/metadata.php
View File

@ -13,6 +13,7 @@
declare(strict_types=1); declare(strict_types=1);
use D3\Totp\Application\Controller\Admin\d3totpadminlogin;
use D3\Totp\Application\Controller\Admin\d3user_totp; use D3\Totp\Application\Controller\Admin\d3user_totp;
use D3\Totp\Application\Controller\Admin\d3force_2fa; use D3\Totp\Application\Controller\Admin\d3force_2fa;
use D3\Totp\Application\Controller\d3_account_totp; use D3\Totp\Application\Controller\d3_account_totp;
@ -72,11 +73,13 @@ $aModule = [
'd3force_2fa' => d3force_2fa::class, 'd3force_2fa' => d3force_2fa::class,
'd3totplogin' => d3totplogin::class, 'd3totplogin' => d3totplogin::class,
'd3_account_totp' => d3_account_totp::class, 'd3_account_totp' => d3_account_totp::class,
'd3totpadminlogin' => d3totpadminlogin::class
], ],
'templates' => [ 'templates' => [
'd3user_totp.tpl' => 'd3/totp/Application/views/admin/tpl/d3user_totp.tpl', 'd3user_totp.tpl' => 'd3/totp/Application/views/admin/tpl/d3user_totp.tpl',
'd3totplogin.tpl' => 'd3/totp/Application/views/tpl/d3totplogin.tpl', 'd3totplogin.tpl' => 'd3/totp/Application/views/tpl/d3totplogin.tpl',
'd3_account_totp.tpl' => 'd3/totp/Application/views/tpl/d3_account_totp.tpl', 'd3_account_totp.tpl' => 'd3/totp/Application/views/tpl/d3_account_totp.tpl',
'd3totpadminlogin.tpl' => 'd3/totp/Application/views/admin/tpl/d3totplogin.tpl',
], ],
'settings' => [ 'settings' => [
[ [

13
src/tests/unit/Application/Controller/d3totploginTest.php
View File

@ -16,6 +16,7 @@ namespace D3\Totp\tests\unit\Application\Controller;
use D3\Totp\Application\Controller\d3totplogin; use D3\Totp\Application\Controller\d3totplogin;
use D3\Totp\Application\Model\d3backupcodelist; use D3\Totp\Application\Model\d3backupcodelist;
use D3\Totp\Application\Model\d3totp; use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\d3totp_conf;
use D3\Totp\tests\unit\d3TotpUnitTestCase; use D3\Totp\tests\unit\d3TotpUnitTestCase;
use OxidEsales\Eshop\Core\Registry; use OxidEsales\Eshop\Core\Registry;
use OxidEsales\Eshop\Core\Utils; use OxidEsales\Eshop\Core\Utils;
@ -36,8 +37,8 @@ class d3totploginTest extends d3TotpUnitTestCase
$this->_oController = oxNew(d3totplogin::class); $this->_oController = oxNew(d3totplogin::class);
Registry::getSession()->deleteVariable(d3totp::TOTP_SESSION_CURRENTUSER); Registry::getSession()->deleteVariable(d3totp_conf::SESSION_CURRENTUSER);
Registry::getSession()->deleteVariable(d3totp::TOTP_SESSION_CURRENTCLASS); Registry::getSession()->deleteVariable(d3totp_conf::SESSION_CURRENTCLASS);
} }
public function tearDown(): void public function tearDown(): void
@ -78,7 +79,7 @@ class d3totploginTest extends d3TotpUnitTestCase
*/ */
public function renderDontRedirect() public function renderDontRedirect()
{ {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, 'foo'); Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, 'foo');
/** @var Utils|MockObject $oUtilsMock */ /** @var Utils|MockObject $oUtilsMock */
$oUtilsMock = $this->getMockBuilder(Utils::class) $oUtilsMock = $this->getMockBuilder(Utils::class)
@ -193,7 +194,7 @@ class d3totploginTest extends d3TotpUnitTestCase
public function canGetPreviousClass() public function canGetPreviousClass()
{ {
$className = "testClass"; $className = "testClass";
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTCLASS, $className); Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTCLASS, $className);
$this->assertSame( $this->assertSame(
$className, $className,
@ -209,7 +210,7 @@ class d3totploginTest extends d3TotpUnitTestCase
*/ */
public function classIsOrderStep($className, $expected) public function classIsOrderStep($className, $expected)
{ {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTCLASS, $className); Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTCLASS, $className);
$this->assertSame( $this->assertSame(
$expected, $expected,
@ -239,7 +240,7 @@ class d3totploginTest extends d3TotpUnitTestCase
*/ */
public function getIsOrderStepIsSameLikeOrderClass($className, $expected) public function getIsOrderStepIsSameLikeOrderClass($className, $expected)
{ {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTCLASS, $className); Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTCLASS, $className);
$this->assertSame( $this->assertSame(
$expected, $expected,

3
src/tests/unit/Application/Model/d3backupcodeTest.php
View File

@ -15,6 +15,7 @@ namespace D3\Totp\tests\unit\Application\Model;
use D3\Totp\Application\Model\d3backupcode; use D3\Totp\Application\Model\d3backupcode;
use D3\Totp\Application\Model\d3totp; use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\d3totp_conf;
use D3\Totp\tests\unit\d3TotpUnitTestCase; use D3\Totp\tests\unit\d3TotpUnitTestCase;
use OxidEsales\Eshop\Application\Model\User; use OxidEsales\Eshop\Application\Model\User;
use OxidEsales\Eshop\Core\Registry; use OxidEsales\Eshop\Core\Registry;
@ -153,7 +154,7 @@ class d3backupcodeTest extends d3TotpUnitTestCase
*/ */
public function d3GetUserReturnCurrentUser() public function d3GetUserReturnCurrentUser()
{ {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, 'foobar'); Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, 'foobar');
$oUser = $this->callMethod($this->_oModel, 'd3GetUser'); $oUser = $this->callMethod($this->_oModel, 'd3GetUser');

141
src/tests/unit/Modules/Application/Component/d3_totp_UserComponentTest.php
View File

@ -14,6 +14,7 @@
namespace D3\Totp\tests\unit\Modules\Application\Component; namespace D3\Totp\tests\unit\Modules\Application\Component;
use D3\Totp\Application\Model\d3totp; use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\d3totp_conf;
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException; use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
use D3\Totp\Modules\Application\Component\d3_totp_UserComponent; use D3\Totp\Modules\Application\Component\d3_totp_UserComponent;
use D3\Totp\tests\unit\d3TotpUnitTestCase; use D3\Totp\tests\unit\d3TotpUnitTestCase;
@ -42,7 +43,7 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
$this->_oController = oxNew(UserComponent::class); $this->_oController = oxNew(UserComponent::class);
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false); Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false);
} }
public function tearDown(): void public function tearDown(): void
@ -84,13 +85,13 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
$oControllerMock = $this->getMockBuilder(UserComponent::class) $oControllerMock = $this->getMockBuilder(UserComponent::class)
->onlyMethods([ ->onlyMethods([
'd3GetTotpObject', 'd3GetTotpObject',
'd3GetSession', 'd3TotpGetSession',
'd3GetUtils', 'd3TotpGetUtils',
]) ])
->getMock(); ->getMock();
$oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock); $oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock);
$oControllerMock->method('d3GetSession')->willReturn($oSessionMock); $oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock);
$oControllerMock->method('d3GetUtils')->willReturn($oUtilsMock); $oControllerMock->method('d3TotpGetUtils')->willReturn($oUtilsMock);
$this->_oController = $oControllerMock; $this->_oController = $oControllerMock;
@ -145,13 +146,13 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
$oControllerMock = $this->getMockBuilder(UserComponent::class) $oControllerMock = $this->getMockBuilder(UserComponent::class)
->onlyMethods([ ->onlyMethods([
'd3GetTotpObject', 'd3GetTotpObject',
'd3GetSession', 'd3TotpGetSession',
'd3GetUtils', 'd3TotpGetUtils',
]) ])
->getMock(); ->getMock();
$oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock); $oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock);
$oControllerMock->method('d3GetSession')->willReturn($oSessionMock); $oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock);
$oControllerMock->method('d3GetUtils')->willReturn($oUtilsMock); $oControllerMock->method('d3TotpGetUtils')->willReturn($oUtilsMock);
$this->_oController = $oControllerMock; $this->_oController = $oControllerMock;
@ -221,15 +222,15 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
$oControllerMock = $this->getMockBuilder(UserComponent::class) $oControllerMock = $this->getMockBuilder(UserComponent::class)
->onlyMethods([ ->onlyMethods([
'd3GetTotpObject', 'd3GetTotpObject',
'd3GetSession', 'd3TotpGetSession',
'd3GetUtils', 'd3TotpGetUtils',
'getParent' 'getParent'
]) ])
->getMock(); ->getMock();
$oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock); $oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock);
$oControllerMock->method('getParent')->willReturn($oParentMock); $oControllerMock->method('getParent')->willReturn($oParentMock);
$oControllerMock->method('d3GetSession')->willReturn($oSessionMock); $oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock);
$oControllerMock->method('d3GetUtils')->willReturn($oUtilsMock); $oControllerMock->method('d3TotpGetUtils')->willReturn($oUtilsMock);
$this->_oController = $oControllerMock; $this->_oController = $oControllerMock;
@ -252,7 +253,7 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
/** /**
* @test * @test
* @throws ReflectionException * @throws ReflectionException
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::checkTotplogin * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpCheckTotpLogin
*/ */
public function checkTotploginNoTotpLogin() public function checkTotploginNoTotpLogin()
{ {
@ -272,29 +273,29 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
/** @var UserComponent|MockObject $oControllerMock */ /** @var UserComponent|MockObject $oControllerMock */
$oControllerMock = $this->getMockBuilder(UserComponent::class) $oControllerMock = $this->getMockBuilder(UserComponent::class)
->onlyMethods([ ->onlyMethods([
'isNoTotpOrNoLogin', 'd3TotpIsNoTotpOrNoLogin',
'hasValidTotp', 'd3TotpHasValidTotp',
'd3GetTotpObject', 'd3GetTotpObject',
'd3GetSession', 'd3TotpGetSession',
]) ])
->getMock(); ->getMock();
$oControllerMock->method('isNoTotpOrNoLogin')->willReturn(true); $oControllerMock->method('d3TotpIsNoTotpOrNoLogin')->willReturn(true);
$oControllerMock->expects($this->never())->method('hasValidTotp')->willReturn(false); $oControllerMock->expects($this->never())->method('d3TotpHasValidTotp')->willReturn(false);
$oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock); $oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock);
$oControllerMock->method('d3GetSession')->willReturn($oSessionMock); $oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock);
$this->_oController = $oControllerMock; $this->_oController = $oControllerMock;
$this->assertSame( $this->assertSame(
'd3totplogin', 'd3totplogin',
$this->callMethod($this->_oController, 'checkTotplogin') $this->callMethod($this->_oController, 'd3TotpCheckTotpLogin')
); );
} }
/** /**
* @test * @test
* @throws ReflectionException * @throws ReflectionException
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::checkTotplogin * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpCheckTotpLogin
*/ */
public function checkTotploginUnvalidTotp() public function checkTotploginUnvalidTotp()
{ {
@ -325,31 +326,31 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
/** @var UserComponent|MockObject $oControllerMock */ /** @var UserComponent|MockObject $oControllerMock */
$oControllerMock = $this->getMockBuilder(UserComponent::class) $oControllerMock = $this->getMockBuilder(UserComponent::class)
->onlyMethods([ ->onlyMethods([
'isNoTotpOrNoLogin', 'd3TotpIsNoTotpOrNoLogin',
'hasValidTotp', 'd3TotpHasValidTotp',
'd3GetUtilsView', 'd3TotpGetUtilsView',
'd3GetTotpObject', 'd3GetTotpObject',
'd3GetSession', 'd3TotpGetSession',
]) ])
->getMock(); ->getMock();
$oControllerMock->method('isNoTotpOrNoLogin')->willReturn(false); $oControllerMock->method('d3TotpIsNoTotpOrNoLogin')->willReturn(false);
$oControllerMock->expects($this->once())->method('hasValidTotp')->willThrowException($oTotpExceptionMock); $oControllerMock->expects($this->once())->method('d3TotpHasValidTotp')->willThrowException($oTotpExceptionMock);
$oControllerMock->method('d3GetUtilsView')->willReturn($oUtilsViewMock); $oControllerMock->method('d3TotpGetUtilsView')->willReturn($oUtilsViewMock);
$oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock); $oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock);
$oControllerMock->method('d3GetSession')->willReturn($oSessionMock); $oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock);
$this->_oController = $oControllerMock; $this->_oController = $oControllerMock;
$this->assertSame( $this->assertSame(
'd3totplogin', 'd3totplogin',
$this->callMethod($this->_oController, 'checkTotplogin') $this->callMethod($this->_oController, 'd3TotpCheckTotpLogin')
); );
} }
/** /**
* @test * @test
* @throws ReflectionException * @throws ReflectionException
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::checkTotplogin * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpCheckTotpLogin
*/ */
public function checkTotploginValidTotp() public function checkTotploginValidTotp()
{ {
@ -375,19 +376,19 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
/** @var UserComponent|MockObject $oControllerMock */ /** @var UserComponent|MockObject $oControllerMock */
$oControllerMock = $this->getMockBuilder(UserComponent::class) $oControllerMock = $this->getMockBuilder(UserComponent::class)
->onlyMethods([ ->onlyMethods([
'isNoTotpOrNoLogin', 'd3TotpIsNoTotpOrNoLogin',
'hasValidTotp', 'd3TotpHasValidTotp',
'd3GetUtilsView', 'd3TotpGetUtilsView',
'd3GetTotpObject', 'd3GetTotpObject',
'd3GetSession', 'd3TotpGetSession',
'setLoginStatus' 'setLoginStatus'
]) ])
->getMock(); ->getMock();
$oControllerMock->method('isNoTotpOrNoLogin')->willReturn(false); $oControllerMock->method('d3TotpIsNoTotpOrNoLogin')->willReturn(false);
$oControllerMock->expects($this->once())->method('hasValidTotp')->willReturn(true); $oControllerMock->expects($this->once())->method('d3TotpHasValidTotp')->willReturn(true);
$oControllerMock->method('d3GetUtilsView')->willReturn($oUtilsViewMock); $oControllerMock->method('d3TotpGetUtilsView')->willReturn($oUtilsViewMock);
$oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock); $oControllerMock->method('d3GetTotpObject')->willReturn($oTotpMock);
$oControllerMock->method('d3GetSession')->willReturn($oSessionMock); $oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock);
$oControllerMock->expects($this->once())->method('setLoginStatus')->with( $oControllerMock->expects($this->once())->method('setLoginStatus')->with(
$this->identicalTo(USER_LOGIN_SUCCESS) $this->identicalTo(USER_LOGIN_SUCCESS)
); );
@ -395,27 +396,27 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
$this->_oController = $oControllerMock; $this->_oController = $oControllerMock;
$this->assertFalse( $this->assertFalse(
$this->callMethod($this->_oController, 'checkTotplogin') $this->callMethod($this->_oController, 'd3TotpCheckTotpLogin')
); );
} }
/** /**
* @test * @test
* @throws ReflectionException * @throws ReflectionException
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3GetUtilsView * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpGetUtilsView
*/ */
public function d3GetUtilsViewReturnsRightInstance() public function d3GetUtilsViewReturnsRightInstance()
{ {
$this->assertInstanceOf( $this->assertInstanceOf(
UtilsView::class, UtilsView::class,
$this->callMethod($this->_oController, 'd3GetUtilsView') $this->callMethod($this->_oController, 'd3TotpGetUtilsView')
); );
} }
/** /**
* @test * @test
* @throws ReflectionException * @throws ReflectionException
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::cancelTotpLogin * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpCancelTotpLogin
*/ */
public function canCancelTotpLogin() public function canCancelTotpLogin()
{ {
@ -427,17 +428,17 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
$this->_oController = $oControllerMock; $this->_oController = $oControllerMock;
$this->callMethod($this->_oController, 'cancelTotpLogin'); $this->callMethod($this->_oController, 'd3TotpCancelTotpLogin');
} }
/** /**
* @test * @test
* @throws ReflectionException * @throws ReflectionException
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::isNoTotpOrNoLogin * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpIsNoTotpOrNoLogin
*/ */
public function isNoTotpOrNoLoginTrueNoSessionVariable() public function isNoTotpOrNoLoginTrueNoSessionVariable()
{ {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, false); Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, false);
/** @var d3totp|MockObject $oTotpMock */ /** @var d3totp|MockObject $oTotpMock */
$oTotpMock = $this->getMockBuilder(d3totp::class) $oTotpMock = $this->getMockBuilder(d3totp::class)
@ -447,18 +448,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
$oTotpMock->method('isActive')->willReturn(true); $oTotpMock->method('isActive')->willReturn(true);
$this->assertTrue( $this->assertTrue(
$this->callMethod($this->_oController, 'isNoTotpOrNoLogin', [$oTotpMock]) $this->callMethod($this->_oController, 'd3TotpIsNoTotpOrNoLogin', [$oTotpMock])
); );
} }
/** /**
* @test * @test
* @throws ReflectionException * @throws ReflectionException
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::isNoTotpOrNoLogin * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpIsNoTotpOrNoLogin
*/ */
public function isNoTotpOrNoLoginTrueTotpNotActive() public function isNoTotpOrNoLoginTrueTotpNotActive()
{ {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, true); Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, true);
/** @var d3totp|MockObject $oTotpMock */ /** @var d3totp|MockObject $oTotpMock */
$oTotpMock = $this->getMockBuilder(d3totp::class) $oTotpMock = $this->getMockBuilder(d3totp::class)
@ -468,18 +469,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
$oTotpMock->method('isActive')->willReturn(false); $oTotpMock->method('isActive')->willReturn(false);
$this->assertTrue( $this->assertTrue(
$this->callMethod($this->_oController, 'isNoTotpOrNoLogin', [$oTotpMock]) $this->callMethod($this->_oController, 'd3TotpIsNoTotpOrNoLogin', [$oTotpMock])
); );
} }
/** /**
* @test * @test
* @throws ReflectionException * @throws ReflectionException
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::isNoTotpOrNoLogin * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpIsNoTotpOrNoLogin
*/ */
public function isNoTotpOrNoLoginFalse() public function isNoTotpOrNoLoginFalse()
{ {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, true); Registry::getSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, true);
/** @var d3totp|MockObject $oTotpMock */ /** @var d3totp|MockObject $oTotpMock */
$oTotpMock = $this->getMockBuilder(d3totp::class) $oTotpMock = $this->getMockBuilder(d3totp::class)
@ -489,18 +490,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
$oTotpMock->method('isActive')->willReturn(true); $oTotpMock->method('isActive')->willReturn(true);
$this->assertFalse( $this->assertFalse(
$this->callMethod($this->_oController, 'isNoTotpOrNoLogin', [$oTotpMock]) $this->callMethod($this->_oController, 'd3TotpIsNoTotpOrNoLogin', [$oTotpMock])
); );
} }
/** /**
* @test * @test
* @throws ReflectionException * @throws ReflectionException
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::hasValidTotp * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpHasValidTotp
*/ */
public function hasValidTotpTrueSessionVarname() public function hasValidTotpTrueSessionVarname()
{ {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, true); Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, true);
/** @var d3totp|MockObject $oTotpMock */ /** @var d3totp|MockObject $oTotpMock */
$oTotpMock = $this->getMockBuilder(d3totp::class) $oTotpMock = $this->getMockBuilder(d3totp::class)
@ -510,18 +511,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
$oTotpMock->method('verify')->willReturn(false); $oTotpMock->method('verify')->willReturn(false);
$this->assertTrue( $this->assertTrue(
$this->callMethod($this->_oController, 'hasValidTotp', ['123456', $oTotpMock]) $this->callMethod($this->_oController, 'd3TotpHasValidTotp', ['123456', $oTotpMock])
); );
} }
/** /**
* @test * @test
* @throws ReflectionException * @throws ReflectionException
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::hasValidTotp * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpHasValidTotp
*/ */
public function hasValidTotpTrueValidTotp() public function hasValidTotpTrueValidTotp()
{ {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false); Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false);
/** @var d3totp|MockObject $oTotpMock */ /** @var d3totp|MockObject $oTotpMock */
$oTotpMock = $this->getMockBuilder(d3totp::class) $oTotpMock = $this->getMockBuilder(d3totp::class)
@ -531,18 +532,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
$oTotpMock->method('verify')->willReturn(true); $oTotpMock->method('verify')->willReturn(true);
$this->assertTrue( $this->assertTrue(
$this->callMethod($this->_oController, 'hasValidTotp', ['123456', $oTotpMock]) $this->callMethod($this->_oController, 'd3TotpHasValidTotp', ['123456', $oTotpMock])
); );
} }
/** /**
* @test * @test
* @throws ReflectionException * @throws ReflectionException
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::hasValidTotp * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpHasValidTotp
*/ */
public function hasValidTotpFalseMissingTotp() public function hasValidTotpFalseMissingTotp()
{ {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false); Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false);
/** @var d3totp|MockObject $oTotpMock */ /** @var d3totp|MockObject $oTotpMock */
$oTotpMock = $this->getMockBuilder(d3totp::class) $oTotpMock = $this->getMockBuilder(d3totp::class)
@ -552,18 +553,18 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
$oTotpMock->method('verify')->willReturn(true); $oTotpMock->method('verify')->willReturn(true);
$this->assertFalse( $this->assertFalse(
$this->callMethod($this->_oController, 'hasValidTotp', [null, $oTotpMock]) $this->callMethod($this->_oController, 'd3TotpHasValidTotp', [null, $oTotpMock])
); );
} }
/** /**
* @test * @test
* @throws ReflectionException * @throws ReflectionException
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::hasValidTotp * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpHasValidTotp
*/ */
public function hasValidTotpFalseUnverifiedTotp() public function hasValidTotpFalseUnverifiedTotp()
{ {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false); Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false);
/** @var d3totp|MockObject $oTotpMock */ /** @var d3totp|MockObject $oTotpMock */
$oTotpMock = $this->getMockBuilder(d3totp::class) $oTotpMock = $this->getMockBuilder(d3totp::class)
@ -573,7 +574,7 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
$oTotpMock->method('verify')->willReturn(false); $oTotpMock->method('verify')->willReturn(false);
$this->assertFalse( $this->assertFalse(
$this->callMethod($this->_oController, 'hasValidTotp', ['123456', $oTotpMock]) $this->callMethod($this->_oController, 'd3TotpHasValidTotp', ['123456', $oTotpMock])
); );
} }
@ -592,9 +593,9 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
/** @var UserComponent|MockObject $oControllerMock */ /** @var UserComponent|MockObject $oControllerMock */
$oControllerMock = $this->getMockBuilder(UserComponent::class) $oControllerMock = $this->getMockBuilder(UserComponent::class)
->onlyMethods(['d3GetSession']) ->onlyMethods(['d3TotpGetSession'])
->getMock(); ->getMock();
$oControllerMock->method('d3GetSession')->willReturn($oSessionMock); $oControllerMock->method('d3TotpGetSession')->willReturn($oSessionMock);
$this->_oController = $oControllerMock; $this->_oController = $oControllerMock;
@ -604,13 +605,13 @@ class d3_totp_UserComponentTest extends d3TotpUnitTestCase
/** /**
* @test * @test
* @throws ReflectionException * @throws ReflectionException
* @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3GetSession * @covers \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::d3TotpGetSession
*/ */
public function d3GetSessionReturnsRightInstance() public function d3GetSessionReturnsRightInstance()
{ {
$this->assertInstanceOf( $this->assertInstanceOf(
Session::class, Session::class,
$this->callMethod($this->_oController, 'd3GetSession') $this->callMethod($this->_oController, 'd3TotpGetSession')
); );
} }
} }

9
src/tests/unit/Modules/Application/Controller/Admin/d3_totp_LoginControllerTest.php
View File

@ -15,6 +15,7 @@ namespace D3\Totp\tests\unit\Modules\Application\Controller\Admin;
use D3\Totp\Application\Model\d3backupcodelist; use D3\Totp\Application\Model\d3backupcodelist;
use D3\Totp\Application\Model\d3totp; use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\d3totp_conf;
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException; use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
use D3\Totp\Modules\Application\Controller\Admin\d3_totp_LoginController; use D3\Totp\Modules\Application\Controller\Admin\d3_totp_LoginController;
use D3\Totp\tests\unit\d3TotpUnitTestCase; use D3\Totp\tests\unit\d3TotpUnitTestCase;
@ -599,7 +600,7 @@ class d3_totp_LoginControllerTest extends d3TotpUnitTestCase
*/ */
public function hasValidTotpTrueSessionVarname() public function hasValidTotpTrueSessionVarname()
{ {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, true); Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, true);
/** @var d3totp|MockObject $oTotpMock */ /** @var d3totp|MockObject $oTotpMock */
$oTotpMock = $this->getMockBuilder(d3totp::class) $oTotpMock = $this->getMockBuilder(d3totp::class)
@ -620,7 +621,7 @@ class d3_totp_LoginControllerTest extends d3TotpUnitTestCase
*/ */
public function hasValidTotpTrueValidTotp() public function hasValidTotpTrueValidTotp()
{ {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false); Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false);
/** @var d3totp|MockObject $oTotpMock */ /** @var d3totp|MockObject $oTotpMock */
$oTotpMock = $this->getMockBuilder(d3totp::class) $oTotpMock = $this->getMockBuilder(d3totp::class)
@ -641,7 +642,7 @@ class d3_totp_LoginControllerTest extends d3TotpUnitTestCase
*/ */
public function hasValidTotpFalseMissingTotp() public function hasValidTotpFalseMissingTotp()
{ {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false); Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false);
/** @var d3totp|MockObject $oTotpMock */ /** @var d3totp|MockObject $oTotpMock */
$oTotpMock = $this->getMockBuilder(d3totp::class) $oTotpMock = $this->getMockBuilder(d3totp::class)
@ -662,7 +663,7 @@ class d3_totp_LoginControllerTest extends d3TotpUnitTestCase
*/ */
public function hasValidTotpFalseUnverifiedTotp() public function hasValidTotpFalseUnverifiedTotp()
{ {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, false); Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false);
/** @var d3totp|MockObject $oTotpMock */ /** @var d3totp|MockObject $oTotpMock */
$oTotpMock = $this->getMockBuilder(d3totp::class) $oTotpMock = $this->getMockBuilder(d3totp::class)

8
src/tests/unit/Modules/Application/Model/d3_totp_userTest.php
View File

@ -58,9 +58,9 @@ class d3_totp_userTest extends d3TotpUnitTestCase
/** @var d3_totp_user|MockObject $oModelMock */ /** @var d3_totp_user|MockObject $oModelMock */
$oModelMock = $this->getMockBuilder(User::class) $oModelMock = $this->getMockBuilder(User::class)
->onlyMethods(['d3GetSession']) ->onlyMethods(['d3TotpGetSession'])
->getMock(); ->getMock();
$oModelMock->method('d3GetSession')->willReturn($oSessionMock); $oModelMock->method('d3TotpGetSession')->willReturn($oSessionMock);
$this->_oModel = $oModelMock; $this->_oModel = $oModelMock;
@ -88,13 +88,13 @@ class d3_totp_userTest extends d3TotpUnitTestCase
/** /**
* @test * @test
* @throws ReflectionException * @throws ReflectionException
* @covers \D3\Totp\Modules\Application\Model\d3_totp_user::d3GetSession * @covers \D3\Totp\Modules\Application\Model\d3_totp_user::d3TotpGetSession
*/ */
public function d3GetSessionReturnsRightInstance() public function d3GetSessionReturnsRightInstance()
{ {
$this->assertInstanceOf( $this->assertInstanceOf(
Session::class, Session::class,
$this->callMethod($this->_oModel, 'd3GetSession') $this->callMethod($this->_oModel, 'd3TotpGetSession')
); );
} }
} }