Tiqr /
tiqr-server-libphp
@@ -118,7 +118,7 @@ discard block |
||
| 118 | 118 | // INVALID_USERID: The client authenticated a different user than the server expected. This error is returned when |
| 119 | 119 | // the application stated an authentication session specifying the userId and later during the authentication |
| 120 | 120 | // provides a different userId |
| 121 | - const AUTH_RESULT_INVALID_USERID = 5; |
|
| 121 | + const AUTH_RESULT_INVALID_USERID = 5; |
|
| 122 | 122 | |
| 123 | 123 | /** |
| 124 | 124 | * The default OCRA Suite (RFC 6287) to use for authentication in Tiqr |
@@ -244,7 +244,7 @@ discard block |
||
| 244 | 244 | * @param int $version The tiqr protocol version to use (defaults to the latest) |
| 245 | 245 | * @throws Exception |
| 246 | 246 | */ |
| 247 | - public function __construct(LoggerInterface $logger, array $options=array(), int $version = 2) |
|
| 247 | + public function __construct(LoggerInterface $logger, array $options = array(), int $version = 2) |
|
| 248 | 248 | { |
| 249 | 249 | $this->_options = $options; // Used to later get settings for Tiqr_Message_* |
| 250 | 250 | $this->logger = $logger; |
@@ -361,7 +361,7 @@ discard block |
||
| 361 | 361 | |
| 362 | 362 | $this->logger->info(sprintf('Creating and sending a %s push notification', $notificationType)); |
| 363 | 363 | $message->setId(time()); |
| 364 | - $message->setText("Please authenticate for " . $this->_name); |
|
| 364 | + $message->setText("Please authenticate for ".$this->_name); |
|
| 365 | 365 | $message->setAddress($notificationAddress); |
| 366 | 366 | $message->setCustomProperty('challenge', $this->_getChallengeUrl($sessionKey)); |
| 367 | 367 | $message->send(); |
@@ -407,13 +407,13 @@ discard block |
||
| 407 | 407 | * @return string The authentication sessionKey |
| 408 | 408 | * @throws Exception when starting the authentication session failed |
| 409 | 409 | */ |
| 410 | - public function startAuthenticationSession(string $userId="", string $sessionId="", string $spIdentifier=""): string |
|
| 410 | + public function startAuthenticationSession(string $userId = "", string $sessionId = "", string $spIdentifier = ""): string |
|
| 411 | 411 | { |
| 412 | - if ($sessionId=="") { |
|
| 412 | + if ($sessionId == "") { |
|
| 413 | 413 | $sessionId = session_id(); |
| 414 | 414 | } |
| 415 | 415 | |
| 416 | - if ($spIdentifier=="") { |
|
| 416 | + if ($spIdentifier == "") { |
|
| 417 | 417 | $spIdentifier = $this->_identifier; |
| 418 | 418 | } |
| 419 | 419 | |
@@ -422,7 +422,7 @@ discard block |
||
| 422 | 422 | |
| 423 | 423 | $data = array("sessionId"=>$sessionId, "challenge"=>$challenge, "spIdentifier" => $spIdentifier); |
| 424 | 424 | |
| 425 | - if ($userId!="") { |
|
| 425 | + if ($userId != "") { |
|
| 426 | 426 | $data["userId"] = $userId; |
| 427 | 427 | } |
| 428 | 428 | |
@@ -446,9 +446,9 @@ discard block |
||
| 446 | 446 | * @return String The enrollment key |
| 447 | 447 | * @throws Exception when start the enrollement session failed |
| 448 | 448 | */ |
| 449 | - public function startEnrollmentSession(string $userId, string $displayName, string $sessionId=""): string |
|
| 449 | + public function startEnrollmentSession(string $userId, string $displayName, string $sessionId = ""): string |
|
| 450 | 450 | { |
| 451 | - if ($sessionId=="") { |
|
| 451 | + if ($sessionId == "") { |
|
| 452 | 452 | $sessionId = session_id(); |
| 453 | 453 | } |
| 454 | 454 | $enrollmentKey = $this->_uniqueSessionKey(); |
@@ -468,9 +468,9 @@ discard block |
||
| 468 | 468 | * @param string $sessionId The application's session identifier (defaults to php session) |
| 469 | 469 | * @throws Exception when resetting the session failed |
| 470 | 470 | */ |
| 471 | - public function resetEnrollmentSession(string $sessionId=""): void |
|
| 471 | + public function resetEnrollmentSession(string $sessionId = ""): void |
|
| 472 | 472 | { |
| 473 | - if ($sessionId=="") { |
|
| 473 | + if ($sessionId == "") { |
|
| 474 | 474 | $sessionId = session_id(); |
| 475 | 475 | } |
| 476 | 476 | |
@@ -505,9 +505,9 @@ discard block |
||
| 505 | 505 | * |
| 506 | 506 | * @throws Exception when an error communicating with the state storage backend was detected |
| 507 | 507 | */ |
| 508 | - public function getEnrollmentStatus(string $sessionId=""): int |
|
| 508 | + public function getEnrollmentStatus(string $sessionId = ""): int |
|
| 509 | 509 | { |
| 510 | - if ($sessionId=="") { |
|
| 510 | + if ($sessionId == "") { |
|
| 511 | 511 | $sessionId = session_id(); |
| 512 | 512 | } |
| 513 | 513 | $status = $this->_getStateValue(self::PREFIX_ENROLLMENT_STATUS, $sessionId); |
@@ -660,7 +660,7 @@ discard block |
||
| 660 | 660 | if (NULL === $data) { |
| 661 | 661 | throw new RuntimeException('Enrollment secret not found'); |
| 662 | 662 | } |
| 663 | - if ( !is_array($data) || !is_string($data["userId"] ?? NULL)) { |
|
| 663 | + if (!is_array($data) || !is_string($data["userId"] ?? NULL)) { |
|
| 664 | 664 | throw new RuntimeException('Invalid enrollment data'); |
| 665 | 665 | } |
| 666 | 666 | |
@@ -700,7 +700,7 @@ discard block |
||
| 700 | 700 | $this->_setEnrollmentStatus($data["sessionId"], self::ENROLLMENT_STATUS_FINALIZED); |
| 701 | 701 | } else { |
| 702 | 702 | $this->logger->error( |
| 703 | - 'Enrollment status is not finalized, enrollmentsecret was not found in state storage. ' . |
|
| 703 | + 'Enrollment status is not finalized, enrollmentsecret was not found in state storage. '. |
|
| 704 | 704 | 'Warning! the method will still return "true" as a result.' |
| 705 | 705 | ); |
| 706 | 706 | } |
@@ -758,9 +758,9 @@ discard block |
||
| 758 | 758 | throw $e; |
| 759 | 759 | } |
| 760 | 760 | |
| 761 | - $sessionId = $state["sessionId"] ?? NULL; // Application's sessionId |
|
| 762 | - $challenge = $state["challenge"] ?? NULL; // The challenge we sent to the Tiqr client |
|
| 763 | - if (!is_string($sessionId) || (!is_string($challenge)) ) { |
|
| 761 | + $sessionId = $state["sessionId"] ?? NULL; // Application's sessionId |
|
| 762 | + $challenge = $state["challenge"] ?? NULL; // The challenge we sent to the Tiqr client |
|
| 763 | + if (!is_string($sessionId) || (!is_string($challenge))) { |
|
| 764 | 764 | throw new RuntimeException('Invalid state for state storage'); |
| 765 | 765 | } |
| 766 | 766 | |
@@ -769,7 +769,7 @@ discard block |
||
| 769 | 769 | $challengeUserId = $state["userId"] ?? NULL; |
| 770 | 770 | |
| 771 | 771 | // If the application requested a specific userId, verify that that is that userId that we're now authenticating |
| 772 | - if ($challengeUserId!==NULL && ($userId !== $challengeUserId)) { |
|
| 772 | + if ($challengeUserId !== NULL && ($userId !== $challengeUserId)) { |
|
| 773 | 773 | $this->logger->error( |
| 774 | 774 | sprintf('Authentication failed: the requested userId "%s" does not match userId "%s" that is being authenticated', |
| 775 | 775 | $challengeUserId, $userId) |
@@ -817,9 +817,9 @@ discard block |
||
| 817 | 817 | * |
| 818 | 818 | * @throws Exception when there was an error communicating with the storage backed |
| 819 | 819 | */ |
| 820 | - public function logout(string $sessionId=""): void |
|
| 820 | + public function logout(string $sessionId = ""): void |
|
| 821 | 821 | { |
| 822 | - if ($sessionId=="") { |
|
| 822 | + if ($sessionId == "") { |
|
| 823 | 823 | $sessionId = session_id(); |
| 824 | 824 | } |
| 825 | 825 | |
@@ -859,9 +859,9 @@ discard block |
||
| 859 | 859 | * |
| 860 | 860 | * Does not throw |
| 861 | 861 | */ |
| 862 | - public function getAuthenticatedUser(string $sessionId=""): ?string |
|
| 862 | + public function getAuthenticatedUser(string $sessionId = ""): ?string |
|
| 863 | 863 | { |
| 864 | - if ($sessionId=="") { |
|
| 864 | + if ($sessionId == "") { |
|
| 865 | 865 | $this->logger->debug('Using the PHP session id, as no session id was provided'); |
| 866 | 866 | $sessionId = session_id(); |
| 867 | 867 | } |
@@ -905,22 +905,22 @@ discard block |
||
| 905 | 905 | $challenge = $state["challenge"] ?? ''; |
| 906 | 906 | $spIdentifier = $state["spIdentifier"] ?? ''; |
| 907 | 907 | |
| 908 | - if ( (strpos($this->_protocolAuth, 'https://') === 0) || (strpos($this->_protocolAuth, 'http://') === 0) ) { |
|
| 908 | + if ((strpos($this->_protocolAuth, 'https://') === 0) || (strpos($this->_protocolAuth, 'http://') === 0)) { |
|
| 909 | 909 | // Create universal Link |
| 910 | - $parameters=array(); |
|
| 910 | + $parameters = array(); |
|
| 911 | 911 | if (!is_null($userId)) { |
| 912 | - $parameters[]='u='.urlencode($userId); |
|
| 912 | + $parameters[] = 'u='.urlencode($userId); |
|
| 913 | 913 | } |
| 914 | - $parameters[]='s='.urlencode($sessionKey); |
|
| 915 | - $parameters[]='q='.urlencode($challenge); |
|
| 916 | - $parameters[]='i='.urlencode($this->getIdentifier()); |
|
| 917 | - $parameters[]='v='.urlencode($this->_protocolVersion); |
|
| 914 | + $parameters[] = 's='.urlencode($sessionKey); |
|
| 915 | + $parameters[] = 'q='.urlencode($challenge); |
|
| 916 | + $parameters[] = 'i='.urlencode($this->getIdentifier()); |
|
| 917 | + $parameters[] = 'v='.urlencode($this->_protocolVersion); |
|
| 918 | 918 | return $this->_protocolAuth.'?'.implode('&', $parameters); |
| 919 | 919 | } |
| 920 | 920 | |
| 921 | 921 | // Create custom URL scheme |
| 922 | 922 | // Last bit is the spIdentifier |
| 923 | - return $this->_protocolAuth."://".(!is_null($userId)?urlencode($userId).'@':'').$this->getIdentifier()."/".$sessionKey."/".$challenge."/".urlencode($spIdentifier)."/".$this->_protocolVersion; |
|
| 923 | + return $this->_protocolAuth."://".(!is_null($userId) ?urlencode($userId).'@' : '').$this->getIdentifier()."/".$sessionKey."/".$challenge."/".urlencode($spIdentifier)."/".$this->_protocolVersion; |
|
| 924 | 924 | } |
| 925 | 925 | |
| 926 | 926 | /** |
@@ -931,7 +931,7 @@ discard block |
||
| 931 | 931 | { |
| 932 | 932 | // The are two formats see: https://tiqr.org/technical/protocol/ |
| 933 | 933 | |
| 934 | - if ( (strpos($this->_protocolEnroll, 'https://') === 0) || (strpos($this->_protocolEnroll, 'http://') === 0) ) { |
|
| 934 | + if ((strpos($this->_protocolEnroll, 'https://') === 0) || (strpos($this->_protocolEnroll, 'http://') === 0)) { |
|
| 935 | 935 | // Create universal Link |
| 936 | 936 | return $this->_protocolEnroll.'?metadata='.urlencode($metadataUrl); |
| 937 | 937 | } |
@@ -950,7 +950,7 @@ discard block |
||
| 950 | 950 | protected function _uniqueSessionKey(): string |
| 951 | 951 | { |
| 952 | 952 | |
| 953 | - return bin2hex( Tiqr_Random::randomBytes(self::SESSION_KEY_LENGTH_BYTES) ); |
|
| 953 | + return bin2hex(Tiqr_Random::randomBytes(self::SESSION_KEY_LENGTH_BYTES)); |
|
| 954 | 954 | } |
| 955 | 955 | |
| 956 | 956 | /** |
@@ -981,7 +981,7 @@ discard block |
||
| 981 | 981 | */ |
| 982 | 982 | protected function _setStateValue(string $key_prefix, string $key, $value, int $expire): void { |
| 983 | 983 | $this->_stateStorage->setValue( |
| 984 | - $key_prefix . $this->_hashKey($key), |
|
| 984 | + $key_prefix.$this->_hashKey($key), |
|
| 985 | 985 | $value, |
| 986 | 986 | $expire |
| 987 | 987 | ); |
@@ -998,7 +998,7 @@ discard block |
||
| 998 | 998 | |
| 999 | 999 | protected function _getStateValue(string $key_prefix, string $key) { |
| 1000 | 1000 | return $this->_stateStorage->getValue( |
| 1001 | - $key_prefix . $this->_hashKey($key) |
|
| 1001 | + $key_prefix.$this->_hashKey($key) |
|
| 1002 | 1002 | ); |
| 1003 | 1003 | } |
| 1004 | 1004 | |
@@ -1012,7 +1012,7 @@ discard block |
||
| 1012 | 1012 | */ |
| 1013 | 1013 | protected function _unsetStateValue(string $key_prefix, string $key): void { |
| 1014 | 1014 | $this->_stateStorage->unsetValue( |
| 1015 | - $key_prefix . $this->_hashKey($key) |
|
| 1015 | + $key_prefix.$this->_hashKey($key) |
|
| 1016 | 1016 | ); |
| 1017 | 1017 | } |
| 1018 | 1018 | |
@@ -1,6 +1,6 @@ |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | -require_once __DIR__ . '/../OATH/OCRA.php'; |
|
| 3 | +require_once __DIR__.'/../OATH/OCRA.php'; |
|
| 4 | 4 | |
| 5 | 5 | /** |
| 6 | 6 | * This file is part of the tiqr project. |
@@ -89,21 +89,21 @@ discard block |
||
| 89 | 89 | */ |
| 90 | 90 | private function _getStringValue(string $columnName, string $userId): string |
| 91 | 91 | { |
| 92 | - if ( !in_array($columnName, $this->_allowedStringColumns) ) { |
|
| 92 | + if (!in_array($columnName, $this->_allowedStringColumns)) { |
|
| 93 | 93 | throw new InvalidArgumentException('Unsupported column name'); |
| 94 | 94 | } |
| 95 | 95 | |
| 96 | 96 | try { |
| 97 | - $sth = $this->handle->prepare('SELECT ' . $columnName . ' FROM ' . $this->tablename . ' WHERE userid = ?'); |
|
| 97 | + $sth = $this->handle->prepare('SELECT '.$columnName.' FROM '.$this->tablename.' WHERE userid = ?'); |
|
| 98 | 98 | $sth->execute(array($userId)); |
| 99 | - $res=$sth->fetchColumn(); |
|
| 99 | + $res = $sth->fetchColumn(); |
|
| 100 | 100 | if ($res === false) { |
| 101 | 101 | // No result |
| 102 | 102 | $this->logger->error(sprintf('No result getting "%s" for user "%s"', $columnName, $userId)); |
| 103 | 103 | throw new RuntimeException('User not found'); |
| 104 | 104 | } |
| 105 | 105 | if ($res === NULL) { |
| 106 | - return ''; // Value unset |
|
| 106 | + return ''; // Value unset |
|
| 107 | 107 | } |
| 108 | 108 | if (!is_string($res)) { |
| 109 | 109 | $this->logger->error(sprintf('Expected string type while getting "%s" for user "%s"', $columnName, $userId)); |
@@ -127,28 +127,28 @@ discard block |
||
| 127 | 127 | */ |
| 128 | 128 | private function _getIntValue(string $columnName, string $userId): int |
| 129 | 129 | { |
| 130 | - if ( !in_array($columnName, $this->_allowedIntColumns) ) { |
|
| 130 | + if (!in_array($columnName, $this->_allowedIntColumns)) { |
|
| 131 | 131 | throw new InvalidArgumentException('Unsupported column name'); |
| 132 | 132 | } |
| 133 | 133 | |
| 134 | 134 | try { |
| 135 | - $sth = $this->handle->prepare('SELECT ' . $columnName . ' FROM ' . $this->tablename . ' WHERE userid = ?'); |
|
| 135 | + $sth = $this->handle->prepare('SELECT '.$columnName.' FROM '.$this->tablename.' WHERE userid = ?'); |
|
| 136 | 136 | $sth->execute(array($userId)); |
| 137 | - $res=$sth->fetchColumn(); |
|
| 137 | + $res = $sth->fetchColumn(); |
|
| 138 | 138 | if ($res === false) { |
| 139 | 139 | // No result |
| 140 | 140 | $this->logger->error(sprintf('No result getting "%s" for user "%s"', $columnName, $userId)); |
| 141 | 141 | throw new RuntimeException('User not found'); |
| 142 | 142 | } |
| 143 | 143 | if ($res === NULL) { |
| 144 | - return 0; // Value unset |
|
| 144 | + return 0; // Value unset |
|
| 145 | 145 | } |
| 146 | 146 | // Return type for integers depends on the PDO driver, can be string |
| 147 | 147 | if (!is_numeric($res)) { |
| 148 | 148 | $this->logger->error(sprintf('Expected int type while getting "%s" for user "%s"', $columnName, $userId)); |
| 149 | 149 | throw new RuntimeException('Unexpected return type'); |
| 150 | 150 | } |
| 151 | - return (int)$res; |
|
| 151 | + return (int) $res; |
|
| 152 | 152 | } |
| 153 | 153 | catch (Exception $e) { |
| 154 | 154 | $this->logger->error('PDO error getting user', array('exception' => $e, 'userId' => $userId, 'columnName'=>$columnName)); |
@@ -165,11 +165,11 @@ discard block |
||
| 165 | 165 | */ |
| 166 | 166 | private function _setStringValue(string $columnName, string $userId, string $value): void |
| 167 | 167 | { |
| 168 | - if ( !in_array($columnName, $this->_allowedStringColumns) ) { |
|
| 168 | + if (!in_array($columnName, $this->_allowedStringColumns)) { |
|
| 169 | 169 | throw new InvalidArgumentException('Unsupported column name'); |
| 170 | 170 | } |
| 171 | 171 | try { |
| 172 | - $sth = $this->handle->prepare('UPDATE ' . $this->tablename . ' SET ' . $columnName . ' = ? WHERE userid = ?'); |
|
| 172 | + $sth = $this->handle->prepare('UPDATE '.$this->tablename.' SET '.$columnName.' = ? WHERE userid = ?'); |
|
| 173 | 173 | $sth->execute(array($value, $userId)); |
| 174 | 174 | if ($sth->rowCount() == 0) { |
| 175 | 175 | // Required for mysql which only returns the number of rows that were actually updated |
@@ -193,11 +193,11 @@ discard block |
||
| 193 | 193 | */ |
| 194 | 194 | private function _setIntValue(string $columnName, string $userId, int $value): void |
| 195 | 195 | { |
| 196 | - if ( !in_array($columnName, $this->_allowedIntColumns) ) { |
|
| 196 | + if (!in_array($columnName, $this->_allowedIntColumns)) { |
|
| 197 | 197 | throw new InvalidArgumentException('Unsupported column name'); |
| 198 | 198 | } |
| 199 | 199 | try { |
| 200 | - $sth = $this->handle->prepare('UPDATE ' . $this->tablename . ' SET ' . $columnName . ' = ? WHERE userid = ?'); |
|
| 200 | + $sth = $this->handle->prepare('UPDATE '.$this->tablename.' SET '.$columnName.' = ? WHERE userid = ?'); |
|
| 201 | 201 | $sth->execute(array($value, $userId)); |
| 202 | 202 | if ($sth->rowCount() == 0) { |
| 203 | 203 | // Required for mysql which only returns the number of rows that were actually updated |
@@ -309,17 +309,17 @@ discard block |
||
| 309 | 309 | { |
| 310 | 310 | // Check for blocked |
| 311 | 311 | if ($this->_getIntValue('blocked', $userId) != 0) { |
| 312 | - return true; // Blocked |
|
| 312 | + return true; // Blocked |
|
| 313 | 313 | } |
| 314 | 314 | |
| 315 | 315 | if (0 == $tempBlockDuration) { |
| 316 | - return false; // No check for temporary block |
|
| 316 | + return false; // No check for temporary block |
|
| 317 | 317 | } |
| 318 | 318 | |
| 319 | 319 | // Check for temporary block |
| 320 | 320 | $timestamp = $this->getTemporaryBlockTimestamp($userId); |
| 321 | 321 | // if no temporary block timestamp is set or if the temporary block is expired, return false |
| 322 | - if ( 0 == $timestamp || ($timestamp + $tempBlockDuration * 60) < time()) { |
|
| 322 | + if (0 == $timestamp || ($timestamp + $tempBlockDuration * 60) < time()) { |
|
| 323 | 323 | return false; |
| 324 | 324 | } |
| 325 | 325 | return true; |
