improve code
This commit is contained in:
parent
a23ec6ad32
commit
048816012c
@ -35,10 +35,8 @@ class d3user_webauthn extends AdminDetailsController
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* @return string
|
* @return string
|
||||||
* @throws DatabaseConnectionException
|
|
||||||
* @throws DatabaseErrorException
|
|
||||||
*/
|
*/
|
||||||
public function render()
|
public function render(): string
|
||||||
{
|
{
|
||||||
$this->addTplParam('readonly', (bool) !(oxNew(Webauthn::class)->isAvailable()));
|
$this->addTplParam('readonly', (bool) !(oxNew(Webauthn::class)->isAvailable()));
|
||||||
|
|
||||||
@ -114,7 +112,7 @@ class d3user_webauthn extends AdminDetailsController
|
|||||||
* @param $userId
|
* @param $userId
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
public function getCredentialList($userId)
|
public function getCredentialList($userId): array
|
||||||
{
|
{
|
||||||
$oUser = $this->getUserObject();
|
$oUser = $this->getUserObject();
|
||||||
$oUser->load($userId);
|
$oUser->load($userId);
|
||||||
@ -126,7 +124,7 @@ class d3user_webauthn extends AdminDetailsController
|
|||||||
/**
|
/**
|
||||||
* @return User
|
* @return User
|
||||||
*/
|
*/
|
||||||
public function getUserObject()
|
public function getUserObject(): User
|
||||||
{
|
{
|
||||||
return oxNew(User::class);
|
return oxNew(User::class);
|
||||||
}
|
}
|
||||||
|
@ -35,7 +35,7 @@ class d3webauthnadminlogin extends AdminController
|
|||||||
{
|
{
|
||||||
protected $_sThisTemplate = 'd3webauthnadminlogin.tpl';
|
protected $_sThisTemplate = 'd3webauthnadminlogin.tpl';
|
||||||
|
|
||||||
protected function _authorize() // phpcs:ignore PSR2.Methods.MethodDeclaration.Underscore
|
protected function _authorize(): bool
|
||||||
{
|
{
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
@ -48,10 +48,10 @@ class d3webauthnadminlogin extends AdminController
|
|||||||
public function render()
|
public function render()
|
||||||
{
|
{
|
||||||
if (Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
|
if (Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
|
||||||
false == Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER)
|
!Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER)
|
||||||
) {
|
) {
|
||||||
$this->getUtils()->redirect('index.php?cl=admin_start');
|
$this->getUtils()->redirect('index.php?cl=admin_start');
|
||||||
if (false == defined('OXID_PHP_UNIT')) {
|
if (!defined('OXID_PHP_UNIT')) {
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
exit;
|
exit;
|
||||||
// @codeCoverageIgnoreEnd
|
// @codeCoverageIgnoreEnd
|
||||||
@ -65,10 +65,6 @@ class d3webauthnadminlogin extends AdminController
|
|||||||
return parent::render();
|
return parent::render();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @throws DatabaseConnectionException
|
|
||||||
* @throws DatabaseErrorException
|
|
||||||
*/
|
|
||||||
public function generateCredentialRequest()
|
public function generateCredentialRequest()
|
||||||
{
|
{
|
||||||
/** @var Webauthn $webauthn */
|
/** @var Webauthn $webauthn */
|
||||||
@ -104,19 +100,20 @@ class d3webauthnadminlogin extends AdminController
|
|||||||
$loginController = oxNew(LoginController::class);
|
$loginController = oxNew(LoginController::class);
|
||||||
return $loginController->checklogin();
|
return $loginController->checklogin();
|
||||||
}
|
}
|
||||||
|
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
Registry::getUtilsView()->addErrorToDisplay($e->getMessage());
|
Registry::getUtilsView()->addErrorToDisplay($e->getMessage());
|
||||||
|
|
||||||
$user->logout();
|
$user->logout();
|
||||||
$this->getUtils()->redirect('index.php?cl=login');
|
$this->getUtils()->redirect('index.php?cl=login');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return Utils
|
* @return Utils
|
||||||
*/
|
*/
|
||||||
public function getUtils()
|
public function getUtils(): Utils
|
||||||
{
|
{
|
||||||
return Registry::getUtils();
|
return Registry::getUtils();
|
||||||
}
|
}
|
||||||
@ -126,11 +123,11 @@ class d3webauthnadminlogin extends AdminController
|
|||||||
return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function previousClassIsOrderStep()
|
public function previousClassIsOrderStep(): bool
|
||||||
{
|
{
|
||||||
$sClassKey = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
$sClassKey = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
||||||
$resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey);
|
$resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey);
|
||||||
$resolvedClass = $resolvedClass ? $resolvedClass : 'start';
|
$resolvedClass = $resolvedClass ?: 'start';
|
||||||
|
|
||||||
/** @var FrontendController $oController */
|
/** @var FrontendController $oController */
|
||||||
$oController = oxNew($resolvedClass);
|
$oController = oxNew($resolvedClass);
|
||||||
@ -140,7 +137,7 @@ class d3webauthnadminlogin extends AdminController
|
|||||||
/**
|
/**
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function getIsOrderStep()
|
public function getIsOrderStep(): bool
|
||||||
{
|
{
|
||||||
return $this->previousClassIsOrderStep();
|
return $this->previousClassIsOrderStep();
|
||||||
}
|
}
|
||||||
@ -150,7 +147,7 @@ class d3webauthnadminlogin extends AdminController
|
|||||||
*
|
*
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
public function getBreadCrumb()
|
public function getBreadCrumb(): array
|
||||||
{
|
{
|
||||||
$aPaths = [];
|
$aPaths = [];
|
||||||
$aPath = [];
|
$aPath = [];
|
||||||
|
@ -20,8 +20,6 @@ use D3\Webauthn\Application\Model\Credential\PublicKeyCredentialList;
|
|||||||
use D3\Webauthn\Application\Model\Webauthn;
|
use D3\Webauthn\Application\Model\Webauthn;
|
||||||
use D3\Webauthn\Application\Model\WebauthnErrors;
|
use D3\Webauthn\Application\Model\WebauthnErrors;
|
||||||
use OxidEsales\Eshop\Application\Controller\AccountController;
|
use OxidEsales\Eshop\Application\Controller\AccountController;
|
||||||
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
|
||||||
use OxidEsales\Eshop\Core\Exception\DatabaseErrorException;
|
|
||||||
use OxidEsales\Eshop\Core\Registry;
|
use OxidEsales\Eshop\Core\Registry;
|
||||||
|
|
||||||
class d3_account_webauthn extends AccountController
|
class d3_account_webauthn extends AccountController
|
||||||
@ -30,10 +28,8 @@ class d3_account_webauthn extends AccountController
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* @return string
|
* @return string
|
||||||
* @throws DatabaseConnectionException
|
|
||||||
* @throws DatabaseErrorException
|
|
||||||
*/
|
*/
|
||||||
public function render()
|
public function render(): string
|
||||||
{
|
{
|
||||||
$sRet = parent::render();
|
$sRet = parent::render();
|
||||||
|
|
||||||
@ -53,7 +49,7 @@ class d3_account_webauthn extends AccountController
|
|||||||
/**
|
/**
|
||||||
* @return publicKeyCredentialList
|
* @return publicKeyCredentialList
|
||||||
*/
|
*/
|
||||||
public function getCredentialList()
|
public function getCredentialList(): PublicKeyCredentialList
|
||||||
{
|
{
|
||||||
$oUser = $this->getUser();
|
$oUser = $this->getUser();
|
||||||
$credentialList = oxNew(PublicKeyCredentialList::class);
|
$credentialList = oxNew(PublicKeyCredentialList::class);
|
||||||
|
@ -41,10 +41,10 @@ class d3webauthnlogin extends FrontendController
|
|||||||
public function render()
|
public function render()
|
||||||
{
|
{
|
||||||
if (Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
|
if (Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
|
||||||
false == Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER)
|
!Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER)
|
||||||
) {
|
) {
|
||||||
$this->getUtils()->redirect('index.php?cl=start', true, 302);
|
$this->getUtils()->redirect('index.php?cl=start');
|
||||||
if (false == defined('OXID_PHP_UNIT')) {
|
if (!defined('OXID_PHP_UNIT')) {
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
exit;
|
exit;
|
||||||
// @codeCoverageIgnoreEnd
|
// @codeCoverageIgnoreEnd
|
||||||
@ -58,10 +58,6 @@ class d3webauthnlogin extends FrontendController
|
|||||||
return parent::render();
|
return parent::render();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @throws DatabaseConnectionException
|
|
||||||
* @throws DatabaseErrorException
|
|
||||||
*/
|
|
||||||
public function generateCredentialRequest()
|
public function generateCredentialRequest()
|
||||||
{
|
{
|
||||||
/** @var Webauthn $webauthn */
|
/** @var Webauthn $webauthn */
|
||||||
@ -107,7 +103,7 @@ class d3webauthnlogin extends FrontendController
|
|||||||
/**
|
/**
|
||||||
* @return Utils
|
* @return Utils
|
||||||
*/
|
*/
|
||||||
public function getUtils()
|
public function getUtils(): Utils
|
||||||
{
|
{
|
||||||
return Registry::getUtils();
|
return Registry::getUtils();
|
||||||
}
|
}
|
||||||
@ -117,11 +113,11 @@ class d3webauthnlogin extends FrontendController
|
|||||||
return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function previousClassIsOrderStep()
|
public function previousClassIsOrderStep(): bool
|
||||||
{
|
{
|
||||||
$sClassKey = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
$sClassKey = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
||||||
$resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey);
|
$resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey);
|
||||||
$resolvedClass = $resolvedClass ? $resolvedClass : 'start';
|
$resolvedClass = $resolvedClass ?: 'start';
|
||||||
|
|
||||||
/** @var FrontendController $oController */
|
/** @var FrontendController $oController */
|
||||||
$oController = oxNew($resolvedClass);
|
$oController = oxNew($resolvedClass);
|
||||||
@ -131,7 +127,7 @@ class d3webauthnlogin extends FrontendController
|
|||||||
/**
|
/**
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function getIsOrderStep()
|
public function getIsOrderStep(): bool
|
||||||
{
|
{
|
||||||
return $this->previousClassIsOrderStep();
|
return $this->previousClassIsOrderStep();
|
||||||
}
|
}
|
||||||
@ -141,7 +137,7 @@ class d3webauthnlogin extends FrontendController
|
|||||||
*
|
*
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
public function getBreadCrumb()
|
public function getBreadCrumb(): array
|
||||||
{
|
{
|
||||||
$aPaths = [];
|
$aPaths = [];
|
||||||
$aPath = [];
|
$aPath = [];
|
||||||
|
@ -1,25 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This Software is the property of Data Development and is protected
|
|
||||||
* by copyright law - it is NOT Freeware.
|
|
||||||
*
|
|
||||||
* Any unauthorized use of this software without a valid license
|
|
||||||
* is a violation of the license agreement and will be prosecuted by
|
|
||||||
* civil and criminal law.
|
|
||||||
*
|
|
||||||
* http://www.shopmodule.com
|
|
||||||
*
|
|
||||||
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
|
|
||||||
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
|
|
||||||
* @link http://www.oxidmodule.com
|
|
||||||
*/
|
|
||||||
|
|
||||||
namespace D3\Webauthn\Application\Model\Exceptions;
|
|
||||||
|
|
||||||
use OxidEsales\Eshop\Core\Exception\StandardException;
|
|
||||||
|
|
||||||
abstract class d3webauthnExceptionAbstract extends StandardException
|
|
||||||
{
|
|
||||||
|
|
||||||
}
|
|
@ -1,36 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This Software is the property of Data Development and is protected
|
|
||||||
* by copyright law - it is NOT Freeware.
|
|
||||||
*
|
|
||||||
* Any unauthorized use of this software without a valid license
|
|
||||||
* is a violation of the license agreement and will be prosecuted by
|
|
||||||
* civil and criminal law.
|
|
||||||
*
|
|
||||||
* http://www.shopmodule.com
|
|
||||||
*
|
|
||||||
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
|
|
||||||
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
|
|
||||||
* @link http://www.oxidmodule.com
|
|
||||||
*/
|
|
||||||
|
|
||||||
namespace D3\Webauthn\Application\Model\Exceptions;
|
|
||||||
|
|
||||||
use Exception;
|
|
||||||
use OxidEsales\Eshop\Core\Exception\StandardException;
|
|
||||||
|
|
||||||
class d3webauthnMissingPublicKeyCredentialRequestOptions extends d3webauthnExceptionAbstract
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* Default constructor
|
|
||||||
*
|
|
||||||
* @param string $sMessage exception message
|
|
||||||
* @param integer $iCode exception code
|
|
||||||
* @param Exception|null $previous previous exception
|
|
||||||
*/
|
|
||||||
public function __construct($sMessage = "D3_WEBAUTHN_ERROR_MISSINGPKC", $iCode = 0, Exception $previous = null)
|
|
||||||
{
|
|
||||||
parent::__construct($sMessage, $iCode, $previous);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,35 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This Software is the property of Data Development and is protected
|
|
||||||
* by copyright law - it is NOT Freeware.
|
|
||||||
*
|
|
||||||
* Any unauthorized use of this software without a valid license
|
|
||||||
* is a violation of the license agreement and will be prosecuted by
|
|
||||||
* civil and criminal law.
|
|
||||||
*
|
|
||||||
* http://www.shopmodule.com
|
|
||||||
*
|
|
||||||
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
|
|
||||||
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
|
|
||||||
* @link http://www.oxidmodule.com
|
|
||||||
*/
|
|
||||||
|
|
||||||
namespace D3\Webauthn\Application\Model\Exceptions;
|
|
||||||
|
|
||||||
use Exception;
|
|
||||||
|
|
||||||
class d3webauthnWrongAuthException extends d3webauthnExceptionAbstract
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* Default constructor
|
|
||||||
*
|
|
||||||
* @param string $sMessage exception message
|
|
||||||
* @param integer $iCode exception code
|
|
||||||
* @param Exception|null $previous previous exception
|
|
||||||
*/
|
|
||||||
public function __construct($sMessage = "D3_WEBAUTHN_ERROR_UNVALID", $iCode = 0, Exception $previous = null)
|
|
||||||
{
|
|
||||||
parent::__construct($sMessage, $iCode, $previous);
|
|
||||||
}
|
|
||||||
}
|
|
@ -158,6 +158,8 @@ class Webauthn
|
|||||||
$userEntity,
|
$userEntity,
|
||||||
$serverRequest
|
$serverRequest
|
||||||
);
|
);
|
||||||
|
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1,338 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This Software is the property of Data Development and is protected
|
|
||||||
* by copyright law - it is NOT Freeware.
|
|
||||||
* Any unauthorized use of this software without a valid license
|
|
||||||
* is a violation of the license agreement and will be prosecuted by
|
|
||||||
* civil and criminal law.
|
|
||||||
* http://www.shopmodule.com
|
|
||||||
*
|
|
||||||
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
|
|
||||||
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
|
|
||||||
* @link http://www.oxidmodule.com
|
|
||||||
*/
|
|
||||||
|
|
||||||
namespace D3\Webauthn\Application\Model;
|
|
||||||
|
|
||||||
use Assert\InvalidArgumentException;
|
|
||||||
use D3\Webauthn\Application\Model\Credential\d3MetadataStatementRepository;
|
|
||||||
use D3\Webauthn\Application\Model\Exceptions\d3webauthnWrongAuthException;
|
|
||||||
use D3\Webauthn\Application\Model\Exceptions\d3webauthnMissingPublicKeyCredentialRequestOptions;
|
|
||||||
use D3\Webauthn\Application\Model\Webauthn\d3PublicKeyCredentialRpEntity;
|
|
||||||
use D3\Webauthn\Application\Model\Webauthn\d3PublicKeyCredentialSourceRepository;
|
|
||||||
use D3\Webauthn\Application\Model\Webauthn\d3PublicKeyCredentialUserEntity;
|
|
||||||
use Nyholm\Psr7\Factory\Psr17Factory;
|
|
||||||
use Nyholm\Psr7Server\ServerRequestCreator;
|
|
||||||
use OxidEsales\Eshop\Application\Model\User;
|
|
||||||
use OxidEsales\Eshop\Core\Database\Adapter\DatabaseInterface;
|
|
||||||
use OxidEsales\Eshop\Core\DatabaseProvider;
|
|
||||||
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
|
||||||
use OxidEsales\Eshop\Core\Exception\DatabaseErrorException;
|
|
||||||
use OxidEsales\Eshop\Core\Model\BaseModel;
|
|
||||||
use OxidEsales\Eshop\Core\Registry;
|
|
||||||
use Webauthn\PublicKeyCredentialCreationOptions;
|
|
||||||
use Webauthn\PublicKeyCredentialRequestOptions;
|
|
||||||
use Webauthn\Server;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @deprecated
|
|
||||||
*/
|
|
||||||
|
|
||||||
class d3webauthn extends BaseModel
|
|
||||||
{
|
|
||||||
public $tableName = 'd3PublicKeyCredential';
|
|
||||||
protected $_sCoreTable = 'd3PublicKeyCredential';
|
|
||||||
public $userId;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* d3webauthn constructor.
|
|
||||||
*/
|
|
||||||
public function __construct()
|
|
||||||
{
|
|
||||||
$this->init($this->tableName);
|
|
||||||
|
|
||||||
return parent::__construct();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param $userId
|
|
||||||
* @throws DatabaseConnectionException
|
|
||||||
*/
|
|
||||||
public function loadByUserId($userId)
|
|
||||||
{
|
|
||||||
$this->userId = $userId;
|
|
||||||
$oDb = $this->d3GetDb();
|
|
||||||
|
|
||||||
if ($userId && $oDb->getOne("SHOW TABLES LIKE '".$this->tableName."'")) {
|
|
||||||
$query = "SELECT oxid FROM ".$this->getViewName().' WHERE UserHandle = '.$oDb->quote($userId).' LIMIT 1';
|
|
||||||
$this->load($oDb->getOne($query));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @return DatabaseInterface
|
|
||||||
* @throws DatabaseConnectionException
|
|
||||||
*/
|
|
||||||
public function d3GetDb()
|
|
||||||
{
|
|
||||||
return DatabaseProvider::getDb(DatabaseProvider::FETCH_MODE_ASSOC);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @return User
|
|
||||||
*/
|
|
||||||
public function getUser()
|
|
||||||
{
|
|
||||||
$userId = $this->userId ? $this->userId : $this->getFieldData('UserHandle');
|
|
||||||
|
|
||||||
$user = $this->d3GetUser();
|
|
||||||
$user->load($userId);
|
|
||||||
return $user;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @return User
|
|
||||||
*/
|
|
||||||
public function d3GetUser()
|
|
||||||
{
|
|
||||||
return oxNew(User::class);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @return bool
|
|
||||||
*/
|
|
||||||
public function isActive()
|
|
||||||
{
|
|
||||||
return false == Registry::getConfig()->getConfigParam('blDisableWebauthnGlobally')
|
|
||||||
&& $this->UserUseWebauthn();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @return bool
|
|
||||||
*/
|
|
||||||
public function UserUseWebauthn()
|
|
||||||
{
|
|
||||||
return strlen($this->getId())
|
|
||||||
&& strlen($this->__get($this->_getFieldLongName('publickey'))->rawValue);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param $auth
|
|
||||||
* @return false|string|null
|
|
||||||
* @throws DatabaseConnectionException
|
|
||||||
* @throws DatabaseErrorException
|
|
||||||
*/
|
|
||||||
public function getCredentialRequestOptions($auth)
|
|
||||||
{
|
|
||||||
$this->loadByUserId($auth);
|
|
||||||
|
|
||||||
$requestOptions = null;
|
|
||||||
|
|
||||||
if ($auth
|
|
||||||
&& $this->isActive()
|
|
||||||
&& false == Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH)
|
|
||||||
) {
|
|
||||||
/** @var d3PublicKeyCredentialRpEntity $rpEntity */
|
|
||||||
$rpEntity = oxNew(d3PublicKeyCredentialRpEntity::class, Registry::getConfig()->getActiveShop());
|
|
||||||
|
|
||||||
$publicKeyCredentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
|
|
||||||
|
|
||||||
$server = new Server(
|
|
||||||
$rpEntity,
|
|
||||||
$publicKeyCredentialSourceRepository,
|
|
||||||
new d3MetadataStatementRepository()
|
|
||||||
);
|
|
||||||
|
|
||||||
$user = $this->getUser();
|
|
||||||
$userEntity = new d3PublicKeyCredentialUserEntity($user);
|
|
||||||
|
|
||||||
$allowedCredentials = [];
|
|
||||||
$credentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
|
|
||||||
/** @var d3PublicKeyCredentialSource $credentialSource */
|
|
||||||
foreach ($credentialSourceRepository->findAllForUserEntity($userEntity) as $credentialSource) {
|
|
||||||
$allowedCredentials[] = $credentialSource->getPublicKeyCredentialDescriptor();
|
|
||||||
}
|
|
||||||
|
|
||||||
// We generate the set of options.
|
|
||||||
$publicKeyCredentialRequestOptions = $server->generatePublicKeyCredentialRequestOptions(
|
|
||||||
PublicKeyCredentialRequestOptions::USER_VERIFICATION_REQUIREMENT_PREFERRED, // Default value
|
|
||||||
$allowedCredentials
|
|
||||||
);
|
|
||||||
|
|
||||||
$requestOptions = json_encode($publicKeyCredentialRequestOptions, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
|
|
||||||
|
|
||||||
Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT, $publicKeyCredentialRequestOptions);
|
|
||||||
|
|
||||||
// set auth as secured parameter;
|
|
||||||
Registry::getSession()->setVariable("auth", $auth);
|
|
||||||
}
|
|
||||||
|
|
||||||
return $requestOptions;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param $webauth
|
|
||||||
* @return bool
|
|
||||||
* @throws d3webauthnWrongAuthException
|
|
||||||
* @throws d3webauthnMissingPublicKeyCredentialRequestOptions
|
|
||||||
*/
|
|
||||||
public function verify($webauth)
|
|
||||||
{
|
|
||||||
$blVerify = false;
|
|
||||||
// Retrieve the Options passed to the device
|
|
||||||
$publicKeyCredentialRequestOptions = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT);
|
|
||||||
|
|
||||||
if (!$publicKeyCredentialRequestOptions) {
|
|
||||||
$oException = oxNew(d3webauthnMissingPublicKeyCredentialRequestOptions::class);
|
|
||||||
throw $oException;
|
|
||||||
}
|
|
||||||
|
|
||||||
$psr17Factory = new Psr17Factory();
|
|
||||||
$creator = new ServerRequestCreator(
|
|
||||||
$psr17Factory, // ServerRequestFactory
|
|
||||||
$psr17Factory, // UriFactory
|
|
||||||
$psr17Factory, // UploadedFileFactory
|
|
||||||
$psr17Factory // StreamFactory
|
|
||||||
);
|
|
||||||
|
|
||||||
$serverRequest = $creator->fromGlobals();
|
|
||||||
|
|
||||||
$publicKeyCredentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
|
|
||||||
|
|
||||||
$server = new Server(
|
|
||||||
new d3PublicKeyCredentialRpEntity(Registry::getConfig()->getActiveShop()),
|
|
||||||
$publicKeyCredentialSourceRepository,
|
|
||||||
new d3MetadataStatementRepository()
|
|
||||||
);
|
|
||||||
|
|
||||||
$user = $this->getUser();
|
|
||||||
$userEntity = new d3PublicKeyCredentialUserEntity($user);
|
|
||||||
|
|
||||||
try {
|
|
||||||
$server->loadAndCheckAssertionResponse(
|
|
||||||
$webauth,
|
|
||||||
$publicKeyCredentialRequestOptions, // The options you stored during the previous step
|
|
||||||
$userEntity, // The user entity
|
|
||||||
$serverRequest // The PSR-7 request
|
|
||||||
);
|
|
||||||
$blVerify = true;
|
|
||||||
|
|
||||||
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT);
|
|
||||||
//If everything is fine, this means the user has correctly been authenticated using the
|
|
||||||
// authenticator defined in $publicKeyCredentialSource
|
|
||||||
} catch(InvalidArgumentException $exception) {
|
|
||||||
// ToDo
|
|
||||||
$oException = oxNew(d3webauthnWrongAuthException::class);
|
|
||||||
Registry::getUtilsView()->addErrorToDisplay($oException);
|
|
||||||
// write to log
|
|
||||||
//dumpvar(openssl_error_string());
|
|
||||||
//dumpvar($exception);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (false == $blVerify) {
|
|
||||||
$oException = oxNew(d3webauthnWrongAuthException::class);
|
|
||||||
throw $oException;
|
|
||||||
}
|
|
||||||
|
|
||||||
return $blVerify;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param $sUserId
|
|
||||||
* @return PublicKeyCredentialCreationOptions
|
|
||||||
* @throws DatabaseConnectionException
|
|
||||||
* @throws DatabaseErrorException
|
|
||||||
*/
|
|
||||||
public function setAuthnRegister($sUserId)
|
|
||||||
{
|
|
||||||
$rpEntity = oxNew(d3PublicKeyCredentialRpEntity::class, Registry::getConfig()->getActiveShop());
|
|
||||||
|
|
||||||
$publicKeyCredentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
|
|
||||||
|
|
||||||
$server = new Server(
|
|
||||||
$rpEntity,
|
|
||||||
$publicKeyCredentialSourceRepository,
|
|
||||||
new d3MetadataStatementRepository()
|
|
||||||
);
|
|
||||||
/*
|
|
||||||
if (!($user = Registry::getSession()->getUser())) {
|
|
||||||
$e = oxNew(\Exception::class, 'no user loaded');
|
|
||||||
throw $e;
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
$user = oxNew(User::class);
|
|
||||||
$user->load($sUserId);
|
|
||||||
|
|
||||||
$userEntity = new d3PublicKeyCredentialUserEntity($user);
|
|
||||||
|
|
||||||
$excludedCredentials = [];
|
|
||||||
$credentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
|
|
||||||
foreach ($credentialSourceRepository->findAllForUserEntity($userEntity) as $credentialSource) {
|
|
||||||
$excludedCredentials[] = $credentialSource->getPublicKeyCredentialDescriptor();
|
|
||||||
}
|
|
||||||
|
|
||||||
$publicKeyCredentialCreationOptions = $server->generatePublicKeyCredentialCreationOptions(
|
|
||||||
$userEntity,
|
|
||||||
PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE,
|
|
||||||
$excludedCredentials
|
|
||||||
);
|
|
||||||
|
|
||||||
if (!Registry::getSession()->isSessionStarted()) {
|
|
||||||
Registry::getSession()->start();
|
|
||||||
}
|
|
||||||
Registry::getSession()->setVariable('authnobject', $publicKeyCredentialCreationOptions);
|
|
||||||
|
|
||||||
return $publicKeyCredentialCreationOptions;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param $request
|
|
||||||
*/
|
|
||||||
public function registerNewKey($request)
|
|
||||||
{
|
|
||||||
/** @var PublicKeyCredentialCreationOptions $publicKeyCredentialCreationOptions */
|
|
||||||
$publicKeyCredentialCreationOptions = Registry::getSession()->getVariable('authnobject');
|
|
||||||
|
|
||||||
// Retrieve de data sent by the device
|
|
||||||
$data = base64_decode($request, true);
|
|
||||||
|
|
||||||
$psr17Factory = new Psr17Factory();
|
|
||||||
$creator = new ServerRequestCreator(
|
|
||||||
$psr17Factory, // ServerRequestFactory
|
|
||||||
$psr17Factory, // UriFactory
|
|
||||||
$psr17Factory, // UploadedFileFactory
|
|
||||||
$psr17Factory // StreamFactory
|
|
||||||
);
|
|
||||||
|
|
||||||
$serverRequest = $creator->fromGlobals();
|
|
||||||
|
|
||||||
/*** register ***/
|
|
||||||
$rpEntity = oxNew(d3PublicKeyCredentialRpEntity::class, Registry::getConfig()->getActiveShop());
|
|
||||||
|
|
||||||
$publicKeyCredentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
|
|
||||||
|
|
||||||
$server = new Server(
|
|
||||||
$rpEntity,
|
|
||||||
$publicKeyCredentialSourceRepository,
|
|
||||||
new d3MetadataStatementRepository()
|
|
||||||
);
|
|
||||||
|
|
||||||
try {
|
|
||||||
$publicKeyCredentialSource = $server->loadAndCheckAttestationResponse(
|
|
||||||
$data,
|
|
||||||
$publicKeyCredentialCreationOptions, // The options you stored during the previous step
|
|
||||||
$serverRequest // The PSR-7 request
|
|
||||||
);
|
|
||||||
|
|
||||||
// The user entity and the public key credential source can now be stored using their repository
|
|
||||||
// The Public Key Credential Source repository must implement Webauthn\PublicKeyCredentialSourceRepository
|
|
||||||
// ToDo: is counter set and why will not save in case of login?
|
|
||||||
$publicKeyCredentialSourceRepository->saveCredentialSource($publicKeyCredentialSource);
|
|
||||||
|
|
||||||
} catch(\Exception $exception) {
|
|
||||||
dumpvar($exception);
|
|
||||||
}
|
|
||||||
dumpvar('registered');
|
|
||||||
}
|
|
||||||
}
|
|
@ -15,7 +15,6 @@
|
|||||||
|
|
||||||
namespace D3\Webauthn\Modules\Application\Component;
|
namespace D3\Webauthn\Modules\Application\Component;
|
||||||
|
|
||||||
use D3\Webauthn\Application\Model\d3webauthn;
|
|
||||||
use D3\Webauthn\Application\Model\WebauthnConf;
|
use D3\Webauthn\Application\Model\WebauthnConf;
|
||||||
use D3\Webauthn\Application\Model\Exceptions\d3webauthnMissingPublicKeyCredentialRequestOptions;
|
use D3\Webauthn\Application\Model\Exceptions\d3webauthnMissingPublicKeyCredentialRequestOptions;
|
||||||
use D3\Webauthn\Application\Model\Exceptions\d3webauthnWrongAuthException;
|
use D3\Webauthn\Application\Model\Exceptions\d3webauthnWrongAuthException;
|
||||||
@ -114,15 +113,14 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
|
|||||||
{
|
{
|
||||||
$sWebauth = base64_decode(Registry::getRequest()->getRequestParameter('keyauth'));
|
$sWebauth = base64_decode(Registry::getRequest()->getRequestParameter('keyauth'));
|
||||||
|
|
||||||
$sUserId = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
|
$userId = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
|
||||||
$oUser = oxNew(User::class);
|
$oUser = oxNew(User::class);
|
||||||
$oUser->load($sUserId);
|
$oUser->load($userId);
|
||||||
|
|
||||||
$webauthn = $this->d3GetWebauthnObject();
|
$webauthn = $this->d3GetWebauthnObject();
|
||||||
$webauthn->loadByUserId($sUserId);
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
if (false == $this->isNoWebauthnOrNoLogin($webauthn) && $this->hasValidWebauthn($sWebauth, $webauthn)) {
|
if (false == $this->isNoWebauthnOrNoLogin($webauthn, $userId) && $this->hasValidWebauthn($sWebauth, $webauthn)) {
|
||||||
$this->d3WebauthnRelogin($oUser, $sWebauth);
|
$this->d3WebauthnRelogin($oUser, $sWebauth);
|
||||||
$this->d3WebauthnClearSessionVariables();
|
$this->d3WebauthnClearSessionVariables();
|
||||||
|
|
||||||
@ -151,28 +149,32 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param d3webauthn $webauthn
|
* @param Webauthn $webauthn
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function isNoWebauthnOrNoLogin($webauthn)
|
public function isNoWebauthnOrNoLogin($webauthn, $userId)
|
||||||
{
|
{
|
||||||
return false == $this->d3GetSession()->getVariable("auth")
|
return false == $this->d3GetSession()->getVariable("auth")
|
||||||
|| false == $webauthn->isActive();
|
|| false == $webauthn->isActive($userId);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $sWebauth
|
* @param string $sWebauth
|
||||||
* @param d3webauthn $webauthn
|
* @param Webauthn $webauthn
|
||||||
* @return bool
|
* @return bool
|
||||||
* @throws d3webauthnMissingPublicKeyCredentialRequestOptions
|
* @throws d3webauthnMissingPublicKeyCredentialRequestOptions
|
||||||
* @throws d3webauthnWrongAuthException
|
* @throws d3webauthnWrongAuthException
|
||||||
*/
|
*/
|
||||||
public function hasValidWebauthn($sWebauth, $webauthn)
|
public function hasValidWebauthn($sWebauth, $webauthn): bool
|
||||||
{
|
{
|
||||||
|
try {
|
||||||
return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
|
return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
|
||||||
(
|
(
|
||||||
$sWebauth && $webauthn->verify($sWebauth)
|
$sWebauth && $webauthn->assertAuthn($sWebauth)
|
||||||
);
|
);
|
||||||
|
} catch (\Exception $e) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
|
|
||||||
namespace D3\Webauthn\Modules\Core;
|
namespace D3\Webauthn\Modules\Core;
|
||||||
|
|
||||||
use D3\Webauthn\Application\Model\d3webauthn;
|
use D3\Webauthn\Application\Model\Webauthn;
|
||||||
use D3\Webauthn\Application\Model\WebauthnConf;
|
use D3\Webauthn\Application\Model\WebauthnConf;
|
||||||
use Doctrine\DBAL\DBALException;
|
use Doctrine\DBAL\DBALException;
|
||||||
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
||||||
@ -35,11 +35,10 @@ class d3_webauthn_utils extends d3_webauthn_utils_parent
|
|||||||
|
|
||||||
$userID = $this->d3GetSessionObject()->getVariable("auth");
|
$userID = $this->d3GetSessionObject()->getVariable("auth");
|
||||||
$webauthnAuth = (bool) $this->d3GetSessionObject()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH);
|
$webauthnAuth = (bool) $this->d3GetSessionObject()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH);
|
||||||
/** @var d3webauthn $webauthn */
|
/** @var Webauthn $webauthn */
|
||||||
$webauthn = $this->d3GetWebauthnObject();
|
$webauthn = $this->d3GetWebauthnObject();
|
||||||
$webauthn->loadByUserId($userID);
|
|
||||||
|
|
||||||
if ($blAuth && $webauthn->isActive() && false === $webauthnAuth) {
|
if ($blAuth && $webauthn->isActive($userID) && false === $webauthnAuth) {
|
||||||
$this->redirect('index.php?cl=login', true, 302);
|
$this->redirect('index.php?cl=login', true, 302);
|
||||||
if (false == defined('OXID_PHP_UNIT')) {
|
if (false == defined('OXID_PHP_UNIT')) {
|
||||||
// @codeCoverageIgnoreStart
|
// @codeCoverageIgnoreStart
|
||||||
@ -60,10 +59,10 @@ class d3_webauthn_utils extends d3_webauthn_utils_parent
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return d3webauthn
|
* @return Webauthn
|
||||||
*/
|
*/
|
||||||
public function d3GetWebauthnObject()
|
public function d3GetWebauthnObject()
|
||||||
{
|
{
|
||||||
return oxNew(d3webauthn::class);
|
return oxNew(Webauthn::class);
|
||||||
}
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user