D3Public
/
webauthn
8
0
Fork 0
Code Pull Requests Packages Projects Releases Activity

remove configurable RP url, because browser reject such unvalid combinations

This commit is contained in:
Daniel Seifert 2022-12-15 23:08:23 +01:00
parent 3b7ac4d233
commit eba45c4dfd
Signed by: DanielS
GPG Key ID: 6A513E13AEE66170
7 changed files with 7 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.en.md
View File

@ -79,8 +79,6 @@ Since a password is no longer required with a FIDO2-based login, the backup pass
## Configuration
The FIDO2 accesses created are fixed to the respective shop and cannot be exchanged between different shops. The basis for the accesses is the current URL of the shop. If your shop is accessible under different URLs or moves to a new address, you can overwrite the default value in the module settings. This way, existing accesses do not become invalid with the change.
Options used:
- allows Platform and Cross-Platform Authenticators

4
README.md
View File

@ -79,9 +79,7 @@ Da bei einer FIDO2-basierten Anmeldung kein Passwort mehr benötigt wird, kann d
## Konfiguration
Die angelegten FIDO2-Zugänge sind auf den jeweiligen Shop festgeschrieben und können nicht zwischen unterschiedlichen Shops ausgetauscht werden. Basis für die Zugänge ist die aktuelle URL des Shops. Wenn Ihr Shop unter verschiedenen URLs erreichbar ist oder auf eine neue Adresse umzieht, können Sie die Vorgabe in den Moduleinstellungen überschreiben. So werden bestehende Zugänge mit dem Wechsel nicht ungültig.
Weitere verwendete Optionen:
Verwendete Optionen:
- erlaubt Platform und Cross-Platform Authenticators
- definiert keine Schnittstellen-Einschränkungen (USB, NFC, ...)

20
src/Application/Model/RelyingPartyEntity.php
View File

@ -38,22 +38,6 @@ class RelyingPartyEntity extends PublicKeyCredentialRpEntity
);
}
/**
* @return bool
*/
public function hasConfiguredShopUrl(): bool
{
return (bool) strlen(trim((string) $this->getConfiguredShopUrl()));
}
/**
* @return mixed
*/
public function getConfiguredShopUrl()
{
return $this->d3GetMockableRegistryObject(Config::class)->getConfigParam('d3webauthn_diffshopurl');
}
/**
* @return string
*/
@ -67,9 +51,7 @@ class RelyingPartyEntity extends PublicKeyCredentialRpEntity
*/
public function getRPShopUrl(): ?string
{
return $this->hasConfiguredShopUrl() ?
trim($this->getConfiguredShopUrl()) :
$this->getShopUrlByHost();
return $this->getShopUrlByHost();
}
/**

8
src/Application/views/admin/de/d3webauthn_lang.php
View File

@ -49,12 +49,4 @@ $aLang = [
'D3_WEBAUTHN_ERR_NOTLOADEDUSER' => "Kann keine Anmeldedaten von nicht geladenem Kundenkonto beziehen.",
'D3_WEBAUTHN_ERR_LOGINPROHIBITED' => 'Die Anmeldung mit Sicherheitsschlüssel ist aus technischen Gründen derzeit leider nicht möglich. Bitte verwenden Sie statt dessen Ihr Passwort.',
'SHOP_MODULE_GROUP_d3webauthn_general' => 'Grundeinstellungen',
'SHOP_MODULE_d3webauthn_diffshopurl' => 'abweichende Shop-URL',
'HELP_SHOP_MODULE_d3webauthn_diffshopurl' => '<p>Die Zugangsdaten werden für die URL Ihres Shops festgeschrieben. Dazu wird bei jeder Anfrage die Domain Ihres Shops ohne "http(s)://" und ohne "www." übergeben.</p>'.
'<p>Ist Ihr Shop unter verschiedenen Subdomains erreichbar, können Sie hier die Hauptdomain angeben, die zur Registrierung verwendet werden soll. Beachten Sie bitte, '.
'dass die hier angegebene Adresse mit der des Shopaufrufs übereinstimmen muss. Shopfremde Adressen werden bei der Verwendung abgelehnt.</p>'.
'<p>Bleibt das Feld leer, wird die Adresse des aktuellen Shopaufrufs verwendet. Bei Verwendung unterschiedlicher Adressen muss vom Nutzer für jede Adresse eine separate '.
'Schlüsselregistrierung durchgeführt werden.</p>',
];

9
src/Application/views/admin/en/d3webauthn_lang.php
View File

@ -49,13 +49,4 @@ $aLang = [
'D3_WEBAUTHN_ERR_NOTLOADEDUSER' => "Can't create webauthn user entity from not loaded user",
'D3_WEBAUTHN_ERR_LOGINPROHIBITED' => 'Unfortunately, logging in with a security key is currently not possible for technical reasons. Please use your password instead.',
'SHOP_MODULE_GROUP_d3webauthn_general' => 'Basic settings',
'SHOP_MODULE_d3webauthn_diffshopurl' => 'different shop URL',
'HELP_SHOP_MODULE_d3webauthn_diffshopurl' => '<p>The access data are fixed for the URL of your shop. For this purpose, the domain of your shop without "http(s)://" and without "www." '.
'is transferred with every request.</p>'.
'<p>If your shop can be reached under different subdomains, you can enter the main domain here that is to be used for registration. Please '.
'note that the address given here must match the address of the shop call. Addresses that do not match the shop will be rejected.</p>'.
'<p>If the field remains empty, the address of the current shop call is used. If different addresses are used, a separate key registration '.
'must be carried out by the user for each address.</p>',
];

8
src/metadata.php
View File

@ -141,12 +141,4 @@ $aModule = [
'file' => 'Application/views/blocks/page/checkout/inc/checkout_options_login.tpl',
],
],
'settings' => [
[
'group' => $sModuleId.'_general',
'name' => $sModuleId.'_diffshopurl',
'type' => 'str',
'value' => false,
],
],
];

100
src/tests/unit/Application/Model/RelyingPartyEntityTest.php
View File

@ -18,8 +18,6 @@ namespace D3\Webauthn\tests\unit\Application\Model;
use D3\TestingTools\Development\CanAccessRestricted;
use D3\Webauthn\Application\Model\RelyingPartyEntity;
use OxidEsales\Eshop\Application\Model\Shop;
use OxidEsales\Eshop\Core\Config;
use OxidEsales\Eshop\Core\Registry;
use PHPUnit\Framework\MockObject\MockObject;
use PHPUnit\Framework\TestCase;
use ReflectionException;
@ -60,89 +58,6 @@ class RelyingPartyEntityTest extends TestCase
);
}
/**
* @test
* @param $configuredShopUrl
* @param $expected
* @return void
* @throws ReflectionException
* @covers \D3\Webauthn\Application\Model\RelyingPartyEntity::hasConfiguredShopUrl
* @dataProvider checkHasConfiguredShopUrlDataProvider
*/
public function checkHasConfiguredShopUrl($configuredShopUrl, $expected)
{
/** @var RelyingPartyEntity|MockObject $sut */
$sut = $this->getMockBuilder(RelyingPartyEntity::class)
->disableOriginalConstructor()
->onlyMethods(['getConfiguredShopUrl'])
->getMock();
$sut->method('getConfiguredShopUrl')->willReturn($configuredShopUrl);
$this->assertSame(
$expected,
$this->callMethod(
$sut,
'hasConfiguredShopUrl'
)
);
}
/**
* @return array
*/
public function checkHasConfiguredShopUrlDataProvider(): array
{
return [
'null' => [null, false],
'empty string' => ['', false],
'space string' => [' ', false],
'non empty string' => ['content', true],
];
}
/**
* @test
* @return void
* @throws ReflectionException
* @covers \D3\Webauthn\Application\Model\RelyingPartyEntity::getConfiguredShopUrl
*/
public function canGetConfiguredShopUrl()
{
$fixture = 'configuredShopUrl';
/** @var Config|MockObject $configMock */
$configMock = $this->getMockBuilder(Config::class)
->onlyMethods(['getConfigParam'])
->getMock();
$configMock->method('getConfigParam')->with($this->identicalTo('d3webauthn_diffshopurl'))
->willReturn($fixture);
/** @var RelyingPartyEntity|MockObject $sut */
$sut = $this->getMockBuilder(RelyingPartyEntity::class)
->disableOriginalConstructor()
->onlyMethods(['d3GetMockableRegistryObject'])
->getMock();
$sut->method('d3GetMockableRegistryObject')->willReturnCallback(
function () use ($configMock) {
$args = func_get_args();
switch ($args[0]) {
case Config::class:
return $configMock;
default:
return Registry::get($args[0]);
}
}
);
$this->assertSame(
$fixture,
$this->callMethod(
$sut,
'getConfiguredShopUrl'
)
);
}
/**
* @test
* @return void
@ -186,8 +101,6 @@ class RelyingPartyEntityTest extends TestCase
/**
* @test
* @param $hasConfiguredUrl
* @param $configuredUrl
* @param $hostUrl
* @param $expected
* @return void
@ -195,15 +108,13 @@ class RelyingPartyEntityTest extends TestCase
* @dataProvider canGetRPShopUrlDataProvider
* @covers \D3\Webauthn\Application\Model\RelyingPartyEntity::getRPShopUrl
*/
public function canGetRPShopUrl($hasConfiguredUrl, $configuredUrl, $hostUrl, $expected)
public function canGetRPShopUrl($hostUrl, $expected)
{
/** @var RelyingPartyEntity|MockObject $sut */
$sut = $this->getMockBuilder(RelyingPartyEntity::class)
->disableOriginalConstructor()
->onlyMethods(['hasConfiguredShopUrl', 'getConfiguredShopUrl', 'getShopUrlByHost'])
->onlyMethods(['getShopUrlByHost'])
->getMock();
$sut->method('hasConfiguredShopUrl')->willReturn($hasConfiguredUrl);
$sut->method('getConfiguredShopUrl')->willReturn($configuredUrl);
$sut->method('getShopUrlByHost')->willReturn($hostUrl);
$this->assertSame(
@ -221,8 +132,7 @@ class RelyingPartyEntityTest extends TestCase
public function canGetRPShopUrlDataProvider(): array
{
return [
'configured' => [true, ' subd.mydomain.com', 'www.myhost.de', 'subd.mydomain.com'],
'not configured'=> [false, ' subd.mydomain.com', 'www.myhost.de', 'www.myhost.de'],
'not configured'=> ['www.myhost.de', 'www.myhost.de'],
];
}
@ -237,9 +147,9 @@ class RelyingPartyEntityTest extends TestCase
/** @var RelyingPartyEntity|MockObject $sut */
$sut = $this->getMockBuilder(RelyingPartyEntity::class)
->disableOriginalConstructor()
->onlyMethods(['hasConfiguredShopUrl']) // required for code coverage
->onlyMethods(['getRPShopUrl']) // required for code coverage
->getMock();
$sut->method('hasConfiguredShopUrl')->willReturn(true);
$sut->method('getRPShopUrl')->willReturn('fixture');
$this->assertInstanceOf(
Shop::class,