Tiqr /
tiqr-server-libphp
@@ -116,7 +116,7 @@ discard block |
||
| 116 | 116 | // INVALID_USERID: The client authenticated a different user than the server expected. This error is returned when |
| 117 | 117 | // the application stated an authentication session specifying the userId and later during the authentication |
| 118 | 118 | // provides a different userId |
| 119 | - const AUTH_RESULT_INVALID_USERID = 5; |
|
| 119 | + const AUTH_RESULT_INVALID_USERID = 5; |
|
| 120 | 120 | |
| 121 | 121 | /** |
| 122 | 122 | * The default OCRA Suite (RFC 6287) to use for authentication in Tiqr |
@@ -240,7 +240,7 @@ discard block |
||
| 240 | 240 | * @param int $version The tiqr protocol version to use (defaults to the latest) |
| 241 | 241 | * @throws Exception |
| 242 | 242 | */ |
| 243 | - public function __construct(LoggerInterface $logger, array $options=array(), int $version = 2) |
|
| 243 | + public function __construct(LoggerInterface $logger, array $options = array(), int $version = 2) |
|
| 244 | 244 | { |
| 245 | 245 | $this->_options = $options; // Used to later get settings for Tiqr_Message_* |
| 246 | 246 | $this->logger = $logger; |
@@ -354,7 +354,7 @@ discard block |
||
| 354 | 354 | |
| 355 | 355 | $this->logger->info(sprintf('Creating and sending a %s push notification', $notificationType)); |
| 356 | 356 | $message->setId(time()); |
| 357 | - $message->setText("Please authenticate for " . $this->_name); |
|
| 357 | + $message->setText("Please authenticate for ".$this->_name); |
|
| 358 | 358 | $message->setAddress($notificationAddress); |
| 359 | 359 | $message->setCustomProperty('challenge', $this->_getChallengeUrl($sessionKey)); |
| 360 | 360 | $message->send(); |
@@ -400,13 +400,13 @@ discard block |
||
| 400 | 400 | * @return string The authentication sessionKey |
| 401 | 401 | * @throws Exception when starting the authentication session failed |
| 402 | 402 | */ |
| 403 | - public function startAuthenticationSession(string $userId="", string $sessionId="", string $spIdentifier=""): string |
|
| 403 | + public function startAuthenticationSession(string $userId = "", string $sessionId = "", string $spIdentifier = ""): string |
|
| 404 | 404 | { |
| 405 | - if ($sessionId=="") { |
|
| 405 | + if ($sessionId == "") { |
|
| 406 | 406 | $sessionId = session_id(); |
| 407 | 407 | } |
| 408 | 408 | |
| 409 | - if ($spIdentifier=="") { |
|
| 409 | + if ($spIdentifier == "") { |
|
| 410 | 410 | $spIdentifier = $this->_identifier; |
| 411 | 411 | } |
| 412 | 412 | |
@@ -415,11 +415,11 @@ discard block |
||
| 415 | 415 | |
| 416 | 416 | $data = array("sessionId"=>$sessionId, "challenge"=>$challenge, "spIdentifier" => $spIdentifier); |
| 417 | 417 | |
| 418 | - if ($userId!="") { |
|
| 418 | + if ($userId != "") { |
|
| 419 | 419 | $data["userId"] = $userId; |
| 420 | 420 | } |
| 421 | 421 | |
| 422 | - $this->_stateStorage->setValue(self::PREFIX_CHALLENGE . $sessionKey, $data, self::CHALLENGE_EXPIRE); |
|
| 422 | + $this->_stateStorage->setValue(self::PREFIX_CHALLENGE.$sessionKey, $data, self::CHALLENGE_EXPIRE); |
|
| 423 | 423 | |
| 424 | 424 | return $sessionKey; |
| 425 | 425 | } |
@@ -439,9 +439,9 @@ discard block |
||
| 439 | 439 | * @return String The enrollment key |
| 440 | 440 | * @throws Exception when start the enrollement session failed |
| 441 | 441 | */ |
| 442 | - public function startEnrollmentSession(string $userId, string $displayName, string $sessionId=""): string |
|
| 442 | + public function startEnrollmentSession(string $userId, string $displayName, string $sessionId = ""): string |
|
| 443 | 443 | { |
| 444 | - if ($sessionId=="") { |
|
| 444 | + if ($sessionId == "") { |
|
| 445 | 445 | $sessionId = session_id(); |
| 446 | 446 | } |
| 447 | 447 | $enrollmentKey = $this->_uniqueSessionKey(); |
@@ -450,7 +450,7 @@ discard block |
||
| 450 | 450 | "displayName" => $displayName, |
| 451 | 451 | "sessionId" => $sessionId |
| 452 | 452 | ]; |
| 453 | - $this->_stateStorage->setValue(self::PREFIX_ENROLLMENT . $enrollmentKey, $data, self::ENROLLMENT_EXPIRE); |
|
| 453 | + $this->_stateStorage->setValue(self::PREFIX_ENROLLMENT.$enrollmentKey, $data, self::ENROLLMENT_EXPIRE); |
|
| 454 | 454 | $this->_setEnrollmentStatus($sessionId, self::ENROLLMENT_STATUS_INITIALIZED); |
| 455 | 455 | |
| 456 | 456 | return $enrollmentKey; |
@@ -461,9 +461,9 @@ discard block |
||
| 461 | 461 | * @param string $sessionId The application's session identifier (defaults to php session) |
| 462 | 462 | * @throws Exception when resetting the session failed |
| 463 | 463 | */ |
| 464 | - public function resetEnrollmentSession(string $sessionId=""): void |
|
| 464 | + public function resetEnrollmentSession(string $sessionId = ""): void |
|
| 465 | 465 | { |
| 466 | - if ($sessionId=="") { |
|
| 466 | + if ($sessionId == "") { |
|
| 467 | 467 | $sessionId = session_id(); |
| 468 | 468 | } |
| 469 | 469 | |
@@ -498,9 +498,9 @@ discard block |
||
| 498 | 498 | * |
| 499 | 499 | * @throws Exception when an error communicating with the state storage backend was detected |
| 500 | 500 | */ |
| 501 | - public function getEnrollmentStatus(string $sessionId=""): int |
|
| 501 | + public function getEnrollmentStatus(string $sessionId = ""): int |
|
| 502 | 502 | { |
| 503 | - if ($sessionId=="") { |
|
| 503 | + if ($sessionId == "") { |
|
| 504 | 504 | $sessionId = session_id(); |
| 505 | 505 | } |
| 506 | 506 | $status = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT_STATUS.$sessionId); |
@@ -557,7 +557,7 @@ discard block |
||
| 557 | 557 | */ |
| 558 | 558 | public function getEnrollmentMetadata(string $enrollmentKey, string $authenticationUrl, string $enrollmentUrl): array |
| 559 | 559 | { |
| 560 | - $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT . $enrollmentKey); |
|
| 560 | + $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT.$enrollmentKey); |
|
| 561 | 561 | if (!is_array($data)) { |
| 562 | 562 | $this->logger->error('Unable to find enrollment metadata in state storage'); |
| 563 | 563 | throw new Exception('Unable to find enrollment metadata in state storage'); |
@@ -576,7 +576,7 @@ discard block |
||
| 576 | 576 | array("identifier" =>$data["userId"], |
| 577 | 577 | "displayName"=>$data["displayName"])); |
| 578 | 578 | |
| 579 | - $this->_stateStorage->unsetValue(self::PREFIX_ENROLLMENT . $enrollmentKey); |
|
| 579 | + $this->_stateStorage->unsetValue(self::PREFIX_ENROLLMENT.$enrollmentKey); |
|
| 580 | 580 | |
| 581 | 581 | $this->_setEnrollmentStatus($data["sessionId"], self::ENROLLMENT_STATUS_RETRIEVED); |
| 582 | 582 | return $metadata; |
@@ -604,7 +604,7 @@ discard block |
||
| 604 | 604 | */ |
| 605 | 605 | public function getEnrollmentSecret(string $enrollmentKey): string |
| 606 | 606 | { |
| 607 | - $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT . $enrollmentKey); |
|
| 607 | + $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT.$enrollmentKey); |
|
| 608 | 608 | if (!is_array($data)) { |
| 609 | 609 | $this->logger->error('getEnrollmentSecret: enrollment key not found'); |
| 610 | 610 | throw new RuntimeException('enrollment key not found'); |
@@ -620,7 +620,7 @@ discard block |
||
| 620 | 620 | ]; |
| 621 | 621 | $enrollmentSecret = $this->_uniqueSessionKey(); |
| 622 | 622 | $this->_stateStorage->setValue( |
| 623 | - self::PREFIX_ENROLLMENT_SECRET . $enrollmentSecret, |
|
| 623 | + self::PREFIX_ENROLLMENT_SECRET.$enrollmentSecret, |
|
| 624 | 624 | $enrollmentData, |
| 625 | 625 | self::ENROLLMENT_EXPIRE |
| 626 | 626 | ); |
@@ -648,11 +648,11 @@ discard block |
||
| 648 | 648 | public function validateEnrollmentSecret(string $enrollmentSecret): string |
| 649 | 649 | { |
| 650 | 650 | try { |
| 651 | - $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT_SECRET . $enrollmentSecret); |
|
| 651 | + $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT_SECRET.$enrollmentSecret); |
|
| 652 | 652 | if (NULL === $data) { |
| 653 | 653 | throw new RuntimeException('Enrollment secret not found'); |
| 654 | 654 | } |
| 655 | - if ( !is_array($data) || !is_string($data["userId"] ?? NULL)) { |
|
| 655 | + if (!is_array($data) || !is_string($data["userId"] ?? NULL)) { |
|
| 656 | 656 | throw new RuntimeException('Invalid enrollment data'); |
| 657 | 657 | } |
| 658 | 658 | |
@@ -682,17 +682,17 @@ discard block |
||
| 682 | 682 | public function finalizeEnrollment(string $enrollmentSecret): bool |
| 683 | 683 | { |
| 684 | 684 | try { |
| 685 | - $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT_SECRET . $enrollmentSecret); |
|
| 685 | + $data = $this->_stateStorage->getValue(self::PREFIX_ENROLLMENT_SECRET.$enrollmentSecret); |
|
| 686 | 686 | if (NULL === $data) { |
| 687 | 687 | throw new RuntimeException('Enrollment secret not found'); |
| 688 | 688 | } |
| 689 | 689 | if (is_array($data)) { |
| 690 | 690 | // Enrollment is finalized, destroy our session data. |
| 691 | - $this->_stateStorage->unsetValue(self::PREFIX_ENROLLMENT_SECRET . $enrollmentSecret); |
|
| 691 | + $this->_stateStorage->unsetValue(self::PREFIX_ENROLLMENT_SECRET.$enrollmentSecret); |
|
| 692 | 692 | $this->_setEnrollmentStatus($data["sessionId"], self::ENROLLMENT_STATUS_FINALIZED); |
| 693 | 693 | } else { |
| 694 | 694 | $this->logger->error( |
| 695 | - 'Enrollment status is not finalized, enrollmentsecret was not found in state storage. ' . |
|
| 695 | + 'Enrollment status is not finalized, enrollmentsecret was not found in state storage. '. |
|
| 696 | 696 | 'Warning! the method will still return "true" as a result.' |
| 697 | 697 | ); |
| 698 | 698 | } |
@@ -740,7 +740,7 @@ discard block |
||
| 740 | 740 | public function authenticate(string $userId, string $userSecret, string $sessionKey, string $response): int |
| 741 | 741 | { |
| 742 | 742 | try { |
| 743 | - $state = $this->_stateStorage->getValue(self::PREFIX_CHALLENGE . $sessionKey); |
|
| 743 | + $state = $this->_stateStorage->getValue(self::PREFIX_CHALLENGE.$sessionKey); |
|
| 744 | 744 | if (is_null($state)) { |
| 745 | 745 | $this->logger->notice('The auth challenge could not be found in the state storage'); |
| 746 | 746 | return self::AUTH_RESULT_INVALID_CHALLENGE; |
@@ -750,9 +750,9 @@ discard block |
||
| 750 | 750 | throw $e; |
| 751 | 751 | } |
| 752 | 752 | |
| 753 | - $sessionId = $state["sessionId"] ?? NULL; // Application's sessionId |
|
| 754 | - $challenge = $state["challenge"] ?? NULL; // The challenge we sent to the Tiqr client |
|
| 755 | - if (!is_string($sessionId) || (!is_string($challenge)) ) { |
|
| 753 | + $sessionId = $state["sessionId"] ?? NULL; // Application's sessionId |
|
| 754 | + $challenge = $state["challenge"] ?? NULL; // The challenge we sent to the Tiqr client |
|
| 755 | + if (!is_string($sessionId) || (!is_string($challenge))) { |
|
| 756 | 756 | throw new RuntimeException('Invalid state for state storage'); |
| 757 | 757 | } |
| 758 | 758 | |
@@ -761,7 +761,7 @@ discard block |
||
| 761 | 761 | $challengeUserId = $state["userId"] ?? NULL; |
| 762 | 762 | |
| 763 | 763 | // If the application requested a specific userId, verify that that is that userId that we're now authenticating |
| 764 | - if ($challengeUserId!==NULL && ($userId !== $challengeUserId)) { |
|
| 764 | + if ($challengeUserId !== NULL && ($userId !== $challengeUserId)) { |
|
| 765 | 765 | $this->logger->error( |
| 766 | 766 | sprintf('Authentication failed: the requested userId "%s" does not match userId "%s" that is being authenticated', |
| 767 | 767 | $challengeUserId, $userId) |
@@ -778,7 +778,7 @@ discard block |
||
| 778 | 778 | |
| 779 | 779 | if ($equal) { |
| 780 | 780 | // Set application session as authenticated |
| 781 | - $this->_stateStorage->setValue(self::PREFIX_AUTHENTICATED . $sessionId, $userId, self::LOGIN_EXPIRE); |
|
| 781 | + $this->_stateStorage->setValue(self::PREFIX_AUTHENTICATED.$sessionId, $userId, self::LOGIN_EXPIRE); |
|
| 782 | 782 | $this->logger->notice(sprintf('Authenticated user "%s" in session "%s"', $userId, $sessionId)); |
| 783 | 783 | |
| 784 | 784 | // Cleanup challenge |
@@ -787,7 +787,7 @@ discard block |
||
| 787 | 787 | // Cleaning up only after successful authentication enables the user to retry authentication after e.g. an |
| 788 | 788 | // invalid response |
| 789 | 789 | try { |
| 790 | - $this->_stateStorage->unsetValue(self::PREFIX_CHALLENGE . $sessionKey); // May throw |
|
| 790 | + $this->_stateStorage->unsetValue(self::PREFIX_CHALLENGE.$sessionKey); // May throw |
|
| 791 | 791 | } catch (Exception $e) { |
| 792 | 792 | // Only log error |
| 793 | 793 | $this->logger->warning('Could not delete authentication session key', array('error' => $e)); |
@@ -809,9 +809,9 @@ discard block |
||
| 809 | 809 | * |
| 810 | 810 | * @throws Exception when there was an error communicating with the storage backed |
| 811 | 811 | */ |
| 812 | - public function logout(string $sessionId=""): void |
|
| 812 | + public function logout(string $sessionId = ""): void |
|
| 813 | 813 | { |
| 814 | - if ($sessionId=="") { |
|
| 814 | + if ($sessionId == "") { |
|
| 815 | 815 | $sessionId = session_id(); |
| 816 | 816 | } |
| 817 | 817 | |
@@ -851,9 +851,9 @@ discard block |
||
| 851 | 851 | * |
| 852 | 852 | * Does not throw |
| 853 | 853 | */ |
| 854 | - public function getAuthenticatedUser(string $sessionId=""): ?string |
|
| 854 | + public function getAuthenticatedUser(string $sessionId = ""): ?string |
|
| 855 | 855 | { |
| 856 | - if ($sessionId=="") { |
|
| 856 | + if ($sessionId == "") { |
|
| 857 | 857 | $this->logger->debug('Using the PHP session id, as no session id was provided'); |
| 858 | 858 | $sessionId = session_id(); |
| 859 | 859 | } |
@@ -882,7 +882,7 @@ discard block |
||
| 882 | 882 | // We probably just generated the challenge and stored it in the StateStorage |
| 883 | 883 | // We can save a roundtrip to the storage backend here by reusing this information |
| 884 | 884 | |
| 885 | - $state = $this->_stateStorage->getValue(self::PREFIX_CHALLENGE . $sessionKey); |
|
| 885 | + $state = $this->_stateStorage->getValue(self::PREFIX_CHALLENGE.$sessionKey); |
|
| 886 | 886 | if (is_null($state)) { |
| 887 | 887 | $this->logger->error( |
| 888 | 888 | sprintf( |
@@ -897,22 +897,22 @@ discard block |
||
| 897 | 897 | $challenge = $state["challenge"] ?? ''; |
| 898 | 898 | $spIdentifier = $state["spIdentifier"] ?? ''; |
| 899 | 899 | |
| 900 | - if ( (strpos($this->_protocolAuth, 'https://') === 0) || (strpos($this->_protocolAuth, 'http://') === 0) ) { |
|
| 900 | + if ((strpos($this->_protocolAuth, 'https://') === 0) || (strpos($this->_protocolAuth, 'http://') === 0)) { |
|
| 901 | 901 | // Create universal Link |
| 902 | - $parameters=array(); |
|
| 902 | + $parameters = array(); |
|
| 903 | 903 | if (!is_null($userId)) { |
| 904 | - $parameters[]='u='.urlencode($userId); |
|
| 904 | + $parameters[] = 'u='.urlencode($userId); |
|
| 905 | 905 | } |
| 906 | - $parameters[]='s='.urlencode($sessionKey); |
|
| 907 | - $parameters[]='q='.urlencode($challenge); |
|
| 908 | - $parameters[]='i='.urlencode($this->getIdentifier()); |
|
| 909 | - $parameters[]='v='.urlencode($this->_protocolVersion); |
|
| 906 | + $parameters[] = 's='.urlencode($sessionKey); |
|
| 907 | + $parameters[] = 'q='.urlencode($challenge); |
|
| 908 | + $parameters[] = 'i='.urlencode($this->getIdentifier()); |
|
| 909 | + $parameters[] = 'v='.urlencode($this->_protocolVersion); |
|
| 910 | 910 | return $this->_protocolAuth.'?'.implode('&', $parameters); |
| 911 | 911 | } |
| 912 | 912 | |
| 913 | 913 | // Create custom URL scheme |
| 914 | 914 | // Last bit is the spIdentifier |
| 915 | - return $this->_protocolAuth."://".(!is_null($userId)?urlencode($userId).'@':'').$this->getIdentifier()."/".$sessionKey."/".$challenge."/".urlencode($spIdentifier)."/".$this->_protocolVersion; |
|
| 915 | + return $this->_protocolAuth."://".(!is_null($userId) ?urlencode($userId).'@' : '').$this->getIdentifier()."/".$sessionKey."/".$challenge."/".urlencode($spIdentifier)."/".$this->_protocolVersion; |
|
| 916 | 916 | } |
| 917 | 917 | |
| 918 | 918 | /** |
@@ -923,7 +923,7 @@ discard block |
||
| 923 | 923 | { |
| 924 | 924 | // The are two formats see: https://tiqr.org/technical/protocol/ |
| 925 | 925 | |
| 926 | - if ( (strpos($this->_protocolEnroll, 'https://') === 0) || (strpos($this->_protocolEnroll, 'http://') === 0) ) { |
|
| 926 | + if ((strpos($this->_protocolEnroll, 'https://') === 0) || (strpos($this->_protocolEnroll, 'http://') === 0)) { |
|
| 927 | 927 | // Create universal Link |
| 928 | 928 | return $this->_protocolEnroll.'?metadata='.urlencode($metadataUrl); |
| 929 | 929 | } |
@@ -942,7 +942,7 @@ discard block |
||
| 942 | 942 | protected function _uniqueSessionKey(): string |
| 943 | 943 | { |
| 944 | 944 | |
| 945 | - return bin2hex( Tiqr_Random::randomBytes(self::SESSION_KEY_LENGTH_BYTES) ); |
|
| 945 | + return bin2hex(Tiqr_Random::randomBytes(self::SESSION_KEY_LENGTH_BYTES)); |
|
| 946 | 946 | } |
| 947 | 947 | |
| 948 | 948 | /** |
