* @link https://www.oxidmodule.com */ declare(strict_types=1); namespace D3\Webauthn\Application\Controller\Admin; use Assert\Assert; use Assert\AssertionFailedException; use Assert\InvalidArgumentException; use D3\TestingTools\Production\IsMockable; use D3\Webauthn\Application\Model\Exceptions\WebauthnGetException; use D3\Webauthn\Application\Model\Webauthn; use D3\Webauthn\Application\Model\WebauthnAfterLogin; use D3\Webauthn\Application\Model\WebauthnConf; use D3\Webauthn\Application\Model\Exceptions\WebauthnException; use D3\Webauthn\Application\Model\WebauthnLogin; use Doctrine\DBAL\Driver\Exception as DoctrineDriverException; use Doctrine\DBAL\Exception as DoctrineException; use OxidEsales\Eshop\Application\Controller\Admin\AdminController; use OxidEsales\Eshop\Application\Controller\FrontendController; use OxidEsales\Eshop\Core\Request; use OxidEsales\Eshop\Core\Routing\ControllerClassNameResolver; use OxidEsales\Eshop\Core\Session; use OxidEsales\Eshop\Core\Utils; use OxidEsales\Eshop\Core\UtilsView; use Psr\Container\ContainerExceptionInterface; use Psr\Container\NotFoundExceptionInterface; use Psr\Log\LoggerInterface; class d3webauthnadminlogin extends AdminController { use IsMockable; protected $_sThisTemplate = 'd3webauthnadminlogin.tpl'; /** * @return bool */ protected function _authorize(): bool { return true; } /** * @return string * @throws ContainerExceptionInterface * @throws DoctrineDriverException * @throws DoctrineException * @throws NotFoundExceptionInterface */ public function render(): string { if (d3GetOxidDIC()->get('d3ox.webauthn.'.Session::class) ->hasVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_AUTH) ) { d3GetOxidDIC()->get('d3ox.webauthn.'.Utils::class)->redirect('index.php?cl=admin_start'); } elseif (!d3GetOxidDIC()->get('d3ox.webauthn.'.Session::class) ->hasVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER) ) { d3GetOxidDIC()->get('d3ox.webauthn.'.Utils::class)->redirect('index.php?cl=login'); } $this->generateCredentialRequest(); $this->addTplParam('navFormParams', d3GetOxidDIC()->get('d3ox.webauthn.'.Session::class) ->getVariable(WebauthnConf::WEBAUTHN_SESSION_NAVFORMPARAMS)); $this->addTplParam('currentProfile', d3GetOxidDIC()->get('d3ox.webauthn.'.Session::class) ->getVariable(WebauthnConf::WEBAUTHN_ADMIN_PROFILE)); d3GetOxidDIC()->get('d3ox.webauthn.'.Session::class) ->deleteVariable(WebauthnConf::WEBAUTHN_ADMIN_PROFILE); $this->addTplParam('currentChLanguage', d3GetOxidDIC()->get('d3ox.webauthn.'.Session::class) ->getVariable(WebauthnConf::WEBAUTHN_ADMIN_CHLANGUAGE)); $afterLogin = d3GetOxidDIC()->get(WebauthnAfterLogin::class); $afterLogin->changeLanguage(); return $this->d3CallMockableFunction([AdminController::class, 'render']); } /** * @return void * @throws DoctrineDriverException * @throws DoctrineException * @throws ContainerExceptionInterface * @throws NotFoundExceptionInterface */ public function generateCredentialRequest(): void { $userId = d3GetOxidDIC()->get('d3ox.webauthn.'.Session::class) ->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTUSER); try { $webauthn = d3GetOxidDIC()->get(Webauthn::class); $publicKeyCredentialRequestOptions = $webauthn->getRequestOptions($userId); d3GetOxidDIC()->get('d3ox.webauthn.'.Session::class) ->setVariable(WebauthnConf::WEBAUTHN_ADMIN_LOGIN_OBJECT, $publicKeyCredentialRequestOptions); d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($publicKeyCredentialRequestOptions); $this->addTplParam('webauthn_publickey_login', $publicKeyCredentialRequestOptions); $this->addTplParam('isAdmin', isAdmin()); } catch (WebauthnException $e) { d3GetOxidDIC()->get('d3ox.webauthn.'.Session::class) ->setVariable(WebauthnConf::GLOBAL_SWITCH, true); d3GetOxidDIC()->get('d3ox.webauthn.'.UtilsView::class)->addErrorToDisplay($e); d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->error($e->getDetailedErrorMessage(), ['UserId' => $userId]); d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($e->getTraceAsString()); d3GetOxidDIC()->get('d3ox.webauthn.'.Utils::class)->redirect('index.php?cl=login'); } catch (AssertionFailedException $e) { d3GetOxidDIC()->get('d3ox.webauthn.'.Session::class) ->setVariable(WebauthnConf::GLOBAL_SWITCH, true); d3GetOxidDIC()->get('d3ox.webauthn.'.UtilsView::class)->addErrorToDisplay($e); d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->error($e->getMessage(), ['UserId' => $userId]); d3GetOxidDIC()->get('d3ox.webauthn.'.LoggerInterface::class)->debug($e->getTraceAsString()); d3GetOxidDIC()->get('d3ox.webauthn.'.Utils::class)->redirect('index.php?cl=login'); } } /** * @return string|null */ public function d3AssertAuthn(): ?string { try { $login = $this->getWebAuthnLogin(); $profile = d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class)->getRequestEscapedParameter('profile'); Assert::that($profile)->string(); return $login->adminLogin($profile); } catch (WebauthnGetException|AssertionFailedException $e) { d3GetOxidDIC()->get('d3ox.webauthn.'.UtilsView::class)->addErrorToDisplay($e); return 'login'; } } /** * @return string|null */ public function d3GetPreviousClass(): ?string { return d3GetOxidDIC()->get('d3ox.webauthn.'.Session::class) ->getVariable(WebauthnConf::WEBAUTHN_ADMIN_SESSION_CURRENTCLASS); } /** * @return bool */ public function previousClassIsOrderStep(): bool { $sClassKey = $this->d3GetPreviousClass(); $resolvedClass = d3GetOxidDIC()->get('d3ox.webauthn.'.ControllerClassNameResolver::class) ->getClassNameById($sClassKey); $resolvedClass = $resolvedClass ?: 'start'; /** @var FrontendController $oController */ $oController = oxNew($resolvedClass); return $oController->getIsOrderStep(); } /** * @return bool */ public function getIsOrderStep(): bool { return $this->previousClassIsOrderStep(); } /** * @return WebauthnLogin * @throws InvalidArgumentException */ protected function getWebAuthnLogin(): WebauthnLogin { /** @var Request $request */ $request = d3GetOxidDIC()->get('d3ox.webauthn.'.Request::class); $credential = $request->getRequestEscapedParameter('credential'); $error = $request->getRequestEscapedParameter('error'); Assert::that($credential)->string('credential value expected to be string'); Assert::that($error)->string('error value expected to be string'); return oxNew(WebauthnLogin::class, $credential, $error); } }