From 67312467844d0aa5dfc1186b713cfd08b602dee4 Mon Sep 17 00:00:00 2001 From: Daniel Seifert Date: Fri, 2 Aug 2019 00:23:21 +0200 Subject: [PATCH] initial implementation for frontend check --- .../Controller/Admin/d3user_totp.php | 5 +- src/Application/Controller/d3totplogin.php | 36 +++++++++++++-- src/Application/Model/d3backupcode.php | 6 +-- src/Application/Model/d3backupcodelist.php | 13 +----- src/Application/Model/d3totp.php | 9 ++-- .../translations/de/d3_totp_lang.php | 14 ++++-- .../blocks/page/account/inc/account_menu.tpl | 4 ++ src/Application/views/tpl/d3totplogin.tpl | 46 +++++++++++-------- src/IntelliSenseHelper.php | 31 ++++++++++--- .../Component/d3_totp_UserComponent.php | 23 ++++++---- .../Controller/d3_totp_UserController.php | 4 -- .../Application/Model/d3_totp_user.php | 2 - src/metadata.php | 32 +++++++++---- src/out/flow/src/css/d3totplogin.css | 17 +++++++ 14 files changed, 164 insertions(+), 78 deletions(-) create mode 100644 src/Application/views/blocks/page/account/inc/account_menu.tpl create mode 100644 src/out/flow/src/css/d3totplogin.css diff --git a/src/Application/Controller/Admin/d3user_totp.php b/src/Application/Controller/Admin/d3user_totp.php index 2e71031..38ec75d 100644 --- a/src/Application/Controller/Admin/d3user_totp.php +++ b/src/Application/Controller/Admin/d3user_totp.php @@ -31,7 +31,7 @@ class d3user_totp extends AdminDetailsController protected $_sThisTemplate = 'd3user_totp.tpl'; - public $aBackupCodes = array(); + public $aBackupCodes = []; /** * @return string @@ -104,6 +104,9 @@ class d3user_totp extends AdminDetailsController } } + /** + * @throws DatabaseConnectionException + */ public function delete() { $aParams = Registry::getRequest()->getRequestEscapedParameter("editval"); diff --git a/src/Application/Controller/d3totplogin.php b/src/Application/Controller/d3totplogin.php index d70ecae..958934c 100644 --- a/src/Application/Controller/d3totplogin.php +++ b/src/Application/Controller/d3totplogin.php @@ -28,13 +28,13 @@ class d3totplogin extends FrontendController public function render() { if (Registry::getSession()->hasVariable(d3totp::TOTP_SESSION_VARNAME) || - false == Registry::getSession()->hasVariable('d3totpCurrentUser') + false == Registry::getSession()->hasVariable(d3totp::TOTP_SESSION_CURRENTUSER) ) { Registry::getUtils()->redirect('index.php?cl=start', true, 302); exit; } - $this->addTplParam('navFormParams', Registry::getSession()->getVariable('d3totpNavFormParams')); + $this->addTplParam('navFormParams', Registry::getSession()->getVariable(d3totp::TOTP_SESSION_NAVFORMPARAMS)); return parent::render(); } @@ -46,7 +46,7 @@ class d3totplogin extends FrontendController public function getBackupCodeCountMessage() { $oBackupCodeList = oxNew(d3backupcodelist::class); - $iCount = $oBackupCodeList->getAvailableCodeCount(Registry::getSession()->getVariable('d3totpCurrentUser')); + $iCount = $oBackupCodeList->getAvailableCodeCount(Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTUSER)); if ($iCount < 4) { return sprintf( @@ -60,12 +60,12 @@ class d3totplogin extends FrontendController public function getPreviousClass() { - return Registry::getSession()->getVariable('d3totpCurrentClass'); + return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTCLASS); } public function previousClassIsOrderStep() { - $sClassKey = Registry::getSession()->getVariable('d3totpCurrentClass'); + $sClassKey = Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTCLASS); $resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey); $resolvedClass = $resolvedClass ? $resolvedClass : 'start'; @@ -73,4 +73,30 @@ class d3totplogin extends FrontendController $oController = oxNew($resolvedClass); return $oController->getIsOrderStep(); } + + /** + * @return bool + */ + public function getIsOrderStep() + { + return $this->previousClassIsOrderStep(); + } + + /** + * Returns Bread Crumb - you are here page1/page2/page3... + * + * @return array + */ + public function getBreadCrumb() + { + $aPaths = []; + $aPath = []; + $iBaseLanguage = Registry::getLang()->getBaseLanguage(); + $aPath['title'] = Registry::getLang()->translateString('D3_TOTP_BREADCRUMB', $iBaseLanguage, false); + $aPath['link'] = $this->getLink(); + + $aPaths[] = $aPath; + + return $aPaths; + } } \ No newline at end of file diff --git a/src/Application/Model/d3backupcode.php b/src/Application/Model/d3backupcode.php index c21e515..af8356c 100644 --- a/src/Application/Model/d3backupcode.php +++ b/src/Application/Model/d3backupcode.php @@ -39,10 +39,10 @@ class d3backupcode extends BaseModel $sCode = $generator->generateString(6, Generator::CHAR_DIGITS); $this->assign( - array( + [ 'oxuserid' => $sUserId, 'backupcode' => $this->d3EncodeBC($sCode), - ) + ] ); return $sCode; @@ -68,7 +68,7 @@ class d3backupcode extends BaseModel return $this->getUser(); } - $sUserId = Registry::getSession()->getVariable('d3totpCurrentUser'); + $sUserId = Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTUSER); $oUser = oxNew(User::class); $oUser->load($sUserId); return $oUser; diff --git a/src/Application/Model/d3backupcodelist.php b/src/Application/Model/d3backupcodelist.php index 89947d3..b0b9d07 100644 --- a/src/Application/Model/d3backupcodelist.php +++ b/src/Application/Model/d3backupcodelist.php @@ -16,9 +16,7 @@ namespace D3\Totp\Application\Model; use D3\Totp\Application\Controller\Admin\d3user_totp; -use D3\Totp\Application\Model\d3backupcode; use Exception; -use OxidEsales\Eshop\Application\Model\User; use OxidEsales\Eshop\Core\DatabaseProvider; use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; use OxidEsales\Eshop\Core\Model\ListModel; @@ -35,7 +33,7 @@ class d3backupcodelist extends ListModel */ protected $_sCoreTable = 'd3totp_backupcodes'; - protected $_backupCodes = array(); + protected $_backupCodes = []; /** * @param $sUserId @@ -134,13 +132,6 @@ class d3backupcodelist extends ListModel public function d3GetUser() { - if ($this->getUser()) { - return $this->getUser(); - } - - $sUserId = Registry::getSession()->getVariable('d3totpCurrentUser'); - $oUser = oxNew(User::class); - $oUser->load($sUserId); - return $oUser; + return $this->getBaseObject()->d3GetUser(); } } \ No newline at end of file diff --git a/src/Application/Model/d3totp.php b/src/Application/Model/d3totp.php index 3ea275c..bab1ad5 100644 --- a/src/Application/Model/d3totp.php +++ b/src/Application/Model/d3totp.php @@ -29,7 +29,10 @@ use OxidEsales\Eshop\Core\Registry; class d3totp extends BaseModel { - const TOTP_SESSION_VARNAME = 'totp_auth'; + const TOTP_SESSION_VARNAME = 'totp_auth'; + const TOTP_SESSION_CURRENTUSER = 'd3totpCurrentUser'; + const TOTP_SESSION_CURRENTCLASS = 'd3totpCurrentClass'; + const TOTP_SESSION_NAVFORMPARAMS = 'd3totpNavFormParams'; public $tableName = 'd3totp'; public $userId; @@ -175,9 +178,9 @@ class d3totp extends BaseModel public function saveSecret($seed) { $this->assign( - array( + [ 'seed' => $this->encrypt($seed) - ) + ] ); } diff --git a/src/Application/translations/de/d3_totp_lang.php b/src/Application/translations/de/d3_totp_lang.php index 742398e..a35d67b 100644 --- a/src/Application/translations/de/d3_totp_lang.php +++ b/src/Application/translations/de/d3_totp_lang.php @@ -17,10 +17,14 @@ $sLangName = "Deutsch"; -$aLang = array( +$aLang = [ 'charset' => 'UTF-8', - 'TOTP_INPUT' => 'Authentisierungscode', - 'TOTP_INPUT_HELP' => 'Das Einmalpasswort erhalten Sie von der Zweifaktorauthentisierung-App auf Ihrem Gerät.', - 'TOTP_CANCEL_LOGIN' => 'Anmeldung abbrechen', -); + 'D3_TOTP_INPUT' => 'Authentisierungscode', + 'D3_TOTP_INPUT_HELP' => 'Das Einmalpasswort erhalten Sie von der Zweifaktorauthentisierung-App auf Ihrem Gerät.', + 'D3_TOTP_SUBMIT_LOGIN' => 'Anmelden', + 'D3_TOTP_CANCEL_LOGIN' => 'Anmeldung abbrechen', + 'D3_TOTP_BREADCRUMB' => 'Einmalpasswort-Anmeldung', + 'D3_TOTP_ERROR_UNVALID' => 'Das Einmalpasswort ist ungültig.', + 'D3_TOTP_ACCOUNT' => '2-Faktor-Authentisierung', +]; diff --git a/src/Application/views/blocks/page/account/inc/account_menu.tpl b/src/Application/views/blocks/page/account/inc/account_menu.tpl new file mode 100644 index 0000000..15c8821 --- /dev/null +++ b/src/Application/views/blocks/page/account/inc/account_menu.tpl @@ -0,0 +1,4 @@ +[{$smarty.block.parent}] +
  • + [{oxmultilang ident="D3_TOTP_ACCOUNT"}] +
    • \ No newline at end of file diff --git a/src/Application/views/tpl/d3totplogin.tpl b/src/Application/views/tpl/d3totplogin.tpl index a660147..08e67c7 100644 --- a/src/Application/views/tpl/d3totplogin.tpl +++ b/src/Application/views/tpl/d3totplogin.tpl @@ -6,34 +6,40 @@ [{include file="page/checkout/inc/steps.tpl" active=2}] [{/if}] -
    - [{$oViewConf->getHiddenSid()}] +
    +
    + + [{$oViewConf->getHiddenSid()}] - - - [{$navFormParams}] + + + [{$navFormParams}] - [{if $Errors.default|@count}] - [{include file="inc_error.tpl" Errorlist=$Errors.default}] - [{/if}] + [{if $Errors.default|@count}] + [{include file="inc_error.tpl" Errorlist=$Errors.default}] + [{/if}] - [{$oView->getBackupCodeCountMessage()}] + [{$oView->getBackupCodeCountMessage()}] - -
    + +
    - [{oxmultilang ident="TOTP_INPUT_HELP"}] + [{oxmultilang ident="D3_TOTP_INPUT_HELP"}] - [{* prevent cancel button (1st button) action when form is sent via Enter key *}] - +
    + +
    + [{$oViewConf->getHiddenSid()}] - - -
    + + + [{$navFormParams}] + + +
    +
    - [{oxstyle include=$oViewConf->getModuleUrl('d3totp', 'out/admin/src/css/d3totplogin.css')}] + [{oxstyle include=$oViewConf->getModuleUrl('d3totp', 'out/flow/src/css/d3totplogin.css')}] [{oxstyle}] [{insert name="oxid_tracker" title=$template_title}] diff --git a/src/IntelliSenseHelper.php b/src/IntelliSenseHelper.php index 8fb4397..2ddfc28 100644 --- a/src/IntelliSenseHelper.php +++ b/src/IntelliSenseHelper.php @@ -15,29 +15,46 @@ namespace D3\Totp\Modules\Application\Component { - class d3_totp_UserComponent_parent extends \OxidEsales\Eshop\Application\Component\UserComponent { } + + use OxidEsales\Eshop\Application\Component\UserComponent; + + class d3_totp_UserComponent_parent extends UserComponent { } } namespace D3\Totp\Modules\Application\Controller { - class d3_totp_UserController_parent extends \OxidEsales\Eshop\Application\Controller\UserController { } - class d3_totp_PaymentController_parent extends \OxidEsales\Eshop\Application\Controller\PaymentController { } + use OxidEsales\Eshop\Application\Controller\OrderController; + use OxidEsales\Eshop\Application\Controller\PaymentController; + use OxidEsales\Eshop\Application\Controller\UserController; - class d3_totp_OrderController_parent extends \OxidEsales\Eshop\Application\Controller\OrderController { } + class d3_totp_UserController_parent extends UserController { } + + class d3_totp_PaymentController_parent extends PaymentController { } + + class d3_totp_OrderController_parent extends OrderController { } } namespace D3\Totp\Modules\Application\Controller\Admin { - class d3_totp_LoginController_parent extends \OxidEsales\Eshop\Application\Controller\Admin\LoginController { } + + use OxidEsales\Eshop\Application\Controller\Admin\LoginController; + + class d3_totp_LoginController_parent extends LoginController { } } namespace D3\Totp\Modules\Application\Model { - class d3_totp_user_parent extends \OxidEsales\Eshop\Application\Model\User { } + + use OxidEsales\Eshop\Application\Model\User; + + class d3_totp_user_parent extends User { } } namespace D3\Totp\Modules\Core { - class d3_totp_utils_parent extends \OxidEsales\Eshop\Core\Utils { } + + use OxidEsales\Eshop\Core\Utils; + + class d3_totp_utils_parent extends Utils { } } \ No newline at end of file diff --git a/src/Modules/Application/Component/d3_totp_UserComponent.php b/src/Modules/Application/Component/d3_totp_UserComponent.php index 9149bea..b4a58ad 100644 --- a/src/Modules/Application/Component/d3_totp_UserComponent.php +++ b/src/Modules/Application/Component/d3_totp_UserComponent.php @@ -43,11 +43,11 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent && false == Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) ) { Registry::getSession()->setVariable( - 'd3totpCurrentClass', + d3totp::TOTP_SESSION_CURRENTCLASS, $this->getParent()->getClassKey() != 'd3totplogin' ? $this->getParent()->getClassKey() : 'start'); - Registry::getSession()->setVariable('d3totpCurrentUser', $oUser->getId()); + Registry::getSession()->setVariable(d3totp::TOTP_SESSION_CURRENTUSER, $oUser->getId()); Registry::getSession()->setVariable( - 'd3totpNavFormParams', + d3totp::TOTP_SESSION_NAVFORMPARAMS, $this->getParent()->getViewConfig()->getNavFormParams() ); @@ -66,7 +66,7 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent { $sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp', true); - $sUserId = Registry::getSession()->getVariable('d3totpCurrentUser'); + $sUserId = Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTUSER); $oUser = oxNew(User::class); $oUser->load($sUserId); @@ -87,13 +87,20 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent return 'd3totplogin'; } + public function cancelTotpLogin() + { + $this->d3TotpClearSessionVariables(); + + return false; + } + /** * @param d3totp $totp * @return bool */ public function isNoTotpOrNoLogin($totp) { - return false == Registry::getSession()->getVariable("d3totpCurrentUser") + return false == Registry::getSession()->getVariable(d3totp::TOTP_SESSION_CURRENTUSER) || false == $totp->isActive(); } @@ -127,8 +134,8 @@ class d3_totp_UserComponent extends d3_totp_UserComponent_parent public function d3TotpClearSessionVariables() { - Registry::getSession()->deleteVariable('d3totpCurrentClass'); - Registry::getSession()->deleteVariable('d3totpCurrentUser'); - Registry::getSession()->deleteVariable('d3totpNavFormParams'); + Registry::getSession()->deleteVariable(d3totp::TOTP_SESSION_CURRENTCLASS); + Registry::getSession()->deleteVariable(d3totp::TOTP_SESSION_CURRENTUSER); + Registry::getSession()->deleteVariable(d3totp::TOTP_SESSION_NAVFORMPARAMS); } } \ No newline at end of file diff --git a/src/Modules/Application/Controller/d3_totp_UserController.php b/src/Modules/Application/Controller/d3_totp_UserController.php index e72a5ba..86d558c 100644 --- a/src/Modules/Application/Controller/d3_totp_UserController.php +++ b/src/Modules/Application/Controller/d3_totp_UserController.php @@ -15,10 +15,6 @@ namespace D3\Totp\Modules\Application\Controller; -use D3\Totp\Application\Model\d3backupcodelist; -use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; -use OxidEsales\Eshop\Core\Registry; - class d3_totp_UserController extends d3_totp_UserController_parent { use d3_totp_getUserTrait; diff --git a/src/Modules/Application/Model/d3_totp_user.php b/src/Modules/Application/Model/d3_totp_user.php index e304710..d260c4b 100644 --- a/src/Modules/Application/Model/d3_totp_user.php +++ b/src/Modules/Application/Model/d3_totp_user.php @@ -16,8 +16,6 @@ namespace D3\Totp\Modules\Application\Model; use D3\Totp\Application\Model\d3totp; -use Doctrine\DBAL\DBALException; -use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; use OxidEsales\Eshop\Core\Registry; class d3_totp_user extends d3_totp_user_parent diff --git a/src/metadata.php b/src/metadata.php index 92cd895..77f30cc 100644 --- a/src/metadata.php +++ b/src/metadata.php @@ -15,6 +15,15 @@ * @link http://www.oxidmodule.com */ +use D3\Totp\Application\Controller\Admin\d3user_totp; +use D3\Totp\Application\Controller\d3totplogin; +use D3\Totp\Modules\Application\Component\d3_totp_UserComponent; +use D3\Totp\Modules\Application\Controller\Admin\d3_totp_LoginController; +use D3\Totp\Modules\Application\Controller\d3_totp_OrderController; +use D3\Totp\Modules\Application\Controller\d3_totp_PaymentController; +use D3\Totp\Modules\Application\Controller\d3_totp_UserController; +use D3\Totp\Modules\Application\Model\d3_totp_user; +use D3\Totp\Modules\Core\d3_totp_utils; use D3\Totp\Setup as ModuleSetup; use D3\ModCfg\Application\Model\d3utils; use OxidEsales\Eshop\Application\Component\UserComponent; @@ -52,17 +61,17 @@ $aModule = [ 'email' => 'support@shopmodule.com', 'url' => 'http://www.oxidmodule.com/', 'extend' => [ - UserController::class => \D3\Totp\Modules\Application\Controller\d3_totp_UserController::class, - PaymentController::class => \D3\Totp\Modules\Application\Controller\d3_totp_PaymentController::class, - OrderController::class => \D3\Totp\Modules\Application\Controller\d3_totp_OrderController::class, - OxidModel\User::class => \D3\Totp\Modules\Application\Model\d3_totp_user::class, - LoginController::class => \D3\Totp\Modules\Application\Controller\Admin\d3_totp_LoginController::class, - Utils::class => \D3\Totp\Modules\Core\d3_totp_utils::class, - UserComponent::class => \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::class, + UserController::class => d3_totp_UserController::class, + PaymentController::class => d3_totp_PaymentController::class, + OrderController::class => d3_totp_OrderController::class, + OxidModel\User::class => d3_totp_user::class, + LoginController::class => d3_totp_LoginController::class, + Utils::class => d3_totp_utils::class, + UserComponent::class => d3_totp_UserComponent::class, ], 'controllers' => [ - 'd3user_totp' => \D3\Totp\Application\Controller\Admin\d3user_totp::class, - 'd3totplogin' => \D3\Totp\Application\Controller\d3totplogin::class + 'd3user_totp' => d3user_totp::class, + 'd3totplogin' => d3totplogin::class ], 'templates' => [ 'd3user_totp.tpl' => 'd3/totp/Application/views/admin/tpl/d3user_totp.tpl', @@ -79,6 +88,11 @@ $aModule = [ 'template' => 'login.tpl', 'block' => 'admin_login_form', 'file' => 'Application/views/admin/blocks/d3totp_login_admin_login_form.tpl', + ], + [ + 'template' => 'page/account/inc/account_menu.tpl', + 'block' => 'account_menu', + 'file' => 'Application/views/blocks/page/account/inc/account_menu.tpl', ] ], 'd3FileRegister' => [ diff --git a/src/out/flow/src/css/d3totplogin.css b/src/out/flow/src/css/d3totplogin.css new file mode 100644 index 0000000..83b313f --- /dev/null +++ b/src/out/flow/src/css/d3totplogin.css @@ -0,0 +1,17 @@ +#login { + display: flex; + flex-flow: column; +} +#login .btn.btn_cancel { + background: silver; + color: black; +} + +.cl-d3totplogin .btn { + margin: 10px 0; +} + +.cl-d3totplogin .mainforms { + margin-top: 20px; + margin-bottom: 20px; +} \ No newline at end of file