DanielS/oxwebauthn
1
0
Fork 0
forked from D3Public/oxtotp
Code Pull Requests Packages Projects Releases Wiki Activity

initial implementation for frontend check

Browse Source
This commit is contained in:
Daniel Seifert 2019-07-31 22:43:34 +02:00
parent 14654bac11
commit d6d1f976dc
16 changed files with 450 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Application/Controller/Admin/d3user_totp.php
View File

@ -16,7 +16,7 @@
namespace D3\Totp\Application\Controller\Admin; namespace D3\Totp\Application\Controller\Admin;
use D3\Totp\Application\Model\d3totp; use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\Exceptions\d3backupcodelist; use D3\Totp\Application\Model\d3backupcodelist;
use D3\Totp\Modules\Application\Model\d3_totp_user; use D3\Totp\Modules\Application\Model\d3_totp_user;
use Exception; use Exception;
use OxidEsales\Eshop\Application\Controller\Admin\AdminDetailsController; use OxidEsales\Eshop\Application\Controller\Admin\AdminDetailsController;

76
src/Application/Controller/d3totplogin.php Normal file
View File

@ -0,0 +1,76 @@
<?php
/**
* This Software is the property of Data Development and is protected
* by copyright law - it is NOT Freeware.
* Any unauthorized use of this software without a valid license
* is a violation of the license agreement and will be prosecuted by
* civil and criminal law.
* http://www.shopmodule.com
*
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
* @link http://www.oxidmodule.com
*/
namespace D3\Totp\Application\Controller;
use D3\Totp\Application\Model\d3backupcodelist;
use D3\Totp\Application\Model\d3totp;
use OxidEsales\Eshop\Application\Controller\FrontendController;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Registry;
class d3totplogin extends FrontendController
{
protected $_sThisTemplate = 'd3totplogin.tpl';
public function render()
{
if (Registry::getSession()->hasVariable(d3totp::TOTP_SESSION_VARNAME) ||
false == Registry::getSession()->hasVariable('d3totpCurrentUser')
) {
Registry::getUtils()->redirect('index.php?cl=start', true, 302);
exit;
}
$this->addTplParam('navFormParams', Registry::getSession()->getVariable('d3totpNavFormParams'));
return parent::render();
}
/**
* @return string|void
* @throws DatabaseConnectionException
*/
public function getBackupCodeCountMessage()
{
$oBackupCodeList = oxNew(d3backupcodelist::class);
$iCount = $oBackupCodeList->getAvailableCodeCount(Registry::getSession()->getVariable('d3totpCurrentUser'));
if ($iCount < 4) {
return sprintf(
Registry::getLang()->translateString('D3_TOTP_AVAILBACKUPCODECOUNT', null, true),
$iCount
);
};
return;
}
public function getPreviousClass()
{
return Registry::getSession()->getVariable('d3totpCurrentClass');
}
public function previousClassIsOrderStep()
{
$sClassKey = Registry::getSession()->getVariable('d3totpCurrentClass');
$resolvedClass = Registry::getControllerClassNameResolver()->getClassNameById($sClassKey);
$resolvedClass = $resolvedClass ? $resolvedClass : 'start';
/** @var FrontendController $oController */
$oController = oxNew($resolvedClass);
return $oController->getIsOrderStep();
}
}

16
src/Application/Model/d3backupcode.php
View File

@ -15,9 +15,11 @@
namespace D3\Totp\Application\Model; namespace D3\Totp\Application\Model;
use OxidEsales\Eshop\Application\Model\User;
use OxidEsales\Eshop\Core\DatabaseProvider; use OxidEsales\Eshop\Core\DatabaseProvider;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Model\BaseModel; use OxidEsales\Eshop\Core\Model\BaseModel;
use OxidEsales\Eshop\Core\Registry;
use RandomLib\Factory; use RandomLib\Factory;
use RandomLib\Generator; use RandomLib\Generator;
@ -54,9 +56,21 @@ class d3backupcode extends BaseModel
public function d3EncodeBC($code) public function d3EncodeBC($code)
{ {
$oDb = DatabaseProvider::getDb(); $oDb = DatabaseProvider::getDb();
$salt = $this->getUser()->getFieldData('oxpasssalt'); $salt = $this->d3GetUser()->getFieldData('oxpasssalt');
$sSelect = "SELECT BINARY MD5( CONCAT( " . $oDb->quote($code) . ", UNHEX( ".$oDb->quote($salt)." ) ) )"; $sSelect = "SELECT BINARY MD5( CONCAT( " . $oDb->quote($code) . ", UNHEX( ".$oDb->quote($salt)." ) ) )";
return $oDb->getOne($sSelect); return $oDb->getOne($sSelect);
} }
public function d3GetUser()
{
if ($this->getUser()) {
return $this->getUser();
}
$sUserId = Registry::getSession()->getVariable('d3totpCurrentUser');
$oUser = oxNew(User::class);
$oUser->load($sUserId);
return $oUser;
}
} }

17
src/Application/Model/Exceptions/d3backupcodelist.php → src/Application/Model/d3backupcodelist.php
View File

@ -13,11 +13,12 @@
* @link http://www.oxidmodule.com * @link http://www.oxidmodule.com
*/ */
namespace D3\Totp\Application\Model\Exceptions; namespace D3\Totp\Application\Model;
use D3\Totp\Application\Controller\Admin\d3user_totp; use D3\Totp\Application\Controller\Admin\d3user_totp;
use D3\Totp\Application\Model\d3backupcode; use D3\Totp\Application\Model\d3backupcode;
use Exception; use Exception;
use OxidEsales\Eshop\Application\Model\User;
use OxidEsales\Eshop\Core\DatabaseProvider; use OxidEsales\Eshop\Core\DatabaseProvider;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Model\ListModel; use OxidEsales\Eshop\Core\Model\ListModel;
@ -88,7 +89,7 @@ class d3backupcodelist extends ListModel
$query = "SELECT oxid FROM ".$this->getBaseObject()->getViewName(). $query = "SELECT oxid FROM ".$this->getBaseObject()->getViewName().
" WHERE ".$oDb->quoteIdentifier('backupcode')." = ".$oDb->quote($this->getBaseObject()->d3EncodeBC($totp))." AND ". " WHERE ".$oDb->quoteIdentifier('backupcode')." = ".$oDb->quote($this->getBaseObject()->d3EncodeBC($totp))." AND ".
$oDb->quoteIdentifier("oxuserid") ." = ".$oDb->quote($this->getUser()->getId()); $oDb->quoteIdentifier("oxuserid") ." = ".$oDb->quote($this->d3GetUser()->getId());
$sVerify = $oDb->getOne($query); $sVerify = $oDb->getOne($query);
@ -130,4 +131,16 @@ class d3backupcodelist extends ListModel
return (int) $oDb->getOne($query); return (int) $oDb->getOne($query);
} }
public function d3GetUser()
{
if ($this->getUser()) {
return $this->getUser();
}
$sUserId = Registry::getSession()->getVariable('d3totpCurrentUser');
$oUser = oxNew(User::class);
$oUser->load($sUserId);
return $oUser;
}
} }

1
src/Application/Model/d3totp.php
View File

@ -18,7 +18,6 @@ namespace D3\Totp\Application\Model;
use BaconQrCode\Renderer\Image\Svg; use BaconQrCode\Renderer\Image\Svg;
use BaconQrCode\Writer; use BaconQrCode\Writer;
use D3\ModCfg\Application\Model\d3database; use D3\ModCfg\Application\Model\d3database;
use D3\Totp\Application\Model\Exceptions\d3backupcodelist;
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException; use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
use Doctrine\DBAL\DBALException; use Doctrine\DBAL\DBALException;
use OTPHP\TOTP; use OTPHP\TOTP;

26
src/Application/translations/de/d3_totp_lang.php Normal file
View File

@ -0,0 +1,26 @@
<?php
/**
* This Software is the property of Data Development and is protected
* by copyright law - it is NOT Freeware.
*
* Any unauthorized use of this software without a valid license
* is a violation of the license agreement and will be prosecuted by
* civil and criminal law.
*
* http://www.shopmodule.com
*
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
* @link http://www.oxidmodule.com
*/
$sLangName = "Deutsch";
$aLang = array(
'charset' => 'UTF-8',
'TOTP_INPUT' => 'Authentisierungscode',
'TOTP_INPUT_HELP' => 'Das Einmalpasswort erhalten Sie von der Zweifaktorauthentisierung-App auf Ihrem Gerät.',
'TOTP_CANCEL_LOGIN' => 'Anmeldung abbrechen',
);

42
src/Application/views/tpl/d3totplogin.tpl Normal file
View File

@ -0,0 +1,42 @@
[{capture append="oxidBlock_content"}]
[{assign var="template_title" value=""}]
[{if $oView->previousClassIsOrderStep()}]
[{* ordering steps *}]
[{include file="page/checkout/inc/steps.tpl" active=2}]
[{/if}]
<form action="[{$oViewConf->getSelfActionLink()}]" method="post" name="login" id="login">
[{$oViewConf->getHiddenSid()}]
<input type="hidden" name="fnc" value="checkTotplogin">
<input type="hidden" name="cl" value="[{$oView->getPreviousClass()}]">
[{$navFormParams}]
[{if $Errors.default|@count}]
[{include file="inc_error.tpl" Errorlist=$Errors.default}]
[{/if}]
[{$oView->getBackupCodeCountMessage()}]
<label for="d3totp">[{oxmultilang ident="TOTP_INPUT"}]</label>
<input type="text" name="d3totp" id="d3totp" value="" size="49" autofocus autocomplete="off"><br>
[{oxmultilang ident="TOTP_INPUT_HELP"}]
[{* prevent cancel button (1st button) action when form is sent via Enter key *}]
<input type="submit" style="display:none !important;">
<input class="btn btn_cancel" value="[{oxmultilang ident="TOTP_CANCEL_LOGIN"}]" type="submit"
onclick="document.getElementById('login').fnc.value='d3CancelLogin'; document.getElementById('login').submit();"
>
<input type="submit">
</form>
[{oxstyle include=$oViewConf->getModuleUrl('d3totp', 'out/admin/src/css/d3totplogin.css')}]
[{oxstyle}]
[{insert name="oxid_tracker" title=$template_title}]
[{/capture}]
[{include file="layout/page.tpl"}]

14
src/IntelliSenseHelper.php
View File

@ -13,6 +13,20 @@
* @link http://www.oxidmodule.com * @link http://www.oxidmodule.com
*/ */
namespace D3\Totp\Modules\Application\Component
{
class d3_totp_UserComponent_parent extends \OxidEsales\Eshop\Application\Component\UserComponent { }
}
namespace D3\Totp\Modules\Application\Controller
{
class d3_totp_UserController_parent extends \OxidEsales\Eshop\Application\Controller\UserController { }
class d3_totp_PaymentController_parent extends \OxidEsales\Eshop\Application\Controller\PaymentController { }
class d3_totp_OrderController_parent extends \OxidEsales\Eshop\Application\Controller\OrderController { }
}
namespace D3\Totp\Modules\Application\Controller\Admin namespace D3\Totp\Modules\Application\Controller\Admin
{ {
class d3_totp_LoginController_parent extends \OxidEsales\Eshop\Application\Controller\Admin\LoginController { } class d3_totp_LoginController_parent extends \OxidEsales\Eshop\Application\Controller\Admin\LoginController { }

134
src/Modules/Application/Component/d3_totp_UserComponent.php Normal file
View File

@ -0,0 +1,134 @@
<?php
/**
* This Software is the property of Data Development and is protected
* by copyright law - it is NOT Freeware.
* Any unauthorized use of this software without a valid license
* is a violation of the license agreement and will be prosecuted by
* civil and criminal law.
* http://www.shopmodule.com
*
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
* @link http://www.oxidmodule.com
*/
namespace D3\Totp\Modules\Application\Component;
use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
use Doctrine\DBAL\DBALException;
use OxidEsales\Eshop\Application\Model\User;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Registry;
class d3_totp_UserComponent extends d3_totp_UserComponent_parent
{
/**
* @return string|void
* @throws DBALException
* @throws DatabaseConnectionException
*/
public function login_noredirect()
{
parent::login_noredirect();
$oUser = $this->getUser();
if ($oUser && $oUser->getId()) {
$totp = oxNew(d3totp::class);
$totp->loadByUserId($oUser->getId());
if ($totp->isActive()
&& false == Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME)
) {
Registry::getSession()->setVariable(
'd3totpCurrentClass',
$this->getParent()->getClassKey() != 'd3totplogin' ? $this->getParent()->getClassKey() : 'start');
Registry::getSession()->setVariable('d3totpCurrentUser', $oUser->getId());
Registry::getSession()->setVariable(
'd3totpNavFormParams',
$this->getParent()->getViewConfig()->getNavFormParams()
);
$oUser->logout();
return "d3totplogin";
}
}
}
/**
* @throws DBALException
* @throws DatabaseConnectionException
*/
public function checkTotplogin()
{
$sTotp = Registry::getRequest()->getRequestEscapedParameter('d3totp', true);
$sUserId = Registry::getSession()->getVariable('d3totpCurrentUser');
$oUser = oxNew(User::class);
$oUser->load($sUserId);
$totp = oxNew(d3totp::class);
$totp->loadByUserId($sUserId);
try {
if (false == $this->isNoTotpOrNoLogin($totp) && $this->hasValidTotp($sTotp, $totp)) {
$this->d3TotpRelogin($oUser, $sTotp);
$this->d3TotpClearSessionVariables();
return false;
}
} catch (d3totp_wrongOtpException $oEx) {
Registry::getUtilsView()->addErrorToDisplay($oEx);
}
return 'd3totplogin';
}
/**
* @param d3totp $totp
* @return bool
*/
public function isNoTotpOrNoLogin($totp)
{
return false == Registry::getSession()->getVariable("d3totpCurrentUser")
|| false == $totp->isActive();
}
/**
* @param string $sTotp
* @param d3totp $totp
* @return bool
* @throws DatabaseConnectionException
* @throws d3totp_wrongOtpException
*/
public function hasValidTotp($sTotp, $totp)
{
return Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME) ||
(
$sTotp && $totp->verify($sTotp)
);
}
/**
* @param User $oUser
* @param $sTotp
*/
public function d3TotpRelogin(User $oUser, $sTotp)
{
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, $sTotp);
Registry::getSession()->setVariable('usr', $oUser->getId());
$this->setUser(null);
$this->setLoginStatus(USER_LOGIN_SUCCESS);
$this->_afterLogin($oUser);
}
public function d3TotpClearSessionVariables()
{
Registry::getSession()->deleteVariable('d3totpCurrentClass');
Registry::getSession()->deleteVariable('d3totpCurrentUser');
Registry::getSession()->deleteVariable('d3totpNavFormParams');
}
}

2
src/Modules/Application/Controller/Admin/d3_totp_LoginController.php
View File

@ -16,7 +16,7 @@
namespace D3\Totp\Modules\Application\Controller\Admin; namespace D3\Totp\Modules\Application\Controller\Admin;
use D3\Totp\Application\Model\d3totp; use D3\Totp\Application\Model\d3totp;
use D3\Totp\Application\Model\Exceptions\d3backupcodelist; use D3\Totp\Application\Model\d3backupcodelist;
use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException; use D3\Totp\Application\Model\Exceptions\d3totp_wrongOtpException;
use Doctrine\DBAL\DBALException; use Doctrine\DBAL\DBALException;
use OxidEsales\Eshop\Application\Model\User; use OxidEsales\Eshop\Application\Model\User;

21
src/Modules/Application/Controller/d3_totp_OrderController.php Normal file
View File

@ -0,0 +1,21 @@
<?php
/**
* This Software is the property of Data Development and is protected
* by copyright law - it is NOT Freeware.
* Any unauthorized use of this software without a valid license
* is a violation of the license agreement and will be prosecuted by
* civil and criminal law.
* http://www.shopmodule.com
*
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
* @link http://www.oxidmodule.com
*/
namespace D3\Totp\Modules\Application\Controller;
class d3_totp_OrderController extends d3_totp_OrderController_parent
{
use d3_totp_getUserTrait;
}

21
src/Modules/Application/Controller/d3_totp_PaymentController.php Normal file
View File

@ -0,0 +1,21 @@
<?php
/**
* This Software is the property of Data Development and is protected
* by copyright law - it is NOT Freeware.
* Any unauthorized use of this software without a valid license
* is a violation of the license agreement and will be prosecuted by
* civil and criminal law.
* http://www.shopmodule.com
*
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
* @link http://www.oxidmodule.com
*/
namespace D3\Totp\Modules\Application\Controller;
class d3_totp_PaymentController extends d3_totp_PaymentController_parent
{
use d3_totp_getUserTrait;
}

25
src/Modules/Application/Controller/d3_totp_UserController.php Normal file
View File

@ -0,0 +1,25 @@
<?php
/**
* This Software is the property of Data Development and is protected
* by copyright law - it is NOT Freeware.
* Any unauthorized use of this software without a valid license
* is a violation of the license agreement and will be prosecuted by
* civil and criminal law.
* http://www.shopmodule.com
*
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
* @link http://www.oxidmodule.com
*/
namespace D3\Totp\Modules\Application\Controller;
use D3\Totp\Application\Model\d3backupcodelist;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Registry;
class d3_totp_UserController extends d3_totp_UserController_parent
{
use d3_totp_getUserTrait;
}

48
src/Modules/Application/Controller/d3_totp_getUserTrait.php Normal file
View File

@ -0,0 +1,48 @@
<?php
/**
* This Software is the property of Data Development and is protected
* by copyright law - it is NOT Freeware.
* Any unauthorized use of this software without a valid license
* is a violation of the license agreement and will be prosecuted by
* civil and criminal law.
* http://www.shopmodule.com
*
* @copyright (C) D3 Data Development (Inh. Thomas Dartsch)
* @author D3 Data Development - Daniel Seifert <support@shopmodule.com>
* @link http://www.oxidmodule.com
*/
namespace D3\Totp\Modules\Application\Controller;
use D3\Totp\Application\Model\d3totp;
use Doctrine\DBAL\DBALException;
use OxidEsales\Eshop\Application\Model\User;
use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException;
use OxidEsales\Eshop\Core\Registry;
trait d3_totp_getUserTrait
{
/**
* @return bool|object|User
* @throws DatabaseConnectionException
* @throws DBALException
*/
public function getUser()
{
$oUser = parent::getUser();
if ($oUser && $oUser->getId()) {
$totp = oxNew(d3totp::class);
$totp->loadByUserId($oUser->getId());
if ($totp->isActive()
&& false == Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME)
) {
return false;
}
}
return $oUser;
}
}

13
src/Modules/Application/Model/d3_totp_user.php
View File

@ -30,17 +30,4 @@ class d3_totp_user extends d3_totp_user_parent
return $return; return $return;
} }
/**
* @return d3totp
* @throws DatabaseConnectionException
* @throws DBALException
*/
public function d3getTotp()
{
$oTotp = oxNew(d3totp::class);
$oTotp->loadByUserId($this->getId());
return $oTotp;
}
} }

12
src/metadata.php
View File

@ -17,7 +17,11 @@
use D3\Totp\Setup as ModuleSetup; use D3\Totp\Setup as ModuleSetup;
use D3\ModCfg\Application\Model\d3utils; use D3\ModCfg\Application\Model\d3utils;
use OxidEsales\Eshop\Application\Component\UserComponent;
use OxidEsales\Eshop\Application\Controller\Admin\LoginController; use OxidEsales\Eshop\Application\Controller\Admin\LoginController;
use OxidEsales\Eshop\Application\Controller\OrderController;
use OxidEsales\Eshop\Application\Controller\PaymentController;
use OxidEsales\Eshop\Application\Controller\UserController;
use OxidEsales\Eshop\Core\Utils; use OxidEsales\Eshop\Core\Utils;
use OxidEsales\Eshop\Application\Model as OxidModel; use OxidEsales\Eshop\Application\Model as OxidModel;
@ -48,15 +52,21 @@ $aModule = [
'email' => 'support@shopmodule.com', 'email' => 'support@shopmodule.com',
'url' => 'http://www.oxidmodule.com/', 'url' => 'http://www.oxidmodule.com/',
'extend' => [ 'extend' => [
UserController::class => \D3\Totp\Modules\Application\Controller\d3_totp_UserController::class,
PaymentController::class => \D3\Totp\Modules\Application\Controller\d3_totp_PaymentController::class,
OrderController::class => \D3\Totp\Modules\Application\Controller\d3_totp_OrderController::class,
OxidModel\User::class => \D3\Totp\Modules\Application\Model\d3_totp_user::class, OxidModel\User::class => \D3\Totp\Modules\Application\Model\d3_totp_user::class,
LoginController::class => \D3\Totp\Modules\Application\Controller\Admin\d3_totp_LoginController::class, LoginController::class => \D3\Totp\Modules\Application\Controller\Admin\d3_totp_LoginController::class,
Utils::class => \D3\Totp\Modules\Core\d3_totp_utils::class, Utils::class => \D3\Totp\Modules\Core\d3_totp_utils::class,
UserComponent::class => \D3\Totp\Modules\Application\Component\d3_totp_UserComponent::class,
], ],
'controllers' => [ 'controllers' => [
'd3user_totp' => \D3\Totp\Application\Controller\Admin\d3user_totp::class 'd3user_totp' => \D3\Totp\Application\Controller\Admin\d3user_totp::class,
'd3totplogin' => \D3\Totp\Application\Controller\d3totplogin::class
], ],
'templates' => [ 'templates' => [
'd3user_totp.tpl' => 'd3/totp/Application/views/admin/tpl/d3user_totp.tpl', 'd3user_totp.tpl' => 'd3/totp/Application/views/admin/tpl/d3user_totp.tpl',
'd3totplogin.tpl' => 'd3/totp/Application/views/tpl/d3totplogin.tpl',
], ],
'events' => [ 'events' => [
'onActivate' => '\D3\Totp\Setup\Events::onActivate', 'onActivate' => '\D3\Totp\Setup\Events::onActivate',