Tiqr /
tiqr-server-libphp
@@ -118,7 +118,7 @@ discard block |
||
| 118 | 118 | // INVALID_USERID: The client authenticated a different user than the server expected. This error is returned when |
| 119 | 119 | // the application stated an authentication session specifying the userId and later during the authentication |
| 120 | 120 | // provides a different userId |
| 121 | - const AUTH_RESULT_INVALID_USERID = 5; |
|
| 121 | + const AUTH_RESULT_INVALID_USERID = 5; |
|
| 122 | 122 | |
| 123 | 123 | /** |
| 124 | 124 | * The default OCRA Suite (RFC 6287) to use for authentication in Tiqr |
@@ -247,7 +247,7 @@ discard block |
||
| 247 | 247 | * @param int $version The tiqr protocol version to use (defaults to the latest) |
| 248 | 248 | * @throws Exception |
| 249 | 249 | */ |
| 250 | - public function __construct(LoggerInterface $logger, array $options=array(), int $version = 2) |
|
| 250 | + public function __construct(LoggerInterface $logger, array $options = array(), int $version = 2) |
|
| 251 | 251 | { |
| 252 | 252 | $this->_options = $options; // Used to later get settings for Tiqr_Message_* |
| 253 | 253 | $this->logger = $logger; |
@@ -350,7 +350,7 @@ discard block |
||
| 350 | 350 | case 'APNS': |
| 351 | 351 | case 'APNS_DIRECT': |
| 352 | 352 | $apns_version = $this->_options['apns.version'] ?? 1; |
| 353 | - if ($apns_version ==2 ) |
|
| 353 | + if ($apns_version == 2) |
|
| 354 | 354 | $message = new Tiqr_Message_APNS2($this->_options, $this->logger); |
| 355 | 355 | else |
| 356 | 356 | $message = new Tiqr_Message_APNS($this->_options, $this->logger); |
@@ -368,7 +368,7 @@ discard block |
||
| 368 | 368 | |
| 369 | 369 | $this->logger->info(sprintf('Creating and sending a %s push notification', $notificationType)); |
| 370 | 370 | $message->setId(time()); |
| 371 | - $message->setText("Please authenticate for " . $this->_name); |
|
| 371 | + $message->setText("Please authenticate for ".$this->_name); |
|
| 372 | 372 | $message->setAddress($notificationAddress); |
| 373 | 373 | $message->setCustomProperty('challenge', $this->_getChallengeUrl($sessionKey)); |
| 374 | 374 | $message->send(); |
@@ -414,13 +414,13 @@ discard block |
||
| 414 | 414 | * @return string The authentication sessionKey |
| 415 | 415 | * @throws Exception when starting the authentication session failed |
| 416 | 416 | */ |
| 417 | - public function startAuthenticationSession(string $userId="", string $sessionId="", string $spIdentifier=""): string |
|
| 417 | + public function startAuthenticationSession(string $userId = "", string $sessionId = "", string $spIdentifier = ""): string |
|
| 418 | 418 | { |
| 419 | - if ($sessionId=="") { |
|
| 419 | + if ($sessionId == "") { |
|
| 420 | 420 | $sessionId = session_id(); |
| 421 | 421 | } |
| 422 | 422 | |
| 423 | - if ($spIdentifier=="") { |
|
| 423 | + if ($spIdentifier == "") { |
|
| 424 | 424 | $spIdentifier = $this->_identifier; |
| 425 | 425 | } |
| 426 | 426 | |
@@ -429,7 +429,7 @@ discard block |
||
| 429 | 429 | |
| 430 | 430 | $data = array("sessionId"=>$sessionId, "challenge"=>$challenge, "spIdentifier" => $spIdentifier); |
| 431 | 431 | |
| 432 | - if ($userId!="") { |
|
| 432 | + if ($userId != "") { |
|
| 433 | 433 | $data["userId"] = $userId; |
| 434 | 434 | } |
| 435 | 435 | |
@@ -453,9 +453,9 @@ discard block |
||
| 453 | 453 | * @return String The enrollment key |
| 454 | 454 | * @throws Exception when start the enrollement session failed |
| 455 | 455 | */ |
| 456 | - public function startEnrollmentSession(string $userId, string $displayName, string $sessionId=""): string |
|
| 456 | + public function startEnrollmentSession(string $userId, string $displayName, string $sessionId = ""): string |
|
| 457 | 457 | { |
| 458 | - if ($sessionId=="") { |
|
| 458 | + if ($sessionId == "") { |
|
| 459 | 459 | $sessionId = session_id(); |
| 460 | 460 | } |
| 461 | 461 | $enrollmentKey = $this->_uniqueSessionKey(); |
@@ -475,9 +475,9 @@ discard block |
||
| 475 | 475 | * @param string $sessionId The application's session identifier (defaults to php session) |
| 476 | 476 | * @throws Exception when resetting the session failed |
| 477 | 477 | */ |
| 478 | - public function resetEnrollmentSession(string $sessionId=""): void |
|
| 478 | + public function resetEnrollmentSession(string $sessionId = ""): void |
|
| 479 | 479 | { |
| 480 | - if ($sessionId=="") { |
|
| 480 | + if ($sessionId == "") { |
|
| 481 | 481 | $sessionId = session_id(); |
| 482 | 482 | } |
| 483 | 483 | |
@@ -512,9 +512,9 @@ discard block |
||
| 512 | 512 | * |
| 513 | 513 | * @throws Exception when an error communicating with the state storage backend was detected |
| 514 | 514 | */ |
| 515 | - public function getEnrollmentStatus(string $sessionId=""): int |
|
| 515 | + public function getEnrollmentStatus(string $sessionId = ""): int |
|
| 516 | 516 | { |
| 517 | - if ($sessionId=="") { |
|
| 517 | + if ($sessionId == "") { |
|
| 518 | 518 | $sessionId = session_id(); |
| 519 | 519 | } |
| 520 | 520 | $status = $this->_getStateValue(self::PREFIX_ENROLLMENT_STATUS, $sessionId); |
@@ -667,7 +667,7 @@ discard block |
||
| 667 | 667 | if (NULL === $data) { |
| 668 | 668 | throw new RuntimeException('Enrollment secret not found'); |
| 669 | 669 | } |
| 670 | - if ( !is_array($data) || !is_string($data["userId"] ?? NULL)) { |
|
| 670 | + if (!is_array($data) || !is_string($data["userId"] ?? NULL)) { |
|
| 671 | 671 | throw new RuntimeException('Invalid enrollment data'); |
| 672 | 672 | } |
| 673 | 673 | |
@@ -707,7 +707,7 @@ discard block |
||
| 707 | 707 | $this->_setEnrollmentStatus($data["sessionId"], self::ENROLLMENT_STATUS_FINALIZED); |
| 708 | 708 | } else { |
| 709 | 709 | $this->logger->error( |
| 710 | - 'Enrollment status is not finalized, enrollmentsecret was not found in state storage. ' . |
|
| 710 | + 'Enrollment status is not finalized, enrollmentsecret was not found in state storage. '. |
|
| 711 | 711 | 'Warning! the method will still return "true" as a result.' |
| 712 | 712 | ); |
| 713 | 713 | } |
@@ -765,9 +765,9 @@ discard block |
||
| 765 | 765 | throw $e; |
| 766 | 766 | } |
| 767 | 767 | |
| 768 | - $sessionId = $state["sessionId"] ?? NULL; // Application's sessionId |
|
| 769 | - $challenge = $state["challenge"] ?? NULL; // The challenge we sent to the Tiqr client |
|
| 770 | - if (!is_string($sessionId) || (!is_string($challenge)) ) { |
|
| 768 | + $sessionId = $state["sessionId"] ?? NULL; // Application's sessionId |
|
| 769 | + $challenge = $state["challenge"] ?? NULL; // The challenge we sent to the Tiqr client |
|
| 770 | + if (!is_string($sessionId) || (!is_string($challenge))) { |
|
| 771 | 771 | throw new RuntimeException('Invalid state for state storage'); |
| 772 | 772 | } |
| 773 | 773 | |
@@ -776,7 +776,7 @@ discard block |
||
| 776 | 776 | $challengeUserId = $state["userId"] ?? NULL; |
| 777 | 777 | |
| 778 | 778 | // If the application requested a specific userId, verify that that is that userId that we're now authenticating |
| 779 | - if ($challengeUserId!==NULL && ($userId !== $challengeUserId)) { |
|
| 779 | + if ($challengeUserId !== NULL && ($userId !== $challengeUserId)) { |
|
| 780 | 780 | $this->logger->error( |
| 781 | 781 | sprintf('Authentication failed: the requested userId "%s" does not match userId "%s" that is being authenticated', |
| 782 | 782 | $challengeUserId, $userId) |
@@ -824,9 +824,9 @@ discard block |
||
| 824 | 824 | * |
| 825 | 825 | * @throws Exception when there was an error communicating with the storage backed |
| 826 | 826 | */ |
| 827 | - public function logout(string $sessionId=""): void |
|
| 827 | + public function logout(string $sessionId = ""): void |
|
| 828 | 828 | { |
| 829 | - if ($sessionId=="") { |
|
| 829 | + if ($sessionId == "") { |
|
| 830 | 830 | $sessionId = session_id(); |
| 831 | 831 | } |
| 832 | 832 | |
@@ -866,9 +866,9 @@ discard block |
||
| 866 | 866 | * |
| 867 | 867 | * Does not throw |
| 868 | 868 | */ |
| 869 | - public function getAuthenticatedUser(string $sessionId=""): ?string |
|
| 869 | + public function getAuthenticatedUser(string $sessionId = ""): ?string |
|
| 870 | 870 | { |
| 871 | - if ($sessionId=="") { |
|
| 871 | + if ($sessionId == "") { |
|
| 872 | 872 | $this->logger->debug('Using the PHP session id, as no session id was provided'); |
| 873 | 873 | $sessionId = session_id(); |
| 874 | 874 | } |
@@ -912,22 +912,22 @@ discard block |
||
| 912 | 912 | $challenge = $state["challenge"] ?? ''; |
| 913 | 913 | $spIdentifier = $state["spIdentifier"] ?? ''; |
| 914 | 914 | |
| 915 | - if ( (strpos($this->_protocolAuth, 'https://') === 0) || (strpos($this->_protocolAuth, 'http://') === 0) ) { |
|
| 915 | + if ((strpos($this->_protocolAuth, 'https://') === 0) || (strpos($this->_protocolAuth, 'http://') === 0)) { |
|
| 916 | 916 | // Create universal Link |
| 917 | - $parameters=array(); |
|
| 917 | + $parameters = array(); |
|
| 918 | 918 | if (!is_null($userId)) { |
| 919 | - $parameters[]='u='.urlencode($userId); |
|
| 919 | + $parameters[] = 'u='.urlencode($userId); |
|
| 920 | 920 | } |
| 921 | - $parameters[]='s='.urlencode($sessionKey); |
|
| 922 | - $parameters[]='q='.urlencode($challenge); |
|
| 923 | - $parameters[]='i='.urlencode($this->getIdentifier()); |
|
| 924 | - $parameters[]='v='.urlencode($this->_protocolVersion); |
|
| 921 | + $parameters[] = 's='.urlencode($sessionKey); |
|
| 922 | + $parameters[] = 'q='.urlencode($challenge); |
|
| 923 | + $parameters[] = 'i='.urlencode($this->getIdentifier()); |
|
| 924 | + $parameters[] = 'v='.urlencode($this->_protocolVersion); |
|
| 925 | 925 | return $this->_protocolAuth.'?'.implode('&', $parameters); |
| 926 | 926 | } |
| 927 | 927 | |
| 928 | 928 | // Create custom URL scheme |
| 929 | 929 | // Last bit is the spIdentifier |
| 930 | - return $this->_protocolAuth."://".(!is_null($userId)?urlencode($userId).'@':'').$this->getIdentifier()."/".$sessionKey."/".$challenge."/".urlencode($spIdentifier)."/".$this->_protocolVersion; |
|
| 930 | + return $this->_protocolAuth."://".(!is_null($userId) ?urlencode($userId).'@' : '').$this->getIdentifier()."/".$sessionKey."/".$challenge."/".urlencode($spIdentifier)."/".$this->_protocolVersion; |
|
| 931 | 931 | } |
| 932 | 932 | |
| 933 | 933 | /** |
@@ -938,7 +938,7 @@ discard block |
||
| 938 | 938 | { |
| 939 | 939 | // The are two formats see: https://tiqr.org/technical/protocol/ |
| 940 | 940 | |
| 941 | - if ( (strpos($this->_protocolEnroll, 'https://') === 0) || (strpos($this->_protocolEnroll, 'http://') === 0) ) { |
|
| 941 | + if ((strpos($this->_protocolEnroll, 'https://') === 0) || (strpos($this->_protocolEnroll, 'http://') === 0)) { |
|
| 942 | 942 | // Create universal Link |
| 943 | 943 | return $this->_protocolEnroll.'?metadata='.urlencode($metadataUrl); |
| 944 | 944 | } |
@@ -957,7 +957,7 @@ discard block |
||
| 957 | 957 | protected function _uniqueSessionKey(): string |
| 958 | 958 | { |
| 959 | 959 | |
| 960 | - return bin2hex( Tiqr_Random::randomBytes(self::SESSION_KEY_LENGTH_BYTES) ); |
|
| 960 | + return bin2hex(Tiqr_Random::randomBytes(self::SESSION_KEY_LENGTH_BYTES)); |
|
| 961 | 961 | } |
| 962 | 962 | |
| 963 | 963 | /** |
@@ -988,7 +988,7 @@ discard block |
||
| 988 | 988 | */ |
| 989 | 989 | protected function _setStateValue(string $key_prefix, string $key, $value, int $expire): void { |
| 990 | 990 | $this->_stateStorage->setValue( |
| 991 | - $key_prefix . $this->_hashKey($key), |
|
| 991 | + $key_prefix.$this->_hashKey($key), |
|
| 992 | 992 | $value, |
| 993 | 993 | $expire |
| 994 | 994 | ); |
@@ -1005,7 +1005,7 @@ discard block |
||
| 1005 | 1005 | |
| 1006 | 1006 | protected function _getStateValue(string $key_prefix, string $key) { |
| 1007 | 1007 | return $this->_stateStorage->getValue( |
| 1008 | - $key_prefix . $this->_hashKey($key) |
|
| 1008 | + $key_prefix.$this->_hashKey($key) |
|
| 1009 | 1009 | ); |
| 1010 | 1010 | } |
| 1011 | 1011 | |
@@ -1019,7 +1019,7 @@ discard block |
||
| 1019 | 1019 | */ |
| 1020 | 1020 | protected function _unsetStateValue(string $key_prefix, string $key): void { |
| 1021 | 1021 | $this->_stateStorage->unsetValue( |
| 1022 | - $key_prefix . $this->_hashKey($key) |
|
| 1022 | + $key_prefix.$this->_hashKey($key) |
|
| 1023 | 1023 | ); |
| 1024 | 1024 | } |
| 1025 | 1025 | |
@@ -290,8 +290,7 @@ discard block |
||
| 290 | 290 | if (isset($options['ocraservice']) && $options['ocraservice']['type'] != 'tiqr') { |
| 291 | 291 | $options['ocraservice']['ocra.suite'] = $this->_ocraSuite; |
| 292 | 292 | $this->_ocraService = Tiqr_OcraService::getOcraService($options['ocraservice']['type'], $options['ocraservice'], $logger); |
| 293 | - } |
|
| 294 | - else { // Create default ocraservice |
|
| 293 | + } else { // Create default ocraservice |
|
| 295 | 294 | $this->_ocraService = Tiqr_OcraService::getOcraService('tiqr', array('ocra.suite' => $this->_ocraSuite), $logger); |
| 296 | 295 | } |
| 297 | 296 | } |
@@ -350,10 +349,11 @@ discard block |
||
| 350 | 349 | case 'APNS': |
| 351 | 350 | case 'APNS_DIRECT': |
| 352 | 351 | $apns_version = $this->_options['apns.version'] ?? 1; |
| 353 | - if ($apns_version ==2 ) |
|
| 354 | - $message = new Tiqr_Message_APNS2($this->_options, $this->logger); |
|
| 355 | - else |
|
| 356 | - $message = new Tiqr_Message_APNS($this->_options, $this->logger); |
|
| 352 | + if ($apns_version ==2 ) { |
|
| 353 | + $message = new Tiqr_Message_APNS2($this->_options, $this->logger); |
|
| 354 | + } else { |
|
| 355 | + $message = new Tiqr_Message_APNS($this->_options, $this->logger); |
|
| 356 | + } |
|
| 357 | 357 | break; |
| 358 | 358 | |
| 359 | 359 | case 'GCM': |
@@ -518,7 +518,9 @@ discard block |
||
| 518 | 518 | $sessionId = session_id(); |
| 519 | 519 | } |
| 520 | 520 | $status = $this->_getStateValue(self::PREFIX_ENROLLMENT_STATUS, $sessionId); |
| 521 | - if (is_null($status)) return self::ENROLLMENT_STATUS_IDLE; |
|
| 521 | + if (is_null($status)) { |
|
| 522 | + return self::ENROLLMENT_STATUS_IDLE; |
|
| 523 | + } |
|
| 522 | 524 | return $status; |
| 523 | 525 | } |
| 524 | 526 | |
@@ -875,8 +877,7 @@ discard block |
||
| 875 | 877 | |
| 876 | 878 | try { |
| 877 | 879 | return $this->_getStateValue("authenticated_", $sessionId); |
| 878 | - } |
|
| 879 | - catch (Exception $e) { |
|
| 880 | + } catch (Exception $e) { |
|
| 880 | 881 | $this->logger->error('getAuthenticatedUser failed', array('exception'=>$e)); |
| 881 | 882 | return NULL; |
| 882 | 883 | } |
@@ -26,7 +26,7 @@ discard block |
||
| 26 | 26 | |
| 27 | 27 | // Get the UID from the client certificate we use for authentication, this |
| 28 | 28 | // is set to the bundle ID. |
| 29 | - $options=$this->getOptions(); |
|
| 29 | + $options = $this->getOptions(); |
|
| 30 | 30 | $cert_filename = $options['apns.certificate']; |
| 31 | 31 | $cert_file_contents = file_get_contents($cert_filename); |
| 32 | 32 | if (false === $cert_file_contents) { |
@@ -35,7 +35,7 @@ discard block |
||
| 35 | 35 | ); |
| 36 | 36 | } |
| 37 | 37 | |
| 38 | - $cert=openssl_x509_parse( $cert_file_contents ); |
|
| 38 | + $cert = openssl_x509_parse($cert_file_contents); |
|
| 39 | 39 | if (false === $cert) { |
| 40 | 40 | throw new RuntimeException('Error parsing APNS client certificate'); |
| 41 | 41 | } |
@@ -60,42 +60,42 @@ discard block |
||
| 60 | 60 | $authProvider = AuthProvider\Certificate::create($authProviderOptions); |
| 61 | 61 | |
| 62 | 62 | // Create the push message |
| 63 | - $alert=Alert::create(); |
|
| 63 | + $alert = Alert::create(); |
|
| 64 | 64 | $alert->setBody($this->getText()); |
| 65 | 65 | // Note: It is possible to specify a title and a subtitle: $alert->setTitle() && $alert->setSubtitle() |
| 66 | 66 | // The tiqr service currently does not implement this. |
| 67 | - $payload=Payload::create()->setAlert($alert); |
|
| 67 | + $payload = Payload::create()->setAlert($alert); |
|
| 68 | 68 | $payload->setSound('default'); |
| 69 | 69 | foreach ($this->getCustomProperties() as $name => $value) { |
| 70 | 70 | $payload->setCustomValue($name, $value); |
| 71 | 71 | } |
| 72 | 72 | $this->logger->debug(sprintf('JSON Payload: %s', $payload->toJson())); |
| 73 | - $notification=new Notification($payload, $this->getAddress()); |
|
| 73 | + $notification = new Notification($payload, $this->getAddress()); |
|
| 74 | 74 | // Set expiration to 30 seconds from now, same as Message_APNS |
| 75 | 75 | $now = new DateTimeImmutable(); |
| 76 | - $expirationInstant=$now->add(new DateInterval('PT30S')); |
|
| 76 | + $expirationInstant = $now->add(new DateInterval('PT30S')); |
|
| 77 | 77 | $notification->setExpirationAt($expirationInstant); |
| 78 | 78 | |
| 79 | 79 | // Send the push message |
| 80 | 80 | $client = new Client($authProvider, $options['apns.environment'] == 'production'); |
| 81 | 81 | $client->addNotification($notification); |
| 82 | - $responses=$client->push(); |
|
| 83 | - if ( sizeof($responses) != 1) { |
|
| 84 | - $this->logger->warning(sprintf('Unexpected number responses. Expected 1, got %d', sizeof($responses)) ); |
|
| 82 | + $responses = $client->push(); |
|
| 83 | + if (sizeof($responses) != 1) { |
|
| 84 | + $this->logger->warning(sprintf('Unexpected number responses. Expected 1, got %d', sizeof($responses))); |
|
| 85 | 85 | if (sizeof($responses) == 0) { |
| 86 | 86 | $this->logger->warning('Could not determine whether the notification was sent'); |
| 87 | 87 | return; |
| 88 | 88 | } |
| 89 | 89 | } |
| 90 | 90 | /** @var \Pushok\Response $response */ |
| 91 | - $response = reset($responses); // Get first response from the array |
|
| 92 | - $deviceToken=$response->getDeviceToken() ?? ''; |
|
| 91 | + $response = reset($responses); // Get first response from the array |
|
| 92 | + $deviceToken = $response->getDeviceToken() ?? ''; |
|
| 93 | 93 | // A canonical UUID that is the unique ID for the notification. E.g. 123e4567-e89b-12d3-a456-4266554400a0 |
| 94 | - $apnsId=$response->getApnsId() ?? ''; |
|
| 94 | + $apnsId = $response->getApnsId() ?? ''; |
|
| 95 | 95 | // Status code. E.g. 200 (Success), 410 (The device token is no longer active for the topic.) |
| 96 | - $statusCode=$response->getStatusCode(); |
|
| 96 | + $statusCode = $response->getStatusCode(); |
|
| 97 | 97 | $this->logger->info(sprintf('Got response with ApnsId "%s", status %s for deviceToken "%s"', $apnsId, $statusCode, $deviceToken)); |
| 98 | - if ( strcasecmp($deviceToken, $this->getAddress()) ) { |
|
| 98 | + if (strcasecmp($deviceToken, $this->getAddress())) { |
|
| 99 | 99 | $this->logger->warning(sprintf('Unexpected deviceToken in response. Expected: "%s"; got: "%s"', $this->getAddress(), $deviceToken)); |
| 100 | 100 | } |
| 101 | 101 | if ($statusCode == 200) { |
@@ -103,9 +103,9 @@ discard block |
||
| 103 | 103 | return; |
| 104 | 104 | } |
| 105 | 105 | |
| 106 | - $reasonPhrase=$response->getReasonPhrase(); // E.g. The device token is no longer active for the topic. |
|
| 107 | - $errorReason=$response->getErrorReason(); // E.g. Unregistered |
|
| 108 | - $errorDescription=$response->getErrorDescription(); // E.g. The device token is inactive for the specified topic. |
|
| 106 | + $reasonPhrase = $response->getReasonPhrase(); // E.g. The device token is no longer active for the topic. |
|
| 107 | + $errorReason = $response->getErrorReason(); // E.g. Unregistered |
|
| 108 | + $errorDescription = $response->getErrorDescription(); // E.g. The device token is inactive for the specified topic. |
|
| 109 | 109 | |
| 110 | 110 | $this->logger->error(sprintf('Error sending APNS2 push notification. APNS ID: "%s"; deviceToken: "%s"; Error: "%s" "%s" "%s"', $apnsId, $deviceToken, $reasonPhrase, $errorReason, $errorDescription)); |
| 111 | 111 | throw new RuntimeException( |
