Tiqr /
tiqr-server-libphp
@@ -571,17 +571,17 @@ discard block |
||
| 571 | 571 | } |
| 572 | 572 | |
| 573 | 573 | $metadata = array("service"=> |
| 574 | - array("displayName" => $this->_name, |
|
| 575 | - "identifier" => $this->_identifier, |
|
| 576 | - "logoUrl" => $this->_logoUrl, |
|
| 577 | - "infoUrl" => $this->_infoUrl, |
|
| 578 | - "authenticationUrl" => $authenticationUrl, |
|
| 579 | - "ocraSuite" => $this->_ocraSuite, |
|
| 580 | - "enrollmentUrl" => $enrollmentUrl |
|
| 581 | - ), |
|
| 582 | - "identity"=> |
|
| 583 | - array("identifier" =>$data["userId"], |
|
| 584 | - "displayName"=>$data["displayName"])); |
|
| 574 | + array("displayName" => $this->_name, |
|
| 575 | + "identifier" => $this->_identifier, |
|
| 576 | + "logoUrl" => $this->_logoUrl, |
|
| 577 | + "infoUrl" => $this->_infoUrl, |
|
| 578 | + "authenticationUrl" => $authenticationUrl, |
|
| 579 | + "ocraSuite" => $this->_ocraSuite, |
|
| 580 | + "enrollmentUrl" => $enrollmentUrl |
|
| 581 | + ), |
|
| 582 | + "identity"=> |
|
| 583 | + array("identifier" =>$data["userId"], |
|
| 584 | + "displayName"=>$data["displayName"])); |
|
| 585 | 585 | |
| 586 | 586 | $this->_unsetStateValue(self::PREFIX_ENROLLMENT, $enrollmentKey); |
| 587 | 587 | |
@@ -611,28 +611,28 @@ discard block |
||
| 611 | 611 | */ |
| 612 | 612 | public function getEnrollmentSecret(string $enrollmentKey): string |
| 613 | 613 | { |
| 614 | - $data = $this->_getStateValue(self::PREFIX_ENROLLMENT, $enrollmentKey); |
|
| 615 | - if (!is_array($data)) { |
|
| 616 | - $this->logger->error('getEnrollmentSecret: enrollment key not found'); |
|
| 617 | - throw new RuntimeException('enrollment key not found'); |
|
| 618 | - } |
|
| 619 | - $userId = $data["userId"] ?? NULL; |
|
| 620 | - $sessionId = $data["sessionId"] ?? NULL; |
|
| 621 | - if (!is_string($userId) || !(is_string($sessionId))) { |
|
| 622 | - throw new RuntimeException('getEnrollmentSecret: invalid enrollment data'); |
|
| 623 | - } |
|
| 624 | - $enrollmentData = [ |
|
| 625 | - "userId" => $userId, |
|
| 626 | - "sessionId" => $sessionId |
|
| 627 | - ]; |
|
| 628 | - $enrollmentSecret = $this->_uniqueSessionKey(); |
|
| 629 | - $this->_setStateValue( |
|
| 630 | - self::PREFIX_ENROLLMENT_SECRET, |
|
| 631 | - $enrollmentSecret, |
|
| 632 | - $enrollmentData, |
|
| 633 | - self::ENROLLMENT_EXPIRE |
|
| 634 | - ); |
|
| 635 | - return $enrollmentSecret; |
|
| 614 | + $data = $this->_getStateValue(self::PREFIX_ENROLLMENT, $enrollmentKey); |
|
| 615 | + if (!is_array($data)) { |
|
| 616 | + $this->logger->error('getEnrollmentSecret: enrollment key not found'); |
|
| 617 | + throw new RuntimeException('enrollment key not found'); |
|
| 618 | + } |
|
| 619 | + $userId = $data["userId"] ?? NULL; |
|
| 620 | + $sessionId = $data["sessionId"] ?? NULL; |
|
| 621 | + if (!is_string($userId) || !(is_string($sessionId))) { |
|
| 622 | + throw new RuntimeException('getEnrollmentSecret: invalid enrollment data'); |
|
| 623 | + } |
|
| 624 | + $enrollmentData = [ |
|
| 625 | + "userId" => $userId, |
|
| 626 | + "sessionId" => $sessionId |
|
| 627 | + ]; |
|
| 628 | + $enrollmentSecret = $this->_uniqueSessionKey(); |
|
| 629 | + $this->_setStateValue( |
|
| 630 | + self::PREFIX_ENROLLMENT_SECRET, |
|
| 631 | + $enrollmentSecret, |
|
| 632 | + $enrollmentData, |
|
| 633 | + self::ENROLLMENT_EXPIRE |
|
| 634 | + ); |
|
| 635 | + return $enrollmentSecret; |
|
| 636 | 636 | } |
| 637 | 637 | |
| 638 | 638 | /** |
@@ -118,7 +118,7 @@ discard block |
||
| 118 | 118 | // INVALID_USERID: The client authenticated a different user than the server expected. This error is returned when |
| 119 | 119 | // the application stated an authentication session specifying the userId and later during the authentication |
| 120 | 120 | // provides a different userId |
| 121 | - const AUTH_RESULT_INVALID_USERID = 5; |
|
| 121 | + const AUTH_RESULT_INVALID_USERID = 5; |
|
| 122 | 122 | |
| 123 | 123 | /** |
| 124 | 124 | * The default OCRA Suite (RFC 6287) to use for authentication in Tiqr |
@@ -244,7 +244,7 @@ discard block |
||
| 244 | 244 | * @param int $version The tiqr protocol version to use (defaults to the latest) |
| 245 | 245 | * @throws Exception |
| 246 | 246 | */ |
| 247 | - public function __construct(LoggerInterface $logger, array $options=array(), int $version = 2) |
|
| 247 | + public function __construct(LoggerInterface $logger, array $options = array(), int $version = 2) |
|
| 248 | 248 | { |
| 249 | 249 | $this->_options = $options; // Used to later get settings for Tiqr_Message_* |
| 250 | 250 | $this->logger = $logger; |
@@ -361,7 +361,7 @@ discard block |
||
| 361 | 361 | |
| 362 | 362 | $this->logger->info(sprintf('Creating and sending a %s push notification', $notificationType)); |
| 363 | 363 | $message->setId(time()); |
| 364 | - $message->setText("Please authenticate for " . $this->_name); |
|
| 364 | + $message->setText("Please authenticate for ".$this->_name); |
|
| 365 | 365 | $message->setAddress($notificationAddress); |
| 366 | 366 | $message->setCustomProperty('challenge', $this->_getChallengeUrl($sessionKey)); |
| 367 | 367 | $message->send(); |
@@ -407,13 +407,13 @@ discard block |
||
| 407 | 407 | * @return string The authentication sessionKey |
| 408 | 408 | * @throws Exception when starting the authentication session failed |
| 409 | 409 | */ |
| 410 | - public function startAuthenticationSession(string $userId="", string $sessionId="", string $spIdentifier=""): string |
|
| 410 | + public function startAuthenticationSession(string $userId = "", string $sessionId = "", string $spIdentifier = ""): string |
|
| 411 | 411 | { |
| 412 | - if ($sessionId=="") { |
|
| 412 | + if ($sessionId == "") { |
|
| 413 | 413 | $sessionId = session_id(); |
| 414 | 414 | } |
| 415 | 415 | |
| 416 | - if ($spIdentifier=="") { |
|
| 416 | + if ($spIdentifier == "") { |
|
| 417 | 417 | $spIdentifier = $this->_identifier; |
| 418 | 418 | } |
| 419 | 419 | |
@@ -422,7 +422,7 @@ discard block |
||
| 422 | 422 | |
| 423 | 423 | $data = array("sessionId"=>$sessionId, "challenge"=>$challenge, "spIdentifier" => $spIdentifier); |
| 424 | 424 | |
| 425 | - if ($userId!="") { |
|
| 425 | + if ($userId != "") { |
|
| 426 | 426 | $data["userId"] = $userId; |
| 427 | 427 | } |
| 428 | 428 | |
@@ -446,9 +446,9 @@ discard block |
||
| 446 | 446 | * @return String The enrollment key |
| 447 | 447 | * @throws Exception when start the enrollement session failed |
| 448 | 448 | */ |
| 449 | - public function startEnrollmentSession(string $userId, string $displayName, string $sessionId=""): string |
|
| 449 | + public function startEnrollmentSession(string $userId, string $displayName, string $sessionId = ""): string |
|
| 450 | 450 | { |
| 451 | - if ($sessionId=="") { |
|
| 451 | + if ($sessionId == "") { |
|
| 452 | 452 | $sessionId = session_id(); |
| 453 | 453 | } |
| 454 | 454 | $enrollmentKey = $this->_uniqueSessionKey(); |
@@ -468,9 +468,9 @@ discard block |
||
| 468 | 468 | * @param string $sessionId The application's session identifier (defaults to php session) |
| 469 | 469 | * @throws Exception when resetting the session failed |
| 470 | 470 | */ |
| 471 | - public function resetEnrollmentSession(string $sessionId=""): void |
|
| 471 | + public function resetEnrollmentSession(string $sessionId = ""): void |
|
| 472 | 472 | { |
| 473 | - if ($sessionId=="") { |
|
| 473 | + if ($sessionId == "") { |
|
| 474 | 474 | $sessionId = session_id(); |
| 475 | 475 | } |
| 476 | 476 | |
@@ -505,9 +505,9 @@ discard block |
||
| 505 | 505 | * |
| 506 | 506 | * @throws Exception when an error communicating with the state storage backend was detected |
| 507 | 507 | */ |
| 508 | - public function getEnrollmentStatus(string $sessionId=""): int |
|
| 508 | + public function getEnrollmentStatus(string $sessionId = ""): int |
|
| 509 | 509 | { |
| 510 | - if ($sessionId=="") { |
|
| 510 | + if ($sessionId == "") { |
|
| 511 | 511 | $sessionId = session_id(); |
| 512 | 512 | } |
| 513 | 513 | $status = $this->_getStateValue(self::PREFIX_ENROLLMENT_STATUS, $sessionId); |
@@ -660,7 +660,7 @@ discard block |
||
| 660 | 660 | if (NULL === $data) { |
| 661 | 661 | throw new RuntimeException('Enrollment secret not found'); |
| 662 | 662 | } |
| 663 | - if ( !is_array($data) || !is_string($data["userId"] ?? NULL)) { |
|
| 663 | + if (!is_array($data) || !is_string($data["userId"] ?? NULL)) { |
|
| 664 | 664 | throw new RuntimeException('Invalid enrollment data'); |
| 665 | 665 | } |
| 666 | 666 | |
@@ -700,7 +700,7 @@ discard block |
||
| 700 | 700 | $this->_setEnrollmentStatus($data["sessionId"], self::ENROLLMENT_STATUS_FINALIZED); |
| 701 | 701 | } else { |
| 702 | 702 | $this->logger->error( |
| 703 | - 'Enrollment status is not finalized, enrollmentsecret was not found in state storage. ' . |
|
| 703 | + 'Enrollment status is not finalized, enrollmentsecret was not found in state storage. '. |
|
| 704 | 704 | 'Warning! the method will still return "true" as a result.' |
| 705 | 705 | ); |
| 706 | 706 | } |
@@ -758,9 +758,9 @@ discard block |
||
| 758 | 758 | throw $e; |
| 759 | 759 | } |
| 760 | 760 | |
| 761 | - $sessionId = $state["sessionId"] ?? NULL; // Application's sessionId |
|
| 762 | - $challenge = $state["challenge"] ?? NULL; // The challenge we sent to the Tiqr client |
|
| 763 | - if (!is_string($sessionId) || (!is_string($challenge)) ) { |
|
| 761 | + $sessionId = $state["sessionId"] ?? NULL; // Application's sessionId |
|
| 762 | + $challenge = $state["challenge"] ?? NULL; // The challenge we sent to the Tiqr client |
|
| 763 | + if (!is_string($sessionId) || (!is_string($challenge))) { |
|
| 764 | 764 | throw new RuntimeException('Invalid state for state storage'); |
| 765 | 765 | } |
| 766 | 766 | |
@@ -769,7 +769,7 @@ discard block |
||
| 769 | 769 | $challengeUserId = $state["userId"] ?? NULL; |
| 770 | 770 | |
| 771 | 771 | // If the application requested a specific userId, verify that that is that userId that we're now authenticating |
| 772 | - if ($challengeUserId!==NULL && ($userId !== $challengeUserId)) { |
|
| 772 | + if ($challengeUserId !== NULL && ($userId !== $challengeUserId)) { |
|
| 773 | 773 | $this->logger->error( |
| 774 | 774 | sprintf('Authentication failed: the requested userId "%s" does not match userId "%s" that is being authenticated', |
| 775 | 775 | $challengeUserId, $userId) |
@@ -817,9 +817,9 @@ discard block |
||
| 817 | 817 | * |
| 818 | 818 | * @throws Exception when there was an error communicating with the storage backed |
| 819 | 819 | */ |
| 820 | - public function logout(string $sessionId=""): void |
|
| 820 | + public function logout(string $sessionId = ""): void |
|
| 821 | 821 | { |
| 822 | - if ($sessionId=="") { |
|
| 822 | + if ($sessionId == "") { |
|
| 823 | 823 | $sessionId = session_id(); |
| 824 | 824 | } |
| 825 | 825 | |
@@ -859,9 +859,9 @@ discard block |
||
| 859 | 859 | * |
| 860 | 860 | * Does not throw |
| 861 | 861 | */ |
| 862 | - public function getAuthenticatedUser(string $sessionId=""): ?string |
|
| 862 | + public function getAuthenticatedUser(string $sessionId = ""): ?string |
|
| 863 | 863 | { |
| 864 | - if ($sessionId=="") { |
|
| 864 | + if ($sessionId == "") { |
|
| 865 | 865 | $this->logger->debug('Using the PHP session id, as no session id was provided'); |
| 866 | 866 | $sessionId = session_id(); |
| 867 | 867 | } |
@@ -905,22 +905,22 @@ discard block |
||
| 905 | 905 | $challenge = $state["challenge"] ?? ''; |
| 906 | 906 | $spIdentifier = $state["spIdentifier"] ?? ''; |
| 907 | 907 | |
| 908 | - if ( (strpos($this->_protocolAuth, 'https://') === 0) || (strpos($this->_protocolAuth, 'http://') === 0) ) { |
|
| 908 | + if ((strpos($this->_protocolAuth, 'https://') === 0) || (strpos($this->_protocolAuth, 'http://') === 0)) { |
|
| 909 | 909 | // Create universal Link |
| 910 | - $parameters=array(); |
|
| 910 | + $parameters = array(); |
|
| 911 | 911 | if (!is_null($userId)) { |
| 912 | - $parameters[]='u='.urlencode($userId); |
|
| 912 | + $parameters[] = 'u='.urlencode($userId); |
|
| 913 | 913 | } |
| 914 | - $parameters[]='s='.urlencode($sessionKey); |
|
| 915 | - $parameters[]='q='.urlencode($challenge); |
|
| 916 | - $parameters[]='i='.urlencode($this->getIdentifier()); |
|
| 917 | - $parameters[]='v='.urlencode($this->_protocolVersion); |
|
| 914 | + $parameters[] = 's='.urlencode($sessionKey); |
|
| 915 | + $parameters[] = 'q='.urlencode($challenge); |
|
| 916 | + $parameters[] = 'i='.urlencode($this->getIdentifier()); |
|
| 917 | + $parameters[] = 'v='.urlencode($this->_protocolVersion); |
|
| 918 | 918 | return $this->_protocolAuth.'?'.implode('&', $parameters); |
| 919 | 919 | } |
| 920 | 920 | |
| 921 | 921 | // Create custom URL scheme |
| 922 | 922 | // Last bit is the spIdentifier |
| 923 | - return $this->_protocolAuth."://".(!is_null($userId)?urlencode($userId).'@':'').$this->getIdentifier()."/".$sessionKey."/".$challenge."/".urlencode($spIdentifier)."/".$this->_protocolVersion; |
|
| 923 | + return $this->_protocolAuth."://".(!is_null($userId) ?urlencode($userId).'@' : '').$this->getIdentifier()."/".$sessionKey."/".$challenge."/".urlencode($spIdentifier)."/".$this->_protocolVersion; |
|
| 924 | 924 | } |
| 925 | 925 | |
| 926 | 926 | /** |
@@ -931,7 +931,7 @@ discard block |
||
| 931 | 931 | { |
| 932 | 932 | // The are two formats see: https://tiqr.org/technical/protocol/ |
| 933 | 933 | |
| 934 | - if ( (strpos($this->_protocolEnroll, 'https://') === 0) || (strpos($this->_protocolEnroll, 'http://') === 0) ) { |
|
| 934 | + if ((strpos($this->_protocolEnroll, 'https://') === 0) || (strpos($this->_protocolEnroll, 'http://') === 0)) { |
|
| 935 | 935 | // Create universal Link |
| 936 | 936 | return $this->_protocolEnroll.'?metadata='.urlencode($metadataUrl); |
| 937 | 937 | } |
@@ -950,7 +950,7 @@ discard block |
||
| 950 | 950 | protected function _uniqueSessionKey(): string |
| 951 | 951 | { |
| 952 | 952 | |
| 953 | - return bin2hex( Tiqr_Random::randomBytes(self::SESSION_KEY_LENGTH_BYTES) ); |
|
| 953 | + return bin2hex(Tiqr_Random::randomBytes(self::SESSION_KEY_LENGTH_BYTES)); |
|
| 954 | 954 | } |
| 955 | 955 | |
| 956 | 956 | /** |
@@ -981,7 +981,7 @@ discard block |
||
| 981 | 981 | */ |
| 982 | 982 | protected function _setStateValue(string $key_prefix, string $key, $value, int $expire): void { |
| 983 | 983 | $this->_stateStorage->setValue( |
| 984 | - $key_prefix . $this->_hashKey($key), |
|
| 984 | + $key_prefix.$this->_hashKey($key), |
|
| 985 | 985 | $value, |
| 986 | 986 | $expire |
| 987 | 987 | ); |
@@ -998,7 +998,7 @@ discard block |
||
| 998 | 998 | |
| 999 | 999 | protected function _getStateValue(string $key_prefix, string $key) { |
| 1000 | 1000 | return $this->_stateStorage->getValue( |
| 1001 | - $key_prefix . $this->_hashKey($key) |
|
| 1001 | + $key_prefix.$this->_hashKey($key) |
|
| 1002 | 1002 | ); |
| 1003 | 1003 | } |
| 1004 | 1004 | |
@@ -1012,7 +1012,7 @@ discard block |
||
| 1012 | 1012 | */ |
| 1013 | 1013 | protected function _unsetStateValue(string $key_prefix, string $key): void { |
| 1014 | 1014 | $this->_stateStorage->unsetValue( |
| 1015 | - $key_prefix . $this->_hashKey($key) |
|
| 1015 | + $key_prefix.$this->_hashKey($key) |
|
| 1016 | 1016 | ); |
| 1017 | 1017 | } |
| 1018 | 1018 | |
@@ -287,8 +287,7 @@ discard block |
||
| 287 | 287 | if (isset($options['ocraservice']) && $options['ocraservice']['type'] != 'tiqr') { |
| 288 | 288 | $options['ocraservice']['ocra.suite'] = $this->_ocraSuite; |
| 289 | 289 | $this->_ocraService = Tiqr_OcraService::getOcraService($options['ocraservice']['type'], $options['ocraservice'], $logger); |
| 290 | - } |
|
| 291 | - else { // Create default ocraservice |
|
| 290 | + } else { // Create default ocraservice |
|
| 292 | 291 | $this->_ocraService = Tiqr_OcraService::getOcraService('tiqr', array('ocra.suite' => $this->_ocraSuite), $logger); |
| 293 | 292 | } |
| 294 | 293 | } |
@@ -511,7 +510,9 @@ discard block |
||
| 511 | 510 | $sessionId = session_id(); |
| 512 | 511 | } |
| 513 | 512 | $status = $this->_getStateValue(self::PREFIX_ENROLLMENT_STATUS, $sessionId); |
| 514 | - if (is_null($status)) return self::ENROLLMENT_STATUS_IDLE; |
|
| 513 | + if (is_null($status)) { |
|
| 514 | + return self::ENROLLMENT_STATUS_IDLE; |
|
| 515 | + } |
|
| 515 | 516 | return $status; |
| 516 | 517 | } |
| 517 | 518 | |
@@ -868,8 +869,7 @@ discard block |
||
| 868 | 869 | |
| 869 | 870 | try { |
| 870 | 871 | return $this->_getStateValue("authenticated_", $sessionId); |
| 871 | - } |
|
| 872 | - catch (Exception $e) { |
|
| 872 | + } catch (Exception $e) { |
|
| 873 | 873 | $this->logger->error('getAuthenticatedUser failed', array('exception'=>$e)); |
| 874 | 874 | return NULL; |
| 875 | 875 | } |
