webauthn/src/Application/Controller/Admin/d3webauthnadminlogin.php

<?php

/**
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 * https://www.d3data.de
 *
 * @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
 * @author    D3 Data Development - Daniel Seifert <info@shopmodule.com>
 * @link      https://www.oxidmodule.com
 */

declare(strict_types=1);

namespace D3\Webauthn\Application\Controller\Admin;

use D3\TestingTools\Production\IsMockable;
use D3\Webauthn\Application\Controller\Traits\helpersTrait;
use D3\Webauthn\Application\Model\Exceptions\WebauthnGetException;
use D3\Webauthn\Application\Model\WebauthnAfterLogin;
use D3\Webauthn\Application\Model\WebauthnConf;
use D3\Webauthn\Application\Model\Exceptions\WebauthnException;
use D3\Webauthn\Application\Model\WebauthnLogin;
use Doctrine\DBAL\Driver\Exception as DoctrineDriverException;
use Doctrine\DBAL\Exception as DoctrineException;
use OxidEsales\Eshop\Application\Controller\Admin\AdminController;
use OxidEsales\Eshop\Application\Controller\FrontendController;
use OxidEsales\Eshop\Core\Registry;
use OxidEsales\Eshop\Core\Request;
use OxidEsales\Eshop\Core\SystemEventHandler;
use OxidEsales\Eshop\Core\Utils;
use OxidEsales\Eshop\Core\UtilsServer;
use OxidEsales\Eshop\Core\UtilsView;
use Psr\Container\ContainerExceptionInterface;
use Psr\Container\NotFoundExceptionInterface;

class d3webauthnadminlogin extends AdminController
{
    use helpersTrait;
    use IsMockable;

    protected $_sThisTemplate = 'd3webauthnadminlogin.tpl';

    /**
     * @return bool
     */
    protected function _authorize(): bool
    {
        return true;
    }

    /**
     * @return string
     * @throws ContainerExceptionInterface
     * @throws DoctrineDriverException
     * @throws DoctrineException
     * @throws NotFoundExceptionInterface
     */
    public function render(): string
    {
        if ($this->d3GetSession()->hasVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_AUTH)) {
            $this->getUtils()->redirect('index.php?cl=admin_start');
        } elseif (!$this->d3GetSession()->hasVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER)) {
            $this->getUtils()->redirect('index.php?cl=login');
        }

        $this->generateCredentialRequest();

        $this->addTplParam('navFormParams', $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_NAVFORMPARAMS));
        $this->addTplParam('currentProfile', $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_PROFILE));
        $this->d3GetSession()->deleteVariable(WebauthnConf::WEBAUTHN_ADMIN_PROFILE);
        $this->addTplParam('currentChLanguage', $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_CHLANGUAGE));

        $afterLogin = $this->d3WebauthnGetAfterLogin();
        $afterLogin->changeLanguage();

        return $this->d3CallMockableParent('render');
    }

    /**
     * @return void
     * @throws DoctrineDriverException
     * @throws DoctrineException
     * @throws ContainerExceptionInterface
     * @throws NotFoundExceptionInterface
     */
    public function generateCredentialRequest(): void
    {
        $userId = $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER);
        try {
            $webauthn = $this->d3GetWebauthnObject();
            $publicKeyCredentialRequestOptions = $webauthn->getRequestOptions($userId);
            $this->d3GetSession()->setVariable(WebauthnConf::WEBAUTHN_ADMIN_LOGIN_OBJECT, $publicKeyCredentialRequestOptions);
            $this->addTplParam('webauthn_publickey_login', $publicKeyCredentialRequestOptions);
            $this->addTplParam('isAdmin', isAdmin());
        } catch (WebauthnException $e) {
            $this->d3GetSession()->setVariable(WebauthnConf::GLOBAL_SWITCH, true);
            $this->d3GetUtilsViewObject()->addErrorToDisplay($e);
            $this->d3GetLoggerObject()->error($e->getDetailedErrorMessage(), ['UserId'   => $userId]);
            $this->d3GetLoggerObject()->debug($e->getTraceAsString());
            $this->getUtils()->redirect('index.php?cl=login');
        }
    }

    /**
     * @param string $credential
     * @param string|null $error
     * @throws WebauthnGetException
     * @return WebauthnLogin
     */
    public function getWebauthnLoginObject(string $credential, ?string $error): WebauthnLogin
    {
        return oxNew(WebauthnLogin::class, $credential, $error);
    }

    /**
     * @return string|null
     */
    public function d3AssertAuthn(): ?string
    {
        try {
            $login = $this->getWebauthnLoginObject(
                $this->d3WebAuthnGetRequest()->getRequestEscapedParameter('credential'),
                $this->d3WebAuthnGetRequest()->getRequestEscapedParameter('error')
            );
            return $login->adminLogin(
                $this->d3WebAuthnGetRequest()->getRequestEscapedParameter('profile')
            );
        } catch (WebauthnGetException $e) {
            $this->d3GetUtilsViewObject()->addErrorToDisplay($e);
            return 'login';
        }
    }

    /**
     * @return Utils
     */
    public function getUtils(): Utils
    {
        return Registry::getUtils();
    }

    /**
     * @return string|null
     */
    public function d3GetPreviousClass(): ?string
    {
        return $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTCLASS);
    }

    /**
     * @return bool
     */
    public function previousClassIsOrderStep(): bool
    {
        $sClassKey = $this->d3GetPreviousClass();
        $resolvedClass = $this->d3GetControllerClassNameResolver()->getClassNameById($sClassKey);
        $resolvedClass = $resolvedClass ?: 'start';

        /** @var FrontendController $oController */
        $oController = oxNew($resolvedClass);
        return $oController->getIsOrderStep();
    }

    /**
     * @return bool
     */
    public function getIsOrderStep(): bool
    {
        return $this->previousClassIsOrderStep();
    }

    /**
     * @return WebauthnAfterLogin
     */
    public function d3WebauthnGetAfterLogin(): WebauthnAfterLogin
    {
        return oxNew(WebauthnAfterLogin::class);
    }

    /**
     * @return SystemEventHandler
     */
    public function d3WebauthnGetEventHandler(): SystemEventHandler
    {
        return oxNew(SystemEventHandler::class);
    }

    /**
     * @return Request
     */
    public function d3WebAuthnGetRequest(): Request
    {
        return Registry::getRequest();
    }

    /**
     * @return UtilsServer
     */
    public function d3WebauthnGetUtilsServer(): UtilsServer
    {
        return Registry::getUtilsServer();
    }
}
enable key login in admin 2022-10-29 00:19:34 +02:00			`<?php`

			`/**`
change license notes 2022-11-04 22:45:47 +01:00			`* For the full copyright and license information, please view the LICENSE`
			`* file that was distributed with this source code.`
			`*`
			`* https://www.d3data.de`
enable key login in admin 2022-10-29 00:19:34 +02:00			`*`
			`* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)`
change license notes 2022-11-04 22:45:47 +01:00			`* @author D3 Data Development - Daniel Seifert <info@shopmodule.com>`
			`* @link https://www.oxidmodule.com`
enable key login in admin 2022-10-29 00:19:34 +02:00			`*/`

improve code 2022-11-04 22:02:44 +01:00			`declare(strict_types=1);`

enable key login in admin 2022-10-29 00:19:34 +02:00			`namespace D3\Webauthn\Application\Controller\Admin;`

add admin controller tests, improve controller classes 2022-11-23 00:18:09 +01:00			`use D3\TestingTools\Production\IsMockable;`
			`use D3\Webauthn\Application\Controller\Traits\helpersTrait;`
improve error handling 2022-11-03 13:18:02 +01:00			`use D3\Webauthn\Application\Model\Exceptions\WebauthnGetException;`
extract assertAuth and login procedure to separate classes 2022-11-30 01:27:05 +01:00			`use D3\Webauthn\Application\Model\WebauthnAfterLogin;`
enable key login in admin 2022-10-29 00:19:34 +02:00			`use D3\Webauthn\Application\Model\WebauthnConf;`
improve error handling 2022-11-03 13:18:02 +01:00			`use D3\Webauthn\Application\Model\Exceptions\WebauthnException;`
extract assertAuth and login procedure to separate classes 2022-11-30 01:27:05 +01:00			`use D3\Webauthn\Application\Model\WebauthnLogin;`
improve code 2022-10-31 23:17:04 +01:00			`use Doctrine\DBAL\Driver\Exception as DoctrineDriverException;`
			`use Doctrine\DBAL\Exception as DoctrineException;`
enable key login in admin 2022-10-29 00:19:34 +02:00			`use OxidEsales\Eshop\Application\Controller\Admin\AdminController;`
			`use OxidEsales\Eshop\Application\Controller\FrontendController;`
			`use OxidEsales\Eshop\Core\Registry;`
add admin controller tests 2022-11-27 01:02:23 +01:00			`use OxidEsales\Eshop\Core\Request;`
restore assertAuth in component instead in frontend controller, prevent check login parent call (OTP doesnt require this anymore) 2022-11-24 01:02:20 +01:00			`use OxidEsales\Eshop\Core\SystemEventHandler;`
enable key login in admin 2022-10-29 00:19:34 +02:00			`use OxidEsales\Eshop\Core\Utils;`
add admin controller tests 2022-11-27 01:02:23 +01:00			`use OxidEsales\Eshop\Core\UtilsServer;`
extract assertAuth and login procedure to separate classes 2022-11-30 01:27:05 +01:00			`use OxidEsales\Eshop\Core\UtilsView;`
improve code 2022-10-31 23:17:04 +01:00			`use Psr\Container\ContainerExceptionInterface;`
			`use Psr\Container\NotFoundExceptionInterface;`
enable key login in admin 2022-10-29 00:19:34 +02:00
			`class d3webauthnadminlogin extends AdminController`
			`{`
add admin controller tests, improve controller classes 2022-11-23 00:18:09 +01:00			`use helpersTrait;`
			`use IsMockable;`

enable key login in admin 2022-10-29 00:19:34 +02:00			`protected $_sThisTemplate = 'd3webauthnadminlogin.tpl';`

improve code 2022-11-04 22:02:44 +01:00			`/**`
			`* @return bool`
			`*/`
improve code 2022-10-30 00:27:11 +02:00			`protected function _authorize(): bool`
enable key login in admin 2022-10-29 00:19:34 +02:00			`{`
			`return true;`
			`}`

			`/**`
improve code 2022-11-04 22:02:44 +01:00			`* @return string`
improve code 2022-10-31 23:17:04 +01:00			`* @throws ContainerExceptionInterface`
			`* @throws DoctrineDriverException`
			`* @throws DoctrineException`
			`* @throws NotFoundExceptionInterface`
enable key login in admin 2022-10-29 00:19:34 +02:00			`*/`
improve code 2022-11-04 22:02:44 +01:00			`public function render(): string`
enable key login in admin 2022-10-29 00:19:34 +02:00			`{`
add admin controller tests 2022-11-27 01:02:23 +01:00			`if ($this->d3GetSession()->hasVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_AUTH)) {`
enable key login in admin 2022-10-29 00:19:34 +02:00			`$this->getUtils()->redirect('index.php?cl=admin_start');`
add admin controller tests 2022-11-27 01:02:23 +01:00			`} elseif (!$this->d3GetSession()->hasVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER)) {`
			`$this->getUtils()->redirect('index.php?cl=login');`
enable key login in admin 2022-10-29 00:19:34 +02:00			`}`

			`$this->generateCredentialRequest();`

add admin controller tests, improve controller classes 2022-11-23 00:18:09 +01:00			`$this->addTplParam('navFormParams', $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_NAVFORMPARAMS));`
transfer profile and language selection through webauthn process 2022-11-24 09:10:45 +01:00			`$this->addTplParam('currentProfile', $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_PROFILE));`
			`$this->d3GetSession()->deleteVariable(WebauthnConf::WEBAUTHN_ADMIN_PROFILE);`
			`$this->addTplParam('currentChLanguage', $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_CHLANGUAGE));`
extract assertAuth and login procedure to separate classes 2022-11-30 01:27:05 +01:00
			`$afterLogin = $this->d3WebauthnGetAfterLogin();`
			`$afterLogin->changeLanguage();`
add admin controller tests, improve controller classes 2022-11-23 00:18:09 +01:00
			`return $this->d3CallMockableParent('render');`
enable key login in admin 2022-10-29 00:19:34 +02:00			`}`

improve code 2022-10-31 23:17:04 +01:00			`/**`
			`* @return void`
			`* @throws DoctrineDriverException`
			`* @throws DoctrineException`
			`* @throws ContainerExceptionInterface`
			`* @throws NotFoundExceptionInterface`
			`*/`
improve code 2022-11-04 22:02:44 +01:00			`public function generateCredentialRequest(): void`
enable key login in admin 2022-10-29 00:19:34 +02:00			`{`
separate session var names between frontend and backend 2022-11-23 08:46:25 +01:00			`$userId = $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER);`
cleanup + improve code 2022-10-31 00:11:06 +01:00			`try {`
add admin controller tests, improve controller classes 2022-11-23 00:18:09 +01:00			`$webauthn = $this->d3GetWebauthnObject();`
cleanup + improve code 2022-10-31 00:11:06 +01:00			`$publicKeyCredentialRequestOptions = $webauthn->getRequestOptions($userId);`
separate session var names between frontend and backend 2022-11-23 08:46:25 +01:00			`$this->d3GetSession()->setVariable(WebauthnConf::WEBAUTHN_ADMIN_LOGIN_OBJECT, $publicKeyCredentialRequestOptions);`
cleanup + improve code 2022-10-31 00:11:06 +01:00			`$this->addTplParam('webauthn_publickey_login', $publicKeyCredentialRequestOptions);`
			`$this->addTplParam('isAdmin', isAdmin());`
			`} catch (WebauthnException $e) {`
add admin controller tests, improve controller classes 2022-11-23 00:18:09 +01:00			`$this->d3GetSession()->setVariable(WebauthnConf::GLOBAL_SWITCH, true);`
extract assertAuth and login procedure to separate classes 2022-11-30 01:27:05 +01:00			`$this->d3GetUtilsViewObject()->addErrorToDisplay($e);`
add admin controller tests, improve controller classes 2022-11-23 00:18:09 +01:00			`$this->d3GetLoggerObject()->error($e->getDetailedErrorMessage(), ['UserId' => $userId]);`
			`$this->d3GetLoggerObject()->debug($e->getTraceAsString());`
improve code 2022-10-31 23:17:04 +01:00			`$this->getUtils()->redirect('index.php?cl=login');`
cleanup + improve code 2022-10-31 00:11:06 +01:00			`}`
enable key login in admin 2022-10-29 00:19:34 +02:00			`}`

extract assertAuth and login procedure to separate classes 2022-11-30 01:27:05 +01:00			`/**`
			`* @param string $credential`
			`* @param string\|null $error`
			`* @throws WebauthnGetException`
			`* @return WebauthnLogin`
			`*/`
			`public function getWebauthnLoginObject(string $credential, ?string $error): WebauthnLogin`
			`{`
			`return oxNew(WebauthnLogin::class, $credential, $error);`
			`}`

improve code 2022-11-04 22:02:44 +01:00			`/**`
			`* @return string\|null`
			`*/`
			`public function d3AssertAuthn(): ?string`
enable key login in admin 2022-10-29 00:19:34 +02:00			`{`
			`try {`
extract assertAuth and login procedure to separate classes 2022-11-30 01:27:05 +01:00			`$login = $this->getWebauthnLoginObject(`
			`$this->d3WebAuthnGetRequest()->getRequestEscapedParameter('credential'),`
			`$this->d3WebAuthnGetRequest()->getRequestEscapedParameter('error')`
			`);`
			`return $login->adminLogin(`
			`$this->d3WebAuthnGetRequest()->getRequestEscapedParameter('profile')`
			`);`
			`} catch (WebauthnGetException $e) {`
			`$this->d3GetUtilsViewObject()->addErrorToDisplay($e);`
			`return 'login';`
enable key login in admin 2022-10-29 00:19:34 +02:00			`}`
			`}`

			`/**`
			`* @return Utils`
			`*/`
improve code 2022-10-30 00:27:11 +02:00			`public function getUtils(): Utils`
enable key login in admin 2022-10-29 00:19:34 +02:00			`{`
			`return Registry::getUtils();`
			`}`

improve code 2022-11-04 22:02:44 +01:00			`/**`
			`* @return string\|null`
			`*/`
add admin controller tests 2022-11-27 01:02:23 +01:00			`public function d3GetPreviousClass(): ?string`
enable key login in admin 2022-10-29 00:19:34 +02:00			`{`
separate session var names between frontend and backend 2022-11-23 08:46:25 +01:00			`return $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTCLASS);`
enable key login in admin 2022-10-29 00:19:34 +02:00			`}`

improve code 2022-11-04 22:02:44 +01:00			`/**`
			`* @return bool`
			`*/`
improve code 2022-10-30 00:27:11 +02:00			`public function previousClassIsOrderStep(): bool`
enable key login in admin 2022-10-29 00:19:34 +02:00			`{`
add admin controller tests 2022-11-27 01:02:23 +01:00			`$sClassKey = $this->d3GetPreviousClass();`
add admin controller tests, improve controller classes 2022-11-23 00:18:09 +01:00			`$resolvedClass = $this->d3GetControllerClassNameResolver()->getClassNameById($sClassKey);`
improve code 2022-10-30 00:27:11 +02:00			`$resolvedClass = $resolvedClass ?: 'start';`
enable key login in admin 2022-10-29 00:19:34 +02:00
			`/** @var FrontendController $oController */`
			`$oController = oxNew($resolvedClass);`
			`return $oController->getIsOrderStep();`
			`}`

			`/**`
			`* @return bool`
			`*/`
improve code 2022-10-30 00:27:11 +02:00			`public function getIsOrderStep(): bool`
enable key login in admin 2022-10-29 00:19:34 +02:00			`{`
			`return $this->previousClassIsOrderStep();`
			`}`
add admin controller tests 2022-11-27 01:02:23 +01:00
			`/**`
extract assertAuth and login procedure to separate classes 2022-11-30 01:27:05 +01:00			`* @return WebauthnAfterLogin`
add admin controller tests 2022-11-27 01:02:23 +01:00			`*/`
extract assertAuth and login procedure to separate classes 2022-11-30 01:27:05 +01:00			`public function d3WebauthnGetAfterLogin(): WebauthnAfterLogin`
add admin controller tests 2022-11-27 01:02:23 +01:00			`{`
extract assertAuth and login procedure to separate classes 2022-11-30 01:27:05 +01:00			`return oxNew(WebauthnAfterLogin::class);`
add admin controller tests 2022-11-27 01:02:23 +01:00			`}`

			`/**`
			`* @return SystemEventHandler`
			`*/`
			`public function d3WebauthnGetEventHandler(): SystemEventHandler`
			`{`
			`return oxNew(SystemEventHandler::class);`
			`}`

			`/**`
			`* @return Request`
			`*/`
			`public function d3WebAuthnGetRequest(): Request`
			`{`
			`return Registry::getRequest();`
			`}`

			`/**`
			`* @return UtilsServer`
			`*/`
			`public function d3WebauthnGetUtilsServer(): UtilsServer`
			`{`
			`return Registry::getUtilsServer();`
			`}`
enable key login in admin 2022-10-29 00:19:34 +02:00			`}`