Merge pull request #1 from tmloberon/tmloberon-new-bacon-version

Update composer
2022-09-26 14:50:39 +02:00 · 2022-09-26 14:50:39 +02:00 · f0a3124303
parent 639ca50114 96f6de6300
commit f0a3124303
5 changed files with 118 additions and 57 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,10 @@
+# oxtotp (2FA)
+Modul für eine 2-Faktor-Authentisierung (2FA) zum Login in Front- und Backend zusätzlich zu Benutzername und Passwort.
+
+- Authentisierung wird nur bei Benutzerkonten gezeigt, die dieses aktiviert haben - sonst nur Standardanmeldung die Basis der Passwortgenerierung wird für jedes Benutzerkonto individuell angelegt</li>
+
+- Einrichtung des Zugangs in der Auth-App kann durch scanbaren QR-Code oder kopierbare Zeichenkette erfolgen
+
+- Validierung der Einmalpassworte und Generierung der QR-Codes werden ausschließlich innerhalb des Shops durchgeführt - keine Kommunikation nach außen nötig
+
+- statische Backupcodes ermöglichen auch eine (begrenzte) Anmeldung ohne Zugang zum Generierungstool
--- a/composer.json
+++ b/composer.json
@ -1,45 +1,52 @@
-{
-  "name": "d3/oxtotp",
-  "description": "Two-factor authentication via time-based one-time password for OXID eSales shop",
-  "type": "oxideshop-module",
-  "keywords": [
-    "oxid",
-    "modules",
-    "eShop",
-    "d3",
-    "2FA"
-  ],
-  "authors": [
-    {
-        "name": "D3 Data Development (Inh. Thomas Dartsch)",
-        "email": "info@shopmodule.com",
-        "homepage": "http://www.d3data.de",
-        "role": "Owner"
-    }
-  ],
-  "support": {
-    "email": "support@shopmodule.com"
-  },
-  "homepage": "https://www.oxidmodule.com/",
-  "license": [
-    "GPL-3.0-only"
-  ],
-  "extra": {
-    "oxideshop": {
-      "source-directory": "/src",
-      "target-directory": "d3/totp"
-    }
-  },
-  "require": {
-    "php": ">=5.6",
-    "oxid-esales/oxideshop-metapackage-ce": "~6.0.3 || ~6.1.0 || ~6.2.0",
-    "spomky-labs/otphp": "^8.3",
-    "bacon/bacon-qr-code": "^1.0",
-    "zendframework/zend-math": "^3.2"
-  },
-  "autoload": {
-    "psr-4": {
-      "D3\\Totp\\": "../../../source/modules/d3/totp"
-    }
-  }
-}
+{
+  "name": "d3/oxtotp",
+  "description": "Two-factor authentication via time-based one-time password for OXID eSales shop",
+  "type": "oxideshop-module",
+  "keywords": [
+    "oxid",
+    "modules",
+    "eShop",
+    "d3",
+    "2FA"
+  ],
+  "authors": [
+    {
+        "name": "D3 Data Development (Inh. Thomas Dartsch)",
+        "email": "info@shopmodule.com",
+        "homepage": "http://www.d3data.de",
+        "role": "Owner"
+    },
+    {
+        "name": "Tobi Matthaiou",
+        "email": "tm@loberon.com",
+        "homepage": "http://www.loberon.de",
+        "role": "Contributor"
+    }
+  ],
+  "support": {
+    "email": "support@shopmodule.com"
+  },
+  "homepage": "https://www.oxidmodule.com/",
+  "license": [
+    "GPL-3.0-only"
+  ],
+  "extra": {
+    "oxideshop": {
+      "source-directory": "/src",
+      "target-directory": "d3/totp"
+    }
+  },
+  "require": {
+    "php": ">=5.6",
+    "ext-xmlwriter": "*",
+    "oxid-esales/oxideshop-metapackage-ce": "~6.0.3 || ~6.1.0 || ~6.2.0 || ~6.3.0  || ~6.4.0  || ~6.5.0",
+    "spomky-labs/otphp": "^8.3",
+    "bacon/bacon-qr-code": "^1.0 || ^2.0",
+    "zendframework/zend-math": "^3.2"
+  },
+  "autoload": {
+    "psr-4": {
+      "D3\\Totp\\": "../../../source/modules/d3/totp"
+    }
+  }
+}
--- a/src/Application/Factory/BaconQrCodeFactory.php
+++ b/src/Application/Factory/BaconQrCodeFactory.php
@ -0,0 +1,47 @@
+<?php
+
+declare(strict_types=1);
+
+namespace D3\Totp\Application\Factory;
+
+use BaconQrCode\Renderer\RendererInterface;
+use BaconQrCode\Renderer\Image\Svg;                   // v1.0.3
+use BaconQrCode\Renderer\ImageRenderer;               // v2.0.0
+use BaconQrCode\Renderer\Image\SvgImageBackEnd;       // v2.0.0
+use BaconQrCode\Renderer\RendererStyle\RendererStyle; // v2.0.0
+
+
+class BaconQrCodeFactory
+{
+    /**
+     * @return RendererInterface
+     */
+    public static function renderer($size)
+    {
+        if (class_exists(Svg::class)) {
+            return self::v100($size);
+        }
+
+        return self::v200($size);
+    }
+
+    private static function v200($size)
+    {
+        $renderer = oxNew(
+            ImageRenderer::class,
+            oxNew(RendererStyle::class, $size),
+            oxNew(SvgImageBackEnd::class),
+        );
+
+        return $renderer;
+    }
+
+    private static function v100($size)
+    {
+        $renderer = oxNew(Svg::class);
+        $renderer->setHeight($size);
+        $renderer->setWidth($size);
+
+        return $renderer;
+    }
+}
--- a/src/Application/Model/d3totp.php
+++ b/src/Application/Model/d3totp.php
@ -15,9 +15,9 @@

 namespace D3\Totp\Application\Model;

-use BaconQrCode\Renderer\Image\Svg;
 use BaconQrCode\Renderer\RendererInterface;
 use BaconQrCode\Writer;
+use D3\Totp\Application\Factory\BaconQrCodeFactory;
 use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
 use Doctrine\DBAL\DBALException;
 use OTPHP\TOTP;
@ -177,10 +177,7 @@ class d3totp extends BaseModel
     */
    public function getQrCodeElement()
    {
-        $renderer = oxNew(Svg::class);
-        $renderer->setHeight(200);
-        $renderer->setWidth(200);
-
+        $renderer = BaconQrCodeFactory::renderer(200);
        $writer = $this->d3GetWriter($renderer);
        return $writer->writeString($this->getTotp()->getProvisioningUri());
    }
--- a/src/tests/unit/Application/Model/d3totpTest.php
+++ b/src/tests/unit/Application/Model/d3totpTest.php
@ -17,8 +17,8 @@

 namespace D3\Totp\tests\unit\Application\Model;

-use BaconQrCode\Renderer\Image\Svg;
 use BaconQrCode\Writer;
+use D3\Totp\Application\Factory\BaconQrCodeFactory;
 use D3\Totp\Application\Model\d3backupcodelist;
 use D3\Totp\Application\Model\d3totp;
 use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
@ -484,7 +484,7 @@ class d3totpTest extends d3TotpUnitTestCase
            'getFieldData',
        ));
        $oUserMock->method('getFieldData')->willReturn('username');
-        
+
        /** @var d3totp|PHPUnit_Framework_MockObject_MockObject $oModelMock */
        $oModelMock = $this->getMock(d3totp::class, array(
            'getUser',
@ -544,7 +544,7 @@ class d3totpTest extends d3TotpUnitTestCase
            'getQrCodeUri'
        ));
        $oTotpMock->expects($this->once())->method('getQrCodeUri')->willReturn(true);
-        
+
        /** @var d3totp|PHPUnit_Framework_MockObject_MockObject $oModelMock */
        $oModelMock = $this->getMock(d3totp::class, array(
            'getTotp'
@ -562,7 +562,7 @@ class d3totpTest extends d3TotpUnitTestCase
     */
    public function getQrCodeElement()
    {
-        $renderer = oxNew(Svg::class);
+        $renderer = BaconQrCodeFactory::renderer(200);

        /** @var d3totp|PHPUnit_Framework_MockObject_MockObject $oTotpMock */
        $oTotpMock = $this->getMock(d3totp::class, array(
@ -595,14 +595,14 @@ class d3totpTest extends d3TotpUnitTestCase
     */
    public function d3GetWriterReturnsRightInstance()
    {
-        $renderer = oxNew(Svg::class);
+        $renderer = BaconQrCodeFactory::renderer(200);;

        $this->assertInstanceOf(
            Writer::class,
            $this->callMethod($this->_oModel, 'd3GetWriter', [$renderer])
        );
    }
-    
+
    /**
     * @test
     * @throws ReflectionException
@ -878,4 +878,4 @@ class d3totpTest extends d3TotpUnitTestCase
            $this->callMethod($this->_oModel, 'delete')
        );
    }
-}
+}