forked from D3Public/oxtotp
separate session var names between frontend and backend
This commit is contained in:
parent
d8be836ed7
commit
46ae7efa32
src
Application
Modules
Application
Core
tests/unit
Application
Modules/Application
@ -60,7 +60,7 @@ class d3totpadminlogin extends AdminController
|
||||
$totp = $this->d3TotpGetTotpObject();
|
||||
$totp->loadByUserId($userId);
|
||||
|
||||
return $this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_AUTH) ||
|
||||
return $this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_ADMIN_AUTH) ||
|
||||
!$totp->isActive();
|
||||
}
|
||||
|
||||
@ -70,7 +70,7 @@ class d3totpadminlogin extends AdminController
|
||||
protected function isTotpLoginNotPossible(): bool
|
||||
{
|
||||
return !$this->d3TotpGetSession()->hasVariable(d3totp_conf::OXID_ADMIN_AUTH) &&
|
||||
!$this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER);
|
||||
!$this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_ADMIN_CURRENTUSER);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -159,8 +159,8 @@ class d3totpadminlogin extends AdminController
|
||||
$session->initNewSession();
|
||||
$session->setVariable("aAdminProfiles", $adminProfiles);
|
||||
$session->setVariable(d3totp_conf::OXID_ADMIN_AUTH, $userId);
|
||||
$session->setVariable(d3totp_conf::SESSION_AUTH, $userId);
|
||||
$session->deleteVariable(d3totp_conf::SESSION_CURRENTUSER);
|
||||
$session->setVariable(d3totp_conf::SESSION_ADMIN_AUTH, $userId);
|
||||
$session->deleteVariable(d3totp_conf::SESSION_ADMIN_CURRENTUSER);
|
||||
|
||||
return "admin_start";
|
||||
} catch (d3totp_wrongOtpException $e) {
|
||||
@ -179,7 +179,7 @@ class d3totpadminlogin extends AdminController
|
||||
*/
|
||||
public function d3TotpHasValidTotp(string $sTotp = null, d3totp $totp): bool
|
||||
{
|
||||
return $this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_AUTH)
|
||||
return $this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_ADMIN_AUTH)
|
||||
|| $totp->verify($sTotp);
|
||||
}
|
||||
|
||||
|
@ -17,7 +17,6 @@ namespace D3\Totp\Application\Controller\Admin;
|
||||
|
||||
use D3\Totp\Application\Model\d3totp;
|
||||
use D3\Totp\Application\Model\d3backupcodelist;
|
||||
use D3\Totp\Application\Model\d3totp_conf;
|
||||
use D3\Totp\Modules\Application\Model\d3_totp_user;
|
||||
use Exception;
|
||||
use OxidEsales\Eshop\Application\Controller\Admin\AdminDetailsController;
|
||||
|
@ -20,7 +20,6 @@ use OxidEsales\Eshop\Application\Model\User;
|
||||
use OxidEsales\Eshop\Core\DatabaseProvider;
|
||||
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
|
||||
use OxidEsales\Eshop\Core\Model\BaseModel;
|
||||
use OxidEsales\Eshop\Core\Registry;
|
||||
|
||||
class d3backupcode extends BaseModel
|
||||
{
|
||||
|
@ -17,10 +17,12 @@ namespace D3\Totp\Application\Model;
|
||||
|
||||
class d3totp_conf
|
||||
{
|
||||
public const OXID_ADMIN_AUTH = 'auth';
|
||||
public const OXID_FRONTEND_AUTH = 'usr';
|
||||
public const SESSION_AUTH = 'd3TotpAuth'; // has valid totp, user is logged in completly
|
||||
public const SESSION_CURRENTUSER = 'd3TotpCurrentUser'; // oxid assigned to user from entered username
|
||||
public const SESSION_CURRENTCLASS = 'd3TotpCurrentClass'; // oxid assigned to user from entered username
|
||||
public const SESSION_NAVFORMPARAMS = 'd3totpNavFormParams';
|
||||
public const OXID_ADMIN_AUTH = 'auth';
|
||||
public const OXID_FRONTEND_AUTH = 'usr';
|
||||
public const SESSION_AUTH = 'd3Totp_auth'; // has valid totp, user is logged in completly
|
||||
public const SESSION_CURRENTUSER = 'd3Totp_currentUser'; // oxid assigned to user from entered username
|
||||
public const SESSION_CURRENTCLASS = 'd3Totp_currentClass'; // oxid assigned to user from entered username
|
||||
public const SESSION_NAVFORMPARAMS = 'd3Totp_navFormParams';
|
||||
public const SESSION_ADMIN_AUTH = 'd3Totp_auth'; // has valid totp, user is logged in completly
|
||||
public const SESSION_ADMIN_CURRENTUSER = 'd3Totp_currentUser'; // oxid assigned to user from entered username
|
||||
}
|
@ -63,7 +63,7 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
|
||||
$user = $this->d3TotpGetUserObject();
|
||||
$user->logout();
|
||||
|
||||
$this->d3TotpGetSession()->setVariable(d3totp_conf::SESSION_CURRENTUSER, $userId);
|
||||
$this->d3TotpGetSession()->setVariable(d3totp_conf::SESSION_ADMIN_CURRENTUSER, $userId);
|
||||
return "d3totpadminlogin";
|
||||
}
|
||||
|
||||
@ -77,7 +77,7 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
|
||||
public function d3TotpLoginMissing($totp)
|
||||
{
|
||||
return $totp->isActive()
|
||||
&& false == $this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_AUTH);
|
||||
&& false == $this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_ADMIN_AUTH);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -41,7 +41,8 @@ trait d3_totp_getUserTrait
|
||||
$totp->loadByUserId($oUser->getId());
|
||||
|
||||
if ($totp->isActive()
|
||||
&& !$this->d3TotpGetSessionObject()->getVariable(d3totp_conf::SESSION_AUTH)
|
||||
&& !$this->d3TotpGetSessionObject()->getVariable(
|
||||
isAdmin() ? d3totp_conf::SESSION_ADMIN_AUTH : d3totp_conf::SESSION_AUTH)
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
|
@ -28,6 +28,8 @@ class d3_totp_user extends d3_totp_user_parent
|
||||
|
||||
$this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_AUTH);
|
||||
$this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_CURRENTUSER);
|
||||
$this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_ADMIN_AUTH);
|
||||
$this->d3TotpGetSession()->deleteVariable(d3totp_conf::SESSION_ADMIN_CURRENTUSER);
|
||||
|
||||
return $return;
|
||||
}
|
||||
@ -53,10 +55,13 @@ class d3_totp_user extends d3_totp_user_parent
|
||||
*/
|
||||
public function d3TotpGetCurrentUser(): ?string
|
||||
{
|
||||
return $this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER) ?
|
||||
$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER) :
|
||||
($this->isAdmin() ?
|
||||
$this->d3TotpGetSession()->getVariable(d3totp_conf::OXID_ADMIN_AUTH) :
|
||||
return $this->isAdmin() ?
|
||||
($this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_ADMIN_CURRENTUSER) ?
|
||||
$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_ADMIN_CURRENTUSER) :
|
||||
$this->d3TotpGetSession()->getVariable(d3totp_conf::OXID_ADMIN_AUTH))
|
||||
:
|
||||
($this->d3TotpGetSession()->hasVariable(d3totp_conf::SESSION_CURRENTUSER) ?
|
||||
$this->d3TotpGetSession()->getVariable(d3totp_conf::SESSION_CURRENTUSER) :
|
||||
$this->d3TotpGetSession()->getVariable(d3totp_conf::OXID_FRONTEND_AUTH));
|
||||
}
|
||||
}
|
||||
|
@ -35,7 +35,7 @@ class d3_totp_utils extends d3_totp_utils_parent
|
||||
$blAuth = parent::checkAccessRights();
|
||||
$blAuth = $this->d3AuthHook($blAuth);
|
||||
$userID = $this->d3TotpGetSessionObject()->getVariable("auth");
|
||||
$totpAuth = (bool) $this->d3TotpGetSessionObject()->getVariable(d3totp_conf::SESSION_AUTH);
|
||||
$totpAuth = (bool) $this->d3TotpGetSessionObject()->getVariable(d3totp_conf::SESSION_ADMIN_AUTH);
|
||||
/** @var d3totp $totp */
|
||||
$totp = $this->d3GetTotpObject();
|
||||
$totp->loadByUserId($userID);
|
||||
|
@ -117,7 +117,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
|
||||
])
|
||||
->getMock();
|
||||
$hasVariableMap = [
|
||||
[d3totp_conf::SESSION_AUTH, $hasAuthAlready]
|
||||
[d3totp_conf::SESSION_ADMIN_AUTH, $hasAuthAlready]
|
||||
];
|
||||
$oSessionMock->method('hasVariable')->willReturnMap($hasVariableMap);
|
||||
|
||||
@ -174,7 +174,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
|
||||
->getMock();
|
||||
$hasVariableMap = [
|
||||
[d3totp_conf::OXID_ADMIN_AUTH, $hasAdminAuth],
|
||||
[d3totp_conf::SESSION_CURRENTUSER, $hasCurrentUser],
|
||||
[d3totp_conf::SESSION_ADMIN_CURRENTUSER, $hasCurrentUser],
|
||||
];
|
||||
$oSessionMock->method('hasVariable')->willReturnMap($hasVariableMap);
|
||||
|
||||
@ -488,7 +488,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
|
||||
*/
|
||||
public function hasValidTotpTrueSessionVarname()
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, true);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_ADMIN_AUTH, true);
|
||||
|
||||
/** @var d3totp|MockObject $oTotpMock */
|
||||
$oTotpMock = $this->getMockBuilder(d3totp::class)
|
||||
@ -509,7 +509,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
|
||||
*/
|
||||
public function hasValidTotpTrueValidTotp()
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_ADMIN_AUTH, false);
|
||||
|
||||
/** @var d3totp|MockObject $oTotpMock */
|
||||
$oTotpMock = $this->getMockBuilder(d3totp::class)
|
||||
@ -530,7 +530,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
|
||||
*/
|
||||
public function hasValidTotpFalseMissingTotp()
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_ADMIN_AUTH, false);
|
||||
|
||||
/** @var d3totp|MockObject $oTotpMock */
|
||||
$oTotpMock = $this->getMockBuilder(d3totp::class)
|
||||
@ -550,7 +550,7 @@ class d3totpadminloginTest extends d3TotpUnitTestCase
|
||||
*/
|
||||
public function hasValidTotpFalseUnverifiedTotp()
|
||||
{
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_AUTH, false);
|
||||
Registry::getSession()->setVariable(d3totp_conf::SESSION_ADMIN_AUTH, false);
|
||||
|
||||
/** @var d3totp|MockObject $oTotpMock */
|
||||
$oTotpMock = $this->getMockBuilder(d3totp::class)
|
||||
|
@ -16,7 +16,6 @@ namespace D3\Totp\tests\unit\Application\Controller;
|
||||
use D3\TestingTools\Development\CanAccessRestricted;
|
||||
use D3\Totp\Application\Controller\d3totplogin;
|
||||
use D3\Totp\Application\Model\d3backupcodelist;
|
||||
use D3\Totp\Application\Model\d3totp;
|
||||
use D3\Totp\Application\Model\d3totp_conf;
|
||||
use D3\Totp\tests\unit\d3TotpUnitTestCase;
|
||||
use OxidEsales\Eshop\Core\Registry;
|
||||
|
@ -15,7 +15,6 @@ namespace D3\Totp\tests\unit\Application\Model;
|
||||
|
||||
use D3\TestingTools\Development\CanAccessRestricted;
|
||||
use D3\Totp\Application\Model\d3backupcode;
|
||||
use D3\Totp\Application\Model\d3totp;
|
||||
use D3\Totp\Application\Model\d3totp_conf;
|
||||
use D3\Totp\tests\unit\d3TotpUnitTestCase;
|
||||
use OxidEsales\Eshop\Application\Model\User;
|
||||
|
@ -193,7 +193,7 @@ class d3_totp_LoginControllerTest extends d3TotpUnitTestCase
|
||||
$oSessionMock = $this->getMockBuilder(Session::class)
|
||||
->onlyMethods(['getVariable'])
|
||||
->getMock();
|
||||
$oSessionMock->method('getVariable')->with(d3totp_conf::SESSION_AUTH)->willReturn($loggedin);
|
||||
$oSessionMock->method('getVariable')->with(d3totp_conf::SESSION_ADMIN_AUTH)->willReturn($loggedin);
|
||||
|
||||
/** @var d3_totp_LoginController|MockObject $oControllerMock */
|
||||
$oControllerMock = $this->getMockBuilder(d3_totp_LoginController::class)
|
||||
|
@ -123,6 +123,7 @@ class d3_totp_userTest extends d3TotpUnitTestCase
|
||||
$oSessionMock->expects($this->once())->method('hasVariable')->willReturn((bool) $currentUser);
|
||||
$getVariableMap = [
|
||||
[d3totp_conf::SESSION_CURRENTUSER, $currentUser],
|
||||
[d3totp_conf::SESSION_ADMIN_CURRENTUSER, $currentUser],
|
||||
[d3totp_conf::OXID_ADMIN_AUTH, $adminAuth],
|
||||
[d3totp_conf::OXID_FRONTEND_AUTH, $frontendAuth],
|
||||
];
|
||||
@ -152,9 +153,10 @@ class d3_totp_userTest extends d3TotpUnitTestCase
|
||||
public function d3TotpGetCurrentUserTestDataProvider(): array
|
||||
{
|
||||
return [
|
||||
'login request' => ['currentFixture', true, 'adminFixture', 'frontendFixture', 'currentFixture'],
|
||||
'admin auth' => [null, true, 'adminFixture', 'frontendFixture', 'adminFixture'],
|
||||
'frontend auth' => [null, false, 'adminFixture', 'frontendFixture', 'frontendFixture'],
|
||||
'adm login request' => ['currentFixture', true, 'adminFixture', 'frontendFixture', 'currentFixture'],
|
||||
'frnt login request' => ['currentFixture', false, 'adminFixture', 'frontendFixture', 'currentFixture'],
|
||||
'admin auth' => [null, true, 'adminFixture', 'frontendFixture', 'adminFixture'],
|
||||
'frontend auth' => [null, false, 'adminFixture', 'frontendFixture', 'frontendFixture'],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user