1
0
geforkt von D3Public/oxtotp

add global disable variable

Dieser Commit ist enthalten in:
Daniel Seifert 2018-10-21 20:54:58 +02:00
Ursprung 19b3dc7881
Commit 12294725bc
3 geänderte Dateien mit 124 neuen und 117 gelöschten Zeilen

Datei anzeigen

@ -78,7 +78,14 @@ class d3totp extends BaseModel
return $user;
}
/**
* @return bool
*/
public function isActive()
{
return false == Registry::getConfig()->getConfigParam('blDisableTotpGlobally')
&& $this->UserUseTotp();
}
/**
* @param $userId

Datei anzeigen

@ -1,116 +1,116 @@
<?php
/**
* This Software is the property of Data Development and is protected
* by copyright law - it is NOT Freeware.
* Any unauthorized use of this software without a valid license
* is a violation of the license agreement and will be prosecuted by
* civil and criminal law.
* http://www.shopmodule.com
*
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
* @link http://www.oxidmodule.com
*/
namespace D3\Totp\Modules\Application\Controller\Admin;
use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
use Doctrine\DBAL\DBALException;
use OxidEsales\Eshop\Application\Model\User;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Registry;
class d3_totp_LoginController extends d3_totp_LoginController_parent
{
/**
* @return string
* @throws DBALException
* @throws DatabaseConnectionException
*/
public function render()
{
$auth = Registry::getSession()->getVariable("auth");
$return = parent::render();
$totp = oxNew(d3totp::class);
$totp->loadByUserId($auth);
if ($auth
&& $totp->UserUseTotp()
&& false == Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME)
&& Registry::getSession()->hasVariable('pwdTransmit')
) {
// set auth as secured parameter;
Registry::getSession()->setVariable("auth", $auth);
$this->addTplParam('request_totp', true);
}
return $return;
}
/**
* @return mixed|string
* @throws DBALException
* @throws DatabaseConnectionException
*/
public function checklogin()
{
$sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp', true);
$totp = oxNew(d3totp::class);
$totp->loadByUserId(Registry::getSession()->getVariable("auth"));
if (Registry::getRequest()->getRequestParameter('pwd')) {
Registry::getSession()->setVariable('pwdTransmit', Registry::getRequest()->getRequestParameter('pwd'));
}
$return = 'login';
try {
if ($this->isNoTotpOrNoLogin($totp)) {
$return = parent::checklogin();
} elseif ($this->hasValidTotp($sTotp, $totp)) {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, $sTotp);
Registry::getSession()->deleteVariable('pwdTransmit');
$return = "admin_start";
}
} catch (d3totp_wrongOtpException $oEx) {
Registry::getUtilsView()->addErrorToDisplay($oEx);
}
return $return;
}
/**
* @param d3totp $totp
* @return bool
*/
public function isNoTotpOrNoLogin($totp)
{
return false == Registry::getSession()->getVariable("auth")
|| false == $totp->UserUseTotp();
}
/**
* @param string $sTotp
* @param d3totp $totp
* @return bool
* @throws d3totp_wrongOtpException
*/
public function hasValidTotp($sTotp, $totp)
{
return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) ||
(
$sTotp && $totp->verify($sTotp)
);
}
public function d3CancelLogin()
{
$oUser = oxNew(User::class);
$oUser->logout();
}
<?php
/**
* This Software is the property of Data Development and is protected
* by copyright law - it is NOT Freeware.
* Any unauthorized use of this software without a valid license
* is a violation of the license agreement and will be prosecuted by
* civil and criminal law.
* http://www.shopmodule.com
*
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
* @link http://www.oxidmodule.com
*/
namespace D3\Totp\Modules\Application\Controller\Admin;
use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
use Doctrine\DBAL\DBALException;
use OxidEsales\Eshop\Application\Model\User;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Registry;
class d3_totp_LoginController extends d3_totp_LoginController_parent
{
/**
* @return string
* @throws DBALException
* @throws DatabaseConnectionException
*/
public function render()
{
$auth = Registry::getSession()->getVariable("auth");
$return = parent::render();
$totp = oxNew(d3totp::class);
$totp->loadByUserId($auth);
if ($auth
&& $totp->isActive()
&& false == Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME)
&& Registry::getSession()->hasVariable('pwdTransmit')
) {
// set auth as secured parameter;
Registry::getSession()->setVariable("auth", $auth);
$this->addTplParam('request_totp', true);
}
return $return;
}
/**
* @return mixed|string
* @throws DBALException
* @throws DatabaseConnectionException
*/
public function checklogin()
{
$sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp', true);
$totp = oxNew(d3totp::class);
$totp->loadByUserId(Registry::getSession()->getVariable("auth"));
if (Registry::getRequest()->getRequestParameter('pwd')) {
Registry::getSession()->setVariable('pwdTransmit', Registry::getRequest()->getRequestParameter('pwd'));
}
$return = 'login';
try {
if ($this->isNoTotpOrNoLogin($totp)) {
$return = parent::checklogin();
} elseif ($this->hasValidTotp($sTotp, $totp)) {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, $sTotp);
Registry::getSession()->deleteVariable('pwdTransmit');
$return = "admin_start";
}
} catch (d3totp_wrongOtpException $oEx) {
Registry::getUtilsView()->addErrorToDisplay($oEx);
}
return $return;
}
/**
* @param d3totp $totp
* @return bool
*/
public function isNoTotpOrNoLogin($totp)
{
return false == Registry::getSession()->getVariable("auth")
|| false == $totp->isActive();
}
/**
* @param string $sTotp
* @param d3totp $totp
* @return bool
* @throws d3totp_wrongOtpException
*/
public function hasValidTotp($sTotp, $totp)
{
return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) ||
(
$sTotp && $totp->verify($sTotp)
);
}
public function d3CancelLogin()
{
$oUser = oxNew(User::class);
$oUser->logout();
}
}

Datei anzeigen

@ -37,7 +37,7 @@ class d3_totp_utils extends d3_totp_utils_parent
$totp = oxNew(d3totp::class);
$totp->loadByUserId($userID);
if ($blAuth && $totp->UserUseTotp() && false === $totpAuth) {
if ($blAuth && $totp->isActive() && false === $totpAuth) {
Registry::getUtils()->redirect('index.php?cl=login', true, 302);
exit;
}