Skip to content

Commit

Permalink
OTP Fehler korrigiert. User reload Data.
Browse files Browse the repository at this point in the history
  • Loading branch information
@dergel
dergel committed Nov 15, 2024
1 parent 9f89a0b commit c8b5106
Show file tree
Hide file tree
Showing 4 changed files with 69 additions and 53 deletions.
8 changes: 4 additions & 4 deletions plugins/auth/lib/otp/password.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,16 +22,16 @@ final class rex_ycom_otp_password
public function challenge(): void
{
$user = rex_ycom_auth::getUser();
$uri = str_replace('&', '&', (string) rex_ycom_otp_password_config::forCurrentUser()->provisioningUri);
$uri = str_replace('&', '&', (string) rex_ycom_otp_password_config::forCurrentUser()->getProvisioningUri());
$this->getMethod()->challenge($uri, $user);
}

/**
* @param string $otp
*/
public function verify($otp): bool
public function verify(string $otp): bool
{
$uri = str_replace('&', '&', (string) rex_ycom_otp_password_config::forCurrentUser()->provisioningUri);
$uri = str_replace('&', '&', (string) rex_ycom_otp_password_config::forCurrentUser()->getProvisioningUri());
$verified = $this->getMethod()->verify($uri, $otp);
return $verified;
}
Expand Down Expand Up @@ -81,7 +81,7 @@ public function setAuthOption(string $option): void
public function getMethod()
{
if (null === $this->method) {
$methodType = rex_ycom_otp_password_config::forCurrentUser()->method;
$methodType = rex_ycom_otp_password_config::forCurrentUser()->getMethod();

if ('totp' === $methodType) {
$this->method = new rex_ycom_otp_method_totp();
Expand Down
65 changes: 37 additions & 28 deletions plugins/auth/lib/otp/password_config.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,10 @@ public static function loadFromDb(rex_ycom_otp_method_interface $method, rex_yco

$json = (string) $userSql->getValue('otp_config');
$config = self::fromJson($json, $user);
$config->init($method);
$config->method = $method instanceof rex_ycom_otp_method_email ? 'email' : 'totp';
if (null === $config->getProvisioningUri()) {
$config->setProvisioningUri($method->getProvisioningUri($user));
}
return $config;
}

Expand All @@ -63,56 +66,62 @@ private static function fromJson(?string $json, rex_ycom_user $user): self
}
}

$method = new rex_ycom_otp_method_totp();

$default = new self($user);
$default->init(new rex_ycom_otp_method_totp());
$default->method = $method instanceof rex_ycom_otp_method_email ? 'email' : 'totp';
$default->provisioningUri = $method->getProvisioningUri($user);

return $default;
}

private function init(rex_ycom_otp_method_interface $method): void
public function isEnabled(): bool
{
$this->method = $method instanceof rex_ycom_otp_method_email ? 'email' : 'totp';
if (null === $this->provisioningUri) {
$this->provisioningUri = $method->getProvisioningUri($this->user);
}

$this->save();
return $this->enabled ? true : false;
}

public function enable(): void
public function enable(): self
{
$this->enabled = true;
return $this;
}

if (null === $this->provisioningUri) {
throw new Exception('Missing provisioning url');
}
if (null === $this->method) {
throw new Exception('Missing method');
}
public function disable(): self
{
$this->enabled = false;
$this->provisioningUri = null;
return $this;
}

$this->save();
public function updateMethod(rex_ycom_otp_method_interface $method): self
{
$this->method = $method instanceof rex_ycom_otp_method_email ? 'email' : 'totp';
$this->provisioningUri = $method->getProvisioningUri($this->user);
return $this;
}

public function isEnabled(): bool
public function getProvisioningUri()
{
return $this->enabled ? true : false;
return $this->provisioningUri;
}

public function disable(): void
public function setProvisioningUri($provisioningUri): self
{
$this->enabled = false;
$this->provisioningUri = null;
$this->save();
$this->provisioningUri = $provisioningUri;
return $this;
}

public function updateMethod(rex_ycom_otp_method_interface $method): void
public function getMethod()
{
$this->method = $method instanceof rex_ycom_otp_method_email ? 'email' : 'totp';
$this->provisioningUri = $method->getProvisioningUri($this->user);
$this->save();
return $this->method;
}

private function save(): void
public function save(): void
{
echo '<pre>';
debug_print_backtrace();
echo '</pre>';

$userSql = rex_sql::factory();
$userSql->setTable(rex::getTablePrefix() . 'ycom_user');
$userSql->setWhere(['id' => $this->user->getId()]);
Expand Down
2 changes: 1 addition & 1 deletion plugins/auth/lib/yform/value/ycom_auth_otp.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ public function enterObject(): void

public function getDescription(): string
{
return 'ycom_auth_otp -> Beispiel: ycom_auth_otp|setup oder ycom_auth_otp|verify';
return 'ycom_auth_otp -> Beispiel: ycom_auth_otp';
}

/**
Expand Down
47 changes: 27 additions & 20 deletions plugins/auth/ytemplates/bootstrap/value.ycom_auth_otp_setup.tpl.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,9 @@
if ('disable' == $func) {
$OTPInstance = rex_ycom_otp_password::getInstance();
$OTPMethod = $OTPInstance->getMethod();
$config = rex_ycom_otp_password_config::loadFromDb($OTPMethod, $user);
$config->disable();
rex_ycom_otp_password_config::loadFromDb($OTPMethod, $user)
->disable()
->save();
$func = '';

$this->params['warning'][$this->getId()] = $this->params['error_class'];
Expand All @@ -67,13 +68,6 @@
case 'email':
$defaultOption = 'email';
$otpMethod = new rex_ycom_otp_method_email();

if (null === $myOTP || 'resend' == rex_request('otp-func-email', 'string')) {
$this->params['warning'][$this->getId()] = $this->params['error_class'];
$this->params['warning_messages'][$this->getId()] = '{ ycom_otp_email_check }';
rex_ycom_otp_password::getInstance()->challenge();
}

break;
case 'totp':
default:
Expand All @@ -82,18 +76,32 @@
break;
}

// initial starten wenn beim user nicht vorhanden oder noch nicht enabled.
if (null === $myOTP) {
$passwordConfig = rex_ycom_otp_password_config::loadFromDb($otpMethod, $user);
$passwordConfig->updateMethod($otpMethod);
rex_ycom_otp_password_config::loadFromDb($otpMethod, $user)
->updateMethod($otpMethod)
->save();
$user->loadData(); // Refresh OTP with new DB Data
$this->params['warning'][$this->getId()] = $this->params['error_class'];
} else {
if ($otp->verify($myOTP)) {
$config = rex_ycom_otp_password_config::loadFromDb($otpMethod, $user);
$config->enable();
}

$user->resetOTPTries()->save();
rex_ycom_user_session::getInstance()->setOTPverified($user);
if ('email' === $func && (null === $myOTP || 'resend' == rex_request('otp-func-email', 'string'))) {
$this->params['warning'][$this->getId()] = $this->params['error_class'];
$this->params['warning_messages'][$this->getId()] = '{ ycom_otp_email_check }';
rex_ycom_otp_password::getInstance()->challenge();
}

// initial starten wenn beim user nicht vorhanden oder noch nicht enabled.
if (is_string($myOTP) && '' !== $myOTP) {
if ($otp->verify($myOTP)) {
rex_ycom_otp_password_config::loadFromDb($otpMethod, $user)
->enable()
->save();
$user->loadData();
$user
->resetOTPTries()
->save();
rex_ycom_user_session::getInstance()
->setOTPverified($user);
$article_jump_ok = (int) rex_plugin::get('ycom', 'auth')->getConfig('article_id_jump_ok');
rex_response::sendRedirect(rex_getUrl($article_jump_ok, rex_clang::getCurrentId()));
} else {
Expand All @@ -103,8 +111,7 @@
}

if ('totp' == $func) {
$config = rex_ycom_otp_password_config::loadFromDb($otpMethod, $user);
$uri = $config->provisioningUri;
$uri = rex_ycom_otp_password_config::loadFromDb($otpMethod, $user)->getProvisioningUri();

?>
<div class="row">
Expand Down

0 comments on commit c8b5106

Please sign in to comment.