assert valid credential response

2023-02-05 22:50:19 +01:00 · 2023-02-05 22:50:19 +01:00 · 161787d26f
commit 161787d26f
parent ccf091a7e3
2 changed files with 15 additions and 8 deletions
--- a/src/Application/Controller/Admin/d3webauthnadminlogin.php
+++ b/src/Application/Controller/Admin/d3webauthnadminlogin.php
@ -15,6 +15,9 @@ declare(strict_types=1);

 namespace D3\Webauthn\Application\Controller\Admin;

+use Assert\Assert;
+use Assert\AssertionFailedException;
+use Assert\InvalidArgumentException;
 use D3\TestingTools\Production\IsMockable;
 use D3\Webauthn\Application\Model\Exceptions\WebauthnGetException;
 use D3\Webauthn\Application\Model\Webauthn;
@ -125,7 +128,7 @@ class d3webauthnadminlogin extends AdminController
            return $login->adminLogin(
                d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class)->getRequestEscapedParameter('profile')
            );
-        } catch (WebauthnGetException $e) {
+        } catch (WebauthnGetException|AssertionFailedException $e) {
            d3GetOxidDIC()->get('d3ox.webauthn.'.UtilsView::class)->addErrorToDisplay($e);
            return 'login';
        }
@ -165,16 +168,19 @@ class d3webauthnadminlogin extends AdminController

    /**
     * @return WebauthnLogin
+     * @throws InvalidArgumentException
     */
    protected function getWebAuthnLogin(): WebauthnLogin
    {
        /** @var Request $request */
        $request = d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class);

-        return oxNew(
-            WebauthnLogin::class,
-            $request->getRequestEscapedParameter('credential'),
-            $request->getRequestEscapedParameter('error')
-        );
+        $credential = $request->getRequestEscapedParameter('credential');
+        $error = $request->getRequestEscapedParameter('error');
+
+        Assert::that($credential)->string('credential value expected to be string');
+        Assert::that($error)->string('error value expected to be string');
+
+        return oxNew(WebauthnLogin::class, $credential, $error);
    }
 }
--- a/src/Modules/Application/Component/d3_webauthn_UserComponent.php
+++ b/src/Modules/Application/Component/d3_webauthn_UserComponent.php
@ -17,6 +17,7 @@ namespace D3\Webauthn\Modules\Application\Component;

 use Assert\Assert;
 use Assert\AssertionFailedException;
+use Assert\InvalidArgumentException;
 use D3\TestingTools\Production\IsMockable;
 use D3\Webauthn\Application\Model\Exceptions\WebauthnGetException;
 use D3\Webauthn\Application\Model\Exceptions\WebauthnLoginErrorException;
@ -163,6 +164,7 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent

    /**
     * @return WebauthnLogin
+     * @throws InvalidArgumentException
     */
    protected function d3GetWebauthnLogin(): WebauthnLogin
    {
@ -172,8 +174,7 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
        $credential = $request->getRequestEscapedParameter('credential');
        $error = $request->getRequestEscapedParameter('error');

-        Assert::that($credential)->string('credential value expected to be string')
-            ->notEmpty('credential value expected contained content');
+        Assert::that($credential)->string('credential value expected to be string');
        Assert::that($error)->string('error value expected to be string');

        return oxNew(WebauthnLogin::class, $credential, $error);