[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /**
   4   * @package     Joomla.Plugin
   5   * @subpackage  System.Webauthn
   6   *
   7   * @copyright   (C) 2020 Open Source Matters, Inc. <https://www.joomla.org>
   8   * @license     GNU General Public License version 2 or later; see LICENSE.txt
   9   */
  10  
  11  namespace Joomla\Plugin\System\Webauthn\PluginTraits;
  12  
  13  use Exception;
  14  use Joomla\CMS\Event\Plugin\System\Webauthn\AjaxSaveLabel;
  15  use Joomla\CMS\User\User;
  16  
  17  // phpcs:disable PSR1.Files.SideEffects
  18  \defined('_JEXEC') or die;
  19  // phpcs:enable PSR1.Files.SideEffects
  20  
  21  /**
  22   * Ajax handler for akaction=savelabel
  23   *
  24   * Stores a new label for a security key
  25   *
  26   * @since   4.0.0
  27   */
  28  trait AjaxHandlerSaveLabel
  29  {
  30      /**
  31       * Handle the callback to rename an authenticator
  32       *
  33       * @param   AjaxSaveLabel  $event  The event we are handling
  34       *
  35       * @return  void
  36       *
  37       * @since   4.0.0
  38       */
  39      public function onAjaxWebauthnSavelabel(AjaxSaveLabel $event): void
  40      {
  41          // Initialize objects
  42          $input      = $this->getApplication()->input;
  43          $repository = $this->authenticationHelper->getCredentialsRepository();
  44  
  45          // Retrieve data from the request
  46          $credentialId = $input->getBase64('credential_id', '');
  47          $newLabel     = $input->getString('new_label', '');
  48  
  49          // Is this a valid credential?
  50          if (empty($credentialId)) {
  51              $event->addResult(false);
  52  
  53              return;
  54          }
  55  
  56          $credentialId = base64_decode($credentialId);
  57  
  58          if (empty($credentialId) || !$repository->has($credentialId)) {
  59              $event->addResult(false);
  60  
  61              return;
  62          }
  63  
  64          // Make sure I am editing my own key
  65          try {
  66              $credentialHandle = $repository->getUserHandleFor($credentialId);
  67              $user             = $this->getApplication()->getIdentity() ?? new User();
  68              $myHandle         = $repository->getHandleFromUserId($user->id);
  69          } catch (Exception $e) {
  70              $event->addResult(false);
  71  
  72              return;
  73          }
  74  
  75          if ($credentialHandle !== $myHandle) {
  76              $event->addResult(false);
  77  
  78              return;
  79          }
  80  
  81          // Make sure the new label is not empty
  82          if (empty($newLabel)) {
  83              $event->addResult(false);
  84  
  85              return;
  86          }
  87  
  88          // Save the new label
  89          try {
  90              $repository->setLabel($credentialId, $newLabel);
  91          } catch (Exception $e) {
  92              $event->addResult(false);
  93  
  94              return;
  95          }
  96  
  97          $event->addResult(true);
  98      }
  99  }