improve code
Cette révision appartient à :
Parent
a23ec6ad32
révision
048816012c
ID de la clé GPG:
6A513E13AEE66170
|
|
@ -35,10 +35,8 @@ class d3user_webauthn extends AdminDetailsController
|
|||
|
||||
/**
|
||||
* @return string
|
||||
* @throws DatabaseConnectionException
|
||||
* @throws DatabaseErrorException
|
||||
*/
|
||||
public function render()
|
||||
public function render(): string
|
||||
{
|
||||
$this->addTplParam('readonly', (bool) !(oxNew(Webauthn::class)->isAvailable()));
|
||||
|
||||
|
|
@ -114,7 +112,7 @@ class d3user_webauthn extends AdminDetailsController
|
|||
* @param $userId
|
||||
* @return array
|
||||
*/
|
||||
public function getCredentialList($userId)
|
||||
public function getCredentialList($userId): array
|
||||
{
|
||||
$oUser = $this->getUserObject();
|
||||
$oUser->load($userId);
|
||||
|
|
@ -126,7 +124,7 @@ class d3user_webauthn extends AdminDetailsController
|
|||
/**
|
||||
* @return User
|
||||
*/
|
||||
public function getUserObject()
|
||||
public function getUserObject(): User
|
||||
{
|
||||
return oxNew(User::class);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ class d3webauthnadminlogin extends AdminController
|
|||
{
|
||||
protected $_sThisTemplate = 'd3webauthnadminlogin.tpl';
|
||||
|
||||
protected function _authorize() // phpcs:ignore PSR2.Methods.MethodDeclaration.Underscore
|
||||
protected function _authorize(): bool
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
|
@ -48,10 +48,10 @@ class d3webauthnadminlogin extends AdminController
|
|||
public function render()
|
||||
{
|
||||
if (Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
|
||||
false == Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER)
|
||||
!Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER)
|
||||
) {
|
||||
$this->getUtils()->redirect('index.php?cl=admin_start');
|
||||
if (false == defined('OXID_PHP_UNIT')) {
|
||||
if (!defined('OXID_PHP_UNIT')) {
|
||||
// @codeCoverageIgnoreStart
|
||||
exit;
|
||||
// @codeCoverageIgnoreEnd
|
||||
|
|
@ -65,10 +65,6 @@ class d3webauthnadminlogin extends AdminController
|
|||
return parent::render();
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws DatabaseConnectionException
|
||||
* @throws DatabaseErrorException
|
||||
*/
|
||||
public function generateCredentialRequest()
|
||||
{
|
||||
/** @var Webauthn $webauthn */
|
||||
|
|
@ -104,19 +100,20 @@ class d3webauthnadminlogin extends AdminController
|
|||
$loginController = oxNew(LoginController::class);
|
||||
return $loginController->checklogin();
|
||||
}
|
||||
|
||||
} catch (Exception $e) {
|
||||
Registry::getUtilsView()->addErrorToDisplay($e->getMessage());
|
||||
|
||||
$user->logout();
|
||||
$this->getUtils()->redirect('index.php?cl=login');
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Utils
|
||||
*/
|
||||
public function getUtils()
|
||||
public function getUtils(): Utils
|
||||
{
|
||||
return Registry::getUtils();
|
||||
}
|
||||
|
|
@ -126,11 +123,11 @@ class d3webauthnadminlogin extends AdminController
|
|||
return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
||||
}
|
||||
|
||||
public function previousClassIsOrderStep()
|
||||
public function previousClassIsOrderStep(): bool
|
||||
{
|
||||
$sClassKey = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
||||
$resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey);
|
||||
$resolvedClass = $resolvedClass ? $resolvedClass : 'start';
|
||||
$resolvedClass = $resolvedClass ?: 'start';
|
||||
|
||||
/** @var FrontendController $oController */
|
||||
$oController = oxNew($resolvedClass);
|
||||
|
|
@ -140,7 +137,7 @@ class d3webauthnadminlogin extends AdminController
|
|||
/**
|
||||
* @return bool
|
||||
*/
|
||||
public function getIsOrderStep()
|
||||
public function getIsOrderStep(): bool
|
||||
{
|
||||
return $this->previousClassIsOrderStep();
|
||||
}
|
||||
|
|
@ -150,7 +147,7 @@ class d3webauthnadminlogin extends AdminController
|
|||
*
|
||||
* @return array
|
||||
*/
|
||||
public function getBreadCrumb()
|
||||
public function getBreadCrumb(): array
|
||||
{
|
||||
$aPaths = [];
|
||||
$aPath = [];
|
||||
|
|
|
|||
|
|
@ -20,8 +20,6 @@ use D3\Webauthn\Application\Model\Credential\PublicKeyCredentialList;
|
|||
use D3\Webauthn\Application\Model\Webauthn;
|
||||
use D3\Webauthn\Application\Model\WebauthnErrors;
|
||||
use OxidEsales\Eshop\Application\Controller\AccountController;
|
||||
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
||||
use OxidEsales\Eshop\Core\Exception\DatabaseErrorException;
|
||||
use OxidEsales\Eshop\Core\Registry;
|
||||
|
||||
class d3_account_webauthn extends AccountController
|
||||
|
|
@ -30,10 +28,8 @@ class d3_account_webauthn extends AccountController
|
|||
|
||||
/**
|
||||
* @return string
|
||||
* @throws DatabaseConnectionException
|
||||
* @throws DatabaseErrorException
|
||||
*/
|
||||
public function render()
|
||||
public function render(): string
|
||||
{
|
||||
$sRet = parent::render();
|
||||
|
||||
|
|
@ -53,7 +49,7 @@ class d3_account_webauthn extends AccountController
|
|||
/**
|
||||
* @return publicKeyCredentialList
|
||||
*/
|
||||
public function getCredentialList()
|
||||
public function getCredentialList(): PublicKeyCredentialList
|
||||
{
|
||||
$oUser = $this->getUser();
|
||||
$credentialList = oxNew(PublicKeyCredentialList::class);
|
||||
|
|
|
|||
|
|
@ -41,10 +41,10 @@ class d3webauthnlogin extends FrontendController
|
|||
public function render()
|
||||
{
|
||||
if (Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
|
||||
false == Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER)
|
||||
!Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER)
|
||||
) {
|
||||
$this->getUtils()->redirect('index.php?cl=start', true, 302);
|
||||
if (false == defined('OXID_PHP_UNIT')) {
|
||||
$this->getUtils()->redirect('index.php?cl=start');
|
||||
if (!defined('OXID_PHP_UNIT')) {
|
||||
// @codeCoverageIgnoreStart
|
||||
exit;
|
||||
// @codeCoverageIgnoreEnd
|
||||
|
|
@ -58,10 +58,6 @@ class d3webauthnlogin extends FrontendController
|
|||
return parent::render();
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws DatabaseConnectionException
|
||||
* @throws DatabaseErrorException
|
||||
*/
|
||||
public function generateCredentialRequest()
|
||||
{
|
||||
/** @var Webauthn $webauthn */
|
||||
|
|
@ -107,7 +103,7 @@ class d3webauthnlogin extends FrontendController
|
|||
/**
|
||||
* @return Utils
|
||||
*/
|
||||
public function getUtils()
|
||||
public function getUtils(): Utils
|
||||
{
|
||||
return Registry::getUtils();
|
||||
}
|
||||
|
|
@ -117,11 +113,11 @@ class d3webauthnlogin extends FrontendController
|
|||
return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
||||
}
|
||||
|
||||
public function previousClassIsOrderStep()
|
||||
public function previousClassIsOrderStep(): bool
|
||||
{
|
||||
$sClassKey = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
||||
$resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey);
|
||||
$resolvedClass = $resolvedClass ? $resolvedClass : 'start';
|
||||
$resolvedClass = $resolvedClass ?: 'start';
|
||||
|
||||
/** @var FrontendController $oController */
|
||||
$oController = oxNew($resolvedClass);
|
||||
|
|
@ -131,7 +127,7 @@ class d3webauthnlogin extends FrontendController
|
|||
/**
|
||||
* @return bool
|
||||
*/
|
||||
public function getIsOrderStep()
|
||||
public function getIsOrderStep(): bool
|
||||
{
|
||||
return $this->previousClassIsOrderStep();
|
||||
}
|
||||
|
|
@ -141,7 +137,7 @@ class d3webauthnlogin extends FrontendController
|
|||
*
|
||||
* @return array
|
||||
*/
|
||||
public function getBreadCrumb()
|
||||
public function getBreadCrumb(): array
|
||||
{
|
||||
$aPaths = [];
|
||||
$aPath = [];
|
||||
|
|
|
|||
|
|
@ -1,25 +0,0 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* This Software is the property of Data Development and is protected
|
||||
* by copyright law - it is NOT Freeware.
|
||||
*
|
||||
* Any unauthorized use of this software without a valid license
|
||||
* is a violation of the license agreement and will be prosecuted by
|
||||
* civil and criminal law.
|
||||
*
|
||||
* http://www.shopmodule.com
|
||||
*
|
||||
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
|
||||
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
|
||||
* @link http://www.oxidmodule.com
|
||||
*/
|
||||
|
||||
namespace D3\Webauthn\Application\Model\Exceptions;
|
||||
|
||||
use OxidEsales\Eshop\Core\Exception\StandardException;
|
||||
|
||||
abstract class d3webauthnExceptionAbstract extends StandardException
|
||||
{
|
||||
|
||||
}
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* This Software is the property of Data Development and is protected
|
||||
* by copyright law - it is NOT Freeware.
|
||||
*
|
||||
* Any unauthorized use of this software without a valid license
|
||||
* is a violation of the license agreement and will be prosecuted by
|
||||
* civil and criminal law.
|
||||
*
|
||||
* http://www.shopmodule.com
|
||||
*
|
||||
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
|
||||
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
|
||||
* @link http://www.oxidmodule.com
|
||||
*/
|
||||
|
||||
namespace D3\Webauthn\Application\Model\Exceptions;
|
||||
|
||||
use Exception;
|
||||
use OxidEsales\Eshop\Core\Exception\StandardException;
|
||||
|
||||
class d3webauthnMissingPublicKeyCredentialRequestOptions extends d3webauthnExceptionAbstract
|
||||
{
|
||||
/**
|
||||
* Default constructor
|
||||
*
|
||||
* @param string $sMessage exception message
|
||||
* @param integer $iCode exception code
|
||||
* @param Exception|null $previous previous exception
|
||||
*/
|
||||
public function __construct($sMessage = "D3_WEBAUTHN_ERROR_MISSINGPKC", $iCode = 0, Exception $previous = null)
|
||||
{
|
||||
parent::__construct($sMessage, $iCode, $previous);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* This Software is the property of Data Development and is protected
|
||||
* by copyright law - it is NOT Freeware.
|
||||
*
|
||||
* Any unauthorized use of this software without a valid license
|
||||
* is a violation of the license agreement and will be prosecuted by
|
||||
* civil and criminal law.
|
||||
*
|
||||
* http://www.shopmodule.com
|
||||
*
|
||||
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
|
||||
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
|
||||
* @link http://www.oxidmodule.com
|
||||
*/
|
||||
|
||||
namespace D3\Webauthn\Application\Model\Exceptions;
|
||||
|
||||
use Exception;
|
||||
|
||||
class d3webauthnWrongAuthException extends d3webauthnExceptionAbstract
|
||||
{
|
||||
/**
|
||||
* Default constructor
|
||||
*
|
||||
* @param string $sMessage exception message
|
||||
* @param integer $iCode exception code
|
||||
* @param Exception|null $previous previous exception
|
||||
*/
|
||||
public function __construct($sMessage = "D3_WEBAUTHN_ERROR_UNVALID", $iCode = 0, Exception $previous = null)
|
||||
{
|
||||
parent::__construct($sMessage, $iCode, $previous);
|
||||
}
|
||||
}
|
||||
|
|
@ -158,6 +158,8 @@ class Webauthn
|
|||
$userEntity,
|
||||
$serverRequest
|
||||
);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -1,338 +0,0 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* This Software is the property of Data Development and is protected
|
||||
* by copyright law - it is NOT Freeware.
|
||||
* Any unauthorized use of this software without a valid license
|
||||
* is a violation of the license agreement and will be prosecuted by
|
||||
* civil and criminal law.
|
||||
* http://www.shopmodule.com
|
||||
*
|
||||
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
|
||||
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
|
||||
* @link http://www.oxidmodule.com
|
||||
*/
|
||||
|
||||
namespace D3\Webauthn\Application\Model;
|
||||
|
||||
use Assert\InvalidArgumentException;
|
||||
use D3\Webauthn\Application\Model\Credential\d3MetadataStatementRepository;
|
||||
use D3\Webauthn\Application\Model\Exceptions\d3webauthnWrongAuthException;
|
||||
use D3\Webauthn\Application\Model\Exceptions\d3webauthnMissingPublicKeyCredentialRequestOptions;
|
||||
use D3\Webauthn\Application\Model\Webauthn\d3PublicKeyCredentialRpEntity;
|
||||
use D3\Webauthn\Application\Model\Webauthn\d3PublicKeyCredentialSourceRepository;
|
||||
use D3\Webauthn\Application\Model\Webauthn\d3PublicKeyCredentialUserEntity;
|
||||
use Nyholm\Psr7\Factory\Psr17Factory;
|
||||
use Nyholm\Psr7Server\ServerRequestCreator;
|
||||
use OxidEsales\Eshop\Application\Model\User;
|
||||
use OxidEsales\Eshop\Core\Database\Adapter\DatabaseInterface;
|
||||
use OxidEsales\Eshop\Core\DatabaseProvider;
|
||||
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
||||
use OxidEsales\Eshop\Core\Exception\DatabaseErrorException;
|
||||
use OxidEsales\Eshop\Core\Model\BaseModel;
|
||||
use OxidEsales\Eshop\Core\Registry;
|
||||
use Webauthn\PublicKeyCredentialCreationOptions;
|
||||
use Webauthn\PublicKeyCredentialRequestOptions;
|
||||
use Webauthn\Server;
|
||||
|
||||
/**
|
||||
* @deprecated
|
||||
*/
|
||||
|
||||
class d3webauthn extends BaseModel
|
||||
{
|
||||
public $tableName = 'd3PublicKeyCredential';
|
||||
protected $_sCoreTable = 'd3PublicKeyCredential';
|
||||
public $userId;
|
||||
|
||||
/**
|
||||
* d3webauthn constructor.
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
$this->init($this->tableName);
|
||||
|
||||
return parent::__construct();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $userId
|
||||
* @throws DatabaseConnectionException
|
||||
*/
|
||||
public function loadByUserId($userId)
|
||||
{
|
||||
$this->userId = $userId;
|
||||
$oDb = $this->d3GetDb();
|
||||
|
||||
if ($userId && $oDb->getOne("SHOW TABLES LIKE '".$this->tableName."'")) {
|
||||
$query = "SELECT oxid FROM ".$this->getViewName().' WHERE UserHandle = '.$oDb->quote($userId).' LIMIT 1';
|
||||
$this->load($oDb->getOne($query));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return DatabaseInterface
|
||||
* @throws DatabaseConnectionException
|
||||
*/
|
||||
public function d3GetDb()
|
||||
{
|
||||
return DatabaseProvider::getDb(DatabaseProvider::FETCH_MODE_ASSOC);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return User
|
||||
*/
|
||||
public function getUser()
|
||||
{
|
||||
$userId = $this->userId ? $this->userId : $this->getFieldData('UserHandle');
|
||||
|
||||
$user = $this->d3GetUser();
|
||||
$user->load($userId);
|
||||
return $user;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return User
|
||||
*/
|
||||
public function d3GetUser()
|
||||
{
|
||||
return oxNew(User::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
public function isActive()
|
||||
{
|
||||
return false == Registry::getConfig()->getConfigParam('blDisableWebauthnGlobally')
|
||||
&& $this->UserUseWebauthn();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
public function UserUseWebauthn()
|
||||
{
|
||||
return strlen($this->getId())
|
||||
&& strlen($this->__get($this->_getFieldLongName('publickey'))->rawValue);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $auth
|
||||
* @return false|string|null
|
||||
* @throws DatabaseConnectionException
|
||||
* @throws DatabaseErrorException
|
||||
*/
|
||||
public function getCredentialRequestOptions($auth)
|
||||
{
|
||||
$this->loadByUserId($auth);
|
||||
|
||||
$requestOptions = null;
|
||||
|
||||
if ($auth
|
||||
&& $this->isActive()
|
||||
&& false == Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH)
|
||||
) {
|
||||
/** @var d3PublicKeyCredentialRpEntity $rpEntity */
|
||||
$rpEntity = oxNew(d3PublicKeyCredentialRpEntity::class, Registry::getConfig()->getActiveShop());
|
||||
|
||||
$publicKeyCredentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
|
||||
|
||||
$server = new Server(
|
||||
$rpEntity,
|
||||
$publicKeyCredentialSourceRepository,
|
||||
new d3MetadataStatementRepository()
|
||||
);
|
||||
|
||||
$user = $this->getUser();
|
||||
$userEntity = new d3PublicKeyCredentialUserEntity($user);
|
||||
|
||||
$allowedCredentials = [];
|
||||
$credentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
|
||||
/** @var d3PublicKeyCredentialSource $credentialSource */
|
||||
foreach ($credentialSourceRepository->findAllForUserEntity($userEntity) as $credentialSource) {
|
||||
$allowedCredentials[] = $credentialSource->getPublicKeyCredentialDescriptor();
|
||||
}
|
||||
|
||||
// We generate the set of options.
|
||||
$publicKeyCredentialRequestOptions = $server->generatePublicKeyCredentialRequestOptions(
|
||||
PublicKeyCredentialRequestOptions::USER_VERIFICATION_REQUIREMENT_PREFERRED, // Default value
|
||||
$allowedCredentials
|
||||
);
|
||||
|
||||
$requestOptions = json_encode($publicKeyCredentialRequestOptions, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
|
||||
|
||||
Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT, $publicKeyCredentialRequestOptions);
|
||||
|
||||
// set auth as secured parameter;
|
||||
Registry::getSession()->setVariable("auth", $auth);
|
||||
}
|
||||
|
||||
return $requestOptions;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $webauth
|
||||
* @return bool
|
||||
* @throws d3webauthnWrongAuthException
|
||||
* @throws d3webauthnMissingPublicKeyCredentialRequestOptions
|
||||
*/
|
||||
public function verify($webauth)
|
||||
{
|
||||
$blVerify = false;
|
||||
// Retrieve the Options passed to the device
|
||||
$publicKeyCredentialRequestOptions = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT);
|
||||
|
||||
if (!$publicKeyCredentialRequestOptions) {
|
||||
$oException = oxNew(d3webauthnMissingPublicKeyCredentialRequestOptions::class);
|
||||
throw $oException;
|
||||
}
|
||||
|
||||
$psr17Factory = new Psr17Factory();
|
||||
$creator = new ServerRequestCreator(
|
||||
$psr17Factory, // ServerRequestFactory
|
||||
$psr17Factory, // UriFactory
|
||||
$psr17Factory, // UploadedFileFactory
|
||||
$psr17Factory // StreamFactory
|
||||
);
|
||||
|
||||
$serverRequest = $creator->fromGlobals();
|
||||
|
||||
$publicKeyCredentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
|
||||
|
||||
$server = new Server(
|
||||
new d3PublicKeyCredentialRpEntity(Registry::getConfig()->getActiveShop()),
|
||||
$publicKeyCredentialSourceRepository,
|
||||
new d3MetadataStatementRepository()
|
||||
);
|
||||
|
||||
$user = $this->getUser();
|
||||
$userEntity = new d3PublicKeyCredentialUserEntity($user);
|
||||
|
||||
try {
|
||||
$server->loadAndCheckAssertionResponse(
|
||||
$webauth,
|
||||
$publicKeyCredentialRequestOptions, // The options you stored during the previous step
|
||||
$userEntity, // The user entity
|
||||
$serverRequest // The PSR-7 request
|
||||
);
|
||||
$blVerify = true;
|
||||
|
||||
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT);
|
||||
//If everything is fine, this means the user has correctly been authenticated using the
|
||||
// authenticator defined in $publicKeyCredentialSource
|
||||
} catch(InvalidArgumentException $exception) {
|
||||
// ToDo
|
||||
$oException = oxNew(d3webauthnWrongAuthException::class);
|
||||
Registry::getUtilsView()->addErrorToDisplay($oException);
|
||||
// write to log
|
||||
//dumpvar(openssl_error_string());
|
||||
//dumpvar($exception);
|
||||
}
|
||||
|
||||
if (false == $blVerify) {
|
||||
$oException = oxNew(d3webauthnWrongAuthException::class);
|
||||
throw $oException;
|
||||
}
|
||||
|
||||
return $blVerify;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $sUserId
|
||||
* @return PublicKeyCredentialCreationOptions
|
||||
* @throws DatabaseConnectionException
|
||||
* @throws DatabaseErrorException
|
||||
*/
|
||||
public function setAuthnRegister($sUserId)
|
||||
{
|
||||
$rpEntity = oxNew(d3PublicKeyCredentialRpEntity::class, Registry::getConfig()->getActiveShop());
|
||||
|
||||
$publicKeyCredentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
|
||||
|
||||
$server = new Server(
|
||||
$rpEntity,
|
||||
$publicKeyCredentialSourceRepository,
|
||||
new d3MetadataStatementRepository()
|
||||
);
|
||||
/*
|
||||
if (!($user = Registry::getSession()->getUser())) {
|
||||
$e = oxNew(\Exception::class, 'no user loaded');
|
||||
throw $e;
|
||||
}
|
||||
*/
|
||||
$user = oxNew(User::class);
|
||||
$user->load($sUserId);
|
||||
|
||||
$userEntity = new d3PublicKeyCredentialUserEntity($user);
|
||||
|
||||
$excludedCredentials = [];
|
||||
$credentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
|
||||
foreach ($credentialSourceRepository->findAllForUserEntity($userEntity) as $credentialSource) {
|
||||
$excludedCredentials[] = $credentialSource->getPublicKeyCredentialDescriptor();
|
||||
}
|
||||
|
||||
$publicKeyCredentialCreationOptions = $server->generatePublicKeyCredentialCreationOptions(
|
||||
$userEntity,
|
||||
PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE,
|
||||
$excludedCredentials
|
||||
);
|
||||
|
||||
if (!Registry::getSession()->isSessionStarted()) {
|
||||
Registry::getSession()->start();
|
||||
}
|
||||
Registry::getSession()->setVariable('authnobject', $publicKeyCredentialCreationOptions);
|
||||
|
||||
return $publicKeyCredentialCreationOptions;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $request
|
||||
*/
|
||||
public function registerNewKey($request)
|
||||
{
|
||||
/** @var PublicKeyCredentialCreationOptions $publicKeyCredentialCreationOptions */
|
||||
$publicKeyCredentialCreationOptions = Registry::getSession()->getVariable('authnobject');
|
||||
|
||||
// Retrieve de data sent by the device
|
||||
$data = base64_decode($request, true);
|
||||
|
||||
$psr17Factory = new Psr17Factory();
|
||||
$creator = new ServerRequestCreator(
|
||||
$psr17Factory, // ServerRequestFactory
|
||||
$psr17Factory, // UriFactory
|
||||
$psr17Factory, // UploadedFileFactory
|
||||
$psr17Factory // StreamFactory
|
||||
);
|
||||
|
||||
$serverRequest = $creator->fromGlobals();
|
||||
|
||||
/*** register ***/
|
||||
$rpEntity = oxNew(d3PublicKeyCredentialRpEntity::class, Registry::getConfig()->getActiveShop());
|
||||
|
||||
$publicKeyCredentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
|
||||
|
||||
$server = new Server(
|
||||
$rpEntity,
|
||||
$publicKeyCredentialSourceRepository,
|
||||
new d3MetadataStatementRepository()
|
||||
);
|
||||
|
||||
try {
|
||||
$publicKeyCredentialSource = $server->loadAndCheckAttestationResponse(
|
||||
$data,
|
||||
$publicKeyCredentialCreationOptions, // The options you stored during the previous step
|
||||
$serverRequest // The PSR-7 request
|
||||
);
|
||||
|
||||
// The user entity and the public key credential source can now be stored using their repository
|
||||
// The Public Key Credential Source repository must implement Webauthn\PublicKeyCredentialSourceRepository
|
||||
// ToDo: is counter set and why will not save in case of login?
|
||||
$publicKeyCredentialSourceRepository->saveCredentialSource($publicKeyCredentialSource);
|
||||
|
||||
} catch(\Exception $exception) {
|
||||
dumpvar($exception);
|
||||
}
|
||||
dumpvar('registered');
|
||||
}
|
||||
}
|
||||
|
|
@ -15,7 +15,6 @@
|
|||
|
||||
namespace D3\Webauthn\Modules\Application\Component;
|
||||
|
||||
use D3\Webauthn\Application\Model\d3webauthn;
|
||||
use D3\Webauthn\Application\Model\WebauthnConf;
|
||||
use D3\Webauthn\Application\Model\Exceptions\d3webauthnMissingPublicKeyCredentialRequestOptions;
|
||||
use D3\Webauthn\Application\Model\Exceptions\d3webauthnWrongAuthException;
|
||||
|
|
@ -114,15 +113,14 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
|
|||
{
|
||||
$sWebauth = base64_decode(Registry::getRequest()->getRequestParameter('keyauth'));
|
||||
|
||||
$sUserId = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
|
||||
$userId = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
|
||||
$oUser = oxNew(User::class);
|
||||
$oUser->load($sUserId);
|
||||
$oUser->load($userId);
|
||||
|
||||
$webauthn = $this->d3GetWebauthnObject();
|
||||
$webauthn->loadByUserId($sUserId);
|
||||
|
||||
try {
|
||||
if (false == $this->isNoWebauthnOrNoLogin($webauthn) && $this->hasValidWebauthn($sWebauth, $webauthn)) {
|
||||
if (false == $this->isNoWebauthnOrNoLogin($webauthn, $userId) && $this->hasValidWebauthn($sWebauth, $webauthn)) {
|
||||
$this->d3WebauthnRelogin($oUser, $sWebauth);
|
||||
$this->d3WebauthnClearSessionVariables();
|
||||
|
||||
|
|
@ -151,28 +149,32 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
|
|||
}
|
||||
|
||||
/**
|
||||
* @param d3webauthn $webauthn
|
||||
* @param Webauthn $webauthn
|
||||
* @return bool
|
||||
*/
|
||||
public function isNoWebauthnOrNoLogin($webauthn)
|
||||
public function isNoWebauthnOrNoLogin($webauthn, $userId)
|
||||
{
|
||||
return false == $this->d3GetSession()->getVariable("auth")
|
||||
|| false == $webauthn->isActive();
|
||||
|| false == $webauthn->isActive($userId);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $sWebauth
|
||||
* @param d3webauthn $webauthn
|
||||
* @param Webauthn $webauthn
|
||||
* @return bool
|
||||
* @throws d3webauthnMissingPublicKeyCredentialRequestOptions
|
||||
* @throws d3webauthnWrongAuthException
|
||||
*/
|
||||
public function hasValidWebauthn($sWebauth, $webauthn)
|
||||
public function hasValidWebauthn($sWebauth, $webauthn): bool
|
||||
{
|
||||
return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
|
||||
(
|
||||
$sWebauth && $webauthn->verify($sWebauth)
|
||||
);
|
||||
try {
|
||||
return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
|
||||
(
|
||||
$sWebauth && $webauthn->assertAuthn($sWebauth)
|
||||
);
|
||||
} catch (\Exception $e) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
namespace D3\Webauthn\Modules\Core;
|
||||
|
||||
use D3\Webauthn\Application\Model\d3webauthn;
|
||||
use D3\Webauthn\Application\Model\Webauthn;
|
||||
use D3\Webauthn\Application\Model\WebauthnConf;
|
||||
use Doctrine\DBAL\DBALException;
|
||||
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
||||
|
|
@ -35,11 +35,10 @@ class d3_webauthn_utils extends d3_webauthn_utils_parent
|
|||
|
||||
$userID = $this->d3GetSessionObject()->getVariable("auth");
|
||||
$webauthnAuth = (bool) $this->d3GetSessionObject()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH);
|
||||
/** @var d3webauthn $webauthn */
|
||||
/** @var Webauthn $webauthn */
|
||||
$webauthn = $this->d3GetWebauthnObject();
|
||||
$webauthn->loadByUserId($userID);
|
||||
|
||||
if ($blAuth && $webauthn->isActive() && false === $webauthnAuth) {
|
||||
if ($blAuth && $webauthn->isActive($userID) && false === $webauthnAuth) {
|
||||
$this->redirect('index.php?cl=login', true, 302);
|
||||
if (false == defined('OXID_PHP_UNIT')) {
|
||||
// @codeCoverageIgnoreStart
|
||||
|
|
@ -60,10 +59,10 @@ class d3_webauthn_utils extends d3_webauthn_utils_parent
|
|||
}
|
||||
|
||||
/**
|
||||
* @return d3webauthn
|
||||
* @return Webauthn
|
||||
*/
|
||||
public function d3GetWebauthnObject()
|
||||
{
|
||||
return oxNew(d3webauthn::class);
|
||||
return oxNew(Webauthn::class);
|
||||
}
|
||||
}
|
||||
Chargement…
Référencer dans un nouveau ticket