prevent leaving logged in user without logged in status in case of no https connector

This commit is contained in:
Daniel Seifert 2023-01-16 13:37:56 +01:00
parent 91bf6dacbe
commit 942a20cdf6
Signed by: DanielS
GPG Key ID: 8A7C4C6ED1915C6F
4 changed files with 22 additions and 9 deletions

View File

@ -18,6 +18,7 @@ namespace D3\Webauthn\Application\Controller\Traits;
use D3\TestingTools\Production\IsMockable;
use D3\Webauthn\Application\Model\Webauthn;
use D3\Webauthn\Application\Model\WebauthnConf;
use D3\Webauthn\Modules\Application\Model\d3_User_Webauthn;
use Doctrine\DBAL\Driver\Exception;
use Doctrine\DBAL\Exception as DoctrineException;
use OxidEsales\Eshop\Application\Model\User;
@ -38,13 +39,14 @@ trait checkoutGetUserTrait
*/
public function getUser()
{
/** @var User|null $user */
/** @var d3_User_Webauthn|null $user */
$user = $this->d3CallMockableFunction([$this->parentClass, 'getUser']);
if ($user && $user->isLoaded() && $user->getId()) {
$webauthn = $this->d3GetMockableOxNewObject(Webauthn::class);
if ($webauthn->isActive($user->getId())
if ($webauthn->isAvailable()
&& $webauthn->isActive($user->getId())
&& !$this->d3GetMockableRegistryObject(Session::class)
->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH)
) {

View File

@ -31,7 +31,7 @@ class passwordAdminAuthTest extends integrationTestCase
public function createTestData()
{
$admin = DatabaseProvider::getDb()->getOne('SELECT oxid FROM oxuser WHERE oxrights = "malladmin"');
$admin = DatabaseProvider::getDb()->getOne('SELECT oxid FROM oxuser WHERE oxrights = \'malladmin\'');
Registry::getSession()->setVariable(WebauthnConf::OXID_ADMIN_AUTH, $admin);
$this->createUser(
$this->userList[1],

View File

@ -210,6 +210,9 @@ class PublicKeyCredentialListTest extends UnitTestCase
if ($doCreate) {
foreach ($oxids as $oxid) {
$pkc = $this->getMockBuilder(PublicKeyCredential::class)
->onlyMethods(['allowDerivedDelete'])
->getMock();
$pkc->delete($oxid);
}
}
@ -286,6 +289,9 @@ class PublicKeyCredentialListTest extends UnitTestCase
if ($doCreate) {
foreach ($oxids as $oxid) {
$pkc = $this->getMockBuilder(PublicKeyCredential::class)
->onlyMethods(['allowDerivedDelete'])
->getMock();
$pkc->delete($oxid);
}
}

View File

@ -52,10 +52,13 @@ trait CheckoutTestTrait
/**
* @test
*
* @param $hasUser
* @param $isAvailable
* @param $isActive
* @param $sessionAuth
* @param $expected
*
* @return void
* @throws ReflectionException
* @dataProvider canGetUserDataProvider
@ -64,7 +67,7 @@ trait CheckoutTestTrait
* @covers \D3\Webauthn\Modules\Application\Controller\d3_webauthn_OrderController::getUser
* @covers \D3\Webauthn\Modules\Application\Controller\d3_webauthn_UserController::getUser
*/
public function canGetUser($hasUser, $isActive, $sessionAuth, $expected)
public function canGetUser($hasUser, $isAvailable, $isActive, $sessionAuth, $expected)
{
/** @var Session|MockObject $sessionMock */
$sessionMock = $this->getMockBuilder(Session::class)
@ -75,8 +78,9 @@ trait CheckoutTestTrait
/** @var Webauthn|MockObject $webauthnMock */
$webauthnMock = $this->getMockBuilder(Webauthn::class)
->onlyMethods(['isActive'])
->onlyMethods(['isAvailable', 'isActive'])
->getMock();
$webauthnMock->method('isAvailable')->willReturn($isAvailable);
$webauthnMock->method('isActive')->willReturn($isActive);
/** @var PaymentController|OrderController|UserController|MockObject $sut */
@ -136,10 +140,11 @@ trait CheckoutTestTrait
public function canGetUserDataProvider(): array
{
return [
'no (valid) user' => [false, false, null, 'parent'],
'webauthn not active' => [true, false, null, 'parent'],
'has webauthn auth' => [true, true, 'userIdFixture', 'parent'],
'no webauthn auth' => [true, true, null, false],
'no (valid) user' => [false, true, false, null, 'parent'],
'webauthn not available'=> [true, false, false, null, 'parent'],
'webauthn not active' => [true, true, false, null, 'parent'],
'has webauthn auth' => [true, true, true, 'userIdFixture', 'parent'],
'no webauthn auth' => [true, true, true, null, false],
];
}
}