From 048816012c57a57eef6b8e0d2ac15e3277631e4e Mon Sep 17 00:00:00 2001 From: Daniel Seifert Date: Sun, 30 Oct 2022 00:27:11 +0200 Subject: [PATCH] improve code --- .../Controller/Admin/d3user_webauthn.php | 8 +- .../Controller/Admin/d3webauthnadminlogin.php | 23 +- .../Controller/d3_account_webauthn.php | 8 +- .../Controller/d3webauthnlogin.php | 20 +- .../d3webauthnExceptionAbstract.php | 25 -- ...ssingPublicKeyCredentialRequestOptions.php | 36 -- .../d3webauthnWrongAuthException.php | 35 -- src/Application/Model/Webauthn.php | 2 + src/Application/Model/d3webauthn.php | 338 ------------------ .../Component/d3_webauthn_UserComponent.php | 30 +- src/Modules/Core/d3_webauthn_utils.php | 11 +- 11 files changed, 46 insertions(+), 490 deletions(-) delete mode 100755 src/Application/Model/Exceptions/d3webauthnExceptionAbstract.php delete mode 100755 src/Application/Model/Exceptions/d3webauthnMissingPublicKeyCredentialRequestOptions.php delete mode 100755 src/Application/Model/Exceptions/d3webauthnWrongAuthException.php delete mode 100755 src/Application/Model/d3webauthn.php diff --git a/src/Application/Controller/Admin/d3user_webauthn.php b/src/Application/Controller/Admin/d3user_webauthn.php index d04748d..d04f991 100755 --- a/src/Application/Controller/Admin/d3user_webauthn.php +++ b/src/Application/Controller/Admin/d3user_webauthn.php @@ -35,10 +35,8 @@ class d3user_webauthn extends AdminDetailsController /** * @return string - * @throws DatabaseConnectionException - * @throws DatabaseErrorException */ - public function render() + public function render(): string { $this->addTplParam('readonly', (bool) !(oxNew(Webauthn::class)->isAvailable())); @@ -114,7 +112,7 @@ class d3user_webauthn extends AdminDetailsController * @param $userId * @return array */ - public function getCredentialList($userId) + public function getCredentialList($userId): array { $oUser = $this->getUserObject(); $oUser->load($userId); @@ -126,7 +124,7 @@ class d3user_webauthn extends AdminDetailsController /** * @return User */ - public function getUserObject() + public function getUserObject(): User { return oxNew(User::class); } diff --git a/src/Application/Controller/Admin/d3webauthnadminlogin.php b/src/Application/Controller/Admin/d3webauthnadminlogin.php index 6f679bb..3a8f3ef 100755 --- a/src/Application/Controller/Admin/d3webauthnadminlogin.php +++ b/src/Application/Controller/Admin/d3webauthnadminlogin.php @@ -35,7 +35,7 @@ class d3webauthnadminlogin extends AdminController { protected $_sThisTemplate = 'd3webauthnadminlogin.tpl'; - protected function _authorize() // phpcs:ignore PSR2.Methods.MethodDeclaration.Underscore + protected function _authorize(): bool { return true; } @@ -48,10 +48,10 @@ class d3webauthnadminlogin extends AdminController public function render() { if (Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) || - false == Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER) + !Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER) ) { $this->getUtils()->redirect('index.php?cl=admin_start'); - if (false == defined('OXID_PHP_UNIT')) { + if (!defined('OXID_PHP_UNIT')) { // @codeCoverageIgnoreStart exit; // @codeCoverageIgnoreEnd @@ -65,10 +65,6 @@ class d3webauthnadminlogin extends AdminController return parent::render(); } - /** - * @throws DatabaseConnectionException - * @throws DatabaseErrorException - */ public function generateCredentialRequest() { /** @var Webauthn $webauthn */ @@ -104,19 +100,20 @@ class d3webauthnadminlogin extends AdminController $loginController = oxNew(LoginController::class); return $loginController->checklogin(); } - } catch (Exception $e) { Registry::getUtilsView()->addErrorToDisplay($e->getMessage()); $user->logout(); $this->getUtils()->redirect('index.php?cl=login'); } + + return null; } /** * @return Utils */ - public function getUtils() + public function getUtils(): Utils { return Registry::getUtils(); } @@ -126,11 +123,11 @@ class d3webauthnadminlogin extends AdminController return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS); } - public function previousClassIsOrderStep() + public function previousClassIsOrderStep(): bool { $sClassKey = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS); $resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey); - $resolvedClass = $resolvedClass ? $resolvedClass : 'start'; + $resolvedClass = $resolvedClass ?: 'start'; /** @var FrontendController $oController */ $oController = oxNew($resolvedClass); @@ -140,7 +137,7 @@ class d3webauthnadminlogin extends AdminController /** * @return bool */ - public function getIsOrderStep() + public function getIsOrderStep(): bool { return $this->previousClassIsOrderStep(); } @@ -150,7 +147,7 @@ class d3webauthnadminlogin extends AdminController * * @return array */ - public function getBreadCrumb() + public function getBreadCrumb(): array { $aPaths = []; $aPath = []; diff --git a/src/Application/Controller/d3_account_webauthn.php b/src/Application/Controller/d3_account_webauthn.php index 1820dc1..c1e39e1 100755 --- a/src/Application/Controller/d3_account_webauthn.php +++ b/src/Application/Controller/d3_account_webauthn.php @@ -20,8 +20,6 @@ use D3\Webauthn\Application\Model\Credential\PublicKeyCredentialList; use D3\Webauthn\Application\Model\Webauthn; use D3\Webauthn\Application\Model\WebauthnErrors; use OxidEsales\Eshop\Application\Controller\AccountController; -use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; -use OxidEsales\Eshop\Core\Exception\DatabaseErrorException; use OxidEsales\Eshop\Core\Registry; class d3_account_webauthn extends AccountController @@ -30,10 +28,8 @@ class d3_account_webauthn extends AccountController /** * @return string - * @throws DatabaseConnectionException - * @throws DatabaseErrorException */ - public function render() + public function render(): string { $sRet = parent::render(); @@ -53,7 +49,7 @@ class d3_account_webauthn extends AccountController /** * @return publicKeyCredentialList */ - public function getCredentialList() + public function getCredentialList(): PublicKeyCredentialList { $oUser = $this->getUser(); $credentialList = oxNew(PublicKeyCredentialList::class); diff --git a/src/Application/Controller/d3webauthnlogin.php b/src/Application/Controller/d3webauthnlogin.php index 06e8767..3d460a9 100755 --- a/src/Application/Controller/d3webauthnlogin.php +++ b/src/Application/Controller/d3webauthnlogin.php @@ -41,10 +41,10 @@ class d3webauthnlogin extends FrontendController public function render() { if (Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) || - false == Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER) + !Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER) ) { - $this->getUtils()->redirect('index.php?cl=start', true, 302); - if (false == defined('OXID_PHP_UNIT')) { + $this->getUtils()->redirect('index.php?cl=start'); + if (!defined('OXID_PHP_UNIT')) { // @codeCoverageIgnoreStart exit; // @codeCoverageIgnoreEnd @@ -58,10 +58,6 @@ class d3webauthnlogin extends FrontendController return parent::render(); } - /** - * @throws DatabaseConnectionException - * @throws DatabaseErrorException - */ public function generateCredentialRequest() { /** @var Webauthn $webauthn */ @@ -107,7 +103,7 @@ class d3webauthnlogin extends FrontendController /** * @return Utils */ - public function getUtils() + public function getUtils(): Utils { return Registry::getUtils(); } @@ -117,11 +113,11 @@ class d3webauthnlogin extends FrontendController return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS); } - public function previousClassIsOrderStep() + public function previousClassIsOrderStep(): bool { $sClassKey = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS); $resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey); - $resolvedClass = $resolvedClass ? $resolvedClass : 'start'; + $resolvedClass = $resolvedClass ?: 'start'; /** @var FrontendController $oController */ $oController = oxNew($resolvedClass); @@ -131,7 +127,7 @@ class d3webauthnlogin extends FrontendController /** * @return bool */ - public function getIsOrderStep() + public function getIsOrderStep(): bool { return $this->previousClassIsOrderStep(); } @@ -141,7 +137,7 @@ class d3webauthnlogin extends FrontendController * * @return array */ - public function getBreadCrumb() + public function getBreadCrumb(): array { $aPaths = []; $aPath = []; diff --git a/src/Application/Model/Exceptions/d3webauthnExceptionAbstract.php b/src/Application/Model/Exceptions/d3webauthnExceptionAbstract.php deleted file mode 100755 index 851ddfe..0000000 --- a/src/Application/Model/Exceptions/d3webauthnExceptionAbstract.php +++ /dev/null @@ -1,25 +0,0 @@ - - * @link http://www.oxidmodule.com - */ - -namespace D3\Webauthn\Application\Model\Exceptions; - -use OxidEsales\Eshop\Core\Exception\StandardException; - -abstract class d3webauthnExceptionAbstract extends StandardException -{ - -} \ No newline at end of file diff --git a/src/Application/Model/Exceptions/d3webauthnMissingPublicKeyCredentialRequestOptions.php b/src/Application/Model/Exceptions/d3webauthnMissingPublicKeyCredentialRequestOptions.php deleted file mode 100755 index 59c64a6..0000000 --- a/src/Application/Model/Exceptions/d3webauthnMissingPublicKeyCredentialRequestOptions.php +++ /dev/null @@ -1,36 +0,0 @@ - - * @link http://www.oxidmodule.com - */ - -namespace D3\Webauthn\Application\Model\Exceptions; - -use Exception; -use OxidEsales\Eshop\Core\Exception\StandardException; - -class d3webauthnMissingPublicKeyCredentialRequestOptions extends d3webauthnExceptionAbstract -{ - /** - * Default constructor - * - * @param string $sMessage exception message - * @param integer $iCode exception code - * @param Exception|null $previous previous exception - */ - public function __construct($sMessage = "D3_WEBAUTHN_ERROR_MISSINGPKC", $iCode = 0, Exception $previous = null) - { - parent::__construct($sMessage, $iCode, $previous); - } -} diff --git a/src/Application/Model/Exceptions/d3webauthnWrongAuthException.php b/src/Application/Model/Exceptions/d3webauthnWrongAuthException.php deleted file mode 100755 index db9dcd5..0000000 --- a/src/Application/Model/Exceptions/d3webauthnWrongAuthException.php +++ /dev/null @@ -1,35 +0,0 @@ - - * @link http://www.oxidmodule.com - */ - -namespace D3\Webauthn\Application\Model\Exceptions; - -use Exception; - -class d3webauthnWrongAuthException extends d3webauthnExceptionAbstract -{ - /** - * Default constructor - * - * @param string $sMessage exception message - * @param integer $iCode exception code - * @param Exception|null $previous previous exception - */ - public function __construct($sMessage = "D3_WEBAUTHN_ERROR_UNVALID", $iCode = 0, Exception $previous = null) - { - parent::__construct($sMessage, $iCode, $previous); - } -} diff --git a/src/Application/Model/Webauthn.php b/src/Application/Model/Webauthn.php index cd32090..9700bf7 100644 --- a/src/Application/Model/Webauthn.php +++ b/src/Application/Model/Webauthn.php @@ -158,6 +158,8 @@ class Webauthn $userEntity, $serverRequest ); + + return true; } /** diff --git a/src/Application/Model/d3webauthn.php b/src/Application/Model/d3webauthn.php deleted file mode 100755 index 027c95e..0000000 --- a/src/Application/Model/d3webauthn.php +++ /dev/null @@ -1,338 +0,0 @@ - - * @link http://www.oxidmodule.com - */ - -namespace D3\Webauthn\Application\Model; - -use Assert\InvalidArgumentException; -use D3\Webauthn\Application\Model\Credential\d3MetadataStatementRepository; -use D3\Webauthn\Application\Model\Exceptions\d3webauthnWrongAuthException; -use D3\Webauthn\Application\Model\Exceptions\d3webauthnMissingPublicKeyCredentialRequestOptions; -use D3\Webauthn\Application\Model\Webauthn\d3PublicKeyCredentialRpEntity; -use D3\Webauthn\Application\Model\Webauthn\d3PublicKeyCredentialSourceRepository; -use D3\Webauthn\Application\Model\Webauthn\d3PublicKeyCredentialUserEntity; -use Nyholm\Psr7\Factory\Psr17Factory; -use Nyholm\Psr7Server\ServerRequestCreator; -use OxidEsales\Eshop\Application\Model\User; -use OxidEsales\Eshop\Core\Database\Adapter\DatabaseInterface; -use OxidEsales\Eshop\Core\DatabaseProvider; -use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; -use OxidEsales\Eshop\Core\Exception\DatabaseErrorException; -use OxidEsales\Eshop\Core\Model\BaseModel; -use OxidEsales\Eshop\Core\Registry; -use Webauthn\PublicKeyCredentialCreationOptions; -use Webauthn\PublicKeyCredentialRequestOptions; -use Webauthn\Server; - -/** - * @deprecated - */ - -class d3webauthn extends BaseModel -{ - public $tableName = 'd3PublicKeyCredential'; - protected $_sCoreTable = 'd3PublicKeyCredential'; - public $userId; - - /** - * d3webauthn constructor. - */ - public function __construct() - { - $this->init($this->tableName); - - return parent::__construct(); - } - - /** - * @param $userId - * @throws DatabaseConnectionException - */ - public function loadByUserId($userId) - { - $this->userId = $userId; - $oDb = $this->d3GetDb(); - - if ($userId && $oDb->getOne("SHOW TABLES LIKE '".$this->tableName."'")) { - $query = "SELECT oxid FROM ".$this->getViewName().' WHERE UserHandle = '.$oDb->quote($userId).' LIMIT 1'; - $this->load($oDb->getOne($query)); - } - } - - /** - * @return DatabaseInterface - * @throws DatabaseConnectionException - */ - public function d3GetDb() - { - return DatabaseProvider::getDb(DatabaseProvider::FETCH_MODE_ASSOC); - } - - /** - * @return User - */ - public function getUser() - { - $userId = $this->userId ? $this->userId : $this->getFieldData('UserHandle'); - - $user = $this->d3GetUser(); - $user->load($userId); - return $user; - } - - /** - * @return User - */ - public function d3GetUser() - { - return oxNew(User::class); - } - - /** - * @return bool - */ - public function isActive() - { - return false == Registry::getConfig()->getConfigParam('blDisableWebauthnGlobally') - && $this->UserUseWebauthn(); - } - - /** - * @return bool - */ - public function UserUseWebauthn() - { - return strlen($this->getId()) - && strlen($this->__get($this->_getFieldLongName('publickey'))->rawValue); - } - - /** - * @param $auth - * @return false|string|null - * @throws DatabaseConnectionException - * @throws DatabaseErrorException - */ - public function getCredentialRequestOptions($auth) - { - $this->loadByUserId($auth); - - $requestOptions = null; - - if ($auth - && $this->isActive() - && false == Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) - ) { - /** @var d3PublicKeyCredentialRpEntity $rpEntity */ - $rpEntity = oxNew(d3PublicKeyCredentialRpEntity::class, Registry::getConfig()->getActiveShop()); - - $publicKeyCredentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class); - - $server = new Server( - $rpEntity, - $publicKeyCredentialSourceRepository, - new d3MetadataStatementRepository() - ); - - $user = $this->getUser(); - $userEntity = new d3PublicKeyCredentialUserEntity($user); - - $allowedCredentials = []; - $credentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class); - /** @var d3PublicKeyCredentialSource $credentialSource */ - foreach ($credentialSourceRepository->findAllForUserEntity($userEntity) as $credentialSource) { - $allowedCredentials[] = $credentialSource->getPublicKeyCredentialDescriptor(); - } - - // We generate the set of options. - $publicKeyCredentialRequestOptions = $server->generatePublicKeyCredentialRequestOptions( - PublicKeyCredentialRequestOptions::USER_VERIFICATION_REQUIREMENT_PREFERRED, // Default value - $allowedCredentials - ); - - $requestOptions = json_encode($publicKeyCredentialRequestOptions, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); - - Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT, $publicKeyCredentialRequestOptions); - - // set auth as secured parameter; - Registry::getSession()->setVariable("auth", $auth); - } - - return $requestOptions; - } - - /** - * @param $webauth - * @return bool - * @throws d3webauthnWrongAuthException - * @throws d3webauthnMissingPublicKeyCredentialRequestOptions - */ - public function verify($webauth) - { - $blVerify = false; - // Retrieve the Options passed to the device - $publicKeyCredentialRequestOptions = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT); - - if (!$publicKeyCredentialRequestOptions) { - $oException = oxNew(d3webauthnMissingPublicKeyCredentialRequestOptions::class); - throw $oException; - } - - $psr17Factory = new Psr17Factory(); - $creator = new ServerRequestCreator( - $psr17Factory, // ServerRequestFactory - $psr17Factory, // UriFactory - $psr17Factory, // UploadedFileFactory - $psr17Factory // StreamFactory - ); - - $serverRequest = $creator->fromGlobals(); - - $publicKeyCredentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class); - - $server = new Server( - new d3PublicKeyCredentialRpEntity(Registry::getConfig()->getActiveShop()), - $publicKeyCredentialSourceRepository, - new d3MetadataStatementRepository() - ); - - $user = $this->getUser(); - $userEntity = new d3PublicKeyCredentialUserEntity($user); - - try { - $server->loadAndCheckAssertionResponse( - $webauth, - $publicKeyCredentialRequestOptions, // The options you stored during the previous step - $userEntity, // The user entity - $serverRequest // The PSR-7 request - ); - $blVerify = true; - - Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT); - //If everything is fine, this means the user has correctly been authenticated using the - // authenticator defined in $publicKeyCredentialSource - } catch(InvalidArgumentException $exception) { -// ToDo - $oException = oxNew(d3webauthnWrongAuthException::class); - Registry::getUtilsView()->addErrorToDisplay($oException); - // write to log - //dumpvar(openssl_error_string()); - //dumpvar($exception); - } - - if (false == $blVerify) { - $oException = oxNew(d3webauthnWrongAuthException::class); - throw $oException; - } - - return $blVerify; - } - - /** - * @param $sUserId - * @return PublicKeyCredentialCreationOptions - * @throws DatabaseConnectionException - * @throws DatabaseErrorException - */ - public function setAuthnRegister($sUserId) - { - $rpEntity = oxNew(d3PublicKeyCredentialRpEntity::class, Registry::getConfig()->getActiveShop()); - - $publicKeyCredentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class); - - $server = new Server( - $rpEntity, - $publicKeyCredentialSourceRepository, - new d3MetadataStatementRepository() - ); - /* - if (!($user = Registry::getSession()->getUser())) { - $e = oxNew(\Exception::class, 'no user loaded'); - throw $e; - } - */ - $user = oxNew(User::class); - $user->load($sUserId); - - $userEntity = new d3PublicKeyCredentialUserEntity($user); - - $excludedCredentials = []; - $credentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class); - foreach ($credentialSourceRepository->findAllForUserEntity($userEntity) as $credentialSource) { - $excludedCredentials[] = $credentialSource->getPublicKeyCredentialDescriptor(); - } - - $publicKeyCredentialCreationOptions = $server->generatePublicKeyCredentialCreationOptions( - $userEntity, - PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE, - $excludedCredentials - ); - - if (!Registry::getSession()->isSessionStarted()) { - Registry::getSession()->start(); - } - Registry::getSession()->setVariable('authnobject', $publicKeyCredentialCreationOptions); - - return $publicKeyCredentialCreationOptions; - } - - /** - * @param $request - */ - public function registerNewKey($request) - { - /** @var PublicKeyCredentialCreationOptions $publicKeyCredentialCreationOptions */ - $publicKeyCredentialCreationOptions = Registry::getSession()->getVariable('authnobject'); - - // Retrieve de data sent by the device - $data = base64_decode($request, true); - - $psr17Factory = new Psr17Factory(); - $creator = new ServerRequestCreator( - $psr17Factory, // ServerRequestFactory - $psr17Factory, // UriFactory - $psr17Factory, // UploadedFileFactory - $psr17Factory // StreamFactory - ); - - $serverRequest = $creator->fromGlobals(); - - /*** register ***/ - $rpEntity = oxNew(d3PublicKeyCredentialRpEntity::class, Registry::getConfig()->getActiveShop()); - - $publicKeyCredentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class); - - $server = new Server( - $rpEntity, - $publicKeyCredentialSourceRepository, - new d3MetadataStatementRepository() - ); - - try { - $publicKeyCredentialSource = $server->loadAndCheckAttestationResponse( - $data, - $publicKeyCredentialCreationOptions, // The options you stored during the previous step - $serverRequest // The PSR-7 request - ); - - // The user entity and the public key credential source can now be stored using their repository - // The Public Key Credential Source repository must implement Webauthn\PublicKeyCredentialSourceRepository -// ToDo: is counter set and why will not save in case of login? - $publicKeyCredentialSourceRepository->saveCredentialSource($publicKeyCredentialSource); - - } catch(\Exception $exception) { - dumpvar($exception); - } - dumpvar('registered'); - } -} \ No newline at end of file diff --git a/src/Modules/Application/Component/d3_webauthn_UserComponent.php b/src/Modules/Application/Component/d3_webauthn_UserComponent.php index d00cd45..41686be 100755 --- a/src/Modules/Application/Component/d3_webauthn_UserComponent.php +++ b/src/Modules/Application/Component/d3_webauthn_UserComponent.php @@ -15,7 +15,6 @@ namespace D3\Webauthn\Modules\Application\Component; -use D3\Webauthn\Application\Model\d3webauthn; use D3\Webauthn\Application\Model\WebauthnConf; use D3\Webauthn\Application\Model\Exceptions\d3webauthnMissingPublicKeyCredentialRequestOptions; use D3\Webauthn\Application\Model\Exceptions\d3webauthnWrongAuthException; @@ -114,15 +113,14 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent { $sWebauth = base64_decode(Registry::getRequest()->getRequestParameter('keyauth')); - $sUserId = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER); + $userId = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER); $oUser = oxNew(User::class); - $oUser->load($sUserId); + $oUser->load($userId); $webauthn = $this->d3GetWebauthnObject(); - $webauthn->loadByUserId($sUserId); try { - if (false == $this->isNoWebauthnOrNoLogin($webauthn) && $this->hasValidWebauthn($sWebauth, $webauthn)) { + if (false == $this->isNoWebauthnOrNoLogin($webauthn, $userId) && $this->hasValidWebauthn($sWebauth, $webauthn)) { $this->d3WebauthnRelogin($oUser, $sWebauth); $this->d3WebauthnClearSessionVariables(); @@ -151,28 +149,32 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent } /** - * @param d3webauthn $webauthn + * @param Webauthn $webauthn * @return bool */ - public function isNoWebauthnOrNoLogin($webauthn) + public function isNoWebauthnOrNoLogin($webauthn, $userId) { return false == $this->d3GetSession()->getVariable("auth") - || false == $webauthn->isActive(); + || false == $webauthn->isActive($userId); } /** * @param string $sWebauth - * @param d3webauthn $webauthn + * @param Webauthn $webauthn * @return bool * @throws d3webauthnMissingPublicKeyCredentialRequestOptions * @throws d3webauthnWrongAuthException */ - public function hasValidWebauthn($sWebauth, $webauthn) + public function hasValidWebauthn($sWebauth, $webauthn): bool { - return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) || - ( - $sWebauth && $webauthn->verify($sWebauth) - ); + try { + return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) || + ( + $sWebauth && $webauthn->assertAuthn($sWebauth) + ); + } catch (\Exception $e) { + return false; + } } /** diff --git a/src/Modules/Core/d3_webauthn_utils.php b/src/Modules/Core/d3_webauthn_utils.php index d5d037b..f665911 100755 --- a/src/Modules/Core/d3_webauthn_utils.php +++ b/src/Modules/Core/d3_webauthn_utils.php @@ -15,7 +15,7 @@ namespace D3\Webauthn\Modules\Core; -use D3\Webauthn\Application\Model\d3webauthn; +use D3\Webauthn\Application\Model\Webauthn; use D3\Webauthn\Application\Model\WebauthnConf; use Doctrine\DBAL\DBALException; use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; @@ -35,11 +35,10 @@ class d3_webauthn_utils extends d3_webauthn_utils_parent $userID = $this->d3GetSessionObject()->getVariable("auth"); $webauthnAuth = (bool) $this->d3GetSessionObject()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH); - /** @var d3webauthn $webauthn */ + /** @var Webauthn $webauthn */ $webauthn = $this->d3GetWebauthnObject(); - $webauthn->loadByUserId($userID); - if ($blAuth && $webauthn->isActive() && false === $webauthnAuth) { + if ($blAuth && $webauthn->isActive($userID) && false === $webauthnAuth) { $this->redirect('index.php?cl=login', true, 302); if (false == defined('OXID_PHP_UNIT')) { // @codeCoverageIgnoreStart @@ -60,10 +59,10 @@ class d3_webauthn_utils extends d3_webauthn_utils_parent } /** - * @return d3webauthn + * @return Webauthn */ public function d3GetWebauthnObject() { - return oxNew(d3webauthn::class); + return oxNew(Webauthn::class); } } \ No newline at end of file