disable create credential on insecure connections
This commit is contained in:
@ -42,6 +42,8 @@ class d3user_webauthn extends AdminDetailsController
|
||||
*/
|
||||
public function render()
|
||||
{
|
||||
$this->addTplParam('readonly', (bool) !(oxNew(Webauthn::class)->isAvailable()));
|
||||
|
||||
parent::render();
|
||||
|
||||
$soxId = $this->getEditObjectId();
|
||||
|
||||
@ -22,6 +22,21 @@ class Webauthn
|
||||
public const SESSION_CREATIONS_OPTIONS = 'd3WebAuthnCreationOptions';
|
||||
public const SESSION_ASSERTION_OPTIONS = 'd3WebAuthnAssertionOptions';
|
||||
|
||||
public function isAvailable()
|
||||
{
|
||||
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
|
||||
return true;
|
||||
}
|
||||
if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ||
|
||||
!empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on'
|
||||
) {
|
||||
return true;
|
||||
}
|
||||
|
||||
Registry::getUtilsView()->addErrorToDisplay('WebAuthn is available on secure connections only.');
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return false|string
|
||||
*/
|
||||
|
||||
@ -93,12 +93,12 @@
|
||||
<tr>
|
||||
<td class="edittext">
|
||||
<label for="credentialname">Name des Schlüssels</label>
|
||||
<input id="credentialname" type="text" name="credenialname">
|
||||
<input id="credentialname" type="text" name="credenialname" [{$readonly}]>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="edittext">
|
||||
<button type="submit">[{oxmultilang ident="D3_WEBAUTHN_ADDKEY"}]</button>
|
||||
<button type="submit" [{$readonly}]>[{oxmultilang ident="D3_WEBAUTHN_ADDKEY"}]</button>
|
||||
</td>
|
||||
</tr>
|
||||
[{/block}]
|
||||
|
||||
Reference in New Issue
Block a user