prepare changed frontend login

This commit is contained in:
Daniel Seifert 2022-10-26 22:27:25 +02:00
parent b588c36f72
commit bfe6f50b76
Signed by: DanielS
GPG Key ID: 6A513E13AEE66170
9 changed files with 109 additions and 69 deletions

View File

@ -16,7 +16,7 @@
namespace D3\Webauthn\Application\Controller;
use D3\Webauthn\Application\Model\d3webauthn;
use D3\Webauthn\Application\Model\d3webauthn_conf;
use D3\Webauthn\Application\Model\WebauthnConf;
use OxidEsales\Eshop\Application\Controller\FrontendController;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Exception\DatabaseErrorException;
@ -34,9 +34,10 @@ class d3webauthnlogin extends FrontendController
*/
public function render()
{
if (Registry::getSession()->hasVariable(d3webauthn_conf::WEBAUTHN_SESSION_AUTH) ||
false == Registry::getSession()->hasVariable(d3webauthn_conf::WEBAUTHN_SESSION_CURRENTUSER)
dumpvar(__METHOD__.__LINE__);
die();
if (Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
false == Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER)
) {
$this->getUtils()->redirect('index.php?cl=start', true, 302);
if (false == defined('OXID_PHP_UNIT')) {
@ -48,7 +49,7 @@ class d3webauthnlogin extends FrontendController
$this->generateCredentialRequest();
$this->addTplParam('navFormParams', Registry::getSession()->getVariable(d3webauthn_conf::WEBAUTHN_SESSION_NAVFORMPARAMS));
$this->addTplParam('navFormParams', Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_NAVFORMPARAMS));
return parent::render();
}
@ -59,7 +60,7 @@ class d3webauthnlogin extends FrontendController
*/
public function generateCredentialRequest()
{
$auth = Registry::getSession()->getSession()->getVariable(d3webauthn_conf::WEBAUTHN_SESSION_CURRENTUSER);
$auth = Registry::getSession()->getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
$webauthn = oxNew(d3webauthn::class);
$publicKeyCredentialRequestOptions = $webauthn->getCredentialRequestOptions($auth);
@ -79,12 +80,12 @@ class d3webauthnlogin extends FrontendController
public function getPreviousClass()
{
return Registry::getSession()->getVariable(d3webauthn_conf::WEBAUTHN_SESSION_CURRENTCLASS);
return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
}
public function previousClassIsOrderStep()
{
$sClassKey = Registry::getSession()->getVariable(d3webauthn_conf::WEBAUTHN_SESSION_CURRENTCLASS);
$sClassKey = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
$resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey);
$resolvedClass = $resolvedClass ? $resolvedClass : 'start';

View File

@ -7,6 +7,7 @@ namespace D3\Webauthn\Application\Model;
use D3\Totp\Modules\Application\Model\d3_totp_user;
use D3\Webauthn\Application\Model\Credential\PublicKeyCredential;
use D3\Webauthn\Application\Model\Credential\PublicKeyCredentialList;
use D3\Webauthn\Modules\Application\Model\d3_User_Webauthn;
use Nyholm\Psr7\Factory\Psr17Factory;
use Nyholm\Psr7Server\ServerRequestCreator;
use OxidEsales\Eshop\Application\Model\User;
@ -175,4 +176,30 @@ class Webauthn
die();
}
}
/**
* @return bool
*/
public function isActive($userId): bool
{
return false == Registry::getConfig()->getConfigParam('blDisableWebauthnGlobally')
&& $this->UserUseWebauthn($userId);
}
/**
* @param $userId
* @return bool
*/
public function UserUseWebauthn($userId): bool
{
/** @var d3_User_Webauthn $user */
$user = oxNew(User::class);
$user->load($userId);
$entity = $user->d3GetWebauthnUserEntity();
$credentionList = oxNew(PublicKeyCredentialList::class);
$list = $credentionList->findAllForUserEntity($entity);
return is_array($list) && count($list);
}
}

View File

@ -15,11 +15,7 @@
namespace D3\Webauthn\Application\Model;
/**
* @deprecated
*/
class d3webauthn_conf
class WebauthnConf
{
const WEBAUTHN_SESSION_AUTH = 'webauthn_auth';
const WEBAUTHN_LOGIN_OBJECT = 'authnloginobject';

View File

@ -131,7 +131,7 @@ class d3webauthn extends BaseModel
if ($auth
&& $this->isActive()
&& false == Registry::getSession()->getVariable(d3webauthn_conf::WEBAUTHN_SESSION_AUTH)
&& false == Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH)
) {
/** @var d3PublicKeyCredentialRpEntity $rpEntity */
$rpEntity = oxNew(d3PublicKeyCredentialRpEntity::class, Registry::getConfig()->getActiveShop());
@ -162,7 +162,7 @@ dumpvar($userEntity);
dumpvar($publicKeyCredentialRequestOptions);
$requestOptions = json_encode($publicKeyCredentialRequestOptions, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
Registry::getSession()->setVariable(d3webauthn_conf::WEBAUTHN_LOGIN_OBJECT, $publicKeyCredentialRequestOptions);
Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT, $publicKeyCredentialRequestOptions);
// set auth as secured parameter;
Registry::getSession()->setVariable("auth", $auth);
@ -181,7 +181,7 @@ dumpvar($publicKeyCredentialRequestOptions);
{
$blVerify = false;
// Retrieve the Options passed to the device
$publicKeyCredentialRequestOptions = Registry::getSession()->getVariable(d3webauthn_conf::WEBAUTHN_LOGIN_OBJECT);
$publicKeyCredentialRequestOptions = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT);
if (!$publicKeyCredentialRequestOptions) {
$oException = oxNew(d3webauthnMissingPublicKeyCredentialRequestOptions::class);
@ -218,7 +218,7 @@ dumpvar($publicKeyCredentialRequestOptions);
);
$blVerify = true;
Registry::getSession()->deleteVariable(d3webauthn_conf::WEBAUTHN_LOGIN_OBJECT);
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT);
//If everything is fine, this means the user has correctly been authenticated using the
// authenticator defined in $publicKeyCredentialSource
} catch(InvalidArgumentException $exception) {

View File

@ -16,17 +16,20 @@
namespace D3\Webauthn\Modules\Application\Component;
use D3\Webauthn\Application\Model\d3webauthn;
use D3\Webauthn\Application\Model\d3webauthn_conf;
use D3\Webauthn\Application\Model\WebauthnConf;
use D3\Webauthn\Application\Model\Exceptions\d3webauthnMissingPublicKeyCredentialRequestOptions;
use D3\Webauthn\Application\Model\Exceptions\d3webauthnWrongAuthException;
use D3\Webauthn\Application\Model\Webauthn;
use D3\Webauthn\Modules\Application\Model\d3_User_Webauthn;
use Doctrine\DBAL\DBALException;
use Doctrine\DBAL\Query\QueryBuilder;
use OxidEsales\Eshop\Application\Model\User;
use OxidEsales\Eshop\Core\DatabaseProvider;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Registry;
use OxidEsales\Eshop\Core\Session;
use OxidEsales\Eshop\Core\UtilsView;
use OxidEsales\EshopCommunity\Internal\Container\ContainerFactory;
use OxidEsales\EshopCommunity\Internal\Framework\Database\QueryBuilderFactoryInterface;
class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
{
@ -37,26 +40,39 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
*/
public function login_noredirect()
{
$sUser = Registry::getRequest()->getRequestParameter('lgn_usr');
$oUser = oxNew(User::class);
$q = "SELECT * FROM ".$oUser->getViewName()." WHERE oxusername = ? and oxshopid = ?";
$userId = DatabaseProvider::getDb()->getOne(
$q,
array($sUser, Registry::getConfig()->getActiveShop()->getId())
);
$lgn_user = Registry::getRequest()->getRequestParameter('lgn_usr');
$user = oxNew(User::class);
if ($sUser) {
/** @var QueryBuilder $qb */
$qb = ContainerFactory::getInstance()->getContainer()->get(QueryBuilderFactoryInterface::class)->create();
$qb->select('*')
->from($user->getViewName())
->where(
$qb->expr()->and(
$qb->expr()->eq(
'oxusername',
$qb->createNamedParameter($lgn_user)
),
$qb->expr()->eq(
'oxshopid',
$qb->createNamedParameter(Registry::getConfig()->getShopId())
)
)
)->setMaxResults(1);
$userId = $qb->execute()->fetchOne();
if ($lgn_user) {
$webauthn = $this->d3GetWebauthnObject();
$webauthn->loadByUserId($userId);
if ($webauthn->isActive()
&& false == Registry::getSession()->getVariable(d3webauthn_conf::WEBAUTHN_SESSION_AUTH)
if ($webauthn->isActive($userId)
&& false == Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH)
) {
Registry::getSession()->setVariable(
d3webauthn_conf::WEBAUTHN_SESSION_CURRENTCLASS,
WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS,
$this->getParent()->getClassKey() != 'd3webauthnlogin' ? $this->getParent()->getClassKey() : 'start');
Registry::getSession()->setVariable(d3webauthn_conf::WEBAUTHN_SESSION_CURRENTUSER, $oUser->getId());
Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER, $user->getId());
Registry::getSession()->setVariable(
d3webauthn_conf::WEBAUTHN_SESSION_NAVFORMPARAMS,
WebauthnConf::WEBAUTHN_SESSION_NAVFORMPARAMS,
$this->getParent()->getViewConfig()->getNavFormParams()
);
@ -68,7 +84,7 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
parent::login_noredirect();
/** @var d3_User_Webauthn $oUser */
/** @var d3_User_Webauthn $user */
/*
$oUser = $this->getUser();
@ -77,14 +93,14 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
$webauthn->loadByUserId($oUser->getId());
if ($webauthn->isActive()
&& false == Registry::getSession()->getVariable(d3webauthn_conf::WEBAUTHN_SESSION_AUTH)
&& false == Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH)
) {
Registry::getSession()->setVariable(
d3webauthn_conf::WEBAUTHN_SESSION_CURRENTCLASS,
WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS,
$this->getParent()->getClassKey() != 'd3webauthnlogin' ? $this->getParent()->getClassKey() : 'start');
Registry::getSession()->setVariable(d3webauthn_conf::WEBAUTHN_SESSION_CURRENTUSER, $oUser->getId());
Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER, $oUser->getId());
Registry::getSession()->setVariable(
d3webauthn_conf::WEBAUTHN_SESSION_NAVFORMPARAMS,
WebauthnConf::WEBAUTHN_SESSION_NAVFORMPARAMS,
$this->getParent()->getViewConfig()->getNavFormParams()
);
@ -97,11 +113,11 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
}
/**
* @return d3webauthn
* @return Webauthn
*/
public function d3GetWebauthnObject()
{
return oxNew(d3webauthn::class);
return oxNew(Webauthn::class);
}
/**
@ -113,7 +129,7 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
{
$sWebauth = base64_decode(Registry::getRequest()->getRequestParameter('keyauth'));
$sUserId = Registry::getSession()->getVariable(d3webauthn_conf::WEBAUTHN_SESSION_CURRENTUSER);
$sUserId = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
$oUser = oxNew(User::class);
$oUser->load($sUserId);
@ -168,7 +184,7 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
*/
public function hasValidWebauthn($sWebauth, $webauthn)
{
return Registry::getSession()->getVariable(d3webauthn_conf::WEBAUTHN_SESSION_AUTH) ||
return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
(
$sWebauth && $webauthn->verify($sWebauth)
);
@ -180,7 +196,7 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
*/
public function d3WebauthnRelogin(User $oUser, $sWebauthn)
{
$this->d3GetSession()->setVariable(d3webauthn_conf::WEBAUTHN_SESSION_AUTH, $sWebauthn);
$this->d3GetSession()->setVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH, $sWebauthn);
$this->d3GetSession()->setVariable('usr', $oUser->getId());
$this->setUser(null);
$this->setLoginStatus(USER_LOGIN_SUCCESS);
@ -189,9 +205,9 @@ class d3_webauthn_UserComponent extends d3_webauthn_UserComponent_parent
public function d3WebauthnClearSessionVariables()
{
$this->d3GetSession()->deleteVariable(d3webauthn_conf::WEBAUTHN_SESSION_CURRENTCLASS);
$this->d3GetSession()->deleteVariable(d3webauthn_conf::WEBAUTHN_SESSION_CURRENTUSER);
$this->d3GetSession()->deleteVariable(d3webauthn_conf::WEBAUTHN_SESSION_NAVFORMPARAMS);
$this->d3GetSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
$this->d3GetSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
$this->d3GetSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_NAVFORMPARAMS);
}
/**

View File

@ -16,7 +16,7 @@
namespace D3\Webauthn\Modules\Application\Controller\Admin;
use D3\Webauthn\Application\Model\d3webauthn;
use D3\Webauthn\Application\Model\d3webauthn_conf;
use D3\Webauthn\Application\Model\WebauthnConf;
use D3\Webauthn\Application\Model\Exceptions\d3WebauthnExceptionAbstract;
use D3\Webauthn\Application\Model\Exceptions\d3webauthnMissingPublicKeyCredentialRequestOptions;
use D3\Webauthn\Application\Model\Exceptions\d3webauthnWrongAuthException;
@ -97,7 +97,7 @@ class d3_LoginController_Webauthn extends d3_LoginController_Webauthn_parent
if ($this->isNoWebauthnOrNoLogin($webauthn)) {
$return = parent::checklogin();
} elseif ($this->hasValidWebauthn($sWebauth, $webauthn)) {
$this->d3GetSession()->setVariable(d3webauthn_conf::WEBAUTHN_SESSION_AUTH, $sWebauth);
$this->d3GetSession()->setVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH, $sWebauth);
$return = "admin_start";
}
} catch (d3webauthnExceptionAbstract $oEx) {
@ -126,7 +126,7 @@ class d3_LoginController_Webauthn extends d3_LoginController_Webauthn_parent
*/
public function hasValidWebauthn($sWebauth, $webauthn)
{
return Registry::getSession()->getVariable(d3webauthn_conf::WEBAUTHN_SESSION_AUTH) ||
return Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
(
$sWebauth && $webauthn->verify($sWebauth)
);

View File

@ -16,7 +16,7 @@
namespace D3\Webauthn\Modules\Application\Controller;
use D3\Webauthn\Application\Model\d3webauthn;
use D3\Webauthn\Application\Model\d3webauthn_conf;
use D3\Webauthn\Application\Model\WebauthnConf;
use Doctrine\DBAL\DBALException;
use OxidEsales\Eshop\Application\Model\User;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
@ -39,7 +39,7 @@ trait d3_webauthn_getUserTrait
$webauthn->loadByUserId($oUser->getId());
if ($webauthn->isActive()
&& false == $this->d3GetSessionObject()->getVariable(d3webauthn_conf::WEBAUTHN_SESSION_AUTH)
&& false == $this->d3GetSessionObject()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH)
) {
return false;
}

View File

@ -16,7 +16,7 @@
namespace D3\Webauthn\Modules\Application\Model;
use D3\Webauthn\Application\Model\d3webauthn;
use D3\Webauthn\Application\Model\d3webauthn_conf;
use D3\Webauthn\Application\Model\WebauthnConf;
use OxidEsales\Eshop\Core\Exception\StandardException;
use OxidEsales\Eshop\Core\Registry;
use Webauthn\PublicKeyCredentialUserEntity;
@ -27,30 +27,30 @@ class d3_User_Webauthn extends d3_User_Webauthn_parent
{
$return = parent::logout();
Registry::getSession()->deleteVariable(d3webauthn_conf::WEBAUTHN_SESSION_AUTH);
Registry::getSession()->deleteVariable(d3webauthn_conf::WEBAUTHN_LOGIN_OBJECT);
Registry::getSession()->deleteVariable(d3webauthn_conf::WEBAUTHN_SESSION_CURRENTUSER);
Registry::getSession()->deleteVariable(d3webauthn_conf::WEBAUTHN_SESSION_CURRENTCLASS);
Registry::getSession()->deleteVariable(d3webauthn_conf::WEBAUTHN_SESSION_NAVFORMPARAMS);
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH);
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT);
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_NAVFORMPARAMS);
return $return;
}
public function d3templogout()
{
$varname = Registry::getSession()->getVariable(d3webauthn_conf::WEBAUTHN_SESSION_AUTH);
$object = Registry::getSession()->getVariable(d3webauthn_conf::WEBAUTHN_LOGIN_OBJECT);
$currentUser = Registry::getSession()->getVariable(d3webauthn_conf::WEBAUTHN_SESSION_CURRENTUSER);
$currentClass = Registry::getSession()->getVariable(d3webauthn_conf::WEBAUTHN_SESSION_CURRENTCLASS);
$navFormParams = Registry::getSession()->getVariable(d3webauthn_conf::WEBAUTHN_SESSION_NAVFORMPARAMS);
$varname = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH);
$object = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT);
$currentUser = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
$currentClass = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
$navFormParams = Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_NAVFORMPARAMS);
$return = $this->logout();
Registry::getSession()->setVariable(d3webauthn_conf::WEBAUTHN_SESSION_AUTH, $varname);
Registry::getSession()->setVariable(d3webauthn_conf::WEBAUTHN_LOGIN_OBJECT, $object);
Registry::getSession()->setVariable(d3webauthn_conf::WEBAUTHN_SESSION_CURRENTUSER, $currentUser);
Registry::getSession()->setVariable(d3webauthn_conf::WEBAUTHN_SESSION_CURRENTCLASS, $currentClass);
Registry::getSession()->setVariable(d3webauthn_conf::WEBAUTHN_SESSION_NAVFORMPARAMS, $navFormParams);
Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH, $varname);
Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT, $object);
Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER, $currentUser);
Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS, $currentClass);
Registry::getSession()->setVariable(WebauthnConf::WEBAUTHN_SESSION_NAVFORMPARAMS, $navFormParams);
return $return;
}

View File

@ -16,7 +16,7 @@
namespace D3\Webauthn\Modules\Core;
use D3\Webauthn\Application\Model\d3webauthn;
use D3\Webauthn\Application\Model\d3webauthn_conf;
use D3\Webauthn\Application\Model\WebauthnConf;
use Doctrine\DBAL\DBALException;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Registry;
@ -34,7 +34,7 @@ class d3_webauthn_utils extends d3_webauthn_utils_parent
$blAuth = parent::checkAccessRights();
$userID = $this->d3GetSessionObject()->getVariable("auth");
$webauthnAuth = (bool) $this->d3GetSessionObject()->getVariable(d3webauthn_conf::WEBAUTHN_SESSION_AUTH);
$webauthnAuth = (bool) $this->d3GetSessionObject()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH);
/** @var d3webauthn $webauthn */
$webauthn = $this->d3GetWebauthnObject();
$webauthn->loadByUserId($userID);