separate session var names between frontend and backend
This commit is contained in:
parent
f74d6985fb
commit
e866141a34
@ -59,8 +59,8 @@ class d3webauthnadminlogin extends AdminController
|
|||||||
*/
|
*/
|
||||||
public function render(): string
|
public function render(): string
|
||||||
{
|
{
|
||||||
if ($this->d3GetSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) ||
|
if ($this->d3GetSession()->hasVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_AUTH) ||
|
||||||
!$this->d3GetSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER)
|
!$this->d3GetSession()->hasVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER)
|
||||||
) {
|
) {
|
||||||
$this->getUtils()->redirect('index.php?cl=admin_start');
|
$this->getUtils()->redirect('index.php?cl=admin_start');
|
||||||
if (!defined('OXID_PHP_UNIT')) {
|
if (!defined('OXID_PHP_UNIT')) {
|
||||||
@ -86,12 +86,12 @@ class d3webauthnadminlogin extends AdminController
|
|||||||
*/
|
*/
|
||||||
public function generateCredentialRequest(): void
|
public function generateCredentialRequest(): void
|
||||||
{
|
{
|
||||||
$userId = $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
|
$userId = $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER);
|
||||||
try {
|
try {
|
||||||
/** @var Webauthn $webauthn */
|
/** @var Webauthn $webauthn */
|
||||||
$webauthn = $this->d3GetWebauthnObject();
|
$webauthn = $this->d3GetWebauthnObject();
|
||||||
$publicKeyCredentialRequestOptions = $webauthn->getRequestOptions($userId);
|
$publicKeyCredentialRequestOptions = $webauthn->getRequestOptions($userId);
|
||||||
$this->d3GetSession()->setVariable(WebauthnConf::WEBAUTHN_LOGIN_OBJECT, $publicKeyCredentialRequestOptions);
|
$this->d3GetSession()->setVariable(WebauthnConf::WEBAUTHN_ADMIN_LOGIN_OBJECT, $publicKeyCredentialRequestOptions);
|
||||||
$this->addTplParam('webauthn_publickey_login', $publicKeyCredentialRequestOptions);
|
$this->addTplParam('webauthn_publickey_login', $publicKeyCredentialRequestOptions);
|
||||||
$this->addTplParam('isAdmin', isAdmin());
|
$this->addTplParam('isAdmin', isAdmin());
|
||||||
} catch (WebauthnException $e) {
|
} catch (WebauthnException $e) {
|
||||||
@ -110,7 +110,7 @@ class d3webauthnadminlogin extends AdminController
|
|||||||
{
|
{
|
||||||
/** @var d3_User_Webauthn $user */
|
/** @var d3_User_Webauthn $user */
|
||||||
$user = $this->d3GetUserObject();
|
$user = $this->d3GetUserObject();
|
||||||
$userId = $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
|
$userId = $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$error = Registry::getRequest()->getRequestEscapedParameter('error');
|
$error = Registry::getRequest()->getRequestEscapedParameter('error');
|
||||||
@ -125,7 +125,7 @@ class d3webauthnadminlogin extends AdminController
|
|||||||
$webAuthn = $this->d3GetWebauthnObject();
|
$webAuthn = $this->d3GetWebauthnObject();
|
||||||
$webAuthn->assertAuthn($credential);
|
$webAuthn->assertAuthn($credential);
|
||||||
$user->load($userId);
|
$user->load($userId);
|
||||||
$this->d3GetSession()->setVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH, true);
|
$this->d3GetSession()->setVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_AUTH, true);
|
||||||
|
|
||||||
/** @var d3_webauthn_UserComponent $userCmp */
|
/** @var d3_webauthn_UserComponent $userCmp */
|
||||||
$loginController = oxNew(LoginController::class);
|
$loginController = oxNew(LoginController::class);
|
||||||
@ -154,7 +154,7 @@ class d3webauthnadminlogin extends AdminController
|
|||||||
*/
|
*/
|
||||||
public function getPreviousClass(): ?string
|
public function getPreviousClass(): ?string
|
||||||
{
|
{
|
||||||
return $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
return $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTCLASS);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -162,7 +162,7 @@ class d3webauthnadminlogin extends AdminController
|
|||||||
*/
|
*/
|
||||||
public function previousClassIsOrderStep(): bool
|
public function previousClassIsOrderStep(): bool
|
||||||
{
|
{
|
||||||
$sClassKey = $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
$sClassKey = $this->getPreviousClass();
|
||||||
$resolvedClass = $this->d3GetControllerClassNameResolver()->getClassNameById($sClassKey);
|
$resolvedClass = $this->d3GetControllerClassNameResolver()->getClassNameById($sClassKey);
|
||||||
$resolvedClass = $resolvedClass ?: 'start';
|
$resolvedClass = $resolvedClass ?: 'start';
|
||||||
|
|
||||||
|
@ -127,7 +127,7 @@ class d3webauthnlogin extends FrontendController
|
|||||||
*/
|
*/
|
||||||
public function previousClassIsOrderStep(): bool
|
public function previousClassIsOrderStep(): bool
|
||||||
{
|
{
|
||||||
$sClassKey = $this->d3GetSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
$sClassKey = $this->getPreviousClass();
|
||||||
$resolvedClass = $this->d3GetControllerClassNameResolver()->getClassNameById($sClassKey);
|
$resolvedClass = $this->d3GetControllerClassNameResolver()->getClassNameById($sClassKey);
|
||||||
$resolvedClass = $resolvedClass ?: 'start';
|
$resolvedClass = $resolvedClass ?: 'start';
|
||||||
|
|
||||||
@ -171,7 +171,7 @@ class d3webauthnlogin extends FrontendController
|
|||||||
// relogin, don't extract from this try block
|
// relogin, don't extract from this try block
|
||||||
$setSessionCookie = Registry::getRequest()->getRequestParameter('lgn_cook');
|
$setSessionCookie = Registry::getRequest()->getRequestParameter('lgn_cook');
|
||||||
$this->d3GetSession()->setVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH, $credential);
|
$this->d3GetSession()->setVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH, $credential);
|
||||||
$this->d3GetSession()->setVariable('usr', $user->getId());
|
$this->d3GetSession()->setVariable(WebauthnConf::OXID_FRONTEND_AUTH, $user->getId());
|
||||||
$this->setUser(null);
|
$this->setUser(null);
|
||||||
$this->setLoginStatus(USER_LOGIN_SUCCESS);
|
$this->setLoginStatus(USER_LOGIN_SUCCESS);
|
||||||
|
|
||||||
|
@ -203,7 +203,11 @@ class Webauthn
|
|||||||
|
|
||||||
/** @var User $user */
|
/** @var User $user */
|
||||||
$user = oxNew(User::class);
|
$user = oxNew(User::class);
|
||||||
$user->load(Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER));
|
$user->load(
|
||||||
|
isAdmin() ?
|
||||||
|
Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER) :
|
||||||
|
Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER)
|
||||||
|
);
|
||||||
/** @var UserEntity $userEntity */
|
/** @var UserEntity $userEntity */
|
||||||
$userEntity = oxNew(UserEntity::class, $user);
|
$userEntity = oxNew(UserEntity::class, $user);
|
||||||
|
|
||||||
|
@ -17,15 +17,25 @@ namespace D3\Webauthn\Application\Model;
|
|||||||
|
|
||||||
class WebauthnConf
|
class WebauthnConf
|
||||||
{
|
{
|
||||||
public const WEBAUTHN_SESSION_AUTH = 'webauthn_auth'; // has valid webauthn, user is logged in completly
|
public const OXID_ADMIN_AUTH = 'auth';
|
||||||
public const WEBAUTHN_LOGIN_OBJECT = 'authnloginobject'; // webauthn register options, required for credential check
|
public const OXID_FRONTEND_AUTH = 'usr';
|
||||||
public const WEBAUTHN_SESSION_CURRENTUSER = 'd3webauthnCurrentUser'; // oxid assigned to user from entered username
|
|
||||||
public const WEBAUTHN_SESSION_LOGINUSER = 'd3webauthnLoginUser'; // username entered in login form
|
|
||||||
public const WEBAUTHN_SESSION_CURRENTCLASS = 'd3webauthnCurrentClass'; // no usage
|
|
||||||
public const WEBAUTHN_SESSION_NAVFORMPARAMS = 'd3webauthnNavFormParams'; // no usage
|
|
||||||
public const WEBAUTHN_SESSION_NAVPARAMS = 'd3webauthnNavigationParams'; // no usage
|
|
||||||
|
|
||||||
public const GLOBAL_SWITCH = 'blDisableWebauthnGlobally';
|
public const WEBAUTHN_SESSION_AUTH = 'd3webauthn_auth'; // has valid webauthn, user is logged in completly
|
||||||
|
public const WEBAUTHN_LOGIN_OBJECT = 'd3webauthn_loginobject'; // webauthn register options, required for credential check
|
||||||
|
public const WEBAUTHN_SESSION_CURRENTUSER = 'd3webauthn_currentUser'; // oxid assigned to user from entered username
|
||||||
|
public const WEBAUTHN_SESSION_LOGINUSER = 'd3webauthn_loginUser'; // username entered in login form
|
||||||
|
public const WEBAUTHN_SESSION_CURRENTCLASS = 'd3webauthn_currentClass'; // no usage
|
||||||
|
|
||||||
|
public const WEBAUTHN_ADMIN_SESSION_AUTH = 'd3webauthn_be_auth'; // has valid webauthn, user is logged in completly
|
||||||
|
public const WEBAUTHN_ADMIN_LOGIN_OBJECT = 'd3webauthn_be_loginobject'; // webauthn register options, required for credential check
|
||||||
|
public const WEBAUTHN_ADMIN_SESSION_CURRENTUSER = 'd3webauthn_be_currentUser'; // oxid assigned to user from entered username
|
||||||
|
public const WEBAUTHN_ADMIN_SESSION_LOGINUSER = 'd3webauthn_be_loginUser'; // username entered in login form
|
||||||
|
public const WEBAUTHN_ADMIN_SESSION_CURRENTCLASS= 'd3webauthn_be_currentClass'; // no usage
|
||||||
|
|
||||||
|
public const WEBAUTHN_SESSION_NAVFORMPARAMS = 'd3webauthn_navFormParams'; // no usage
|
||||||
|
public const WEBAUTHN_SESSION_NAVPARAMS = 'd3webauthn_navigationParams'; // no usage
|
||||||
|
|
||||||
|
public const GLOBAL_SWITCH = 'd3webauthn_disabledGlobally';
|
||||||
|
|
||||||
public const TYPE_CREATE = 'TYPECREATE';
|
public const TYPE_CREATE = 'TYPECREATE';
|
||||||
public const TYPE_GET = 'TYPEGET';
|
public const TYPE_GET = 'TYPEGET';
|
||||||
|
@ -45,7 +45,7 @@ class d3_LoginController_Webauthn extends d3_LoginController_Webauthn_parent
|
|||||||
public function checklogin()
|
public function checklogin()
|
||||||
{
|
{
|
||||||
$lgn_user = Registry::getRequest()->getRequestParameter('user') ?:
|
$lgn_user = Registry::getRequest()->getRequestParameter('user') ?:
|
||||||
Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_LOGINUSER);
|
Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_LOGINUSER);
|
||||||
$password = Registry::getRequest()->getRequestParameter('pwd');
|
$password = Registry::getRequest()->getRequestParameter('pwd');
|
||||||
|
|
||||||
/** @var d3_User_Webauthn $user */
|
/** @var d3_User_Webauthn $user */
|
||||||
@ -53,24 +53,24 @@ class d3_LoginController_Webauthn extends d3_LoginController_Webauthn_parent
|
|||||||
$userId = $user->d3GetLoginUserId($lgn_user, 'malladmin');
|
$userId = $user->d3GetLoginUserId($lgn_user, 'malladmin');
|
||||||
|
|
||||||
if ($lgn_user && $userId &&
|
if ($lgn_user && $userId &&
|
||||||
false === Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH) &&
|
false === Registry::getSession()->hasVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_AUTH) &&
|
||||||
(!strlen(trim((string) $password)))
|
(!strlen(trim((string) $password)))
|
||||||
) {
|
) {
|
||||||
$webauthn = $this->d3GetWebauthnObject();
|
$webauthn = $this->d3GetWebauthnObject();
|
||||||
|
|
||||||
if ($webauthn->isActive($userId)
|
if ($webauthn->isActive($userId)
|
||||||
&& !Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_SESSION_AUTH)
|
&& !Registry::getSession()->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_AUTH)
|
||||||
) {
|
) {
|
||||||
Registry::getSession()->setVariable(
|
Registry::getSession()->setVariable(
|
||||||
WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS,
|
WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTCLASS,
|
||||||
$this->getClassKey() != 'd3webauthnadminlogin' ? $this->getClassKey() : 'admin_start'
|
$this->getClassKey() != 'd3webauthnadminlogin' ? $this->getClassKey() : 'admin_start'
|
||||||
);
|
);
|
||||||
Registry::getSession()->setVariable(
|
Registry::getSession()->setVariable(
|
||||||
WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER,
|
WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER,
|
||||||
$userId
|
$userId
|
||||||
);
|
);
|
||||||
Registry::getSession()->setVariable(
|
Registry::getSession()->setVariable(
|
||||||
WebauthnConf::WEBAUTHN_SESSION_LOGINUSER,
|
WebauthnConf::WEBAUTHN_ADMIN_SESSION_LOGINUSER,
|
||||||
$lgn_user
|
$lgn_user
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -39,6 +39,13 @@ class d3_User_Webauthn extends d3_User_Webauthn_parent
|
|||||||
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
|
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTUSER);
|
||||||
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_LOGINUSER);
|
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_LOGINUSER);
|
||||||
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_CURRENTCLASS);
|
||||||
|
|
||||||
|
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_AUTH);
|
||||||
|
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_ADMIN_LOGIN_OBJECT);
|
||||||
|
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER);
|
||||||
|
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_LOGINUSER);
|
||||||
|
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTCLASS);
|
||||||
|
|
||||||
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_NAVFORMPARAMS);
|
Registry::getSession()->deleteVariable(WebauthnConf::WEBAUTHN_SESSION_NAVFORMPARAMS);
|
||||||
|
|
||||||
return $return;
|
return $return;
|
||||||
|
@ -15,6 +15,7 @@
|
|||||||
|
|
||||||
namespace D3\Webauthn\tests\integration;
|
namespace D3\Webauthn\tests\integration;
|
||||||
|
|
||||||
|
use D3\Webauthn\Application\Model\WebauthnConf;
|
||||||
use OxidEsales\Eshop\Application\Controller\Admin\LoginController;
|
use OxidEsales\Eshop\Application\Controller\Admin\LoginController;
|
||||||
use OxidEsales\Eshop\Core\DatabaseProvider;
|
use OxidEsales\Eshop\Core\DatabaseProvider;
|
||||||
use OxidEsales\Eshop\Core\Registry;
|
use OxidEsales\Eshop\Core\Registry;
|
||||||
@ -31,7 +32,7 @@ class passwordAdminAuthTest extends integrationTestCase
|
|||||||
public function createTestData()
|
public function createTestData()
|
||||||
{
|
{
|
||||||
$admin = DatabaseProvider::getDb()->getOne('SELECT oxid FROM oxuser WHERE oxrights = "malladmin"');
|
$admin = DatabaseProvider::getDb()->getOne('SELECT oxid FROM oxuser WHERE oxrights = "malladmin"');
|
||||||
Registry::getSession()->setVariable('auth', $admin);
|
Registry::getSession()->setVariable(WebauthnConf::OXID_ADMIN_AUTH, $admin);
|
||||||
$this->createUser(
|
$this->createUser(
|
||||||
$this->userList[1],
|
$this->userList[1],
|
||||||
[
|
[
|
||||||
|
Loading…
Reference in New Issue
Block a user