allow additional password based login

This commit is contained in:
Daniel Seifert 2022-11-01 21:43:55 +01:00
parent 5ed13d13d9
commit b9378ab03a
Signed by: DanielS
GPG Key ID: 6A513E13AEE66170
5 changed files with 5 additions and 83 deletions

View File

@ -48,10 +48,3 @@ namespace D3\Webauthn\Modules\Application\Model
class d3_User_Webauthn_parent extends User {} class d3_User_Webauthn_parent extends User {}
} }
namespace D3\Webauthn\Modules\Core
{
use OxidEsales\Eshop\Core\Utils;
class d3_webauthn_utils_parent extends Utils {}
}

View File

@ -44,11 +44,12 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
public function login_noredirect() public function login_noredirect()
{ {
$lgn_user = Registry::getRequest()->getRequestParameter('lgn_usr'); $lgn_user = Registry::getRequest()->getRequestParameter('lgn_usr');
$password = Registry::getConfig()->getRequestParameter('lgn_pwd', true);
/** @var d3_User_Webauthn $user */ /** @var d3_User_Webauthn $user */
$user = oxNew(User::class); $user = oxNew(User::class);
$userId = $user->d3GetLoginUserId($lgn_user); $userId = $user->d3GetLoginUserId($lgn_user);
if ($lgn_user && $userId) { if ($lgn_user && $userId && !strlen(trim($password))) {
$webauthn = $this->d3GetWebauthnObject(); $webauthn = $this->d3GetWebauthnObject();
if ($webauthn->isActive($userId) if ($webauthn->isActive($userId)

View File

@ -53,13 +53,15 @@ class d3_LoginController_Webauthn extends d3_LoginController_Webauthn_parent
{ {
$lgn_user = Registry::getRequest()->getRequestParameter('user') ?: $lgn_user = Registry::getRequest()->getRequestParameter('user') ?:
Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_LOGINUSER); Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_LOGINUSER);
$password = Registry::getRequest()->getRequestParameter('pwd', true);
/** @var d3_User_Webauthn $user */ /** @var d3_User_Webauthn $user */
$user = $this->d3GetUserObject(); $user = $this->d3GetUserObject();
$userId = $user->d3GetLoginUserId($lgn_user, 'malladmin'); $userId = $user->d3GetLoginUserId($lgn_user, 'malladmin');
if ($lgn_user && $userId && if ($lgn_user && $userId &&
false === Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) false === Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) &&
!strlen(trim($password))
) { ) {
$webauthn = $this->d3GetWebauthnObject(); $webauthn = $this->d3GetWebauthnObject();

View File

@ -1,73 +0,0 @@
<?php
/**
* This Software is the property of Data Development and is protected
* by copyright law - it is NOT Freeware.
* Any unauthorized use of this software without a valid license
* is a violation of the license agreement and will be prosecuted by
* civil and criminal law.
* http://www.shopmodule.com
*
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
* @link http://www.oxidmodule.com
*/
namespace D3\Webauthn\Modules\Core;
use D3\Webauthn\Application\Model\Webauthn;
use D3\Webauthn\Application\Model\WebauthnConf;
use Doctrine\DBAL\DBALException;
use Doctrine\DBAL\Driver\Exception;
use Doctrine\DBAL\Exception as DoctrineException;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Registry;
use OxidEsales\Eshop\Core\Session;
use Psr\Container\ContainerExceptionInterface;
use Psr\Container\NotFoundExceptionInterface;
class d3_webauthn_utils extends d3_webauthn_utils_parent
{
/**
* @return bool
* @throws Exception
* @throws DoctrineException
* @throws ContainerExceptionInterface
* @throws NotFoundExceptionInterface
*/
public function checkAccessRights()
{
$blAuth = parent::checkAccessRights();
$userID = $this->d3GetSessionObject()->getVariable("auth");
$webauthnAuth = (bool) $this->d3GetSessionObject()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH);
$webauthn = $this->d3GetWebauthnObject();
if ($blAuth && $webauthn->isActive($userID) && false === $webauthnAuth) {
$this->redirect('index.php?cl=login', true, 302);
if (!defined('OXID_PHP_UNIT')) {
// @codeCoverageIgnoreStart
exit;
// @codeCoverageIgnoreEnd
}
}
return $blAuth;
}
/**
* @return Session
*/
public function d3GetSessionObject(): Session
{
return Registry::getSession();
}
/**
* @return Webauthn
*/
public function d3GetWebauthnObject(): Webauthn
{
return oxNew(Webauthn::class);
}
}

View File

@ -66,7 +66,6 @@ $aModule = array(
OrderController::class => d3_webauthn_OrderController::class, OrderController::class => d3_webauthn_OrderController::class,
OxidModel\User::class => d3_User_Webauthn::class, OxidModel\User::class => d3_User_Webauthn::class,
LoginController::class => d3_LoginController_Webauthn::class, LoginController::class => d3_LoginController_Webauthn::class,
Utils::class => d3_webauthn_utils::class,
UserComponent::class => d3_webauthn_UserComponent::class, UserComponent::class => d3_webauthn_UserComponent::class,
], ],
'controllers' => [ 'controllers' => [