From 12294725bc0a7f4f9c8d88e33cbcc3d586501b40 Mon Sep 17 00:00:00 2001 From: Daniel Seifert Date: Sun, 21 Oct 2018 20:54:58 +0200 Subject: [PATCH] add global disable variable --- src/Application/Model/d3totp.php | 9 +- .../Admin/d3_totp_LoginController.php | 230 +++++++++--------- src/Modules/Core/d3_totp_utils.php | 2 +- 3 files changed, 124 insertions(+), 117 deletions(-) diff --git a/src/Application/Model/d3totp.php b/src/Application/Model/d3totp.php index 79ae550..782decf 100644 --- a/src/Application/Model/d3totp.php +++ b/src/Application/Model/d3totp.php @@ -78,7 +78,14 @@ class d3totp extends BaseModel return $user; } - + /** + * @return bool + */ + public function isActive() + { + return false == Registry::getConfig()->getConfigParam('blDisableTotpGlobally') + && $this->UserUseTotp(); + } /** * @param $userId diff --git a/src/Modules/Application/Controller/Admin/d3_totp_LoginController.php b/src/Modules/Application/Controller/Admin/d3_totp_LoginController.php index 36e92be..ed882b9 100644 --- a/src/Modules/Application/Controller/Admin/d3_totp_LoginController.php +++ b/src/Modules/Application/Controller/Admin/d3_totp_LoginController.php @@ -1,116 +1,116 @@ - - * @link http://www.oxidmodule.com - */ - -namespace D3\Totp\Modules\Application\Controller\Admin; - -use D3\Totp\Application\Model\d3totp; -use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException; -use Doctrine\DBAL\DBALException; -use OxidEsales\Eshop\Application\Model\User; -use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; -use OxidEsales\Eshop\Core\Registry; - -class d3_totp_LoginController extends d3_totp_LoginController_parent -{ - /** - * @return string - * @throws DBALException - * @throws DatabaseConnectionException - */ - public function render() - { - $auth = Registry::getSession()->getVariable("auth"); - - $return = parent::render(); - - $totp = oxNew(d3totp::class); - $totp->loadByUserId($auth); - - if ($auth - && $totp->UserUseTotp() - && false == Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) - && Registry::getSession()->hasVariable('pwdTransmit') - ) { - // set auth as secured parameter; - Registry::getSession()->setVariable("auth", $auth); - $this->addTplParam('request_totp', true); - } - - return $return; - } - - /** - * @return mixed|string - * @throws DBALException - * @throws DatabaseConnectionException - */ - public function checklogin() - { - $sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp', true); - - $totp = oxNew(d3totp::class); - $totp->loadByUserId(Registry::getSession()->getVariable("auth")); - - if (Registry::getRequest()->getRequestParameter('pwd')) { - Registry::getSession()->setVariable('pwdTransmit', Registry::getRequest()->getRequestParameter('pwd')); - } - - $return = 'login'; - - try { - if ($this->isNoTotpOrNoLogin($totp)) { - $return = parent::checklogin(); - } elseif ($this->hasValidTotp($sTotp, $totp)) { - Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, $sTotp); - Registry::getSession()->deleteVariable('pwdTransmit'); - $return = "admin_start"; - } - } catch (d3totp_wrongOtpException $oEx) { - Registry::getUtilsView()->addErrorToDisplay($oEx); - } - - return $return; - } - - /** - * @param d3totp $totp - * @return bool - */ - public function isNoTotpOrNoLogin($totp) - { - return false == Registry::getSession()->getVariable("auth") - || false == $totp->UserUseTotp(); - } - - /** - * @param string $sTotp - * @param d3totp $totp - * @return bool - * @throws d3totp_wrongOtpException - */ - public function hasValidTotp($sTotp, $totp) - { - return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) || - ( - $sTotp && $totp->verify($sTotp) - ); - } - - public function d3CancelLogin() - { - $oUser = oxNew(User::class); - $oUser->logout(); - } + + * @link http://www.oxidmodule.com + */ + +namespace D3\Totp\Modules\Application\Controller\Admin; + +use D3\Totp\Application\Model\d3totp; +use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException; +use Doctrine\DBAL\DBALException; +use OxidEsales\Eshop\Application\Model\User; +use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; +use OxidEsales\Eshop\Core\Registry; + +class d3_totp_LoginController extends d3_totp_LoginController_parent +{ + /** + * @return string + * @throws DBALException + * @throws DatabaseConnectionException + */ + public function render() + { + $auth = Registry::getSession()->getVariable("auth"); + + $return = parent::render(); + + $totp = oxNew(d3totp::class); + $totp->loadByUserId($auth); + + if ($auth + && $totp->isActive() + && false == Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) + && Registry::getSession()->hasVariable('pwdTransmit') + ) { + // set auth as secured parameter; + Registry::getSession()->setVariable("auth", $auth); + $this->addTplParam('request_totp', true); + } + + return $return; + } + + /** + * @return mixed|string + * @throws DBALException + * @throws DatabaseConnectionException + */ + public function checklogin() + { + $sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp', true); + + $totp = oxNew(d3totp::class); + $totp->loadByUserId(Registry::getSession()->getVariable("auth")); + + if (Registry::getRequest()->getRequestParameter('pwd')) { + Registry::getSession()->setVariable('pwdTransmit', Registry::getRequest()->getRequestParameter('pwd')); + } + + $return = 'login'; + + try { + if ($this->isNoTotpOrNoLogin($totp)) { + $return = parent::checklogin(); + } elseif ($this->hasValidTotp($sTotp, $totp)) { + Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, $sTotp); + Registry::getSession()->deleteVariable('pwdTransmit'); + $return = "admin_start"; + } + } catch (d3totp_wrongOtpException $oEx) { + Registry::getUtilsView()->addErrorToDisplay($oEx); + } + + return $return; + } + + /** + * @param d3totp $totp + * @return bool + */ + public function isNoTotpOrNoLogin($totp) + { + return false == Registry::getSession()->getVariable("auth") + || false == $totp->isActive(); + } + + /** + * @param string $sTotp + * @param d3totp $totp + * @return bool + * @throws d3totp_wrongOtpException + */ + public function hasValidTotp($sTotp, $totp) + { + return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) || + ( + $sTotp && $totp->verify($sTotp) + ); + } + + public function d3CancelLogin() + { + $oUser = oxNew(User::class); + $oUser->logout(); + } } \ No newline at end of file diff --git a/src/Modules/Core/d3_totp_utils.php b/src/Modules/Core/d3_totp_utils.php index c0233e4..b22c56e 100644 --- a/src/Modules/Core/d3_totp_utils.php +++ b/src/Modules/Core/d3_totp_utils.php @@ -37,7 +37,7 @@ class d3_totp_utils extends d3_totp_utils_parent $totp = oxNew(d3totp::class); $totp->loadByUserId($userID); - if ($blAuth && $totp->UserUseTotp() && false === $totpAuth) { + if ($blAuth && $totp->isActive() && false === $totpAuth) { Registry::getUtils()->redirect('index.php?cl=login', true, 302); exit; }