oxwebauthn/src/Modules/Application/Model/d3_totp_user.php

<?php

/**
 * This Software is the property of Data Development and is protected
 * by copyright law - it is NOT Freeware.
 * Any unauthorized use of this software without a valid license
 * is a violation of the license agreement and will be prosecuted by
 * civil and criminal law.
 * http://www.shopmodule.com
 *
 * @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
 * @author    D3 Data Development - Daniel Seifert <support@shopmodule.com>
 * @link      http://www.oxidmodule.com
 */

namespace D3\Totp\Modules\Application\Model;

use D3\Totp\Application\Model\d3totp;
use Doctrine\DBAL\DBALException;
use OxidEsales\Eshop\Core\DatabaseProvider;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Registry;

class d3_totp_user extends d3_totp_user_parent
{
    public function logout()
    {
        $return = parent::logout();

        // deleting session info
        Registry::getSession()->deleteVariable(d3totp::TOTP_SESSION_VARNAME);

        return $return;
    }

    /**
     * @param $sUserId
     * @param $sPassword
     * @return bool
     * @throws DatabaseConnectionException
     */
    public function d3CheckPasswordPass($sUserId, $sPassword)
    {
        return (bool) DatabaseProvider::getDb(DatabaseProvider::FETCH_MODE_ASSOC)->getOne(
            $this->d3GetPasswordCheckQuery($sUserId, $sPassword)
        );
    }

    /**
     * @param $sUserId
     * @param $sPassword
     * @return string
     * @throws DatabaseConnectionException
     */
    public function d3GetPasswordCheckQuery($sUserId, $sPassword)
    {
        $oDb = \OxidEsales\Eshop\Core\DatabaseProvider::getDb();

        $sUserSelect = "oxuser.oxid = " . $oDb->quote($sUserId);

        $sSalt = $oDb->getOne("SELECT `oxpasssalt` FROM `oxuser` WHERE  " . $sUserSelect);

        $sPassSelect = " oxuser.oxpassword = " . $oDb->quote($this->encodePassword($sPassword, $sSalt));

        $sSelect = "select `oxid` from oxuser where 1 and {$sPassSelect} and {$sUserSelect} ";

        return $sSelect;
    }

    /**
     * @return d3totp
     * @throws DatabaseConnectionException
     * @throws DBALException
     */
    public function d3getTotp()
    {
        $oTotp = oxNew(d3totp::class);
        $oTotp->loadByUserId($this->getId());

        return $oTotp;
    }
}
add basic module structure 2018-10-17 12:50:10 +02:00			`<?php`
implement OTP check, add exception 2018-10-18 15:33:59 +02:00
add basic module structure 2018-10-17 12:50:10 +02:00			`/**`
implement OTP check, add exception 2018-10-18 15:33:59 +02:00			`* This Software is the property of Data Development and is protected`
			`* by copyright law - it is NOT Freeware.`
			`* Any unauthorized use of this software without a valid license`
			`* is a violation of the license agreement and will be prosecuted by`
			`* civil and criminal law.`
			`* http://www.shopmodule.com`
			`*`
			`* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)`
			`* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>`
			`* @link http://www.oxidmodule.com`
add basic module structure 2018-10-17 12:50:10 +02:00			`*/`

			`namespace D3\Totp\Modules\Application\Model;`

make compatible to TOTP library v0.9, save password for decoding the seed 2018-10-19 00:32:59 +02:00			`use D3\Totp\Application\Model\d3totp;`
integrate backend, save encrypted seed only 2018-10-19 14:16:37 +02:00			`use Doctrine\DBAL\DBALException;`
			`use OxidEsales\Eshop\Core\DatabaseProvider;`
			`use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;`
implement OTP check, add exception 2018-10-18 15:33:59 +02:00			`use OxidEsales\Eshop\Core\Registry;`

add basic module structure 2018-10-17 12:50:10 +02:00			`class d3_totp_user extends d3_totp_user_parent`
			`{`
implement OTP check, add exception 2018-10-18 15:33:59 +02:00			`public function logout()`
add basic module structure 2018-10-17 12:50:10 +02:00			`{`
implement OTP check, add exception 2018-10-18 15:33:59 +02:00			`$return = parent::logout();`
add basic module structure 2018-10-17 12:50:10 +02:00
implement OTP check, add exception 2018-10-18 15:33:59 +02:00			`// deleting session info`
make compatible to TOTP library v0.9, save password for decoding the seed 2018-10-19 00:32:59 +02:00			`Registry::getSession()->deleteVariable(d3totp::TOTP_SESSION_VARNAME);`
add basic module structure 2018-10-17 12:50:10 +02:00
implement OTP check, add exception 2018-10-18 15:33:59 +02:00			`return $return;`
add basic module structure 2018-10-17 12:50:10 +02:00			`}`
integrate backend, save encrypted seed only 2018-10-19 14:16:37 +02:00
			`/**`
			`* @param $sUserId`
			`* @param $sPassword`
			`* @return bool`
			`* @throws DatabaseConnectionException`
			`*/`
			`public function d3CheckPasswordPass($sUserId, $sPassword)`
			`{`
			`return (bool) DatabaseProvider::getDb(DatabaseProvider::FETCH_MODE_ASSOC)->getOne(`
			`$this->d3GetPasswordCheckQuery($sUserId, $sPassword)`
			`);`
			`}`

			`/**`
			`* @param $sUserId`
			`* @param $sPassword`
			`* @return string`
			`* @throws DatabaseConnectionException`
			`*/`
			`public function d3GetPasswordCheckQuery($sUserId, $sPassword)`
			`{`
			`$oDb = \OxidEsales\Eshop\Core\DatabaseProvider::getDb();`

			`$sUserSelect = "oxuser.oxid = " . $oDb->quote($sUserId);`

			$sSalt = $oDb->getOne("SELECT `oxpasssalt` FROM `oxuser` WHERE " . $sUserSelect);

			`$sPassSelect = " oxuser.oxpassword = " . $oDb->quote($this->encodePassword($sPassword, $sSalt));`

			$sSelect = "select `oxid` from oxuser where 1 and {$sPassSelect} and {$sUserSelect} ";

			`return $sSelect;`
			`}`

			`/**`
			`* @return d3totp`
			`* @throws DatabaseConnectionException`
			`* @throws DBALException`
			`*/`
			`public function d3getTotp()`
			`{`
			`$oTotp = oxNew(d3totp::class);`
			`$oTotp->loadByUserId($this->getId());`

			`return $oTotp;`
			`}`
add basic module structure 2018-10-17 12:50:10 +02:00			`}`