webauthn/src/Application/Controller/d3_account_webauthn.php

<?php

/**
 * This Software is the property of Data Development and is protected
 * by copyright law - it is NOT Freeware.
 * Any unauthorized use of this software without a valid license
 * is a violation of the license agreement and will be prosecuted by
 * civil and criminal law.
 * http://www.shopmodule.com
 *
 * @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
 * @author    D3 Data Development - Daniel Seifert <support@shopmodule.com>
 * @link      http://www.oxidmodule.com
 */

namespace D3\Webauthn\Application\Controller;

use D3\Webauthn\Application\Controller\Traits\accountTrait;
use D3\Webauthn\Application\Model\Credential\PublicKeyCredential;
use D3\Webauthn\Application\Model\Credential\PublicKeyCredentialList;
use D3\Webauthn\Application\Model\Exceptions\WebauthnCreateException;
use D3\Webauthn\Application\Model\Webauthn;
use D3\Webauthn\Application\Model\WebauthnConf;
use D3\Webauthn\Application\Model\WebauthnErrors;
use D3\Webauthn\Application\Model\Exceptions\WebauthnException;
use Doctrine\DBAL\Driver\Exception as DoctrineDriverException;
use Doctrine\DBAL\Exception as DoctrineException;
use OxidEsales\Eshop\Application\Controller\AccountController;
use OxidEsales\Eshop\Core\Registry;
use Psr\Container\ContainerExceptionInterface;
use Psr\Container\NotFoundExceptionInterface;

class d3_account_webauthn extends AccountController
{
    use accountTrait;

    protected $_sThisTemplate = 'd3_account_webauthn.tpl';

    /**
     * @return string
     */
    public function render(): string
    {
        $sRet = parent::render();

        // is logged in ?
        $oUser = $this->getUser();
        if (!$oUser) {
            return $this->_sThisTemplate = $this->_sThisLoginTemplate;
        }

        $this->addTplParam('user', $this->getUser());

        $this->addTplParam('readonly',  (bool) !(oxNew(Webauthn::class)->isAvailable()));

        return $sRet;
    }

    /**
     * @return publicKeyCredentialList
     */
    public function getCredentialList(): PublicKeyCredentialList
    {
        $oUser = $this->getUser();
        $credentialList = oxNew(PublicKeyCredentialList::class);
        return $credentialList->getAllFromUser($oUser);
    }

    /**
     * @throws ContainerExceptionInterface
     * @throws NotFoundExceptionInterface
     * @throws DoctrineDriverException
     * @throws DoctrineException
     */
    public function requestNewCredential()
    {
        try {
            $this->setAuthnRegister();
            $this->setPageType('requestnew');
        } catch (WebauthnException $e) {
            Registry::getLogger()->error('webauthn register: '.$e->getDetailedErrorMessage(), ['UserId: ' => $this->getUser()->getId()]);
            Registry::getLogger()->debug($e->getTraceAsString());
            Registry::getUtilsView()->addErrorToDisplay($e);
        }
    }

    public function setPageType($pageType)
    {
        $this->addTplParam('pageType', $pageType);
    }

    /**
     * @throws WebauthnException
     * @throws DoctrineDriverException
     * @throws DoctrineException
     * @throws ContainerExceptionInterface
     * @throws NotFoundExceptionInterface
     */
    public function setAuthnRegister()
    {
        $authn = oxNew(Webauthn::class);
        $publicKeyCredentialCreationOptions = $authn->getCreationOptions($this->getUser());

        $this->addTplParam(
            'webauthn_publickey_create',
            $publicKeyCredentialCreationOptions
        );

        $this->addTplParam('isAdmin', isAdmin());
        $this->addTplParam('keyname', Registry::getRequest()->getRequestEscapedParameter('credenialname'));
    }

    public function saveAuthn()
    {
        try {
            if ( strlen( Registry::getRequest()->getRequestEscapedParameter( 'error' ) ) ) {
                /** @var WebauthnCreateException $e */
                $e = oxNew( WebauthnCreateException::class, Registry::getRequest()->getRequestEscapedParameter( 'error' ) );
                throw $e;
            }

            if ( strlen( Registry::getRequest()->getRequestEscapedParameter( 'credential' ) ) ) {
                /** @var Webauthn $webauthn */
                $webauthn = oxNew( Webauthn::class );
                $webauthn->saveAuthn( Registry::getRequest()->getRequestEscapedParameter( 'credential' ), Registry::getRequest()->getRequestEscapedParameter( 'keyname' ) );
            }
        } catch (WebauthnException $e) {
            Registry::getUtilsView()->addErrorToDisplay( $e );
        }
    }

    public function deleteKey()
    {
        if (Registry::getRequest()->getRequestEscapedParameter('deleteoxid')) {
            /** @var PublicKeyCredential $credential */
            $credential = oxNew(PublicKeyCredential::class);
            $credential->delete(Registry::getRequest()->getRequestEscapedParameter('deleteoxid'));
        }
    }
}
add shop controllers 2022-10-24 22:24:40 +02:00			`<?php`

			`/**`
			`* This Software is the property of Data Development and is protected`
			`* by copyright law - it is NOT Freeware.`
			`* Any unauthorized use of this software without a valid license`
			`* is a violation of the license agreement and will be prosecuted by`
			`* civil and criminal law.`
			`* http://www.shopmodule.com`
			`*`
			`* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)`
			`* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>`
			`* @link http://www.oxidmodule.com`
			`*/`

			`namespace D3\Webauthn\Application\Controller;`

disable input validator in webauthn account page too 2022-11-02 14:45:47 +01:00			`use D3\Webauthn\Application\Controller\Traits\accountTrait;`
refactor to show existing registrations in admin 2022-10-25 01:01:10 +02:00			`use D3\Webauthn\Application\Model\Credential\PublicKeyCredential;`
			`use D3\Webauthn\Application\Model\Credential\PublicKeyCredentialList;`
improve error handling 2022-11-03 13:18:02 +01:00			`use D3\Webauthn\Application\Model\Exceptions\WebauthnCreateException;`
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`use D3\Webauthn\Application\Model\Webauthn;`
add logger, improve error messages 2022-11-01 23:42:25 +01:00			`use D3\Webauthn\Application\Model\WebauthnConf;`
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`use D3\Webauthn\Application\Model\WebauthnErrors;`
improve error handling 2022-11-03 13:18:02 +01:00			`use D3\Webauthn\Application\Model\Exceptions\WebauthnException;`
			`use Doctrine\DBAL\Driver\Exception as DoctrineDriverException;`
			`use Doctrine\DBAL\Exception as DoctrineException;`
add shop controllers 2022-10-24 22:24:40 +02:00			`use OxidEsales\Eshop\Application\Controller\AccountController;`
			`use OxidEsales\Eshop\Core\Registry;`
improve error handling 2022-11-03 13:18:02 +01:00			`use Psr\Container\ContainerExceptionInterface;`
			`use Psr\Container\NotFoundExceptionInterface;`
add shop controllers 2022-10-24 22:24:40 +02:00
			`class d3_account_webauthn extends AccountController`
			`{`
disable input validator in webauthn account page too 2022-11-02 14:45:47 +01:00			`use accountTrait;`

add shop controllers 2022-10-24 22:24:40 +02:00			`protected $_sThisTemplate = 'd3_account_webauthn.tpl';`

			`/**`
			`* @return string`
			`*/`
improve code 2022-10-30 00:27:11 +02:00			`public function render(): string`
add shop controllers 2022-10-24 22:24:40 +02:00			`{`
			`$sRet = parent::render();`

			`// is logged in ?`
			`$oUser = $this->getUser();`
			`if (!$oUser) {`
			`return $this->_sThisTemplate = $this->_sThisLoginTemplate;`
			`}`

			`$this->addTplParam('user', $this->getUser());`

add translated unavailable message because of non https mode 2022-10-27 14:52:20 +02:00			`$this->addTplParam('readonly', (bool) !(oxNew(Webauthn::class)->isAvailable()));`

add shop controllers 2022-10-24 22:24:40 +02:00			`return $sRet;`
			`}`

			`/**`
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`* @return publicKeyCredentialList`
add shop controllers 2022-10-24 22:24:40 +02:00			`*/`
improve code 2022-10-30 00:27:11 +02:00			`public function getCredentialList(): PublicKeyCredentialList`
add shop controllers 2022-10-24 22:24:40 +02:00			`{`
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`$oUser = $this->getUser();`
refactor to show existing registrations in admin 2022-10-25 01:01:10 +02:00			`$credentialList = oxNew(PublicKeyCredentialList::class);`
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`return $credentialList->getAllFromUser($oUser);`
			`}`
add shop controllers 2022-10-24 22:24:40 +02:00
improve error handling 2022-11-03 13:18:02 +01:00			`/**`
			`* @throws ContainerExceptionInterface`
			`* @throws NotFoundExceptionInterface`
			`* @throws DoctrineDriverException`
			`* @throws DoctrineException`
			`*/`
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`public function requestNewCredential()`
			`{`
improve error handling 2022-11-03 13:18:02 +01:00			`try {`
			`$this->setAuthnRegister();`
			`$this->setPageType('requestnew');`
			`} catch (WebauthnException $e) {`
			`Registry::getLogger()->error('webauthn register: '.$e->getDetailedErrorMessage(), ['UserId: ' => $this->getUser()->getId()]);`
log trace to reported error 2022-11-04 00:05:52 +01:00			`Registry::getLogger()->debug($e->getTraceAsString());`
improve error handling 2022-11-03 13:18:02 +01:00			`Registry::getUtilsView()->addErrorToDisplay($e);`
			`}`
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`}`
add shop controllers 2022-10-24 22:24:40 +02:00
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`public function setPageType($pageType)`
			`{`
			`$this->addTplParam('pageType', $pageType);`
add shop controllers 2022-10-24 22:24:40 +02:00			`}`

improve error handling 2022-11-03 13:18:02 +01:00			`/**`
			`* @throws WebauthnException`
			`* @throws DoctrineDriverException`
			`* @throws DoctrineException`
			`* @throws ContainerExceptionInterface`
			`* @throws NotFoundExceptionInterface`
			`*/`
add shop controllers 2022-10-24 22:24:40 +02:00			`public function setAuthnRegister()`
			`{`
improve error handling 2022-11-03 13:18:02 +01:00			`$authn = oxNew(Webauthn::class);`
			`$publicKeyCredentialCreationOptions = $authn->getCreationOptions($this->getUser());`
cleanup + improve code 2022-10-31 00:11:06 +01:00
improve error handling 2022-11-03 13:18:02 +01:00			`$this->addTplParam(`
			`'webauthn_publickey_create',`
			`$publicKeyCredentialCreationOptions`
			`);`
add shop controllers 2022-10-24 22:24:40 +02:00
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`$this->addTplParam('isAdmin', isAdmin());`
			`$this->addTplParam('keyname', Registry::getRequest()->getRequestEscapedParameter('credenialname'));`
add shop controllers 2022-10-24 22:24:40 +02:00			`}`

can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`public function saveAuthn()`
add shop controllers 2022-10-24 22:24:40 +02:00			`{`
improve error handling 2022-11-03 13:18:02 +01:00			`try {`
			`if ( strlen( Registry::getRequest()->getRequestEscapedParameter( 'error' ) ) ) {`
			`/** @var WebauthnCreateException $e */`
			`$e = oxNew( WebauthnCreateException::class, Registry::getRequest()->getRequestEscapedParameter( 'error' ) );`
			`throw $e;`
			`}`

			`if ( strlen( Registry::getRequest()->getRequestEscapedParameter( 'credential' ) ) ) {`
			`/** @var Webauthn $webauthn */`
			`$webauthn = oxNew( Webauthn::class );`
			`$webauthn->saveAuthn( Registry::getRequest()->getRequestEscapedParameter( 'credential' ), Registry::getRequest()->getRequestEscapedParameter( 'keyname' ) );`
			`}`
			`} catch (WebauthnException $e) {`
			`Registry::getUtilsView()->addErrorToDisplay( $e );`
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`}`
add shop controllers 2022-10-24 22:24:40 +02:00			`}`

			`public function deleteKey()`
			`{`
can add new key and delete existing one in frontend 2022-10-26 21:37:02 +02:00			`if (Registry::getRequest()->getRequestEscapedParameter('deleteoxid')) {`
			`/** @var PublicKeyCredential $credential */`
			`$credential = oxNew(PublicKeyCredential::class);`
			`$credential->delete(Registry::getRequest()->getRequestEscapedParameter('deleteoxid'));`
add shop controllers 2022-10-24 22:24:40 +02:00			`}`
			`}`
			`}`