* @link http://www.oxidmodule.com */ namespace D3\Totp\Application\Model\Exceptions; use D3\Totp\Application\Controller\Admin\d3user_totp; use D3\Totp\Application\Model\d3backupcode; use Exception; use OxidEsales\Eshop\Core\DatabaseProvider; use OxidEsales\Eshop\Core\Exception\DatabaseConnectionException; use OxidEsales\Eshop\Core\Model\ListModel; use OxidEsales\Eshop\Core\Registry; class d3backupcodelist extends ListModel { protected $_sObjectsInListName = d3backupcode::class; /** * Core table name * * @var string */ protected $_sCoreTable = 'd3totp_backupcodes'; protected $_backupCodes = array(); /** * @param $sUserId * @throws DatabaseConnectionException */ public function generateBackupCodes($sUserId) { $this->deleteAllFromUser($sUserId); for ($i = 1; $i <= 10; $i++) { $oBackupCode = oxNew(d3backupcode::class); $this->_backupCodes[] = $oBackupCode->generateCode($sUserId); $this->offsetSet(md5(rand()), $oBackupCode); } /** @var d3user_totp $oActView */ $oActView = Registry::getConfig()->getActiveView(); $oActView->setBackupCodes($this->_backupCodes); } /** * @throws Exception */ public function save() { /** @var d3backupcode $oBackupCode */ foreach ($this->getArray() as $oBackupCode) { $oBackupCode->save(); } } /** * @return d3backupcode */ public function getBaseObject() { /** @var d3backupcode $object */ $object = parent::getBaseObject(); return $object; } /** * @param $totp * @return bool * @throws DatabaseConnectionException */ public function verify($totp) { $oDb = DatabaseProvider::getDb(); $query = "SELECT oxid FROM ".$this->getBaseObject()->getViewName(). " WHERE ".$oDb->quoteIdentifier('backupcode')." = ".$oDb->quote($this->getBaseObject()->d3EncodeBC($totp))." AND ". $oDb->quoteIdentifier("oxuserid") ." = ".$oDb->quote($this->getUser()->getId()); $sVerify = $oDb->getOne($query); $this->getBaseObject()->delete($sVerify); return (bool) $sVerify; } /** * @param $sUserId * @throws DatabaseConnectionException */ public function deleteAllFromUser($sUserId) { $oDb = DatabaseProvider::getDb(); $query = "SELECT OXID FROM ".$oDb->quoteIdentifier($this->getBaseObject()->getCoreTableName()). " WHERE ".$oDb->quoteIdentifier('oxuserid')." = ".$oDb->quote($sUserId); $this->selectString($query); /** @var d3backupcode $oBackupCode */ foreach ($this->getArray() as $oBackupCode) { $oBackupCode->delete(); } } }