webauthn/src/Application/Controller/d3_account_webauthn.php

<?php

/**
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 * https://www.d3data.de
 *
 * @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
 * @author    D3 Data Development - Daniel Seifert <info@shopmodule.com>
 * @link      https://www.oxidmodule.com
 */

declare(strict_types=1);

namespace D3\Webauthn\Application\Controller;

use Assert\Assert;
use Assert\AssertionFailedException;
use Assert\InvalidArgumentException;
use D3\TestingTools\Production\IsMockable;
use D3\Webauthn\Application\Controller\Traits\accountTrait;
use D3\Webauthn\Application\Model\Credential\PublicKeyCredential;
use D3\Webauthn\Application\Model\Credential\PublicKeyCredentialList;
use D3\Webauthn\Application\Model\Exceptions\WebauthnCreateException;
use D3\Webauthn\Application\Model\Exceptions\WebauthnException;
use D3\Webauthn\Application\Model\Webauthn;
use Doctrine\DBAL\Driver\Exception as DoctrineDriverException;
use Doctrine\DBAL\Exception as DoctrineException;
use OxidEsales\Eshop\Application\Controller\AccountController;
use OxidEsales\Eshop\Core\Language;
use OxidEsales\Eshop\Core\Registry;
use OxidEsales\Eshop\Core\Request;
use OxidEsales\Eshop\Core\SeoEncoder;
use OxidEsales\Eshop\Core\UtilsView;
use Psr\Container\ContainerExceptionInterface;
use Psr\Container\NotFoundExceptionInterface;
use Psr\Log\LoggerInterface;
use Throwable;

class d3_account_webauthn extends AccountController
{
    use accountTrait;
    use IsMockable;

    protected $_sThisTemplate = 'd3_account_webauthn.tpl';

    /**
     * @return string
     */
    public function render(): string
    {
        $sRet = parent::render();

        $this->addTplParam('user', $this->getUser());
        $this->addTplParam('readonly', !(d3GetOxidDIC()->get(Webauthn::class)->isAvailable()));

        return $sRet;
    }

    /**
     * @return publicKeyCredentialList
     * @throws ContainerExceptionInterface
     * @throws DoctrineDriverException
     * @throws DoctrineException
     * @throws NotFoundExceptionInterface
     */
    public function getCredentialList(): PublicKeyCredentialList
    {
        $oUser = $this->getUser();
        $credentialList = d3GetOxidDIC()->get(PublicKeyCredentialList::class);
        return $credentialList->getAllFromUser($oUser);
    }

    /**
     * @throws ContainerExceptionInterface
     * @throws NotFoundExceptionInterface
     * @throws DoctrineDriverException
     * @throws DoctrineException
     * @return void
     */
    public function requestNewCredential(): void
    {
        try {
            $this->setAuthnRegister();
            $this->setPageType('requestnew');
        } catch (WebauthnException $e) {
            d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->error($e->getDetailedErrorMessage(), ['UserId: ' => $this->getUser()->getId()]);
            d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($e->getTraceAsString());
            d3GetOxidDIC()->get('d3ox.webauthn.'.UtilsView::class)->addErrorToDisplay($e);
        } catch (AssertionFailedException $e) {
            d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->error($e->getMessage(), ['UserId: ' => $this->getUser()->getId()]);
            d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($e->getTraceAsString());
            d3GetOxidDIC()->get('d3ox.webauthn.'.UtilsView::class)->addErrorToDisplay($e);
        }
    }

    /**
     * @param $pageType
     * @return void
     */
    public function setPageType($pageType): void
    {
        $this->addTplParam('pageType', $pageType);
    }

    /**
     * @throws DoctrineDriverException
     * @throws DoctrineException
     * @throws ContainerExceptionInterface
     * @throws NotFoundExceptionInterface
     * @throws InvalidArgumentException
     * @return void
     */
    public function setAuthnRegister(): void
    {
        $publicKeyCredentialCreationOptions = d3GetOxidDIC()->get(Webauthn::class)
            ->getCreationOptions($this->getUser());

        d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug((string) $publicKeyCredentialCreationOptions);

        $this->addTplParam('webauthn_publickey_create', $publicKeyCredentialCreationOptions);
        $this->addTplParam('isAdmin', isAdmin());
        $this->addTplParam('keyname', Registry::getRequest()->getRequestEscapedParameter('credenialname'));
    }

    /**
     * @return void
     * @throws DoctrineDriverException
     * @throws DoctrineException
     * @throws Throwable
     */
    public function saveAuthn(): void
    {
        try {
            /** @var Request $request */
            $request = d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class);
            $error = $request->getRequestEscapedParameter('error');
            if (strlen((string) $error)) {
                d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($error);
                /** @var WebauthnCreateException $e */
                $e = oxNew(WebauthnCreateException::class, $error);
                throw $e;
            }

            $credential = d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class)->getRequestEscapedParameter('credential');
            Assert::that($credential)->minLength(1, 'Credential should not be empty.');
            d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($credential);
            $webauthn = d3GetOxidDIC()->get(Webauthn::class);
            $webauthn->saveAuthn($credential, d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class)->getRequestEscapedParameter('keyname'));
        } catch (WebauthnException $e) {
            d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->error(
                $e->getDetailedErrorMessage(),
                ['UserId' => $this->getUser()->getId()]
            );
            d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($e->getTraceAsString());
            d3GetOxidDIC()->get('d3ox.webauthn.'.UtilsView::class)->addErrorToDisplay($e);
        } catch (AssertionFailedException $e) {
            /** @var Language $language */
            $language = d3GetOxidDIC()->get('d3ox.webauthn.'.Language::class);
            d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->error(
                $e->getMessage(),
                ['UserId' => $this->getUser()->getId()]
            );
            d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($e->getTraceAsString());
            d3GetOxidDIC()->get('d3ox.webauthn.'.UtilsView::class)->addErrorToDisplay(
                $language->translateString('D3_WEBAUTHN_ERR_NOTCREDENTIALNOTSAVEABLE')
            );
        }
    }

    /**
     * @return void
     */
    public function deleteKey(): void
    {
        $deleteId = d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class)->getRequestEscapedParameter('deleteoxid');
        if ($deleteId) {
            $credential = d3GetOxidDIC()->get(PublicKeyCredential::class);
            $credential->delete($deleteId);
        }
    }

    /**
     * @return array
     */
    public function getBreadCrumb(): array
    {
        $aPaths = [];
        $aPath = [];

        $iBaseLanguage = Registry::getLang()->getBaseLanguage();
        /** @var SeoEncoder $oSeoEncoder */
        $oSeoEncoder = Registry::getSeoEncoder();
        $aPath['title'] = Registry::getLang()->translateString(
            'MY_ACCOUNT',
            (int) $iBaseLanguage,
            false
        );
        $aPath['link'] = $oSeoEncoder->getStaticUrl($this->getViewConfig()->getSelfLink() . "cl=account");
        $aPaths[] = $aPath;

        $aPath['title'] = Registry::getLang()->translateString(
            'D3_WEBAUTHN_ACCOUNT',
            (int) $iBaseLanguage,
            false
        );
        $aPath['link'] = $this->getLink();
        $aPaths[] = $aPath;

        return $aPaths;
    }
}
add shop controllers 2022-10-24 22:24:40 +02:00			`<?php`

			`/**`
change license notes 2022-11-04 22:45:47 +01:00			`* For the full copyright and license information, please view the LICENSE`
			`* file that was distributed with this source code.`
			`*`
			`* https://www.d3data.de`
add shop controllers 2022-10-24 22:24:40 +02:00			`*`
			`* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)`
change license notes 2022-11-04 22:45:47 +01:00			`* @author D3 Data Development - Daniel Seifert <info@shopmodule.com>`
			`* @link https://www.oxidmodule.com`
add shop controllers 2022-10-24 22:24:40 +02:00			`*/`

improve code 2022-11-04 22:02:44 +01:00			`declare(strict_types=1);`

add shop controllers 2022-10-24 22:24:40 +02:00			`namespace D3\Webauthn\Application\Controller;`

assert some expectations 2023-02-06 22:38:03 +01:00			`use Assert\Assert;`
improve code 2022-12-12 23:41:07 +01:00			`use Assert\AssertionFailedException;`
improve assertions 2023-02-16 23:52:20 +01:00			`use Assert\InvalidArgumentException;`
move OXID object getters to testing library 2022-12-04 00:24:28 +01:00			`use D3\TestingTools\Production\IsMockable;`
disable input validator in webauthn account page too 2022-11-02 14:45:47 +01:00			`use D3\Webauthn\Application\Controller\Traits\accountTrait;`
move OXID object getters to testing library 2022-12-04 00:24:28 +01:00			`use D3\Webauthn\Application\Model\Credential\PublicKeyCredential;`
refactor to show existing registrations in admin 2022-10-25 01:01:10 +02:00			`use D3\Webauthn\Application\Model\Credential\PublicKeyCredentialList;`
improve error handling 2022-11-03 13:18:02 +01:00			`use D3\Webauthn\Application\Model\Exceptions\WebauthnCreateException;`
			`use D3\Webauthn\Application\Model\Exceptions\WebauthnException;`
move OXID object getters to testing library 2022-12-04 00:24:28 +01:00			`use D3\Webauthn\Application\Model\Webauthn;`
improve error handling 2022-11-03 13:18:02 +01:00			`use Doctrine\DBAL\Driver\Exception as DoctrineDriverException;`
			`use Doctrine\DBAL\Exception as DoctrineException;`
add shop controllers 2022-10-24 22:24:40 +02:00			`use OxidEsales\Eshop\Application\Controller\AccountController;`
assert that crendentialId and credential fits into database fields both values have no defined length, possibly the database fields are still too short 2023-01-27 08:49:09 +01:00			`use OxidEsales\Eshop\Core\Language;`
add shop controllers 2022-10-24 22:24:40 +02:00			`use OxidEsales\Eshop\Core\Registry;`
use DIC 2023-01-21 13:50:18 +01:00			`use OxidEsales\Eshop\Core\Request;`
improve code 2022-11-04 22:02:44 +01:00			`use OxidEsales\Eshop\Core\SeoEncoder;`
move OXID object getters to testing library 2022-12-04 00:24:28 +01:00			`use OxidEsales\Eshop\Core\UtilsView;`
improve error handling 2022-11-03 13:18:02 +01:00			`use Psr\Container\ContainerExceptionInterface;`
			`use Psr\Container\NotFoundExceptionInterface;`
use DIC 2023-01-21 13:50:18 +01:00			`use Psr\Log\LoggerInterface;`
improve code 2022-12-12 23:41:07 +01:00			`use Throwable;`
add shop controllers 2022-10-24 22:24:40 +02:00
			`class d3_account_webauthn extends AccountController`
			`{`
disable input validator in webauthn account page too 2022-11-02 14:45:47 +01:00			`use accountTrait;`
move OXID object getters to testing library 2022-12-04 00:24:28 +01:00			`use IsMockable;`
disable input validator in webauthn account page too 2022-11-02 14:45:47 +01:00
add shop controllers 2022-10-24 22:24:40 +02:00			`protected $_sThisTemplate = 'd3_account_webauthn.tpl';`

			`/**`
			`* @return string`
			`*/`
improve code 2022-10-30 00:27:11 +02:00			`public function render(): string`
add shop controllers 2022-10-24 22:24:40 +02:00			`{`
			`$sRet = parent::render();`

			`$this->addTplParam('user', $this->getUser());`
use DIC 2023-01-21 13:50:18 +01:00			`$this->addTplParam('readonly', !(d3GetOxidDIC()->get(Webauthn::class)->isAvailable()));`
add translated unavailable message because of non https mode 2022-10-27 14:52:20 +02:00
add shop controllers 2022-10-24 22:24:40 +02:00			`return $sRet;`
			`}`

			`/**`
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`* @return publicKeyCredentialList`
improve code 2022-11-04 22:02:44 +01:00			`* @throws ContainerExceptionInterface`
			`* @throws DoctrineDriverException`
			`* @throws DoctrineException`
			`* @throws NotFoundExceptionInterface`
add shop controllers 2022-10-24 22:24:40 +02:00			`*/`
improve code 2022-10-30 00:27:11 +02:00			`public function getCredentialList(): PublicKeyCredentialList`
add shop controllers 2022-10-24 22:24:40 +02:00			`{`
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`$oUser = $this->getUser();`
use DIC 2023-01-21 13:50:18 +01:00			`$credentialList = d3GetOxidDIC()->get(PublicKeyCredentialList::class);`
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`return $credentialList->getAllFromUser($oUser);`
			`}`
add shop controllers 2022-10-24 22:24:40 +02:00
improve error handling 2022-11-03 13:18:02 +01:00			`/**`
			`* @throws ContainerExceptionInterface`
			`* @throws NotFoundExceptionInterface`
			`* @throws DoctrineDriverException`
			`* @throws DoctrineException`
improve code 2022-11-04 22:02:44 +01:00			`* @return void`
improve error handling 2022-11-03 13:18:02 +01:00			`*/`
improve code 2022-11-04 22:02:44 +01:00			`public function requestNewCredential(): void`
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`{`
improve error handling 2022-11-03 13:18:02 +01:00			`try {`
			`$this->setAuthnRegister();`
			`$this->setPageType('requestnew');`
			`} catch (WebauthnException $e) {`
use DIC 2023-01-21 13:50:18 +01:00			`d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->error($e->getDetailedErrorMessage(), ['UserId: ' => $this->getUser()->getId()]);`
			`d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($e->getTraceAsString());`
			`d3GetOxidDIC()->get('d3ox.webauthn.'.UtilsView::class)->addErrorToDisplay($e);`
improve assertions 2023-02-16 23:52:20 +01:00			`} catch (AssertionFailedException $e) {`
			`d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->error($e->getMessage(), ['UserId: ' => $this->getUser()->getId()]);`
			`d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($e->getTraceAsString());`
			`d3GetOxidDIC()->get('d3ox.webauthn.'.UtilsView::class)->addErrorToDisplay($e);`
improve error handling 2022-11-03 13:18:02 +01:00			`}`
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`}`
add shop controllers 2022-10-24 22:24:40 +02:00
improve code 2022-11-04 22:02:44 +01:00			`/**`
			`* @param $pageType`
			`* @return void`
			`*/`
			`public function setPageType($pageType): void`
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`{`
			`$this->addTplParam('pageType', $pageType);`
add shop controllers 2022-10-24 22:24:40 +02:00			`}`

improve error handling 2022-11-03 13:18:02 +01:00			`/**`
			`* @throws DoctrineDriverException`
			`* @throws DoctrineException`
			`* @throws ContainerExceptionInterface`
			`* @throws NotFoundExceptionInterface`
improve assertions 2023-02-16 23:52:20 +01:00			`* @throws InvalidArgumentException`
improve code 2022-11-04 22:02:44 +01:00			`* @return void`
improve error handling 2022-11-03 13:18:02 +01:00			`*/`
improve code 2022-11-04 22:02:44 +01:00			`public function setAuthnRegister(): void`
add shop controllers 2022-10-24 22:24:40 +02:00			`{`
use DIC 2023-01-21 13:50:18 +01:00			`$publicKeyCredentialCreationOptions = d3GetOxidDIC()->get(Webauthn::class)`
move OXID object getters to testing library 2022-12-04 00:24:28 +01:00			`->getCreationOptions($this->getUser());`
cleanup + improve code 2022-10-31 00:11:06 +01:00
log communication in debug mode 2023-02-05 01:21:08 +01:00			`d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug((string) $publicKeyCredentialCreationOptions);`

improve code 2022-11-04 22:02:44 +01:00			`$this->addTplParam('webauthn_publickey_create', $publicKeyCredentialCreationOptions);`
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`$this->addTplParam('isAdmin', isAdmin());`
			`$this->addTplParam('keyname', Registry::getRequest()->getRequestEscapedParameter('credenialname'));`
add shop controllers 2022-10-24 22:24:40 +02:00			`}`

improve code 2022-11-04 22:02:44 +01:00			`/**`
			`* @return void`
			`* @throws DoctrineDriverException`
			`* @throws DoctrineException`
improve code 2022-12-12 23:41:07 +01:00			`* @throws Throwable`
improve code 2022-11-04 22:02:44 +01:00			`*/`
			`public function saveAuthn(): void`
add shop controllers 2022-10-24 22:24:40 +02:00			`{`
improve error handling 2022-11-03 13:18:02 +01:00			`try {`
use DIC 2023-01-21 13:50:18 +01:00			`/** @var Request $request */`
			`$request = d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class);`
			`$error = $request->getRequestEscapedParameter('error');`
fix missing is string check 2022-11-13 21:43:33 +01:00			`if (strlen((string) $error)) {`
log communication in debug mode 2023-02-05 01:21:08 +01:00			`d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($error);`
improve error handling 2022-11-03 13:18:02 +01:00			`/** @var WebauthnCreateException $e */`
improve code 2022-12-13 22:24:33 +01:00			`$e = oxNew(WebauthnCreateException::class, $error);`
improve error handling 2022-11-03 13:18:02 +01:00			`throw $e;`
			`}`

use DIC 2023-01-21 13:50:18 +01:00			`$credential = d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class)->getRequestEscapedParameter('credential');`
assert some expectations 2023-02-06 22:38:03 +01:00			`Assert::that($credential)->minLength(1, 'Credential should not be empty.');`
			`d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($credential);`
			`$webauthn = d3GetOxidDIC()->get(Webauthn::class);`
			`$webauthn->saveAuthn($credential, d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class)->getRequestEscapedParameter('keyname'));`
improve error handling 2022-11-03 13:18:02 +01:00			`} catch (WebauthnException $e) {`
assert that crendentialId and credential fits into database fields both values have no defined length, possibly the database fields are still too short 2023-01-27 08:49:09 +01:00			`d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->error(`
			`$e->getDetailedErrorMessage(),`
			`['UserId' => $this->getUser()->getId()]`
			`);`
			`d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($e->getTraceAsString());`
use DIC 2023-01-21 13:50:18 +01:00			`d3GetOxidDIC()->get('d3ox.webauthn.'.UtilsView::class)->addErrorToDisplay($e);`
assert that crendentialId and credential fits into database fields both values have no defined length, possibly the database fields are still too short 2023-01-27 08:49:09 +01:00			`} catch (AssertionFailedException $e) {`
			`/** @var Language $language */`
			`$language = d3GetOxidDIC()->get('d3ox.webauthn.'.Language::class);`
			`d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->error(`
			`$e->getMessage(),`
			`['UserId' => $this->getUser()->getId()]`
			`);`
			`d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($e->getTraceAsString());`
			`d3GetOxidDIC()->get('d3ox.webauthn.'.UtilsView::class)->addErrorToDisplay(`
			`$language->translateString('D3_WEBAUTHN_ERR_NOTCREDENTIALNOTSAVEABLE')`
			`);`
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`}`
add shop controllers 2022-10-24 22:24:40 +02:00			`}`

improve code 2022-11-04 22:02:44 +01:00			`/**`
			`* @return void`
			`*/`
			`public function deleteKey(): void`
add shop controllers 2022-10-24 22:24:40 +02:00			`{`
use DIC 2023-01-21 13:50:18 +01:00			`$deleteId = d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class)->getRequestEscapedParameter('deleteoxid');`
add frontend controller tests 2022-11-17 00:27:43 +01:00			`if ($deleteId) {`
use DIC 2023-01-21 13:50:18 +01:00			`$credential = d3GetOxidDIC()->get(PublicKeyCredential::class);`
add frontend controller tests 2022-11-17 00:27:43 +01:00			`$credential->delete($deleteId);`
add shop controllers 2022-10-24 22:24:40 +02:00			`}`
			`}`
improve code 2022-11-04 22:02:44 +01:00
			`/**`
			`* @return array`
			`*/`
			`public function getBreadCrumb(): array`
			`{`
			`$aPaths = [];`
			`$aPath = [];`

			`$iBaseLanguage = Registry::getLang()->getBaseLanguage();`
			`/** @var SeoEncoder $oSeoEncoder */`
			`$oSeoEncoder = Registry::getSeoEncoder();`
improve code 2022-12-12 23:41:07 +01:00			`$aPath['title'] = Registry::getLang()->translateString(`
			`'MY_ACCOUNT',`
			`(int) $iBaseLanguage,`
			`false`
			`);`
improve code 2022-11-04 22:02:44 +01:00			`$aPath['link'] = $oSeoEncoder->getStaticUrl($this->getViewConfig()->getSelfLink() . "cl=account");`
			`$aPaths[] = $aPath;`

improve code 2022-12-12 23:41:07 +01:00			`$aPath['title'] = Registry::getLang()->translateString(`
			`'D3_WEBAUTHN_ACCOUNT',`
			`(int) $iBaseLanguage,`
			`false`
			`);`
improve code 2022-11-04 22:02:44 +01:00			`$aPath['link'] = $this->getLink();`
			`$aPaths[] = $aPath;`

			`return $aPaths;`
			`}`
improve code 2022-12-13 22:24:33 +01:00			`}`