From b9378ab03a3e3a5f967f0f817f09037be33e140a Mon Sep 17 00:00:00 2001 From: Daniel Seifert Date: Tue, 1 Nov 2022 21:43:55 +0100 Subject: [PATCH] allow additional password based login --- src/IntelliSenseHelper.php | 7 -- .../Component/d3_webauthn_UserComponent.php | 3 +- .../Admin/d3_LoginController_Webauthn.php | 4 +- src/Modules/Core/d3_webauthn_utils.php | 73 ------------------- src/metadata.php | 1 - 5 files changed, 5 insertions(+), 83 deletions(-) delete mode 100755 src/Modules/Core/d3_webauthn_utils.php diff --git a/src/IntelliSenseHelper.php b/src/IntelliSenseHelper.php index f699902..73d4772 100755 --- a/src/IntelliSenseHelper.php +++ b/src/IntelliSenseHelper.php @@ -47,11 +47,4 @@ namespace D3\Webauthn\Modules\Application\Model use OxidEsales\Eshop\Application\Model\User; class d3_User_Webauthn_parent extends User {} -} - -namespace D3\Webauthn\Modules\Core -{ - use OxidEsales\Eshop\Core\Utils; - - class d3_webauthn_utils_parent extends Utils {} } \ No newline at end of file diff --git a/src/Modules/Application/Component/d3_webauthn_UserComponent.php b/src/Modules/Application/Component/d3_webauthn_UserComponent.php index 7c5ebcb..8d10764 100755 --- a/src/Modules/Application/Component/d3_webauthn_UserComponent.php +++ b/src/Modules/Application/Component/d3_webauthn_UserComponent.php @@ -44,11 +44,12 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent public function login_noredirect() { $lgn_user = Registry::getRequest()->getRequestParameter('lgn_usr'); + $password = Registry::getConfig()->getRequestParameter('lgn_pwd', true); /** @var d3_User_Webauthn $user */ $user = oxNew(User::class); $userId = $user->d3GetLoginUserId($lgn_user); - if ($lgn_user && $userId) { + if ($lgn_user && $userId && !strlen(trim($password))) { $webauthn = $this->d3GetWebauthnObject(); if ($webauthn->isActive($userId) diff --git a/src/Modules/Application/Controller/Admin/d3_LoginController_Webauthn.php b/src/Modules/Application/Controller/Admin/d3_LoginController_Webauthn.php index a656a9d..fd8e20b 100755 --- a/src/Modules/Application/Controller/Admin/d3_LoginController_Webauthn.php +++ b/src/Modules/Application/Controller/Admin/d3_LoginController_Webauthn.php @@ -53,13 +53,15 @@ class d3_LoginController_Webauthn extends d3_LoginController_Webauthn_parent { $lgn_user = Registry::getRequest()->getRequestParameter('user') ?: Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_LOGINUSER); + $password = Registry::getRequest()->getRequestParameter('pwd', true); /** @var d3_User_Webauthn $user */ $user = $this->d3GetUserObject(); $userId = $user->d3GetLoginUserId($lgn_user, 'malladmin'); if ($lgn_user && $userId && - false === Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) + false === Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) && + !strlen(trim($password)) ) { $webauthn = $this->d3GetWebauthnObject(); diff --git a/src/Modules/Core/d3_webauthn_utils.php b/src/Modules/Core/d3_webauthn_utils.php deleted file mode 100755 index 9983026..0000000 --- a/src/Modules/Core/d3_webauthn_utils.php +++ /dev/null @@ -1,73 +0,0 @@ - - * @link http://www.oxidmodule.com - */ - -namespace D3\Webauthn\Modules\Core; - -use D3\Webauthn\Application\Model\Webauthn; -use D3\Webauthn\Application\Model\WebauthnConf; -use Doctrine\DBAL\DBALException; -use Doctrine\DBAL\Driver\Exception; -use Doctrine\DBAL\Exception as DoctrineException; -use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; -use OxidEsales\Eshop\Core\Registry; -use OxidEsales\Eshop\Core\Session; -use Psr\Container\ContainerExceptionInterface; -use Psr\Container\NotFoundExceptionInterface; - -class d3_webauthn_utils extends d3_webauthn_utils_parent -{ - /** - * @return bool - * @throws Exception - * @throws DoctrineException - * @throws ContainerExceptionInterface - * @throws NotFoundExceptionInterface - */ - public function checkAccessRights() - { - $blAuth = parent::checkAccessRights(); - - $userID = $this->d3GetSessionObject()->getVariable("auth"); - $webauthnAuth = (bool) $this->d3GetSessionObject()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH); - $webauthn = $this->d3GetWebauthnObject(); - - if ($blAuth && $webauthn->isActive($userID) && false === $webauthnAuth) { - $this->redirect('index.php?cl=login', true, 302); - if (!defined('OXID_PHP_UNIT')) { - // @codeCoverageIgnoreStart - exit; - // @codeCoverageIgnoreEnd - } - } - - return $blAuth; - } - - /** - * @return Session - */ - public function d3GetSessionObject(): Session - { - return Registry::getSession(); - } - - /** - * @return Webauthn - */ - public function d3GetWebauthnObject(): Webauthn - { - return oxNew(Webauthn::class); - } -} \ No newline at end of file diff --git a/src/metadata.php b/src/metadata.php index 9bce957..c73fa72 100755 --- a/src/metadata.php +++ b/src/metadata.php @@ -66,7 +66,6 @@ $aModule = array( OrderController::class => d3_webauthn_OrderController::class, OxidModel\User::class => d3_User_Webauthn::class, LoginController::class => d3_LoginController_Webauthn::class, - Utils::class => d3_webauthn_utils::class, UserComponent::class => d3_webauthn_UserComponent::class, ], 'controllers' => [