disable create credential on insecure connections

2022-10-26 10:15:49 +02:00
parent 7752fcf3b0
commit 4c0781b5a0
3 changed files with 19 additions and 2 deletions
--- a/src/Application/Controller/Admin/d3user_webauthn.php
+++ b/src/Application/Controller/Admin/d3user_webauthn.php
@ -42,6 +42,8 @@ class d3user_webauthn extends AdminDetailsController
     */
    public function render()
    {
        $this->addTplParam('readonly', (bool) !(oxNew(Webauthn::class)->isAvailable()));
        parent::render();
        $soxId = $this->getEditObjectId();
--- a/src/Application/Model/Webauthn.php
+++ b/src/Application/Model/Webauthn.php
@ -22,6 +22,21 @@ class Webauthn
    public const SESSION_CREATIONS_OPTIONS = 'd3WebAuthnCreationOptions';
    public const SESSION_ASSERTION_OPTIONS = 'd3WebAuthnAssertionOptions';
    public function isAvailable()
    {
        if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
            return true;
        }
        if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ||
            !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on'
        ) {
            return true;
        }
        Registry::getUtilsView()->addErrorToDisplay('WebAuthn is available on secure connections only.');
        return false;
    }
    /**
     * @return false|string
     */
--- a/src/Application/views/admin/tpl/d3user_webauthn.tpl
+++ b/src/Application/views/admin/tpl/d3user_webauthn.tpl
@ -93,12 +93,12 @@
                                <tr>
                                    <td class="edittext">
                                        <label for="credentialname">Name des Schlüssels</label>
-                                        <input id="credentialname" type="text" name="credenialname">
+                                        <input id="credentialname" type="text" name="credenialname" [{$readonly}]>
                                    </td>
                                </tr>
                                <tr>
                                    <td class="edittext">
-                                        <button type="submit">[{oxmultilang ident="D3_WEBAUTHN_ADDKEY"}]</button>
+                                        <button type="submit" [{$readonly}]>[{oxmultilang ident="D3_WEBAUTHN_ADDKEY"}]</button>
                                    </td>
                                </tr>
                            [{/block}]