separate session var names between frontend and backend
Cette révision appartient à :
Parent
f74d6985fb
révision
e866141a34
@ -59,8 +59,8 @@ class d3webauthnadminlogin extends AdminController
|
||||
*/
|
||||
public function render(): string
|
||||
{
|
||||
if ($this->d3GetSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
|
||||
!$this->d3GetSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER)
|
||||
if ($this->d3GetSession()->hasVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_AUTH) ||
|
||||
!$this->d3GetSession()->hasVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER)
|
||||
) {
|
||||
$this->getUtils()->redirect('index.php?cl=admin_start');
|
||||
if (!defined('OXID_PHP_UNIT')) {
|
||||
@ -86,12 +86,12 @@ class d3webauthnadminlogin extends AdminController
|
||||
*/
|
||||
public function generateCredentialRequest(): void
|
||||
{
|
||||
$userId = $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
|
||||
$userId = $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER);
|
||||
try {
|
||||
/** @var Webauthn $webauthn */
|
||||
$webauthn = $this->d3GetWebauthnObject();
|
||||
$publicKeyCredentialRequestOptions = $webauthn->getRequestOptions($userId);
|
||||
$this->d3GetSession()->setVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT, $publicKeyCredentialRequestOptions);
|
||||
$this->d3GetSession()->setVariable(WebauthnConf::WEBAUTHN_ADMIN_LOGIN_OBJECT, $publicKeyCredentialRequestOptions);
|
||||
$this->addTplParam('webauthn_publickey_login', $publicKeyCredentialRequestOptions);
|
||||
$this->addTplParam('isAdmin', isAdmin());
|
||||
} catch (WebauthnException $e) {
|
||||
@ -110,7 +110,7 @@ class d3webauthnadminlogin extends AdminController
|
||||
{
|
||||
/** @var d3_User_Webauthn $user */
|
||||
$user = $this->d3GetUserObject();
|
||||
$userId = $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
|
||||
$userId = $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER);
|
||||
|
||||
try {
|
||||
$error = Registry::getRequest()->getRequestEscapedParameter('error');
|
||||
@ -125,7 +125,7 @@ class d3webauthnadminlogin extends AdminController
|
||||
$webAuthn = $this->d3GetWebauthnObject();
|
||||
$webAuthn->assertAuthn($credential);
|
||||
$user->load($userId);
|
||||
$this->d3GetSession()->setVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH, true);
|
||||
$this->d3GetSession()->setVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_AUTH, true);
|
||||
|
||||
/** @var d3_webauthn_UserComponent $userCmp */
|
||||
$loginController = oxNew(LoginController::class);
|
||||
@ -154,7 +154,7 @@ class d3webauthnadminlogin extends AdminController
|
||||
*/
|
||||
public function getPreviousClass(): ?string
|
||||
{
|
||||
return $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
||||
return $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTCLASS);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -162,7 +162,7 @@ class d3webauthnadminlogin extends AdminController
|
||||
*/
|
||||
public function previousClassIsOrderStep(): bool
|
||||
{
|
||||
$sClassKey = $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
||||
$sClassKey = $this->getPreviousClass();
|
||||
$resolvedClass = $this->d3GetControllerClassNameResolver()->getClassNameById($sClassKey);
|
||||
$resolvedClass = $resolvedClass ?: 'start';
|
||||
|
||||
|
@ -127,7 +127,7 @@ class d3webauthnlogin extends FrontendController
|
||||
*/
|
||||
public function previousClassIsOrderStep(): bool
|
||||
{
|
||||
$sClassKey = $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
||||
$sClassKey = $this->getPreviousClass();
|
||||
$resolvedClass = $this->d3GetControllerClassNameResolver()->getClassNameById($sClassKey);
|
||||
$resolvedClass = $resolvedClass ?: 'start';
|
||||
|
||||
@ -171,7 +171,7 @@ class d3webauthnlogin extends FrontendController
|
||||
// relogin, don't extract from this try block
|
||||
$setSessionCookie = Registry::getRequest()->getRequestParameter('lgn_cook');
|
||||
$this->d3GetSession()->setVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH, $credential);
|
||||
$this->d3GetSession()->setVariable('usr', $user->getId());
|
||||
$this->d3GetSession()->setVariable(WebauthnConf::OXID_FRONTEND_AUTH, $user->getId());
|
||||
$this->setUser(null);
|
||||
$this->setLoginStatus(USER_LOGIN_SUCCESS);
|
||||
|
||||
|
@ -203,7 +203,11 @@ class Webauthn
|
||||
|
||||
/** @var User $user */
|
||||
$user = oxNew(User::class);
|
||||
$user->load(Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER));
|
||||
$user->load(
|
||||
isAdmin() ?
|
||||
Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER) :
|
||||
Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER)
|
||||
);
|
||||
/** @var UserEntity $userEntity */
|
||||
$userEntity = oxNew(UserEntity::class, $user);
|
||||
|
||||
|
@ -17,16 +17,26 @@ namespace D3\Webauthn\Application\Model;
|
||||
|
||||
class WebauthnConf
|
||||
{
|
||||
public const WEBAUTHN_SESSION_AUTH = 'webauthn_auth'; // has valid webauthn, user is logged in completly
|
||||
public const WEBAUTHN_LOGIN_OBJECT = 'authnloginobject'; // webauthn register options, required for credential check
|
||||
public const WEBAUTHN_SESSION_CURRENTUSER = 'd3webauthnCurrentUser'; // oxid assigned to user from entered username
|
||||
public const WEBAUTHN_SESSION_LOGINUSER = 'd3webauthnLoginUser'; // username entered in login form
|
||||
public const WEBAUTHN_SESSION_CURRENTCLASS = 'd3webauthnCurrentClass'; // no usage
|
||||
public const WEBAUTHN_SESSION_NAVFORMPARAMS = 'd3webauthnNavFormParams'; // no usage
|
||||
public const WEBAUTHN_SESSION_NAVPARAMS = 'd3webauthnNavigationParams'; // no usage
|
||||
public const OXID_ADMIN_AUTH = 'auth';
|
||||
public const OXID_FRONTEND_AUTH = 'usr';
|
||||
|
||||
public const GLOBAL_SWITCH = 'blDisableWebauthnGlobally';
|
||||
public const WEBAUTHN_SESSION_AUTH = 'd3webauthn_auth'; // has valid webauthn, user is logged in completly
|
||||
public const WEBAUTHN_LOGIN_OBJECT = 'd3webauthn_loginobject'; // webauthn register options, required for credential check
|
||||
public const WEBAUTHN_SESSION_CURRENTUSER = 'd3webauthn_currentUser'; // oxid assigned to user from entered username
|
||||
public const WEBAUTHN_SESSION_LOGINUSER = 'd3webauthn_loginUser'; // username entered in login form
|
||||
public const WEBAUTHN_SESSION_CURRENTCLASS = 'd3webauthn_currentClass'; // no usage
|
||||
|
||||
public const TYPE_CREATE = 'TYPECREATE';
|
||||
public const TYPE_GET = 'TYPEGET';
|
||||
public const WEBAUTHN_ADMIN_SESSION_AUTH = 'd3webauthn_be_auth'; // has valid webauthn, user is logged in completly
|
||||
public const WEBAUTHN_ADMIN_LOGIN_OBJECT = 'd3webauthn_be_loginobject'; // webauthn register options, required for credential check
|
||||
public const WEBAUTHN_ADMIN_SESSION_CURRENTUSER = 'd3webauthn_be_currentUser'; // oxid assigned to user from entered username
|
||||
public const WEBAUTHN_ADMIN_SESSION_LOGINUSER = 'd3webauthn_be_loginUser'; // username entered in login form
|
||||
public const WEBAUTHN_ADMIN_SESSION_CURRENTCLASS= 'd3webauthn_be_currentClass'; // no usage
|
||||
|
||||
public const WEBAUTHN_SESSION_NAVFORMPARAMS = 'd3webauthn_navFormParams'; // no usage
|
||||
public const WEBAUTHN_SESSION_NAVPARAMS = 'd3webauthn_navigationParams'; // no usage
|
||||
|
||||
public const GLOBAL_SWITCH = 'd3webauthn_disabledGlobally';
|
||||
|
||||
public const TYPE_CREATE = 'TYPECREATE';
|
||||
public const TYPE_GET = 'TYPEGET';
|
||||
}
|
@ -45,7 +45,7 @@ class d3_LoginController_Webauthn extends d3_LoginController_Webauthn_parent
|
||||
public function checklogin()
|
||||
{
|
||||
$lgn_user = Registry::getRequest()->getRequestParameter('user') ?:
|
||||
Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_LOGINUSER);
|
||||
Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_LOGINUSER);
|
||||
$password = Registry::getRequest()->getRequestParameter('pwd');
|
||||
|
||||
/** @var d3_User_Webauthn $user */
|
||||
@ -53,24 +53,24 @@ class d3_LoginController_Webauthn extends d3_LoginController_Webauthn_parent
|
||||
$userId = $user->d3GetLoginUserId($lgn_user, 'malladmin');
|
||||
|
||||
if ($lgn_user && $userId &&
|
||||
false === Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) &&
|
||||
false === Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_AUTH) &&
|
||||
(!strlen(trim((string) $password)))
|
||||
) {
|
||||
$webauthn = $this->d3GetWebauthnObject();
|
||||
|
||||
if ($webauthn->isActive($userId)
|
||||
&& !Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH)
|
||||
&& !Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_AUTH)
|
||||
) {
|
||||
Registry::getSession()->setVariable(
|
||||
WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS,
|
||||
WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTCLASS,
|
||||
$this->getClassKey() != 'd3webauthnadminlogin' ? $this->getClassKey() : 'admin_start'
|
||||
);
|
||||
Registry::getSession()->setVariable(
|
||||
WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER,
|
||||
WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER,
|
||||
$userId
|
||||
);
|
||||
Registry::getSession()->setVariable(
|
||||
WebauthnConf::WEBAUTHN_SESSION_LOGINUSER,
|
||||
WebauthnConf::WEBAUTHN_ADMIN_SESSION_LOGINUSER,
|
||||
$lgn_user
|
||||
);
|
||||
|
||||
|
@ -39,6 +39,13 @@ class d3_User_Webauthn extends d3_User_Webauthn_parent
|
||||
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
|
||||
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_LOGINUSER);
|
||||
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
||||
|
||||
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_AUTH);
|
||||
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_ADMIN_LOGIN_OBJECT);
|
||||
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER);
|
||||
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_LOGINUSER);
|
||||
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTCLASS);
|
||||
|
||||
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_NAVFORMPARAMS);
|
||||
|
||||
return $return;
|
||||
|
@ -15,6 +15,7 @@
|
||||
|
||||
namespace D3\Webauthn\tests\integration;
|
||||
|
||||
use D3\Webauthn\Application\Model\WebauthnConf;
|
||||
use OxidEsales\Eshop\Application\Controller\Admin\LoginController;
|
||||
use OxidEsales\Eshop\Core\DatabaseProvider;
|
||||
use OxidEsales\Eshop\Core\Registry;
|
||||
@ -31,7 +32,7 @@ class passwordAdminAuthTest extends integrationTestCase
|
||||
public function createTestData()
|
||||
{
|
||||
$admin = DatabaseProvider::getDb()->getOne('SELECT oxid FROM oxuser WHERE oxrights = "malladmin"');
|
||||
Registry::getSession()->setVariable('auth', $admin);
|
||||
Registry::getSession()->setVariable(WebauthnConf::OXID_ADMIN_AUTH, $admin);
|
||||
$this->createUser(
|
||||
$this->userList[1],
|
||||
[
|
||||
|
Chargement…
Référencer dans un nouveau ticket
Block a user