2022-10-24 22:24:40 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/**
|
2022-11-04 22:45:47 +01:00
|
|
|
* For the full copyright and license information, please view the LICENSE
|
|
|
|
* file that was distributed with this source code.
|
|
|
|
*
|
|
|
|
* https://www.d3data.de
|
2022-10-24 22:24:40 +02:00
|
|
|
*
|
|
|
|
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
|
2022-11-04 22:45:47 +01:00
|
|
|
* @author D3 Data Development - Daniel Seifert <info@shopmodule.com>
|
|
|
|
* @link https://www.oxidmodule.com
|
2022-10-24 22:24:40 +02:00
|
|
|
*/
|
|
|
|
|
2022-11-04 22:02:44 +01:00
|
|
|
declare(strict_types=1);
|
|
|
|
|
2022-10-24 22:24:40 +02:00
|
|
|
namespace D3\Webauthn\Modules\Application\Component;
|
|
|
|
|
2023-01-31 21:29:07 +01:00
|
|
|
use Assert\Assert;
|
2023-02-01 23:55:54 +01:00
|
|
|
use Assert\AssertionFailedException;
|
2022-12-04 00:24:28 +01:00
|
|
|
use D3\TestingTools\Production\IsMockable;
|
2022-11-24 01:02:20 +01:00
|
|
|
use D3\Webauthn\Application\Model\Exceptions\WebauthnGetException;
|
2022-11-30 01:27:05 +01:00
|
|
|
use D3\Webauthn\Application\Model\Exceptions\WebauthnLoginErrorException;
|
2022-10-26 22:27:25 +02:00
|
|
|
use D3\Webauthn\Application\Model\Webauthn;
|
2022-12-04 00:24:28 +01:00
|
|
|
use D3\Webauthn\Application\Model\WebauthnConf;
|
2022-11-30 01:27:05 +01:00
|
|
|
use D3\Webauthn\Application\Model\WebauthnLogin;
|
2022-10-31 23:17:04 +01:00
|
|
|
use D3\Webauthn\Modules\Application\Model\d3_User_Webauthn;
|
2022-10-31 00:11:06 +01:00
|
|
|
use Doctrine\DBAL\Driver\Exception as DoctrineDriverException;
|
2022-10-29 00:19:34 +02:00
|
|
|
use Doctrine\DBAL\Exception;
|
2022-10-24 22:24:40 +02:00
|
|
|
use OxidEsales\Eshop\Application\Model\User;
|
2022-12-10 23:55:53 +01:00
|
|
|
use OxidEsales\Eshop\Core\Config;
|
2022-11-27 01:02:23 +01:00
|
|
|
use OxidEsales\Eshop\Core\Request;
|
2022-10-24 22:24:40 +02:00
|
|
|
use OxidEsales\Eshop\Core\Session;
|
2022-12-04 00:24:28 +01:00
|
|
|
use OxidEsales\Eshop\Core\Utils;
|
2022-12-05 23:45:12 +01:00
|
|
|
use OxidEsales\Eshop\Core\UtilsView;
|
2022-10-29 00:19:34 +02:00
|
|
|
use Psr\Container\ContainerExceptionInterface;
|
|
|
|
use Psr\Container\NotFoundExceptionInterface;
|
2022-10-24 22:24:40 +02:00
|
|
|
|
|
|
|
class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
|
|
|
|
{
|
2022-12-04 00:24:28 +01:00
|
|
|
use IsMockable;
|
|
|
|
|
2022-10-24 22:24:40 +02:00
|
|
|
/**
|
2022-11-08 22:47:11 +01:00
|
|
|
* @return string
|
2022-10-31 00:11:06 +01:00
|
|
|
* @throws ContainerExceptionInterface
|
|
|
|
* @throws Exception
|
|
|
|
* @throws NotFoundExceptionInterface
|
|
|
|
* @throws DoctrineDriverException
|
2022-10-24 22:24:40 +02:00
|
|
|
*/
|
2022-11-08 22:47:11 +01:00
|
|
|
public function login()
|
2022-10-24 22:24:40 +02:00
|
|
|
{
|
2022-12-10 23:55:53 +01:00
|
|
|
$this->d3WebauthnLogin();
|
|
|
|
|
|
|
|
return $this->d3CallMockableFunction([d3_webauthn_UserComponent_parent::class, 'login']);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @return void
|
|
|
|
* @throws DoctrineDriverException
|
|
|
|
* @throws Exception
|
|
|
|
*/
|
|
|
|
public function d3WebauthnLogin(): void
|
|
|
|
{
|
2023-01-21 13:50:18 +01:00
|
|
|
$lgn_user = d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class)->getRequestParameter('lgn_usr');
|
2022-10-31 23:17:04 +01:00
|
|
|
/** @var d3_User_Webauthn $user */
|
2023-01-21 13:50:18 +01:00
|
|
|
$user = d3GetOxidDIC()->get('d3ox.webauthn.'.User::class);
|
2022-10-31 23:17:04 +01:00
|
|
|
$userId = $user->d3GetLoginUserId($lgn_user);
|
2022-10-26 22:27:25 +02:00
|
|
|
|
2022-12-13 22:24:33 +01:00
|
|
|
if ($this->d3CanUseWebauthn($lgn_user, $userId)) {
|
2022-12-10 23:55:53 +01:00
|
|
|
if ($this->d3HasWebauthnButNotLoggedin($userId)) {
|
2023-01-21 13:50:18 +01:00
|
|
|
$session = d3GetOxidDIC()->get('d3ox.webauthn.'.Session::class);
|
2022-12-10 23:55:53 +01:00
|
|
|
$session->setVariable(
|
2022-10-26 22:27:25 +02:00
|
|
|
WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS,
|
2022-12-10 23:55:53 +01:00
|
|
|
$this->getClassKey() != 'd3webauthnlogin' ? $this->getClassKey() : 'start'
|
|
|
|
);
|
|
|
|
$session->setVariable(
|
2022-10-31 00:11:06 +01:00
|
|
|
WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER,
|
|
|
|
$userId
|
|
|
|
);
|
2022-12-10 23:55:53 +01:00
|
|
|
$session->setVariable(
|
2022-11-02 22:31:49 +01:00
|
|
|
WebauthnConf::WEBAUTHN_SESSION_NAVPARAMS,
|
|
|
|
$this->getParent()->getNavigationParams()
|
|
|
|
);
|
2022-12-10 23:55:53 +01:00
|
|
|
$session->setVariable(
|
2022-10-26 22:27:25 +02:00
|
|
|
WebauthnConf::WEBAUTHN_SESSION_NAVFORMPARAMS,
|
2022-10-24 22:24:40 +02:00
|
|
|
$this->getParent()->getViewConfig()->getNavFormParams()
|
|
|
|
);
|
|
|
|
|
2023-01-21 13:50:18 +01:00
|
|
|
$sUrl = d3GetOxidDIC()->get('d3ox.webauthn.'.Config::class)->getShopHomeUrl() . 'cl=d3webauthnlogin';
|
|
|
|
d3GetOxidDIC()->get('d3ox.webauthn.'.Utils::class)->redirect($sUrl);
|
2022-10-24 22:24:40 +02:00
|
|
|
}
|
|
|
|
}
|
2022-12-10 23:55:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param $lgn_user
|
|
|
|
* @param string|null $userId
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
2022-12-13 22:24:33 +01:00
|
|
|
protected function d3CanUseWebauthn($lgn_user, ?string $userId): bool
|
2022-12-10 23:55:53 +01:00
|
|
|
{
|
2023-01-21 13:50:18 +01:00
|
|
|
$password = d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class)->getRequestParameter('lgn_pwd');
|
2022-12-10 23:55:53 +01:00
|
|
|
|
|
|
|
return $lgn_user &&
|
|
|
|
$userId &&
|
2023-01-21 13:50:18 +01:00
|
|
|
false === d3GetOxidDIC()->get('d3ox.webauthn.'.Session::class)
|
2022-12-13 22:24:33 +01:00
|
|
|
->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) &&
|
|
|
|
(! strlen(trim((string) $password)));
|
2022-12-10 23:55:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param $userId
|
|
|
|
* @return bool
|
|
|
|
* @throws DoctrineDriverException
|
|
|
|
* @throws Exception
|
|
|
|
*/
|
|
|
|
protected function d3HasWebauthnButNotLoggedin($userId): bool
|
|
|
|
{
|
2023-01-21 13:50:18 +01:00
|
|
|
$webauthn = d3GetOxidDIC()->get(Webauthn::class);
|
2022-10-24 22:24:40 +02:00
|
|
|
|
2022-12-10 23:55:53 +01:00
|
|
|
return $webauthn->isActive($userId)
|
2023-01-21 13:50:18 +01:00
|
|
|
&& !d3GetOxidDIC()->get('d3ox.webauthn.'.Session::class)
|
2022-12-10 23:55:53 +01:00
|
|
|
->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH);
|
2022-10-24 22:24:40 +02:00
|
|
|
}
|
|
|
|
|
2022-12-05 23:45:12 +01:00
|
|
|
/**
|
|
|
|
* @return void
|
|
|
|
*/
|
2022-11-04 22:02:44 +01:00
|
|
|
public function d3CancelWebauthnLogin(): void
|
2022-10-24 22:24:40 +02:00
|
|
|
{
|
|
|
|
$this->d3WebauthnClearSessionVariables();
|
|
|
|
}
|
|
|
|
|
2022-11-04 22:02:44 +01:00
|
|
|
/**
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function d3WebauthnClearSessionVariables(): void
|
2022-10-24 22:24:40 +02:00
|
|
|
{
|
2023-01-21 13:50:18 +01:00
|
|
|
$session = d3GetOxidDIC()->get('d3ox.webauthn.'.Session::class);
|
2022-12-04 00:24:28 +01:00
|
|
|
$session->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
|
|
|
$session->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
|
|
|
|
$session->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_NAVFORMPARAMS);
|
|
|
|
$session->deleteVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT);
|
2022-10-24 22:24:40 +02:00
|
|
|
}
|
|
|
|
|
2022-11-24 01:02:20 +01:00
|
|
|
/**
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function d3AssertAuthn(): void
|
|
|
|
{
|
|
|
|
try {
|
2023-01-21 13:50:18 +01:00
|
|
|
$login = $this->d3GetWebauthnLogin();
|
2022-12-12 23:41:07 +01:00
|
|
|
$login->frontendLogin(
|
|
|
|
$this,
|
2023-01-21 13:50:18 +01:00
|
|
|
(bool)d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class)->getRequestParameter('lgn_cook')
|
2022-12-12 23:41:07 +01:00
|
|
|
);
|
2022-11-30 01:27:05 +01:00
|
|
|
$this->_afterLogin($this->getUser());
|
2023-02-01 23:55:54 +01:00
|
|
|
} catch (WebauthnGetException|AssertionFailedException $e) {
|
2023-01-21 13:50:18 +01:00
|
|
|
d3GetOxidDIC()->get('d3ox.webauthn.'.UtilsView::class)->addErrorToDisplay($e);
|
2022-12-13 22:24:33 +01:00
|
|
|
} catch (WebauthnLoginErrorException $e) {
|
|
|
|
}
|
2022-11-30 01:27:05 +01:00
|
|
|
}
|
2023-01-21 13:50:18 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @return WebauthnLogin
|
|
|
|
*/
|
|
|
|
protected function d3GetWebauthnLogin(): WebauthnLogin
|
|
|
|
{
|
|
|
|
/** @var Request $request */
|
|
|
|
$request = d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class);
|
|
|
|
|
2023-01-31 21:29:07 +01:00
|
|
|
$credential = $request->getRequestEscapedParameter('credential');
|
|
|
|
$error = $request->getRequestEscapedParameter('error');
|
|
|
|
|
2023-02-01 23:55:54 +01:00
|
|
|
Assert::that($credential)->string('credential value expected to be string')
|
|
|
|
->notEmpty('credential value expected contained content');
|
2023-01-31 21:29:07 +01:00
|
|
|
Assert::that($error)->string('error value expected to be string');
|
|
|
|
|
|
|
|
return oxNew(WebauthnLogin::class, $credential, $error);
|
2023-01-21 13:50:18 +01:00
|
|
|
}
|
2022-12-13 22:24:33 +01:00
|
|
|
}
|