From 942a20cdf6dda7fb13f2e007347ea0ae06772467 Mon Sep 17 00:00:00 2001 From: Daniel Seifert Date: Mon, 16 Jan 2023 13:37:56 +0100 Subject: [PATCH] prevent leaving logged in user without logged in status in case of no https connector --- .../Controller/Traits/checkoutGetUserTrait.php | 6 ++++-- src/tests/integration/passwordAdminAuthTest.php | 2 +- .../Credential/PublicKeyCredentialListTest.php | 6 ++++++ .../Controller/CheckoutTestTrait.php | 17 +++++++++++------ 4 files changed, 22 insertions(+), 9 deletions(-) diff --git a/src/Application/Controller/Traits/checkoutGetUserTrait.php b/src/Application/Controller/Traits/checkoutGetUserTrait.php index ae46bfd..ccc0cef 100755 --- a/src/Application/Controller/Traits/checkoutGetUserTrait.php +++ b/src/Application/Controller/Traits/checkoutGetUserTrait.php @@ -18,6 +18,7 @@ namespace D3\Webauthn\Application\Controller\Traits; use D3\TestingTools\Production\IsMockable; use D3\Webauthn\Application\Model\Webauthn; use D3\Webauthn\Application\Model\WebauthnConf; +use D3\Webauthn\Modules\Application\Model\d3_User_Webauthn; use Doctrine\DBAL\Driver\Exception; use Doctrine\DBAL\Exception as DoctrineException; use OxidEsales\Eshop\Application\Model\User; @@ -38,13 +39,14 @@ trait checkoutGetUserTrait */ public function getUser() { - /** @var User|null $user */ + /** @var d3_User_Webauthn|null $user */ $user = $this->d3CallMockableFunction([$this->parentClass, 'getUser']); if ($user && $user->isLoaded() && $user->getId()) { $webauthn = $this->d3GetMockableOxNewObject(Webauthn::class); - if ($webauthn->isActive($user->getId()) + if ($webauthn->isAvailable() + && $webauthn->isActive($user->getId()) && !$this->d3GetMockableRegistryObject(Session::class) ->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ) { diff --git a/src/tests/integration/passwordAdminAuthTest.php b/src/tests/integration/passwordAdminAuthTest.php index e19e457..a60234d 100644 --- a/src/tests/integration/passwordAdminAuthTest.php +++ b/src/tests/integration/passwordAdminAuthTest.php @@ -31,7 +31,7 @@ class passwordAdminAuthTest extends integrationTestCase public function createTestData() { - $admin = DatabaseProvider::getDb()->getOne('SELECT oxid FROM oxuser WHERE oxrights = "malladmin"'); + $admin = DatabaseProvider::getDb()->getOne('SELECT oxid FROM oxuser WHERE oxrights = \'malladmin\''); Registry::getSession()->setVariable(WebauthnConf::OXID_ADMIN_AUTH, $admin); $this->createUser( $this->userList[1], diff --git a/src/tests/unit/Application/Model/Credential/PublicKeyCredentialListTest.php b/src/tests/unit/Application/Model/Credential/PublicKeyCredentialListTest.php index 53c594e..cced323 100644 --- a/src/tests/unit/Application/Model/Credential/PublicKeyCredentialListTest.php +++ b/src/tests/unit/Application/Model/Credential/PublicKeyCredentialListTest.php @@ -210,6 +210,9 @@ class PublicKeyCredentialListTest extends UnitTestCase if ($doCreate) { foreach ($oxids as $oxid) { + $pkc = $this->getMockBuilder(PublicKeyCredential::class) + ->onlyMethods(['allowDerivedDelete']) + ->getMock(); $pkc->delete($oxid); } } @@ -286,6 +289,9 @@ class PublicKeyCredentialListTest extends UnitTestCase if ($doCreate) { foreach ($oxids as $oxid) { + $pkc = $this->getMockBuilder(PublicKeyCredential::class) + ->onlyMethods(['allowDerivedDelete']) + ->getMock(); $pkc->delete($oxid); } } diff --git a/src/tests/unit/Modules/Application/Controller/CheckoutTestTrait.php b/src/tests/unit/Modules/Application/Controller/CheckoutTestTrait.php index 440b20a..a2f1967 100644 --- a/src/tests/unit/Modules/Application/Controller/CheckoutTestTrait.php +++ b/src/tests/unit/Modules/Application/Controller/CheckoutTestTrait.php @@ -52,10 +52,13 @@ trait CheckoutTestTrait /** * @test + * * @param $hasUser + * @param $isAvailable * @param $isActive * @param $sessionAuth * @param $expected + * * @return void * @throws ReflectionException * @dataProvider canGetUserDataProvider @@ -64,7 +67,7 @@ trait CheckoutTestTrait * @covers \D3\Webauthn\Modules\Application\Controller\d3_webauthn_OrderController::getUser * @covers \D3\Webauthn\Modules\Application\Controller\d3_webauthn_UserController::getUser */ - public function canGetUser($hasUser, $isActive, $sessionAuth, $expected) + public function canGetUser($hasUser, $isAvailable, $isActive, $sessionAuth, $expected) { /** @var Session|MockObject $sessionMock */ $sessionMock = $this->getMockBuilder(Session::class) @@ -75,8 +78,9 @@ trait CheckoutTestTrait /** @var Webauthn|MockObject $webauthnMock */ $webauthnMock = $this->getMockBuilder(Webauthn::class) - ->onlyMethods(['isActive']) + ->onlyMethods(['isAvailable', 'isActive']) ->getMock(); + $webauthnMock->method('isAvailable')->willReturn($isAvailable); $webauthnMock->method('isActive')->willReturn($isActive); /** @var PaymentController|OrderController|UserController|MockObject $sut */ @@ -136,10 +140,11 @@ trait CheckoutTestTrait public function canGetUserDataProvider(): array { return [ - 'no (valid) user' => [false, false, null, 'parent'], - 'webauthn not active' => [true, false, null, 'parent'], - 'has webauthn auth' => [true, true, 'userIdFixture', 'parent'], - 'no webauthn auth' => [true, true, null, false], + 'no (valid) user' => [false, true, false, null, 'parent'], + 'webauthn not available'=> [true, false, false, null, 'parent'], + 'webauthn not active' => [true, true, false, null, 'parent'], + 'has webauthn auth' => [true, true, true, 'userIdFixture', 'parent'], + 'no webauthn auth' => [true, true, true, null, false], ]; } }