prevent leaving logged in user without logged in status in case of no https connector

This commit is contained in:
Daniel Seifert 2023-01-16 13:37:56 +01:00
parent 91bf6dacbe
commit 942a20cdf6
Signed by: DanielS
GPG Key ID: 8A7C4C6ED1915C6F
4 changed files with 22 additions and 9 deletions

View File

@ -18,6 +18,7 @@ namespace D3\Webauthn\Application\Controller\Traits;
use D3\TestingTools\Production\IsMockable; use D3\TestingTools\Production\IsMockable;
use D3\Webauthn\Application\Model\Webauthn; use D3\Webauthn\Application\Model\Webauthn;
use D3\Webauthn\Application\Model\WebauthnConf; use D3\Webauthn\Application\Model\WebauthnConf;
use D3\Webauthn\Modules\Application\Model\d3_User_Webauthn;
use Doctrine\DBAL\Driver\Exception; use Doctrine\DBAL\Driver\Exception;
use Doctrine\DBAL\Exception as DoctrineException; use Doctrine\DBAL\Exception as DoctrineException;
use OxidEsales\Eshop\Application\Model\User; use OxidEsales\Eshop\Application\Model\User;
@ -38,13 +39,14 @@ trait checkoutGetUserTrait
*/ */
public function getUser() public function getUser()
{ {
/** @var User|null $user */ /** @var d3_User_Webauthn|null $user */
$user = $this->d3CallMockableFunction([$this->parentClass, 'getUser']); $user = $this->d3CallMockableFunction([$this->parentClass, 'getUser']);
if ($user && $user->isLoaded() && $user->getId()) { if ($user && $user->isLoaded() && $user->getId()) {
$webauthn = $this->d3GetMockableOxNewObject(Webauthn::class); $webauthn = $this->d3GetMockableOxNewObject(Webauthn::class);
if ($webauthn->isActive($user->getId()) if ($webauthn->isAvailable()
&& $webauthn->isActive($user->getId())
&& !$this->d3GetMockableRegistryObject(Session::class) && !$this->d3GetMockableRegistryObject(Session::class)
->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH)
) { ) {

View File

@ -31,7 +31,7 @@ class passwordAdminAuthTest extends integrationTestCase
public function createTestData() public function createTestData()
{ {
$admin = DatabaseProvider::getDb()->getOne('SELECT oxid FROM oxuser WHERE oxrights = "malladmin"'); $admin = DatabaseProvider::getDb()->getOne('SELECT oxid FROM oxuser WHERE oxrights = \'malladmin\'');
Registry::getSession()->setVariable(WebauthnConf::OXID_ADMIN_AUTH, $admin); Registry::getSession()->setVariable(WebauthnConf::OXID_ADMIN_AUTH, $admin);
$this->createUser( $this->createUser(
$this->userList[1], $this->userList[1],

View File

@ -210,6 +210,9 @@ class PublicKeyCredentialListTest extends UnitTestCase
if ($doCreate) { if ($doCreate) {
foreach ($oxids as $oxid) { foreach ($oxids as $oxid) {
$pkc = $this->getMockBuilder(PublicKeyCredential::class)
->onlyMethods(['allowDerivedDelete'])
->getMock();
$pkc->delete($oxid); $pkc->delete($oxid);
} }
} }
@ -286,6 +289,9 @@ class PublicKeyCredentialListTest extends UnitTestCase
if ($doCreate) { if ($doCreate) {
foreach ($oxids as $oxid) { foreach ($oxids as $oxid) {
$pkc = $this->getMockBuilder(PublicKeyCredential::class)
->onlyMethods(['allowDerivedDelete'])
->getMock();
$pkc->delete($oxid); $pkc->delete($oxid);
} }
} }

View File

@ -52,10 +52,13 @@ trait CheckoutTestTrait
/** /**
* @test * @test
*
* @param $hasUser * @param $hasUser
* @param $isAvailable
* @param $isActive * @param $isActive
* @param $sessionAuth * @param $sessionAuth
* @param $expected * @param $expected
*
* @return void * @return void
* @throws ReflectionException * @throws ReflectionException
* @dataProvider canGetUserDataProvider * @dataProvider canGetUserDataProvider
@ -64,7 +67,7 @@ trait CheckoutTestTrait
* @covers \D3\Webauthn\Modules\Application\Controller\d3_webauthn_OrderController::getUser * @covers \D3\Webauthn\Modules\Application\Controller\d3_webauthn_OrderController::getUser
* @covers \D3\Webauthn\Modules\Application\Controller\d3_webauthn_UserController::getUser * @covers \D3\Webauthn\Modules\Application\Controller\d3_webauthn_UserController::getUser
*/ */
public function canGetUser($hasUser, $isActive, $sessionAuth, $expected) public function canGetUser($hasUser, $isAvailable, $isActive, $sessionAuth, $expected)
{ {
/** @var Session|MockObject $sessionMock */ /** @var Session|MockObject $sessionMock */
$sessionMock = $this->getMockBuilder(Session::class) $sessionMock = $this->getMockBuilder(Session::class)
@ -75,8 +78,9 @@ trait CheckoutTestTrait
/** @var Webauthn|MockObject $webauthnMock */ /** @var Webauthn|MockObject $webauthnMock */
$webauthnMock = $this->getMockBuilder(Webauthn::class) $webauthnMock = $this->getMockBuilder(Webauthn::class)
->onlyMethods(['isActive']) ->onlyMethods(['isAvailable', 'isActive'])
->getMock(); ->getMock();
$webauthnMock->method('isAvailable')->willReturn($isAvailable);
$webauthnMock->method('isActive')->willReturn($isActive); $webauthnMock->method('isActive')->willReturn($isActive);
/** @var PaymentController|OrderController|UserController|MockObject $sut */ /** @var PaymentController|OrderController|UserController|MockObject $sut */
@ -136,10 +140,11 @@ trait CheckoutTestTrait
public function canGetUserDataProvider(): array public function canGetUserDataProvider(): array
{ {
return [ return [
'no (valid) user' => [false, false, null, 'parent'], 'no (valid) user' => [false, true, false, null, 'parent'],
'webauthn not active' => [true, false, null, 'parent'], 'webauthn not available'=> [true, false, false, null, 'parent'],
'has webauthn auth' => [true, true, 'userIdFixture', 'parent'], 'webauthn not active' => [true, true, false, null, 'parent'],
'no webauthn auth' => [true, true, null, false], 'has webauthn auth' => [true, true, true, 'userIdFixture', 'parent'],
'no webauthn auth' => [true, true, true, null, false],
]; ];
} }
} }