Merge pull request #57 from chihiro-adachi/fix-4.3

4.3でトークン検証が通らなかったので修正
EC-CUBE · Apr 8, 2024 · 995e370 · 995e370
2 parents 58956a6 + 215efad
commit 995e370
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 15 deletions.
diff --git a/Controller/CustomerPersonalValidationController.php b/Controller/CustomerPersonalValidationController.php
@@ -237,20 +237,11 @@ private function checkDeviceToken($Customer, $token): bool
     {
         $now = new \DateTime();
 
-        // フォームからのハッシュしたワンタイムパスワードとDBに保存しているワンタイムパスワードのハッシュは一致しているかどうか
-        if (version_compare(Constant::VERSION, '4.3', '>=') &&
-            !$this->customerTwoFactorAuthService->veriyOneTimeToken($Customer->getDeviceAuthOneTimeToken(), $token) ||
-            $Customer->getDeviceAuthOneTimeTokenExpire() < $now) {
-            return false;
-        } else {
-            if (
-                $Customer->getDeviceAuthOneTimeToken() !== $this->customerTwoFactorAuthService->hashOneTimeToken($token) ||
-                $Customer->getDeviceAuthOneTimeTokenExpire() < $now) {
-                return false;
-            }
-        }
+        $hashedToken = $Customer->getDeviceAuthOneTimeToken();
+        $expire = $Customer->getDeviceAuthOneTimeTokenExpire();
 
-        return true;
+        // トークン検証
+        return $this->customerTwoFactorAuthService->verifyOneTimeToken($hashedToken, $token) && $expire > $now;
     }
 
     /**

diff --git a/Service/CustomerTwoFactorAuthService.php b/Service/CustomerTwoFactorAuthService.php
@@ -428,9 +428,15 @@ public function hashOneTimeToken(string $token): string
         return $this->hashFactory->getPasswordHasher(Customer::class)->hash($token);
     }
 
-    public function veriyOneTimeToken(string $hashedToken, string $token): bool
+    public function verifyOneTimeToken(string $hashedToken, string $token): bool
     {
-        return $this->hashFactory->getPasswordHasher(Customer::class)->verify($hashedToken, $token);
+         if ($this->hashFactory->getPasswordHasher(Customer::class)->verify($hashedToken, $token)) {
+             return true;
+         } elseif ($hashedToken === $this->hashOneTimeToken($token)) {
+             return true;
+         } else {
+             return false;
+         }
     }
 
     /***