[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /**
   4   * @package         Joomla.Plugin
   5   * @subpackage      System.Webauthn
   6   *
   7   * @copyright   (C) 2020 Open Source Matters, Inc. <https://www.joomla.org>
   8   * @license         GNU General Public License version 2 or later; see LICENSE.txt
   9   */
  10  
  11  namespace Joomla\Plugin\System\Webauthn\PluginTraits;
  12  
  13  use Exception;
  14  use Joomla\CMS\Application\CMSApplication;
  15  use Joomla\CMS\Event\AbstractEvent;
  16  use Joomla\CMS\Event\GenericEvent;
  17  use Joomla\CMS\Event\Plugin\System\Webauthn\Ajax;
  18  use Joomla\CMS\Event\Plugin\System\Webauthn\Ajax as PlgSystemWebauthnAjax;
  19  use Joomla\CMS\Event\Plugin\System\Webauthn\AjaxChallenge as PlgSystemWebauthnAjaxChallenge;
  20  use Joomla\CMS\Event\Plugin\System\Webauthn\AjaxCreate as PlgSystemWebauthnAjaxCreate;
  21  use Joomla\CMS\Event\Plugin\System\Webauthn\AjaxDelete as PlgSystemWebauthnAjaxDelete;
  22  use Joomla\CMS\Event\Plugin\System\Webauthn\AjaxInitCreate as PlgSystemWebauthnAjaxInitCreate;
  23  use Joomla\CMS\Event\Plugin\System\Webauthn\AjaxLogin as PlgSystemWebauthnAjaxLogin;
  24  use Joomla\CMS\Event\Plugin\System\Webauthn\AjaxSaveLabel as PlgSystemWebauthnAjaxSaveLabel;
  25  use Joomla\CMS\Event\Result\ResultAwareInterface;
  26  use Joomla\CMS\Language\Text;
  27  use Joomla\CMS\Log\Log;
  28  use Joomla\CMS\Uri\Uri;
  29  use Joomla\Event\Event;
  30  use RuntimeException;
  31  
  32  // phpcs:disable PSR1.Files.SideEffects
  33  \defined('_JEXEC') or die;
  34  // phpcs:enable PSR1.Files.SideEffects
  35  
  36  /**
  37   * Allows the plugin to handle AJAX requests in the backend of the site, where com_ajax is not
  38   * available when we are not logged in.
  39   *
  40   * @since   4.0.0
  41   */
  42  trait AjaxHandler
  43  {
  44      /**
  45       * Processes the callbacks from the passwordless login views.
  46       *
  47       * Note: this method is called from Joomla's com_ajax or, in the case of backend logins,
  48       * through the special onAfterInitialize handler we have created to work around com_ajax usage
  49       * limitations in the backend.
  50       *
  51       * @param   Event  $event  The event we are handling
  52       *
  53       * @return  void
  54       *
  55       * @throws  Exception
  56       * @since   4.0.0
  57       */
  58      public function onAjaxWebauthn(Ajax $event): void
  59      {
  60          $input = $this->getApplication()->input;
  61  
  62          // Get the return URL from the session
  63          $returnURL = $this->getApplication()->getSession()->get('plg_system_webauthn.returnUrl', Uri::base());
  64          $result    = null;
  65  
  66          try {
  67              Log::add("Received AJAX callback.", Log::DEBUG, 'webauthn.system');
  68  
  69              if (!($this->getApplication() instanceof CMSApplication)) {
  70                  Log::add("This is not a CMS application", Log::NOTICE, 'webauthn.system');
  71  
  72                  return;
  73              }
  74  
  75              $akaction = $input->getCmd('akaction');
  76  
  77              if (!$this->getApplication()->checkToken('request')) {
  78                  throw new RuntimeException(Text::_('JERROR_ALERTNOAUTHOR'));
  79              }
  80  
  81              // Empty action? No bueno.
  82              if (empty($akaction)) {
  83                  throw new RuntimeException(Text::_('PLG_SYSTEM_WEBAUTHN_ERR_AJAX_INVALIDACTION'));
  84              }
  85  
  86              // Call the plugin event onAjaxWebauthnSomething where Something is the akaction param.
  87              /** @var AbstractEvent|ResultAwareInterface $triggerEvent */
  88              $eventName    = 'onAjaxWebauthn' . ucfirst($akaction);
  89  
  90              switch ($eventName) {
  91                  case 'onAjaxWebauthn':
  92                      $eventClass = PlgSystemWebauthnAjax::class;
  93                      break;
  94  
  95                  case 'onAjaxWebauthnChallenge':
  96                      $eventClass = PlgSystemWebauthnAjaxChallenge::class;
  97                      break;
  98  
  99                  case 'onAjaxWebauthnCreate':
 100                      $eventClass = PlgSystemWebauthnAjaxCreate::class;
 101                      break;
 102  
 103                  case 'onAjaxWebauthnDelete':
 104                      $eventClass = PlgSystemWebauthnAjaxDelete::class;
 105                      break;
 106  
 107                  case 'onAjaxWebauthnInitcreate':
 108                      $eventClass = PlgSystemWebauthnAjaxInitCreate::class;
 109                      break;
 110  
 111                  case 'onAjaxWebauthnLogin':
 112                      $eventClass = PlgSystemWebauthnAjaxLogin::class;
 113                      break;
 114  
 115                  case 'onAjaxWebauthnSavelabel':
 116                      $eventClass = PlgSystemWebauthnAjaxSaveLabel::class;
 117                      break;
 118  
 119                  default:
 120                      $eventClass = GenericEvent::class;
 121                      break;
 122              }
 123  
 124              $triggerEvent = new $eventClass($eventName, []);
 125              $result       = $this->getApplication()->getDispatcher()->dispatch($eventName, $triggerEvent);
 126              $results      = ($result instanceof ResultAwareInterface) ? ($result['result'] ?? []) : [];
 127              $result       = array_reduce(
 128                  $results,
 129                  function ($carry, $result) {
 130                      return $carry ?? $result;
 131                  },
 132                  null
 133              );
 134          } catch (Exception $e) {
 135              Log::add("Callback failure, redirecting to $returnURL.", Log::DEBUG, 'webauthn.system');
 136              $this->getApplication()->getSession()->set('plg_system_webauthn.returnUrl', null);
 137              $this->getApplication()->enqueueMessage($e->getMessage(), 'error');
 138              $this->getApplication()->redirect($returnURL);
 139  
 140              return;
 141          }
 142  
 143          if (!\is_null($result)) {
 144              switch ($input->getCmd('encoding', 'json')) {
 145                  case 'raw':
 146                      Log::add("Callback complete, returning raw response.", Log::DEBUG, 'webauthn.system');
 147                      echo $result;
 148  
 149                      break;
 150  
 151                  case 'redirect':
 152                      $modifiers = '';
 153  
 154                      if (isset($result['message'])) {
 155                          $type = $result['type'] ?? 'info';
 156                          $this->getApplication()->enqueueMessage($result['message'], $type);
 157  
 158                          $modifiers = " and setting a system message of type $type";
 159                      }
 160  
 161                      if (isset($result['url'])) {
 162                          Log::add("Callback complete, performing redirection to {$result['url']}{$modifiers}.", Log::DEBUG, 'webauthn.system');
 163                          $this->getApplication()->redirect($result['url']);
 164                      }
 165  
 166                      Log::add("Callback complete, performing redirection to {$result}{$modifiers}.", Log::DEBUG, 'webauthn.system');
 167                      $this->getApplication()->redirect($result);
 168  
 169                      return;
 170  
 171                  default:
 172                      Log::add("Callback complete, returning JSON.", Log::DEBUG, 'webauthn.system');
 173                      echo json_encode($result);
 174  
 175                      break;
 176              }
 177  
 178              $this->getApplication()->close(200);
 179          }
 180  
 181          Log::add("Null response from AJAX callback, redirecting to $returnURL", Log::DEBUG, 'webauthn.system');
 182          $this->getApplication()->getSession()->set('plg_system_webauthn.returnUrl', null);
 183  
 184          $this->getApplication()->redirect($returnURL);
 185      }
 186  }