enable key login in admin
Dieser Commit ist enthalten in:
167
src/Application/Controller/Admin/d3webauthnadminlogin.php
Ausführbare Datei
167
src/Application/Controller/Admin/d3webauthnadminlogin.php
Ausführbare Datei
@ -0,0 +1,167 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* This Software is the property of Data Development and is protected
|
||||
* by copyright law - it is NOT Freeware.
|
||||
* Any unauthorized use of this software without a valid license
|
||||
* is a violation of the license agreement and will be prosecuted by
|
||||
* civil and criminal law.
|
||||
* http://www.shopmodule.com
|
||||
*
|
||||
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
|
||||
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
|
||||
* @link http://www.oxidmodule.com
|
||||
*/
|
||||
|
||||
namespace D3\Webauthn\Application\Controller\Admin;
|
||||
|
||||
use D3\Webauthn\Application\Model\Webauthn;
|
||||
use D3\Webauthn\Application\Model\WebauthnConf;
|
||||
use D3\Webauthn\Application\Model\WebauthnErrors;
|
||||
use D3\Webauthn\Modules\Application\Component\d3_webauthn_UserComponent;
|
||||
use D3\Webauthn\Modules\Application\Model\d3_User_Webauthn;
|
||||
use Exception;
|
||||
use OxidEsales\Eshop\Application\Controller\Admin\AdminController;
|
||||
use OxidEsales\Eshop\Application\Controller\Admin\LoginController;
|
||||
use OxidEsales\Eshop\Application\Controller\FrontendController;
|
||||
use OxidEsales\Eshop\Application\Model\User;
|
||||
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
||||
use OxidEsales\Eshop\Core\Exception\DatabaseErrorException;
|
||||
use OxidEsales\Eshop\Core\Exception\StandardException;
|
||||
use OxidEsales\Eshop\Core\Registry;
|
||||
use OxidEsales\Eshop\Core\Utils;
|
||||
|
||||
class d3webauthnadminlogin extends AdminController
|
||||
{
|
||||
protected $_sThisTemplate = 'd3webauthnadminlogin.tpl';
|
||||
|
||||
protected function _authorize() // phpcs:ignore PSR2.Methods.MethodDeclaration.Underscore
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return null
|
||||
* @throws DatabaseConnectionException
|
||||
* @throws DatabaseErrorException
|
||||
*/
|
||||
public function render()
|
||||
{
|
||||
if (Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
|
||||
false == Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER)
|
||||
) {
|
||||
$this->getUtils()->redirect('index.php?cl=admin_start');
|
||||
if (false == defined('OXID_PHP_UNIT')) {
|
||||
// @codeCoverageIgnoreStart
|
||||
exit;
|
||||
// @codeCoverageIgnoreEnd
|
||||
}
|
||||
}
|
||||
|
||||
$this->generateCredentialRequest();
|
||||
|
||||
//$this->addTplParam('navFormParams', Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_NAVFORMPARAMS));
|
||||
|
||||
return parent::render();
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws DatabaseConnectionException
|
||||
* @throws DatabaseErrorException
|
||||
*/
|
||||
public function generateCredentialRequest()
|
||||
{
|
||||
/** @var Webauthn $webauthn */
|
||||
$webauthn = oxNew(Webauthn::class);
|
||||
$publicKeyCredentialRequestOptions = $webauthn->getRequestOptions();
|
||||
Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT, $publicKeyCredentialRequestOptions);
|
||||
$this->addTplParam('webauthn_publickey_login', $publicKeyCredentialRequestOptions);
|
||||
$this->addTplParam('isAdmin', isAdmin());
|
||||
}
|
||||
|
||||
public function assertAuthn()
|
||||
{
|
||||
/** @var d3_User_Webauthn $user */
|
||||
$user = oxNew(User::class);
|
||||
|
||||
try {
|
||||
if (strlen(Registry::getRequest()->getRequestEscapedParameter('error'))) {
|
||||
$errors = oxNew(WebauthnErrors::class);
|
||||
throw oxNew(
|
||||
StandardException::class,
|
||||
$errors->translateError(Registry::getRequest()->getRequestEscapedParameter('error'))
|
||||
);
|
||||
}
|
||||
|
||||
if (strlen(Registry::getRequest()->getRequestEscapedParameter('credential'))) {
|
||||
$credential = Registry::getRequest()->getRequestEscapedParameter('credential');
|
||||
$webAuthn = oxNew(Webauthn::class);
|
||||
$webAuthn->assertAuthn($credential);
|
||||
$user->load(Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER));
|
||||
Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH, true);
|
||||
|
||||
/** @var d3_webauthn_UserComponent $userCmp */
|
||||
$loginController = oxNew(LoginController::class);
|
||||
return $loginController->checklogin();
|
||||
|
||||
//Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH, true);
|
||||
}
|
||||
|
||||
} catch (Exception $e) {
|
||||
Registry::getUtilsView()->addErrorToDisplay($e->getMessage());
|
||||
|
||||
$user->logout();
|
||||
$this->getUtils()->redirect('index.php?cl=login');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Utils
|
||||
*/
|
||||
public function getUtils()
|
||||
{
|
||||
return Registry::getUtils();
|
||||
}
|
||||
|
||||
public function getPreviousClass()
|
||||
{
|
||||
return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
||||
}
|
||||
|
||||
public function previousClassIsOrderStep()
|
||||
{
|
||||
$sClassKey = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
||||
$resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey);
|
||||
$resolvedClass = $resolvedClass ? $resolvedClass : 'start';
|
||||
|
||||
/** @var FrontendController $oController */
|
||||
$oController = oxNew($resolvedClass);
|
||||
return $oController->getIsOrderStep();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
public function getIsOrderStep()
|
||||
{
|
||||
return $this->previousClassIsOrderStep();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns Bread Crumb - you are here page1/page2/page3...
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function getBreadCrumb()
|
||||
{
|
||||
$aPaths = [];
|
||||
$aPath = [];
|
||||
$iBaseLanguage = Registry::getLang()->getBaseLanguage();
|
||||
$aPath['title'] = Registry::getLang()->translateString('D3_WEBAUTHN_BREADCRUMB', $iBaseLanguage, false);
|
||||
$aPath['link'] = $this->getLink();
|
||||
|
||||
$aPaths[] = $aPath;
|
||||
|
||||
return $aPaths;
|
||||
}
|
||||
}
|
@ -64,7 +64,6 @@ class d3webauthnlogin extends FrontendController
|
||||
*/
|
||||
public function generateCredentialRequest()
|
||||
{
|
||||
$auth = Registry::getSession()->getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
|
||||
/** @var Webauthn $webauthn */
|
||||
$webauthn = oxNew(Webauthn::class);
|
||||
$publicKeyCredentialRequestOptions = $webauthn->getRequestOptions();
|
||||
|
@ -20,6 +20,7 @@ class WebauthnConf
|
||||
const WEBAUTHN_SESSION_AUTH = 'webauthn_auth'; // has valid webauthn, user is logged in completly
|
||||
const WEBAUTHN_LOGIN_OBJECT = 'authnloginobject'; // webauthn register options, required for credential check
|
||||
const WEBAUTHN_SESSION_CURRENTUSER = 'd3webauthnCurrentUser'; // oxid assigned to user from entered username
|
||||
const WEBAUTHN_SESSION_LOGINUSER = 'd3webauthnLoginUser'; // username entered in login form
|
||||
const WEBAUTHN_SESSION_CURRENTCLASS = 'd3webauthnCurrentClass'; // no usage
|
||||
const WEBAUTHN_SESSION_NAVFORMPARAMS = 'd3webauthnNavFormParams'; // no usage
|
||||
}
|
@ -32,7 +32,7 @@ $aLang = [
|
||||
|
||||
'D3_WEBAUTHN_REGISTEREDKEYS' => 'registrierte Schlüssel',
|
||||
|
||||
'D3_WEBAUTHN_ERR_UNSECURECONNECTION' => 'Die Verwendung von Sicherheitsschlüsseln ist nur bei gesicherten Verbindungen (https) möglich.',
|
||||
'D3_WEBAUTHN_ERR_UNSECURECONNECTION' => 'Die Verwendung von Sicherheitsschlüsseln ist nur bei gesicherten oder lokalen Verbindungen (https) möglich.',
|
||||
'D3_WEBAUTHN_ERR_INVALIDSTATE' => 'Der Schlüssel vom Token kann nicht oder nicht mehr verwendet werden. Möglicherweise wurde dieser in Ihrem Konto schon einmal gespeichert.',
|
||||
'D3_WEBAUTHN_ERR_NOTALLOWED' => 'Die Anfrage wurde vom Browser oder der Plattform nicht zugelassen. Möglicherweise fehlen Berechtigungen oder die Zeit ist abgelaufen.',
|
||||
'D3_WEBAUTHN_ERR_ABORT' => 'Die Aktion wurde vom Browser oder der Plattform abgebrochen.',
|
||||
|
@ -32,7 +32,7 @@ $aLang = [
|
||||
|
||||
'D3_WEBAUTHN_REGISTEREDKEYS' => 'registered keys',
|
||||
|
||||
'D3_WEBAUTHN_ERR_UNSECURECONNECTION' => 'The use of security keys is only possible with secured connections (https).',
|
||||
'D3_WEBAUTHN_ERR_UNSECURECONNECTION' => 'The use of security keys is only possible with secured or local connections (https).',
|
||||
'D3_WEBAUTHN_ERR_INVALIDSTATE' => 'The key from the token cannot be used or can no longer be used. It may have been stored in your account before.',
|
||||
'D3_WEBAUTHN_ERR_NOTALLOWED' => 'The request was not allowed by the browser or the platform. Possibly permissions are missing or the time has expired.',
|
||||
'D3_WEBAUTHN_ERR_ABORT' => 'The action was aborted by the browser or the platform.',
|
||||
|
56
src/Application/views/admin/tpl/d3webauthnlogin.tpl
Normale Datei
56
src/Application/views/admin/tpl/d3webauthnlogin.tpl
Normale Datei
@ -0,0 +1,56 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<title>[{oxmultilang ident="LOGIN_TITLE"}]</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=[{$charset}]">
|
||||
<meta name="ROBOTS" content="NOINDEX, NOFOLLOW">
|
||||
<link rel="shortcut icon" href="[{$oViewConf->getImageUrl()}]favicon.ico">
|
||||
<link rel="stylesheet" href="[{$oViewConf->getResourceUrl()}]login.css">
|
||||
<link rel="stylesheet" href="[{$oViewConf->getResourceUrl()}]colors_[{$oViewConf->getEdition()|lower}].css">
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div class="admin-login-box">
|
||||
|
||||
<div id="shopLogo"><img src="[{$oViewConf->getImageUrl('logo_dark.svg')}]" alt="" /></div>
|
||||
|
||||
[{include file="js_login.tpl"}]
|
||||
|
||||
<form action="[{$oViewConf->getSelfLink()}]" target="_top" method="post" name="login" id="login">
|
||||
|
||||
[{block name="admin_login_form"}]
|
||||
[{$oViewConf->getHiddenSid()}]
|
||||
|
||||
<input type="hidden" name="fnc" value="">
|
||||
<input type="hidden" name="cl" value="login">
|
||||
|
||||
[{if !empty($Errors.default)}]
|
||||
[{include file="inc_error.tpl" Errorlist=$Errors.default}]
|
||||
[{/if}]
|
||||
|
||||
<div class="d3webauthn_icon">
|
||||
<div class="svg-container">
|
||||
[{include file=$oViewConf->getModulePath('d3webauthn', 'out/img/fingerprint.svg')}]
|
||||
</div>
|
||||
<div class="message">[{oxmultilang ident="WEBAUTHN_INPUT_HELP"}]</div>
|
||||
</div>
|
||||
|
||||
[{* prevent cancel button (1st button) action when form is sent via Enter key *}]
|
||||
<input type="submit" style="display:none !important;">
|
||||
|
||||
<input class="btn btn_cancel" value="[{oxmultilang ident="WEBAUTHN_CANCEL_LOGIN"}]" type="submit"
|
||||
onclick="document.getElementById('login').fnc.value='d3WebauthnCancelLogin'; document.getElementById('login').submit();"
|
||||
>
|
||||
|
||||
[{oxstyle include=$oViewConf->getModuleUrl('d3webauthn', 'out/admin/src/css/d3webauthnlogin.css')}]
|
||||
[{oxstyle}]
|
||||
|
||||
[{/block}]
|
||||
</form>
|
||||
</div>
|
||||
|
||||
[{oxscript}]
|
||||
<script type="text/javascript">if (window != window.top) top.location.href = document.location.href;</script>
|
||||
|
||||
</body>
|
||||
</html>
|
In neuem Issue referenzieren
Einen Benutzer sperren