[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /**
   4   * @package     Joomla.Plugin
   5   * @subpackage  System.Webauthn
   6   *
   7   * @copyright   (C) 2020 Open Source Matters, Inc. <https://www.joomla.org>
   8   * @license     GNU General Public License version 2 or later; see LICENSE.txt
   9   */
  10  
  11  namespace Joomla\Plugin\System\Webauthn\PluginTraits;
  12  
  13  use Exception;
  14  use Joomla\CMS\Event\Plugin\System\Webauthn\AjaxDelete;
  15  use Joomla\CMS\User\User;
  16  use Joomla\Event\Event;
  17  
  18  // phpcs:disable PSR1.Files.SideEffects
  19  \defined('_JEXEC') or die;
  20  // phpcs:enable PSR1.Files.SideEffects
  21  
  22  /**
  23   * Ajax handler for akaction=savelabel
  24   *
  25   * Deletes a security key
  26   *
  27   * @since  4.0.0
  28   */
  29  trait AjaxHandlerDelete
  30  {
  31      /**
  32       * Handle the callback to remove an authenticator
  33       *
  34       * @param   AjaxDelete  $event  The event we are handling
  35       *
  36       * @return  void
  37       * @since   4.0.0
  38       */
  39      public function onAjaxWebauthnDelete(AjaxDelete $event): void
  40      {
  41          // Initialize objects
  42          $input      = $this->getApplication()->input;
  43          $repository = $this->authenticationHelper->getCredentialsRepository();
  44  
  45          // Retrieve data from the request
  46          $credentialId = $input->getBase64('credential_id', '');
  47  
  48          // Is this a valid credential?
  49          if (empty($credentialId)) {
  50              $event->addResult(false);
  51  
  52              return;
  53          }
  54  
  55          $credentialId = base64_decode($credentialId);
  56  
  57          if (empty($credentialId) || !$repository->has($credentialId)) {
  58              $event->addResult(false);
  59  
  60              return;
  61          }
  62  
  63          // Make sure I am editing my own key
  64          try {
  65              $user             = $this->getApplication()->getIdentity() ?? new User();
  66              $credentialHandle = $repository->getUserHandleFor($credentialId);
  67              $myHandle         = $repository->getHandleFromUserId($user->id);
  68          } catch (Exception $e) {
  69              $event->addResult(false);
  70  
  71              return;
  72          }
  73  
  74          if ($credentialHandle !== $myHandle) {
  75              $event->addResult(false);
  76  
  77              return;
  78          }
  79  
  80          // Delete the record
  81          try {
  82              $repository->remove($credentialId);
  83          } catch (Exception $e) {
  84              $event->addResult(false);
  85  
  86              return;
  87          }
  88  
  89          $event->addResult(true);
  90      }
  91  }