enable key login in admin

2022-10-29 00:19:34 +02:00
Commit 89a48a00f9
--- a/src/Application/Controller/Admin/d3webauthnadminlogin.php
+++ b/src/Application/Controller/Admin/d3webauthnadminlogin.php
@ -0,0 +1,167 @@
+<?php
+
+/**
+ * This Software is the property of Data Development and is protected
+ * by copyright law - it is NOT Freeware.
+ * Any unauthorized use of this software without a valid license
+ * is a violation of the license agreement and will be prosecuted by
+ * civil and criminal law.
+ * http://www.shopmodule.com
+ *
+ * @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
+ * @author    D3 Data Development - Daniel Seifert <support@shopmodule.com>
+ * @link      http://www.oxidmodule.com
+ */
+
+namespace D3\Webauthn\Application\Controller\Admin;
+
+use D3\Webauthn\Application\Model\Webauthn;
+use D3\Webauthn\Application\Model\WebauthnConf;
+use D3\Webauthn\Application\Model\WebauthnErrors;
+use D3\Webauthn\Modules\Application\Component\d3_webauthn_UserComponent;
+use D3\Webauthn\Modules\Application\Model\d3_User_Webauthn;
+use Exception;
+use OxidEsales\Eshop\Application\Controller\Admin\AdminController;
+use OxidEsales\Eshop\Application\Controller\Admin\LoginController;
+use OxidEsales\Eshop\Application\Controller\FrontendController;
+use OxidEsales\Eshop\Application\Model\User;
+use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
+use OxidEsales\Eshop\Core\Exception\DatabaseErrorException;
+use OxidEsales\Eshop\Core\Exception\StandardException;
+use OxidEsales\Eshop\Core\Registry;
+use OxidEsales\Eshop\Core\Utils;
+
+class d3webauthnadminlogin extends AdminController
+{
+    protected $_sThisTemplate = 'd3webauthnadminlogin.tpl';
+
+    protected function _authorize() // phpcs:ignore PSR2.Methods.MethodDeclaration.Underscore
+    {
+        return true;
+    }
+
+    /**
+     * @return null
+     * @throws DatabaseConnectionException
+     * @throws DatabaseErrorException
+     */
+    public function render()
+    {
+        if (Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
+            false == Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER)
+        ) {
+            $this->getUtils()->redirect('index.php?cl=admin_start');
+            if (false == defined('OXID_PHP_UNIT')) {
+                // @codeCoverageIgnoreStart
+                exit;
+                // @codeCoverageIgnoreEnd
+            }
+        }
+
+        $this->generateCredentialRequest();
+
+        //$this->addTplParam('navFormParams', Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_NAVFORMPARAMS));
+
+        return parent::render();
+    }
+
+    /**
+     * @throws DatabaseConnectionException
+     * @throws DatabaseErrorException
+     */
+    public function generateCredentialRequest()
+    {
+        /** @var Webauthn $webauthn */
+        $webauthn = oxNew(Webauthn::class);
+        $publicKeyCredentialRequestOptions = $webauthn->getRequestOptions();
+        Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT, $publicKeyCredentialRequestOptions);
+        $this->addTplParam('webauthn_publickey_login', $publicKeyCredentialRequestOptions);
+        $this->addTplParam('isAdmin', isAdmin());
+    }
+
+    public function assertAuthn()
+    {
+        /** @var d3_User_Webauthn $user */
+        $user = oxNew(User::class);
+
+        try {
+            if (strlen(Registry::getRequest()->getRequestEscapedParameter('error'))) {
+                $errors = oxNew(WebauthnErrors::class);
+                throw oxNew(
+                    StandardException::class,
+                    $errors->translateError(Registry::getRequest()->getRequestEscapedParameter('error'))
+                );
+            }
+
+            if (strlen(Registry::getRequest()->getRequestEscapedParameter('credential'))) {
+                $credential = Registry::getRequest()->getRequestEscapedParameter('credential');
+                $webAuthn = oxNew(Webauthn::class);
+                $webAuthn->assertAuthn($credential);
+                $user->load(Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER));
+                Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH, true);
+
+                /** @var d3_webauthn_UserComponent $userCmp */
+                $loginController = oxNew(LoginController::class);
+                return $loginController->checklogin();
+
+                //Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH, true);
+            }
+
+        } catch (Exception $e) {
+            Registry::getUtilsView()->addErrorToDisplay($e->getMessage());
+
+            $user->logout();
+            $this->getUtils()->redirect('index.php?cl=login');
+        }
+    }
+
+    /**
+     * @return Utils
+     */
+    public function getUtils()
+    {
+        return Registry::getUtils();
+    }
+
+    public function getPreviousClass()
+    {
+        return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
+    }
+
+    public function previousClassIsOrderStep()
+    {
+        $sClassKey = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
+        $resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey);
+        $resolvedClass = $resolvedClass ? $resolvedClass : 'start';
+
+        /** @var FrontendController $oController */
+        $oController = oxNew($resolvedClass);
+        return $oController->getIsOrderStep();
+    }
+
+    /**
+     * @return bool
+     */
+    public function getIsOrderStep()
+    {
+        return $this->previousClassIsOrderStep();
+    }
+
+    /**
+     * Returns Bread Crumb - you are here page1/page2/page3...
+     *
+     * @return array
+     */
+    public function getBreadCrumb()
+    {
+        $aPaths = [];
+        $aPath = [];
+        $iBaseLanguage = Registry::getLang()->getBaseLanguage();
+        $aPath['title'] = Registry::getLang()->translateString('D3_WEBAUTHN_BREADCRUMB', $iBaseLanguage, false);
+        $aPath['link'] = $this->getLink();
+
+        $aPaths[] = $aPath;
+
+        return $aPaths;
+    }
+}
--- a/src/Application/Controller/d3webauthnlogin.php
+++ b/src/Application/Controller/d3webauthnlogin.php
@ -64,7 +64,6 @@ class d3webauthnlogin extends FrontendController
     */
    public function generateCredentialRequest()
    {
-        $auth = Registry::getSession()->getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
        /** @var Webauthn $webauthn */
        $webauthn = oxNew(Webauthn::class);
        $publicKeyCredentialRequestOptions = $webauthn->getRequestOptions();
--- a/src/Application/Model/WebauthnConf.php
+++ b/src/Application/Model/WebauthnConf.php
@ -20,6 +20,7 @@ class WebauthnConf
    const WEBAUTHN_SESSION_AUTH          = 'webauthn_auth';     // has valid webauthn, user is logged in completly
    const WEBAUTHN_LOGIN_OBJECT          = 'authnloginobject';  // webauthn register options, required for credential check
    const WEBAUTHN_SESSION_CURRENTUSER   = 'd3webauthnCurrentUser'; // oxid assigned to user from entered username
+    const WEBAUTHN_SESSION_LOGINUSER     = 'd3webauthnLoginUser';   // username entered in login form
    const WEBAUTHN_SESSION_CURRENTCLASS  = 'd3webauthnCurrentClass';    // no usage
    const WEBAUTHN_SESSION_NAVFORMPARAMS = 'd3webauthnNavFormParams';   // no usage
 }
--- a/src/Application/views/admin/de/d3webauthn_lang.php
+++ b/src/Application/views/admin/de/d3webauthn_lang.php
@ -32,7 +32,7 @@ $aLang = [

    'D3_WEBAUTHN_REGISTEREDKEYS'                      => 'registrierte Schlüssel',

-    'D3_WEBAUTHN_ERR_UNSECURECONNECTION'              => 'Die Verwendung von Sicherheitsschlüsseln ist nur bei gesicherten Verbindungen (https) möglich.',
+    'D3_WEBAUTHN_ERR_UNSECURECONNECTION'              => 'Die Verwendung von Sicherheitsschlüsseln ist nur bei gesicherten oder lokalen Verbindungen (https) möglich.',
    'D3_WEBAUTHN_ERR_INVALIDSTATE'                    => 'Der Schlüssel vom Token kann nicht oder nicht mehr verwendet werden. Möglicherweise wurde dieser in Ihrem Konto schon einmal gespeichert.',
    'D3_WEBAUTHN_ERR_NOTALLOWED'                      => 'Die Anfrage wurde vom Browser oder der Plattform nicht zugelassen. Möglicherweise fehlen Berechtigungen oder die Zeit ist abgelaufen.',
    'D3_WEBAUTHN_ERR_ABORT'                           => 'Die Aktion wurde vom Browser oder der Plattform abgebrochen.',
--- a/src/Application/views/admin/en/d3webauthn_lang.php
+++ b/src/Application/views/admin/en/d3webauthn_lang.php
@ -32,7 +32,7 @@ $aLang = [

    'D3_WEBAUTHN_REGISTEREDKEYS'                      => 'registered keys',

-    'D3_WEBAUTHN_ERR_UNSECURECONNECTION'              => 'The use of security keys is only possible with secured connections (https).',
+    'D3_WEBAUTHN_ERR_UNSECURECONNECTION'              => 'The use of security keys is only possible with secured or local connections (https).',
    'D3_WEBAUTHN_ERR_INVALIDSTATE'                    => 'The key from the token cannot be used or can no longer be used. It may have been stored in your account before.',
    'D3_WEBAUTHN_ERR_NOTALLOWED'                      => 'The request was not allowed by the browser or the platform. Possibly permissions are missing or the time has expired.',
    'D3_WEBAUTHN_ERR_ABORT'                           => 'The action was aborted by the browser or the platform.',
--- a/src/Application/views/admin/tpl/d3webauthnlogin.tpl
+++ b/src/Application/views/admin/tpl/d3webauthnlogin.tpl
@ -0,0 +1,56 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+    <title>[{oxmultilang ident="LOGIN_TITLE"}]</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=[{$charset}]">
+    <meta name="ROBOTS" content="NOINDEX, NOFOLLOW">
+    <link rel="shortcut icon" href="[{$oViewConf->getImageUrl()}]favicon.ico">
+    <link rel="stylesheet" href="[{$oViewConf->getResourceUrl()}]login.css">
+    <link rel="stylesheet" href="[{$oViewConf->getResourceUrl()}]colors_[{$oViewConf->getEdition()|lower}].css">
+</head>
+<body>
+
+<div class="admin-login-box">
+
+    <div id="shopLogo"><img src="[{$oViewConf->getImageUrl('logo_dark.svg')}]" alt="" /></div>
+
+    [{include file="js_login.tpl"}]
+
+    <form action="[{$oViewConf->getSelfLink()}]" target="_top" method="post" name="login" id="login">
+
+        [{block name="admin_login_form"}]
+            [{$oViewConf->getHiddenSid()}]
+
+            <input type="hidden" name="fnc" value="">
+            <input type="hidden" name="cl" value="login">
+
+            [{if !empty($Errors.default)}]
+                [{include file="inc_error.tpl" Errorlist=$Errors.default}]
+            [{/if}]
+
+            <div class="d3webauthn_icon">
+                <div class="svg-container">
+                    [{include file=$oViewConf->getModulePath('d3webauthn', 'out/img/fingerprint.svg')}]
+                </div>
+                <div class="message">[{oxmultilang ident="WEBAUTHN_INPUT_HELP"}]</div>
+            </div>
+
+            [{* prevent cancel button (1st button) action when form is sent via Enter key *}]
+            <input type="submit" style="display:none !important;">
+
+            <input class="btn btn_cancel" value="[{oxmultilang ident="WEBAUTHN_CANCEL_LOGIN"}]" type="submit"
+                   onclick="document.getElementById('login').fnc.value='d3WebauthnCancelLogin'; document.getElementById('login').submit();"
+            >
+
+            [{oxstyle include=$oViewConf->getModuleUrl('d3webauthn', 'out/admin/src/css/d3webauthnlogin.css')}]
+            [{oxstyle}]
+
+        [{/block}]
+    </form>
+</div>
+
+[{oxscript}]
+<script type="text/javascript">if (window != window.top) top.location.href = document.location.href;</script>
+
+</body>
+</html>