improve code

This commit is contained in:
Daniel Seifert 2022-10-30 00:27:11 +02:00
parent a23ec6ad32
commit 048816012c
Signed by: DanielS
GPG Key ID: 6A513E13AEE66170
11 changed files with 46 additions and 490 deletions

View File

@ -35,10 +35,8 @@ class d3user_webauthn extends AdminDetailsController
/** /**
* @return string * @return string
* @throws DatabaseConnectionException
* @throws DatabaseErrorException
*/ */
public function render() public function render(): string
{ {
$this->addTplParam('readonly', (bool) !(oxNew(Webauthn::class)->isAvailable())); $this->addTplParam('readonly', (bool) !(oxNew(Webauthn::class)->isAvailable()));
@ -114,7 +112,7 @@ class d3user_webauthn extends AdminDetailsController
* @param $userId * @param $userId
* @return array * @return array
*/ */
public function getCredentialList($userId) public function getCredentialList($userId): array
{ {
$oUser = $this->getUserObject(); $oUser = $this->getUserObject();
$oUser->load($userId); $oUser->load($userId);
@ -126,7 +124,7 @@ class d3user_webauthn extends AdminDetailsController
/** /**
* @return User * @return User
*/ */
public function getUserObject() public function getUserObject(): User
{ {
return oxNew(User::class); return oxNew(User::class);
} }

View File

@ -35,7 +35,7 @@ class d3webauthnadminlogin extends AdminController
{ {
protected $_sThisTemplate = 'd3webauthnadminlogin.tpl'; protected $_sThisTemplate = 'd3webauthnadminlogin.tpl';
protected function _authorize() // phpcs:ignore PSR2.Methods.MethodDeclaration.Underscore protected function _authorize(): bool
{ {
return true; return true;
} }
@ -48,10 +48,10 @@ class d3webauthnadminlogin extends AdminController
public function render() public function render()
{ {
if (Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) || if (Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
false == Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER) !Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER)
) { ) {
$this->getUtils()->redirect('index.php?cl=admin_start'); $this->getUtils()->redirect('index.php?cl=admin_start');
if (false == defined('OXID_PHP_UNIT')) { if (!defined('OXID_PHP_UNIT')) {
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart
exit; exit;
// @codeCoverageIgnoreEnd // @codeCoverageIgnoreEnd
@ -65,10 +65,6 @@ class d3webauthnadminlogin extends AdminController
return parent::render(); return parent::render();
} }
/**
* @throws DatabaseConnectionException
* @throws DatabaseErrorException
*/
public function generateCredentialRequest() public function generateCredentialRequest()
{ {
/** @var Webauthn $webauthn */ /** @var Webauthn $webauthn */
@ -104,19 +100,20 @@ class d3webauthnadminlogin extends AdminController
$loginController = oxNew(LoginController::class); $loginController = oxNew(LoginController::class);
return $loginController->checklogin(); return $loginController->checklogin();
} }
} catch (Exception $e) { } catch (Exception $e) {
Registry::getUtilsView()->addErrorToDisplay($e->getMessage()); Registry::getUtilsView()->addErrorToDisplay($e->getMessage());
$user->logout(); $user->logout();
$this->getUtils()->redirect('index.php?cl=login'); $this->getUtils()->redirect('index.php?cl=login');
} }
return null;
} }
/** /**
* @return Utils * @return Utils
*/ */
public function getUtils() public function getUtils(): Utils
{ {
return Registry::getUtils(); return Registry::getUtils();
} }
@ -126,11 +123,11 @@ class d3webauthnadminlogin extends AdminController
return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS); return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
} }
public function previousClassIsOrderStep() public function previousClassIsOrderStep(): bool
{ {
$sClassKey = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS); $sClassKey = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
$resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey); $resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey);
$resolvedClass = $resolvedClass ? $resolvedClass : 'start'; $resolvedClass = $resolvedClass ?: 'start';
/** @var FrontendController $oController */ /** @var FrontendController $oController */
$oController = oxNew($resolvedClass); $oController = oxNew($resolvedClass);
@ -140,7 +137,7 @@ class d3webauthnadminlogin extends AdminController
/** /**
* @return bool * @return bool
*/ */
public function getIsOrderStep() public function getIsOrderStep(): bool
{ {
return $this->previousClassIsOrderStep(); return $this->previousClassIsOrderStep();
} }
@ -150,7 +147,7 @@ class d3webauthnadminlogin extends AdminController
* *
* @return array * @return array
*/ */
public function getBreadCrumb() public function getBreadCrumb(): array
{ {
$aPaths = []; $aPaths = [];
$aPath = []; $aPath = [];

View File

@ -20,8 +20,6 @@ use D3\Webauthn\Application\Model\Credential\PublicKeyCredentialList;
use D3\Webauthn\Application\Model\Webauthn; use D3\Webauthn\Application\Model\Webauthn;
use D3\Webauthn\Application\Model\WebauthnErrors; use D3\Webauthn\Application\Model\WebauthnErrors;
use OxidEsales\Eshop\Application\Controller\AccountController; use OxidEsales\Eshop\Application\Controller\AccountController;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Exception\DatabaseErrorException;
use OxidEsales\Eshop\Core\Registry; use OxidEsales\Eshop\Core\Registry;
class d3_account_webauthn extends AccountController class d3_account_webauthn extends AccountController
@ -30,10 +28,8 @@ class d3_account_webauthn extends AccountController
/** /**
* @return string * @return string
* @throws DatabaseConnectionException
* @throws DatabaseErrorException
*/ */
public function render() public function render(): string
{ {
$sRet = parent::render(); $sRet = parent::render();
@ -53,7 +49,7 @@ class d3_account_webauthn extends AccountController
/** /**
* @return publicKeyCredentialList * @return publicKeyCredentialList
*/ */
public function getCredentialList() public function getCredentialList(): PublicKeyCredentialList
{ {
$oUser = $this->getUser(); $oUser = $this->getUser();
$credentialList = oxNew(PublicKeyCredentialList::class); $credentialList = oxNew(PublicKeyCredentialList::class);

View File

@ -41,10 +41,10 @@ class d3webauthnlogin extends FrontendController
public function render() public function render()
{ {
if (Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) || if (Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
false == Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER) !Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER)
) { ) {
$this->getUtils()->redirect('index.php?cl=start', true, 302); $this->getUtils()->redirect('index.php?cl=start');
if (false == defined('OXID_PHP_UNIT')) { if (!defined('OXID_PHP_UNIT')) {
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart
exit; exit;
// @codeCoverageIgnoreEnd // @codeCoverageIgnoreEnd
@ -58,10 +58,6 @@ class d3webauthnlogin extends FrontendController
return parent::render(); return parent::render();
} }
/**
* @throws DatabaseConnectionException
* @throws DatabaseErrorException
*/
public function generateCredentialRequest() public function generateCredentialRequest()
{ {
/** @var Webauthn $webauthn */ /** @var Webauthn $webauthn */
@ -107,7 +103,7 @@ class d3webauthnlogin extends FrontendController
/** /**
* @return Utils * @return Utils
*/ */
public function getUtils() public function getUtils(): Utils
{ {
return Registry::getUtils(); return Registry::getUtils();
} }
@ -117,11 +113,11 @@ class d3webauthnlogin extends FrontendController
return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS); return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
} }
public function previousClassIsOrderStep() public function previousClassIsOrderStep(): bool
{ {
$sClassKey = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS); $sClassKey = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
$resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey); $resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey);
$resolvedClass = $resolvedClass ? $resolvedClass : 'start'; $resolvedClass = $resolvedClass ?: 'start';
/** @var FrontendController $oController */ /** @var FrontendController $oController */
$oController = oxNew($resolvedClass); $oController = oxNew($resolvedClass);
@ -131,7 +127,7 @@ class d3webauthnlogin extends FrontendController
/** /**
* @return bool * @return bool
*/ */
public function getIsOrderStep() public function getIsOrderStep(): bool
{ {
return $this->previousClassIsOrderStep(); return $this->previousClassIsOrderStep();
} }
@ -141,7 +137,7 @@ class d3webauthnlogin extends FrontendController
* *
* @return array * @return array
*/ */
public function getBreadCrumb() public function getBreadCrumb(): array
{ {
$aPaths = []; $aPaths = [];
$aPath = []; $aPath = [];

View File

@ -1,25 +0,0 @@
<?php
/**
* This Software is the property of Data Development and is protected
* by copyright law - it is NOT Freeware.
*
* Any unauthorized use of this software without a valid license
* is a violation of the license agreement and will be prosecuted by
* civil and criminal law.
*
* http://www.shopmodule.com
*
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
* @link http://www.oxidmodule.com
*/
namespace D3\Webauthn\Application\Model\Exceptions;
use OxidEsales\Eshop\Core\Exception\StandardException;
abstract class d3webauthnExceptionAbstract extends StandardException
{
}

View File

@ -1,36 +0,0 @@
<?php
/**
* This Software is the property of Data Development and is protected
* by copyright law - it is NOT Freeware.
*
* Any unauthorized use of this software without a valid license
* is a violation of the license agreement and will be prosecuted by
* civil and criminal law.
*
* http://www.shopmodule.com
*
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
* @link http://www.oxidmodule.com
*/
namespace D3\Webauthn\Application\Model\Exceptions;
use Exception;
use OxidEsales\Eshop\Core\Exception\StandardException;
class d3webauthnMissingPublicKeyCredentialRequestOptions extends d3webauthnExceptionAbstract
{
/**
* Default constructor
*
* @param string $sMessage exception message
* @param integer $iCode exception code
* @param Exception|null $previous previous exception
*/
public function __construct($sMessage = "D3_WEBAUTHN_ERROR_MISSINGPKC", $iCode = 0, Exception $previous = null)
{
parent::__construct($sMessage, $iCode, $previous);
}
}

View File

@ -1,35 +0,0 @@
<?php
/**
* This Software is the property of Data Development and is protected
* by copyright law - it is NOT Freeware.
*
* Any unauthorized use of this software without a valid license
* is a violation of the license agreement and will be prosecuted by
* civil and criminal law.
*
* http://www.shopmodule.com
*
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
* @link http://www.oxidmodule.com
*/
namespace D3\Webauthn\Application\Model\Exceptions;
use Exception;
class d3webauthnWrongAuthException extends d3webauthnExceptionAbstract
{
/**
* Default constructor
*
* @param string $sMessage exception message
* @param integer $iCode exception code
* @param Exception|null $previous previous exception
*/
public function __construct($sMessage = "D3_WEBAUTHN_ERROR_UNVALID", $iCode = 0, Exception $previous = null)
{
parent::__construct($sMessage, $iCode, $previous);
}
}

View File

@ -158,6 +158,8 @@ class Webauthn
$userEntity, $userEntity,
$serverRequest $serverRequest
); );
return true;
} }
/** /**

View File

@ -1,338 +0,0 @@
<?php
/**
* This Software is the property of Data Development and is protected
* by copyright law - it is NOT Freeware.
* Any unauthorized use of this software without a valid license
* is a violation of the license agreement and will be prosecuted by
* civil and criminal law.
* http://www.shopmodule.com
*
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
* @link http://www.oxidmodule.com
*/
namespace D3\Webauthn\Application\Model;
use Assert\InvalidArgumentException;
use D3\Webauthn\Application\Model\Credential\d3MetadataStatementRepository;
use D3\Webauthn\Application\Model\Exceptions\d3webauthnWrongAuthException;
use D3\Webauthn\Application\Model\Exceptions\d3webauthnMissingPublicKeyCredentialRequestOptions;
use D3\Webauthn\Application\Model\Webauthn\d3PublicKeyCredentialRpEntity;
use D3\Webauthn\Application\Model\Webauthn\d3PublicKeyCredentialSourceRepository;
use D3\Webauthn\Application\Model\Webauthn\d3PublicKeyCredentialUserEntity;
use Nyholm\Psr7\Factory\Psr17Factory;
use Nyholm\Psr7Server\ServerRequestCreator;
use OxidEsales\Eshop\Application\Model\User;
use OxidEsales\Eshop\Core\Database\Adapter\DatabaseInterface;
use OxidEsales\Eshop\Core\DatabaseProvider;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Exception\DatabaseErrorException;
use OxidEsales\Eshop\Core\Model\BaseModel;
use OxidEsales\Eshop\Core\Registry;
use Webauthn\PublicKeyCredentialCreationOptions;
use Webauthn\PublicKeyCredentialRequestOptions;
use Webauthn\Server;
/**
* @deprecated
*/
class d3webauthn extends BaseModel
{
public $tableName = 'd3PublicKeyCredential';
protected $_sCoreTable = 'd3PublicKeyCredential';
public $userId;
/**
* d3webauthn constructor.
*/
public function __construct()
{
$this->init($this->tableName);
return parent::__construct();
}
/**
* @param $userId
* @throws DatabaseConnectionException
*/
public function loadByUserId($userId)
{
$this->userId = $userId;
$oDb = $this->d3GetDb();
if ($userId && $oDb->getOne("SHOW TABLES LIKE '".$this->tableName."'")) {
$query = "SELECT oxid FROM ".$this->getViewName().' WHERE UserHandle = '.$oDb->quote($userId).' LIMIT 1';
$this->load($oDb->getOne($query));
}
}
/**
* @return DatabaseInterface
* @throws DatabaseConnectionException
*/
public function d3GetDb()
{
return DatabaseProvider::getDb(DatabaseProvider::FETCH_MODE_ASSOC);
}
/**
* @return User
*/
public function getUser()
{
$userId = $this->userId ? $this->userId : $this->getFieldData('UserHandle');
$user = $this->d3GetUser();
$user->load($userId);
return $user;
}
/**
* @return User
*/
public function d3GetUser()
{
return oxNew(User::class);
}
/**
* @return bool
*/
public function isActive()
{
return false == Registry::getConfig()->getConfigParam('blDisableWebauthnGlobally')
&& $this->UserUseWebauthn();
}
/**
* @return bool
*/
public function UserUseWebauthn()
{
return strlen($this->getId())
&& strlen($this->__get($this->_getFieldLongName('publickey'))->rawValue);
}
/**
* @param $auth
* @return false|string|null
* @throws DatabaseConnectionException
* @throws DatabaseErrorException
*/
public function getCredentialRequestOptions($auth)
{
$this->loadByUserId($auth);
$requestOptions = null;
if ($auth
&& $this->isActive()
&& false == Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH)
) {
/** @var d3PublicKeyCredentialRpEntity $rpEntity */
$rpEntity = oxNew(d3PublicKeyCredentialRpEntity::class, Registry::getConfig()->getActiveShop());
$publicKeyCredentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
$server = new Server(
$rpEntity,
$publicKeyCredentialSourceRepository,
new d3MetadataStatementRepository()
);
$user = $this->getUser();
$userEntity = new d3PublicKeyCredentialUserEntity($user);
$allowedCredentials = [];
$credentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
/** @var d3PublicKeyCredentialSource $credentialSource */
foreach ($credentialSourceRepository->findAllForUserEntity($userEntity) as $credentialSource) {
$allowedCredentials[] = $credentialSource->getPublicKeyCredentialDescriptor();
}
// We generate the set of options.
$publicKeyCredentialRequestOptions = $server->generatePublicKeyCredentialRequestOptions(
PublicKeyCredentialRequestOptions::USER_VERIFICATION_REQUIREMENT_PREFERRED, // Default value
$allowedCredentials
);
$requestOptions = json_encode($publicKeyCredentialRequestOptions, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT, $publicKeyCredentialRequestOptions);
// set auth as secured parameter;
Registry::getSession()->setVariable("auth", $auth);
}
return $requestOptions;
}
/**
* @param $webauth
* @return bool
* @throws d3webauthnWrongAuthException
* @throws d3webauthnMissingPublicKeyCredentialRequestOptions
*/
public function verify($webauth)
{
$blVerify = false;
// Retrieve the Options passed to the device
$publicKeyCredentialRequestOptions = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT);
if (!$publicKeyCredentialRequestOptions) {
$oException = oxNew(d3webauthnMissingPublicKeyCredentialRequestOptions::class);
throw $oException;
}
$psr17Factory = new Psr17Factory();
$creator = new ServerRequestCreator(
$psr17Factory, // ServerRequestFactory
$psr17Factory, // UriFactory
$psr17Factory, // UploadedFileFactory
$psr17Factory // StreamFactory
);
$serverRequest = $creator->fromGlobals();
$publicKeyCredentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
$server = new Server(
new d3PublicKeyCredentialRpEntity(Registry::getConfig()->getActiveShop()),
$publicKeyCredentialSourceRepository,
new d3MetadataStatementRepository()
);
$user = $this->getUser();
$userEntity = new d3PublicKeyCredentialUserEntity($user);
try {
$server->loadAndCheckAssertionResponse(
$webauth,
$publicKeyCredentialRequestOptions, // The options you stored during the previous step
$userEntity, // The user entity
$serverRequest // The PSR-7 request
);
$blVerify = true;
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT);
//If everything is fine, this means the user has correctly been authenticated using the
// authenticator defined in $publicKeyCredentialSource
} catch(InvalidArgumentException $exception) {
// ToDo
$oException = oxNew(d3webauthnWrongAuthException::class);
Registry::getUtilsView()->addErrorToDisplay($oException);
// write to log
//dumpvar(openssl_error_string());
//dumpvar($exception);
}
if (false == $blVerify) {
$oException = oxNew(d3webauthnWrongAuthException::class);
throw $oException;
}
return $blVerify;
}
/**
* @param $sUserId
* @return PublicKeyCredentialCreationOptions
* @throws DatabaseConnectionException
* @throws DatabaseErrorException
*/
public function setAuthnRegister($sUserId)
{
$rpEntity = oxNew(d3PublicKeyCredentialRpEntity::class, Registry::getConfig()->getActiveShop());
$publicKeyCredentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
$server = new Server(
$rpEntity,
$publicKeyCredentialSourceRepository,
new d3MetadataStatementRepository()
);
/*
if (!($user = Registry::getSession()->getUser())) {
$e = oxNew(\Exception::class, 'no user loaded');
throw $e;
}
*/
$user = oxNew(User::class);
$user->load($sUserId);
$userEntity = new d3PublicKeyCredentialUserEntity($user);
$excludedCredentials = [];
$credentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
foreach ($credentialSourceRepository->findAllForUserEntity($userEntity) as $credentialSource) {
$excludedCredentials[] = $credentialSource->getPublicKeyCredentialDescriptor();
}
$publicKeyCredentialCreationOptions = $server->generatePublicKeyCredentialCreationOptions(
$userEntity,
PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE,
$excludedCredentials
);
if (!Registry::getSession()->isSessionStarted()) {
Registry::getSession()->start();
}
Registry::getSession()->setVariable('authnobject', $publicKeyCredentialCreationOptions);
return $publicKeyCredentialCreationOptions;
}
/**
* @param $request
*/
public function registerNewKey($request)
{
/** @var PublicKeyCredentialCreationOptions $publicKeyCredentialCreationOptions */
$publicKeyCredentialCreationOptions = Registry::getSession()->getVariable('authnobject');
// Retrieve de data sent by the device
$data = base64_decode($request, true);
$psr17Factory = new Psr17Factory();
$creator = new ServerRequestCreator(
$psr17Factory, // ServerRequestFactory
$psr17Factory, // UriFactory
$psr17Factory, // UploadedFileFactory
$psr17Factory // StreamFactory
);
$serverRequest = $creator->fromGlobals();
/*** register ***/
$rpEntity = oxNew(d3PublicKeyCredentialRpEntity::class, Registry::getConfig()->getActiveShop());
$publicKeyCredentialSourceRepository = oxNew(d3PublicKeyCredentialSourceRepository::class);
$server = new Server(
$rpEntity,
$publicKeyCredentialSourceRepository,
new d3MetadataStatementRepository()
);
try {
$publicKeyCredentialSource = $server->loadAndCheckAttestationResponse(
$data,
$publicKeyCredentialCreationOptions, // The options you stored during the previous step
$serverRequest // The PSR-7 request
);
// The user entity and the public key credential source can now be stored using their repository
// The Public Key Credential Source repository must implement Webauthn\PublicKeyCredentialSourceRepository
// ToDo: is counter set and why will not save in case of login?
$publicKeyCredentialSourceRepository->saveCredentialSource($publicKeyCredentialSource);
} catch(\Exception $exception) {
dumpvar($exception);
}
dumpvar('registered');
}
}

View File

@ -15,7 +15,6 @@
namespace D3\Webauthn\Modules\Application\Component; namespace D3\Webauthn\Modules\Application\Component;
use D3\Webauthn\Application\Model\d3webauthn;
use D3\Webauthn\Application\Model\WebauthnConf; use D3\Webauthn\Application\Model\WebauthnConf;
use D3\Webauthn\Application\Model\Exceptions\d3webauthnMissingPublicKeyCredentialRequestOptions; use D3\Webauthn\Application\Model\Exceptions\d3webauthnMissingPublicKeyCredentialRequestOptions;
use D3\Webauthn\Application\Model\Exceptions\d3webauthnWrongAuthException; use D3\Webauthn\Application\Model\Exceptions\d3webauthnWrongAuthException;
@ -114,15 +113,14 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
{ {
$sWebauth = base64_decode(Registry::getRequest()->getRequestParameter('keyauth')); $sWebauth = base64_decode(Registry::getRequest()->getRequestParameter('keyauth'));
$sUserId = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER); $userId = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
$oUser = oxNew(User::class); $oUser = oxNew(User::class);
$oUser->load($sUserId); $oUser->load($userId);
$webauthn = $this->d3GetWebauthnObject(); $webauthn = $this->d3GetWebauthnObject();
$webauthn->loadByUserId($sUserId);
try { try {
if (false == $this->isNoWebauthnOrNoLogin($webauthn) && $this->hasValidWebauthn($sWebauth, $webauthn)) { if (false == $this->isNoWebauthnOrNoLogin($webauthn, $userId) && $this->hasValidWebauthn($sWebauth, $webauthn)) {
$this->d3WebauthnRelogin($oUser, $sWebauth); $this->d3WebauthnRelogin($oUser, $sWebauth);
$this->d3WebauthnClearSessionVariables(); $this->d3WebauthnClearSessionVariables();
@ -151,28 +149,32 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
} }
/** /**
* @param d3webauthn $webauthn * @param Webauthn $webauthn
* @return bool * @return bool
*/ */
public function isNoWebauthnOrNoLogin($webauthn) public function isNoWebauthnOrNoLogin($webauthn, $userId)
{ {
return false == $this->d3GetSession()->getVariable("auth") return false == $this->d3GetSession()->getVariable("auth")
|| false == $webauthn->isActive(); || false == $webauthn->isActive($userId);
} }
/** /**
* @param string $sWebauth * @param string $sWebauth
* @param d3webauthn $webauthn * @param Webauthn $webauthn
* @return bool * @return bool
* @throws d3webauthnMissingPublicKeyCredentialRequestOptions * @throws d3webauthnMissingPublicKeyCredentialRequestOptions
* @throws d3webauthnWrongAuthException * @throws d3webauthnWrongAuthException
*/ */
public function hasValidWebauthn($sWebauth, $webauthn) public function hasValidWebauthn($sWebauth, $webauthn): bool
{ {
return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) || try {
( return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
$sWebauth && $webauthn->verify($sWebauth) (
); $sWebauth && $webauthn->assertAuthn($sWebauth)
);
} catch (\Exception $e) {
return false;
}
} }
/** /**

View File

@ -15,7 +15,7 @@
namespace D3\Webauthn\Modules\Core; namespace D3\Webauthn\Modules\Core;
use D3\Webauthn\Application\Model\d3webauthn; use D3\Webauthn\Application\Model\Webauthn;
use D3\Webauthn\Application\Model\WebauthnConf; use D3\Webauthn\Application\Model\WebauthnConf;
use Doctrine\DBAL\DBALException; use Doctrine\DBAL\DBALException;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
@ -35,11 +35,10 @@ class d3_webauthn_utils extends d3_webauthn_utils_parent
$userID = $this->d3GetSessionObject()->getVariable("auth"); $userID = $this->d3GetSessionObject()->getVariable("auth");
$webauthnAuth = (bool) $this->d3GetSessionObject()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH); $webauthnAuth = (bool) $this->d3GetSessionObject()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH);
/** @var d3webauthn $webauthn */ /** @var Webauthn $webauthn */
$webauthn = $this->d3GetWebauthnObject(); $webauthn = $this->d3GetWebauthnObject();
$webauthn->loadByUserId($userID);
if ($blAuth && $webauthn->isActive() && false === $webauthnAuth) { if ($blAuth && $webauthn->isActive($userID) && false === $webauthnAuth) {
$this->redirect('index.php?cl=login', true, 302); $this->redirect('index.php?cl=login', true, 302);
if (false == defined('OXID_PHP_UNIT')) { if (false == defined('OXID_PHP_UNIT')) {
// @codeCoverageIgnoreStart // @codeCoverageIgnoreStart
@ -60,10 +59,10 @@ class d3_webauthn_utils extends d3_webauthn_utils_parent
} }
/** /**
* @return d3webauthn * @return Webauthn
*/ */
public function d3GetWebauthnObject() public function d3GetWebauthnObject()
{ {
return oxNew(d3webauthn::class); return oxNew(Webauthn::class);
} }
} }