prevent leaving logged in user without logged in status in case of no https connector

2023-01-16 13:37:56 +01:00 · 2023-01-16 13:37:56 +01:00 · 942a20cdf6
commit 942a20cdf6
parent 91bf6dacbe
4 changed files with 22 additions and 9 deletions
--- a/src/Application/Controller/Traits/checkoutGetUserTrait.php
+++ b/src/Application/Controller/Traits/checkoutGetUserTrait.php
@ -18,6 +18,7 @@ namespace D3\Webauthn\Application\Controller\Traits;
 use D3\TestingTools\Production\IsMockable;
 use D3\Webauthn\Application\Model\Webauthn;
 use D3\Webauthn\Application\Model\WebauthnConf;
+use D3\Webauthn\Modules\Application\Model\d3_User_Webauthn;
 use Doctrine\DBAL\Driver\Exception;
 use Doctrine\DBAL\Exception as DoctrineException;
 use OxidEsales\Eshop\Application\Model\User;
@ -38,13 +39,14 @@ trait checkoutGetUserTrait
     */
    public function getUser()
    {
-        /** @var User|null $user */
+        /** @var d3_User_Webauthn|null $user */
        $user = $this->d3CallMockableFunction([$this->parentClass, 'getUser']);

        if ($user && $user->isLoaded() && $user->getId()) {
            $webauthn = $this->d3GetMockableOxNewObject(Webauthn::class);

-            if ($webauthn->isActive($user->getId())
+            if ($webauthn->isAvailable()
+                && $webauthn->isActive($user->getId())
                && !$this->d3GetMockableRegistryObject(Session::class)
                         ->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH)
            ) {
--- a/src/tests/integration/passwordAdminAuthTest.php
+++ b/src/tests/integration/passwordAdminAuthTest.php
@ -31,7 +31,7 @@ class passwordAdminAuthTest extends integrationTestCase

    public function createTestData()
    {
-        $admin = DatabaseProvider::getDb()->getOne('SELECT oxid FROM oxuser WHERE oxrights = "malladmin"');
+        $admin = DatabaseProvider::getDb()->getOne('SELECT oxid FROM oxuser WHERE oxrights = \'malladmin\'');
        Registry::getSession()->setVariable(WebauthnConf::OXID_ADMIN_AUTH, $admin);
        $this->createUser(
            $this->userList[1],
--- a/src/tests/unit/Application/Model/Credential/PublicKeyCredentialListTest.php
+++ b/src/tests/unit/Application/Model/Credential/PublicKeyCredentialListTest.php
@ -210,6 +210,9 @@ class PublicKeyCredentialListTest extends UnitTestCase

        if ($doCreate) {
            foreach ($oxids as $oxid) {
+                $pkc = $this->getMockBuilder(PublicKeyCredential::class)
+                    ->onlyMethods(['allowDerivedDelete'])
+                    ->getMock();
                $pkc->delete($oxid);
            }
        }
@ -286,6 +289,9 @@ class PublicKeyCredentialListTest extends UnitTestCase

        if ($doCreate) {
            foreach ($oxids as $oxid) {
+                $pkc = $this->getMockBuilder(PublicKeyCredential::class)
+                    ->onlyMethods(['allowDerivedDelete'])
+                    ->getMock();
                $pkc->delete($oxid);
            }
        }
--- a/src/tests/unit/Modules/Application/Controller/CheckoutTestTrait.php
+++ b/src/tests/unit/Modules/Application/Controller/CheckoutTestTrait.php
@ -52,10 +52,13 @@ trait CheckoutTestTrait

    /**
     * @test
+     *
     * @param $hasUser
+     * @param $isAvailable
     * @param $isActive
     * @param $sessionAuth
     * @param $expected
+     *
     * @return void
     * @throws ReflectionException
     * @dataProvider canGetUserDataProvider
@ -64,7 +67,7 @@ trait CheckoutTestTrait
     * @covers       \D3\Webauthn\Modules\Application\Controller\d3_webauthn_OrderController::getUser
     * @covers       \D3\Webauthn\Modules\Application\Controller\d3_webauthn_UserController::getUser
     */
-    public function canGetUser($hasUser, $isActive, $sessionAuth, $expected)
+    public function canGetUser($hasUser, $isAvailable, $isActive, $sessionAuth, $expected)
    {
        /** @var Session|MockObject $sessionMock */
        $sessionMock = $this->getMockBuilder(Session::class)
@ -75,8 +78,9 @@ trait CheckoutTestTrait

        /** @var Webauthn|MockObject $webauthnMock */
        $webauthnMock = $this->getMockBuilder(Webauthn::class)
-            ->onlyMethods(['isActive'])
+            ->onlyMethods(['isAvailable', 'isActive'])
            ->getMock();
+        $webauthnMock->method('isAvailable')->willReturn($isAvailable);
        $webauthnMock->method('isActive')->willReturn($isActive);

        /** @var PaymentController|OrderController|UserController|MockObject $sut */
@ -136,10 +140,11 @@ trait CheckoutTestTrait
    public function canGetUserDataProvider(): array
    {
        return [
-            'no (valid) user'       => [false, false, null, 'parent'],
-            'webauthn not active'   => [true, false, null, 'parent'],
-            'has webauthn auth'     => [true, true, 'userIdFixture', 'parent'],
-            'no webauthn auth'      => [true, true, null, false],
+            'no (valid) user'       => [false, true, false, null, 'parent'],
+            'webauthn not available'=> [true, false, false, null, 'parent'],
+            'webauthn not active'   => [true, true, false, null, 'parent'],
+            'has webauthn auth'     => [true, true, true, 'userIdFixture', 'parent'],
+            'no webauthn auth'      => [true, true, true, null, false],
        ];
    }
 }