enwikipedia-acc / waca

includes/Router/RequestRouter.php

Indentation +434 added lines, -434 removed lines

@@ -62,438 +62,438 @@
  */
 class RequestRouter implements IRequestRouter
 {
-    /**
-     * This is the core routing table for the application. The basic idea is:
-     *
-     *      array(
-     *          "foo" =>
-     *              array(
-     *                  "class"   => PageFoo::class,
-     *                  "actions" => array("bar", "other")
-     *              ),
-     * );
-     *
-     * Things to note:
-     *     - If no page is requested, we go to PageMain. PageMain can't have actions defined.
-     *
-     *     - If a page is defined and requested, but no action is requested, go to that page's main() method
-     *     - If a page is defined and requested, and an action is defined and requested, go to that action's method.
-     *     - If a page is defined and requested, and an action NOT defined and requested, go to Page404 and it's main()
-     *       method.
-     *     - If a page is NOT defined and requested, go to Page404 and it's main() method.
-     *
-     *     - Query parameters are ignored.
-     *
-     * The key point here is request routing with validation that this is allowed, before we start hitting the
-     * filesystem through the AutoLoader, and opening random files. Also, so that we validate the action requested
-     * before we start calling random methods through the web UI.
-     *
-     * Examples:
-     * /internal.php                => returns instance of PageMain, routed to main()
-     * /internal.php?query          => returns instance of PageMain, routed to main()
-     * /internal.php/foo            => returns instance of PageFoo, routed to main()
-     * /internal.php/foo?query      => returns instance of PageFoo, routed to main()
-     * /internal.php/foo/bar        => returns instance of PageFoo, routed to bar()
-     * /internal.php/foo/bar?query  => returns instance of PageFoo, routed to bar()
-     * /internal.php/foo/baz        => returns instance of Page404, routed to main()
-     * /internal.php/foo/baz?query  => returns instance of Page404, routed to main()
-     * /internal.php/bar            => returns instance of Page404, routed to main()
-     * /internal.php/bar?query      => returns instance of Page404, routed to main()
-     * /internal.php/bar/baz        => returns instance of Page404, routed to main()
-     * /internal.php/bar/baz?query  => returns instance of Page404, routed to main()
-     *
-     * Take care when changing this - a lot of places rely on the array key for redirects and other links. If you need
-     * to change the key, then you'll likely have to update a lot of files.
-     *
-     * @var array
-     */
-    private $routeMap = array(
-
-        //////////////////////////////////////////////////////////////////////////////////////////////////
-        // Login and registration
-        'logout'                      =>
-            array(
-                'class'   => PageLogout::class,
-                'actions' => array(),
-            ),
-        'login'                       =>
-            array(
-                'class'   => PagePasswordLogin::class,
-                'actions' => array(),
-            ),
-        'login/otp'                   =>
-            array(
-                'class'   => PageOtpLogin::class,
-                'actions' => array(),
-            ),
-        'login/u2f'                   =>
-            array(
-                'class'   => PageU2FLogin::class,
-                'actions' => array(),
-            ),
-        'forgotPassword'              =>
-            array(
-                'class'   => PageForgotPassword::class,
-                'actions' => array('reset'),
-            ),
-        'register'                    =>
-            array(
-                'class'   => PageRegisterOption::class,
-                'actions' => array(),
-            ),
-        'register/standard'           =>
-            array(
-                'class'   => PageRegisterStandard::class,
-                'actions' => array('done'),
-            ),
-
-        //////////////////////////////////////////////////////////////////////////////////////////////////
-        // Discovery
-        'search'                      =>
-            array(
-                'class'   => PageSearch::class,
-                'actions' => array(),
-            ),
-        'logs'                        =>
-            array(
-                'class'   => PageLog::class,
-                'actions' => array(),
-            ),
-
-        //////////////////////////////////////////////////////////////////////////////////////////////////
-        // Administration
-        'bans'                        =>
-            array(
-                'class'   => PageBan::class,
-                'actions' => array('set', 'remove'),
-            ),
-        'userManagement'              =>
-            array(
-                'class'   => PageUserManagement::class,
-                'actions' => array(
-                    'approve',
-                    'decline',
-                    'rename',
-                    'editUser',
-                    'suspend',
-                    'editRoles',
-                ),
-            ),
-        'siteNotice'                  =>
-            array(
-                'class'   => PageSiteNotice::class,
-                'actions' => array(),
-            ),
-        'emailManagement'             =>
-            array(
-                'class'   => PageEmailManagement::class,
-                'actions' => array('create', 'edit', 'view'),
-            ),
-        'jobQueue'                    =>
-            array(
-                'class'   => PageJobQueue::class,
-                'actions' => array('acknowledge', 'requeue', 'view', 'all'),
-            ),
-
-        //////////////////////////////////////////////////////////////////////////////////////////////////
-        // Personal preferences
-        'preferences'                 =>
-            array(
-                'class'   => PagePreferences::class,
-                'actions' => array(),
-            ),
-        'changePassword'              =>
-            array(
-                'class'   => PageChangePassword::class,
-                'actions' => array(),
-            ),
-        'multiFactor'                 =>
-            array(
-                'class'   => PageMultiFactor::class,
-                'actions' => array(
-                    'scratch',
-                    'enableYubikeyOtp',
-                    'disableYubikeyOtp',
-                    'enableTotp',
-                    'disableTotp',
-                    'enableU2F',
-                    'disableU2F',
-                ),
-            ),
-        'oauth'                       =>
-            array(
-                'class'   => PageOAuth::class,
-                'actions' => array('detach', 'attach'),
-            ),
-        'oauth/callback'              =>
-            array(
-                'class'   => PageOAuthCallback::class,
-                'actions' => array('authorise', 'create'),
-            ),
-
-        //////////////////////////////////////////////////////////////////////////////////////////////////
-        // Welcomer configuration
-        'welcomeTemplates'            =>
-            array(
-                'class'   => PageWelcomeTemplateManagement::class,
-                'actions' => array('select', 'edit', 'delete', 'add', 'view'),
-            ),
-
-        //////////////////////////////////////////////////////////////////////////////////////////////////
-        // Statistics
-        'statistics'                  =>
-            array(
-                'class'   => StatsMain::class,
-                'actions' => array(),
-            ),
-        'statistics/fastCloses'       =>
-            array(
-                'class'   => StatsFastCloses::class,
-                'actions' => array(),
-            ),
-        'statistics/inactiveUsers'    =>
-            array(
-                'class'   => StatsInactiveUsers::class,
-                'actions' => array(),
-            ),
-        'statistics/monthlyStats'     =>
-            array(
-                'class'   => StatsMonthlyStats::class,
-                'actions' => array(),
-            ),
-        'statistics/reservedRequests' =>
-            array(
-                'class'   => StatsReservedRequests::class,
-                'actions' => array(),
-            ),
-        'statistics/templateStats'    =>
-            array(
-                'class'   => StatsTemplateStats::class,
-                'actions' => array(),
-            ),
-        'statistics/topCreators'      =>
-            array(
-                'class'   => StatsTopCreators::class,
-                'actions' => array(),
-            ),
-        'statistics/users'            =>
-            array(
-                'class'   => StatsUsers::class,
-                'actions' => array('detail'),
-            ),
-
-        //////////////////////////////////////////////////////////////////////////////////////////////////
-        // Zoom page
-        'viewRequest'                 =>
-            array(
-                'class'   => PageViewRequest::class,
-                'actions' => array(),
-            ),
-        'viewRequest/reserve'         =>
-            array(
-                'class'   => PageReservation::class,
-                'actions' => array(),
-            ),
-        'viewRequest/breakReserve'    =>
-            array(
-                'class'   => PageBreakReservation::class,
-                'actions' => array(),
-            ),
-        'viewRequest/defer'           =>
-            array(
-                'class'   => PageDeferRequest::class,
-                'actions' => array(),
-            ),
-        'viewRequest/comment'         =>
-            array(
-                'class'   => PageComment::class,
-                'actions' => array(),
-            ),
-        'viewRequest/sendToUser'      =>
-            array(
-                'class'   => PageSendToUser::class,
-                'actions' => array(),
-            ),
-        'viewRequest/close'           =>
-            array(
-                'class'   => PageCloseRequest::class,
-                'actions' => array(),
-            ),
-        'viewRequest/create'          =>
-            array(
-                'class'   => PageCreateRequest::class,
-                'actions' => array(),
-            ),
-        'viewRequest/drop'            =>
-            array(
-                'class'   => PageDropRequest::class,
-                'actions' => array(),
-            ),
-        'viewRequest/custom'          =>
-            array(
-                'class'   => PageCustomClose::class,
-                'actions' => array(),
-            ),
-        'editComment'                 =>
-            array(
-                'class'   => PageEditComment::class,
-                'actions' => array(),
-            ),
-
-        //////////////////////////////////////////////////////////////////////////////////////////////////
-        // Misc stuff
-        'team'                        =>
-            array(
-                'class'   => PageTeam::class,
-                'actions' => array(),
-            ),
-        'requestList'                 =>
-            array(
-                'class'   => PageExpandedRequestList::class,
-                'actions' => array(),
-            ),
-    );
-
-    /**
-     * @return IRoutedTask
-     * @throws Exception
-     */
-    final public function route()
-    {
-        $pathInfo = WebRequest::pathInfo();
-
-        list($pageClass, $action) = $this->getRouteFromPath($pathInfo);
-
-        /** @var IRoutedTask $page */
-        $page = new $pageClass();
-
-        // Dynamic creation, so we've got to be careful here. We can't use built-in language type protection, so
-        // let's use our own.
-        if (!($page instanceof IRoutedTask)) {
-            throw new Exception('Expected a page, but this is not a page.');
-        }
-
-        // OK, I'm happy at this point that we know we're running a page, and we know it's probably what we want if it
-        // inherits PageBase and has been created from the routing map.
-        $page->setRoute($action);
-
-        return $page;
-    }
-
-    /**
-     * @param $pathInfo
-     *
-     * @return array
-     */
-    protected function getRouteFromPath($pathInfo)
-    {
-        if (count($pathInfo) === 0) {
-            // No pathInfo, so no page to load. Load the main page.
-            return $this->getDefaultRoute();
-        }
-        elseif (count($pathInfo) === 1) {
-            // Exactly one path info segment, it's got to be a page.
-            $classSegment = $pathInfo[0];
-
-            return $this->routeSinglePathSegment($classSegment);
-        }
-
-        // OK, we have two or more segments now.
-        if (count($pathInfo) > 2) {
-            // Let's handle more than two, and collapse it down into two.
-            $requestedAction = array_pop($pathInfo);
-            $classSegment = implode('/', $pathInfo);
-        }
-        else {
-            // Two path info segments.
-            $classSegment = $pathInfo[0];
-            $requestedAction = $pathInfo[1];
-        }
-
-        $routeMap = $this->routePathSegments($classSegment, $requestedAction);
-
-        if ($routeMap[0] === Page404::class) {
-            $routeMap = $this->routeSinglePathSegment($classSegment . '/' . $requestedAction);
-        }
-
-        return $routeMap;
-    }
-
-    /**
-     * @param $classSegment
-     *
-     * @return array
-     */
-    final protected function routeSinglePathSegment($classSegment)
-    {
-        $routeMap = $this->getRouteMap();
-        if (array_key_exists($classSegment, $routeMap)) {
-            // Route exists, but we don't have an action in path info, so default to main.
-            $pageClass = $routeMap[$classSegment]['class'];
-            $action = 'main';
-
-            return array($pageClass, $action);
-        }
-        else {
-            // Doesn't exist in map. Fall back to 404
-            $pageClass = Page404::class;
-            $action = "main";
-
-            return array($pageClass, $action);
-        }
-    }
-
-    /**
-     * @param $classSegment
-     * @param $requestedAction
-     *
-     * @return array
-     */
-    final protected function routePathSegments($classSegment, $requestedAction)
-    {
-        $routeMap = $this->getRouteMap();
-        if (array_key_exists($classSegment, $routeMap)) {
-            // Route exists, but we don't have an action in path info, so default to main.
-
-            if (isset($routeMap[$classSegment]['actions'])
-                && array_search($requestedAction, $routeMap[$classSegment]['actions']) !== false
-            ) {
-                // Action exists in allowed action list. Allow both the page and the action
-                $pageClass = $routeMap[$classSegment]['class'];
-                $action = $requestedAction;
-
-                return array($pageClass, $action);
-            }
-            else {
-                // Valid page, invalid action. 404 our way out.
-                $pageClass = Page404::class;
-                $action = 'main';
-
-                return array($pageClass, $action);
-            }
-        }
-        else {
-            // Class doesn't exist in map. Fall back to 404
-            $pageClass = Page404::class;
-            $action = 'main';
-
-            return array($pageClass, $action);
-        }
-    }
-
-    /**
-     * @return array
-     */
-    protected function getRouteMap()
-    {
-        return $this->routeMap;
-    }
-
-    /**
-     * @return callable
-     */
-    protected function getDefaultRoute()
-    {
-        return array(PageMain::class, "main");
-    }
+	/**
+	 * This is the core routing table for the application. The basic idea is:
+	 *
+	 *      array(
+	 *          "foo" =>
+	 *              array(
+	 *                  "class"   => PageFoo::class,
+	 *                  "actions" => array("bar", "other")
+	 *              ),
+	 * );
+	 *
+	 * Things to note:
+	 *     - If no page is requested, we go to PageMain. PageMain can't have actions defined.
+	 *
+	 *     - If a page is defined and requested, but no action is requested, go to that page's main() method
+	 *     - If a page is defined and requested, and an action is defined and requested, go to that action's method.
+	 *     - If a page is defined and requested, and an action NOT defined and requested, go to Page404 and it's main()
+	 *       method.
+	 *     - If a page is NOT defined and requested, go to Page404 and it's main() method.
+	 *
+	 *     - Query parameters are ignored.
+	 *
+	 * The key point here is request routing with validation that this is allowed, before we start hitting the
+	 * filesystem through the AutoLoader, and opening random files. Also, so that we validate the action requested
+	 * before we start calling random methods through the web UI.
+	 *
+	 * Examples:
+	 * /internal.php                => returns instance of PageMain, routed to main()
+	 * /internal.php?query          => returns instance of PageMain, routed to main()
+	 * /internal.php/foo            => returns instance of PageFoo, routed to main()
+	 * /internal.php/foo?query      => returns instance of PageFoo, routed to main()
+	 * /internal.php/foo/bar        => returns instance of PageFoo, routed to bar()
+	 * /internal.php/foo/bar?query  => returns instance of PageFoo, routed to bar()
+	 * /internal.php/foo/baz        => returns instance of Page404, routed to main()
+	 * /internal.php/foo/baz?query  => returns instance of Page404, routed to main()
+	 * /internal.php/bar            => returns instance of Page404, routed to main()
+	 * /internal.php/bar?query      => returns instance of Page404, routed to main()
+	 * /internal.php/bar/baz        => returns instance of Page404, routed to main()
+	 * /internal.php/bar/baz?query  => returns instance of Page404, routed to main()
+	 *
+	 * Take care when changing this - a lot of places rely on the array key for redirects and other links. If you need
+	 * to change the key, then you'll likely have to update a lot of files.
+	 *
+	 * @var array
+	 */
+	private $routeMap = array(
+
+		//////////////////////////////////////////////////////////////////////////////////////////////////
+		// Login and registration
+		'logout'                      =>
+			array(
+				'class'   => PageLogout::class,
+				'actions' => array(),
+			),
+		'login'                       =>
+			array(
+				'class'   => PagePasswordLogin::class,
+				'actions' => array(),
+			),
+		'login/otp'                   =>
+			array(
+				'class'   => PageOtpLogin::class,
+				'actions' => array(),
+			),
+		'login/u2f'                   =>
+			array(
+				'class'   => PageU2FLogin::class,
+				'actions' => array(),
+			),
+		'forgotPassword'              =>
+			array(
+				'class'   => PageForgotPassword::class,
+				'actions' => array('reset'),
+			),
+		'register'                    =>
+			array(
+				'class'   => PageRegisterOption::class,
+				'actions' => array(),
+			),
+		'register/standard'           =>
+			array(
+				'class'   => PageRegisterStandard::class,
+				'actions' => array('done'),
+			),
+
+		//////////////////////////////////////////////////////////////////////////////////////////////////
+		// Discovery
+		'search'                      =>
+			array(
+				'class'   => PageSearch::class,
+				'actions' => array(),
+			),
+		'logs'                        =>
+			array(
+				'class'   => PageLog::class,
+				'actions' => array(),
+			),
+
+		//////////////////////////////////////////////////////////////////////////////////////////////////
+		// Administration
+		'bans'                        =>
+			array(
+				'class'   => PageBan::class,
+				'actions' => array('set', 'remove'),
+			),
+		'userManagement'              =>
+			array(
+				'class'   => PageUserManagement::class,
+				'actions' => array(
+					'approve',
+					'decline',
+					'rename',
+					'editUser',
+					'suspend',
+					'editRoles',
+				),
+			),
+		'siteNotice'                  =>
+			array(
+				'class'   => PageSiteNotice::class,
+				'actions' => array(),
+			),
+		'emailManagement'             =>
+			array(
+				'class'   => PageEmailManagement::class,
+				'actions' => array('create', 'edit', 'view'),
+			),
+		'jobQueue'                    =>
+			array(
+				'class'   => PageJobQueue::class,
+				'actions' => array('acknowledge', 'requeue', 'view', 'all'),
+			),
+
+		//////////////////////////////////////////////////////////////////////////////////////////////////
+		// Personal preferences
+		'preferences'                 =>
+			array(
+				'class'   => PagePreferences::class,
+				'actions' => array(),
+			),
+		'changePassword'              =>
+			array(
+				'class'   => PageChangePassword::class,
+				'actions' => array(),
+			),
+		'multiFactor'                 =>
+			array(
+				'class'   => PageMultiFactor::class,
+				'actions' => array(
+					'scratch',
+					'enableYubikeyOtp',
+					'disableYubikeyOtp',
+					'enableTotp',
+					'disableTotp',
+					'enableU2F',
+					'disableU2F',
+				),
+			),
+		'oauth'                       =>
+			array(
+				'class'   => PageOAuth::class,
+				'actions' => array('detach', 'attach'),
+			),
+		'oauth/callback'              =>
+			array(
+				'class'   => PageOAuthCallback::class,
+				'actions' => array('authorise', 'create'),
+			),
+
+		//////////////////////////////////////////////////////////////////////////////////////////////////
+		// Welcomer configuration
+		'welcomeTemplates'            =>
+			array(
+				'class'   => PageWelcomeTemplateManagement::class,
+				'actions' => array('select', 'edit', 'delete', 'add', 'view'),
+			),
+
+		//////////////////////////////////////////////////////////////////////////////////////////////////
+		// Statistics
+		'statistics'                  =>
+			array(
+				'class'   => StatsMain::class,
+				'actions' => array(),
+			),
+		'statistics/fastCloses'       =>
+			array(
+				'class'   => StatsFastCloses::class,
+				'actions' => array(),
+			),
+		'statistics/inactiveUsers'    =>
+			array(
+				'class'   => StatsInactiveUsers::class,
+				'actions' => array(),
+			),
+		'statistics/monthlyStats'     =>
+			array(
+				'class'   => StatsMonthlyStats::class,
+				'actions' => array(),
+			),
+		'statistics/reservedRequests' =>
+			array(
+				'class'   => StatsReservedRequests::class,
+				'actions' => array(),
+			),
+		'statistics/templateStats'    =>
+			array(
+				'class'   => StatsTemplateStats::class,
+				'actions' => array(),
+			),
+		'statistics/topCreators'      =>
+			array(
+				'class'   => StatsTopCreators::class,
+				'actions' => array(),
+			),
+		'statistics/users'            =>
+			array(
+				'class'   => StatsUsers::class,
+				'actions' => array('detail'),
+			),
+
+		//////////////////////////////////////////////////////////////////////////////////////////////////
+		// Zoom page
+		'viewRequest'                 =>
+			array(
+				'class'   => PageViewRequest::class,
+				'actions' => array(),
+			),
+		'viewRequest/reserve'         =>
+			array(
+				'class'   => PageReservation::class,
+				'actions' => array(),
+			),
+		'viewRequest/breakReserve'    =>
+			array(
+				'class'   => PageBreakReservation::class,
+				'actions' => array(),
+			),
+		'viewRequest/defer'           =>
+			array(
+				'class'   => PageDeferRequest::class,
+				'actions' => array(),
+			),
+		'viewRequest/comment'         =>
+			array(
+				'class'   => PageComment::class,
+				'actions' => array(),
+			),
+		'viewRequest/sendToUser'      =>
+			array(
+				'class'   => PageSendToUser::class,
+				'actions' => array(),
+			),
+		'viewRequest/close'           =>
+			array(
+				'class'   => PageCloseRequest::class,
+				'actions' => array(),
+			),
+		'viewRequest/create'          =>
+			array(
+				'class'   => PageCreateRequest::class,
+				'actions' => array(),
+			),
+		'viewRequest/drop'            =>
+			array(
+				'class'   => PageDropRequest::class,
+				'actions' => array(),
+			),
+		'viewRequest/custom'          =>
+			array(
+				'class'   => PageCustomClose::class,
+				'actions' => array(),
+			),
+		'editComment'                 =>
+			array(
+				'class'   => PageEditComment::class,
+				'actions' => array(),
+			),
+
+		//////////////////////////////////////////////////////////////////////////////////////////////////
+		// Misc stuff
+		'team'                        =>
+			array(
+				'class'   => PageTeam::class,
+				'actions' => array(),
+			),
+		'requestList'                 =>
+			array(
+				'class'   => PageExpandedRequestList::class,
+				'actions' => array(),
+			),
+	);
+
+	/**
+	 * @return IRoutedTask
+	 * @throws Exception
+	 */
+	final public function route()
+	{
+		$pathInfo = WebRequest::pathInfo();
+
+		list($pageClass, $action) = $this->getRouteFromPath($pathInfo);
+
+		/** @var IRoutedTask $page */
+		$page = new $pageClass();
+
+		// Dynamic creation, so we've got to be careful here. We can't use built-in language type protection, so
+		// let's use our own.
+		if (!($page instanceof IRoutedTask)) {
+			throw new Exception('Expected a page, but this is not a page.');
+		}
+
+		// OK, I'm happy at this point that we know we're running a page, and we know it's probably what we want if it
+		// inherits PageBase and has been created from the routing map.
+		$page->setRoute($action);
+
+		return $page;
+	}
+
+	/**
+	 * @param $pathInfo
+	 *
+	 * @return array
+	 */
+	protected function getRouteFromPath($pathInfo)
+	{
+		if (count($pathInfo) === 0) {
+			// No pathInfo, so no page to load. Load the main page.
+			return $this->getDefaultRoute();
+		}
+		elseif (count($pathInfo) === 1) {
+			// Exactly one path info segment, it's got to be a page.
+			$classSegment = $pathInfo[0];
+
+			return $this->routeSinglePathSegment($classSegment);
+		}
+
+		// OK, we have two or more segments now.
+		if (count($pathInfo) > 2) {
+			// Let's handle more than two, and collapse it down into two.
+			$requestedAction = array_pop($pathInfo);
+			$classSegment = implode('/', $pathInfo);
+		}
+		else {
+			// Two path info segments.
+			$classSegment = $pathInfo[0];
+			$requestedAction = $pathInfo[1];
+		}
+
+		$routeMap = $this->routePathSegments($classSegment, $requestedAction);
+
+		if ($routeMap[0] === Page404::class) {
+			$routeMap = $this->routeSinglePathSegment($classSegment . '/' . $requestedAction);
+		}
+
+		return $routeMap;
+	}
+
+	/**
+	 * @param $classSegment
+	 *
+	 * @return array
+	 */
+	final protected function routeSinglePathSegment($classSegment)
+	{
+		$routeMap = $this->getRouteMap();
+		if (array_key_exists($classSegment, $routeMap)) {
+			// Route exists, but we don't have an action in path info, so default to main.
+			$pageClass = $routeMap[$classSegment]['class'];
+			$action = 'main';
+
+			return array($pageClass, $action);
+		}
+		else {
+			// Doesn't exist in map. Fall back to 404
+			$pageClass = Page404::class;
+			$action = "main";
+
+			return array($pageClass, $action);
+		}
+	}
+
+	/**
+	 * @param $classSegment
+	 * @param $requestedAction
+	 *
+	 * @return array
+	 */
+	final protected function routePathSegments($classSegment, $requestedAction)
+	{
+		$routeMap = $this->getRouteMap();
+		if (array_key_exists($classSegment, $routeMap)) {
+			// Route exists, but we don't have an action in path info, so default to main.
+
+			if (isset($routeMap[$classSegment]['actions'])
+				&& array_search($requestedAction, $routeMap[$classSegment]['actions']) !== false
+			) {
+				// Action exists in allowed action list. Allow both the page and the action
+				$pageClass = $routeMap[$classSegment]['class'];
+				$action = $requestedAction;
+
+				return array($pageClass, $action);
+			}
+			else {
+				// Valid page, invalid action. 404 our way out.
+				$pageClass = Page404::class;
+				$action = 'main';
+
+				return array($pageClass, $action);
+			}
+		}
+		else {
+			// Class doesn't exist in map. Fall back to 404
+			$pageClass = Page404::class;
+			$action = 'main';
+
+			return array($pageClass, $action);
+		}
+	}
+
+	/**
+	 * @return array
+	 */
+	protected function getRouteMap()
+	{
+		return $this->routeMap;
+	}
+
+	/**
+	 * @return callable
+	 */
+	protected function getDefaultRoute()
+	{
+		return array(PageMain::class, "main");
+	}
 }

includes/Security/CredentialProviders/YubikeyOtpCredentialProvider.php

Indentation +150 added lines, -150 removed lines

@@ -16,154 +16,154 @@
 
 class YubikeyOtpCredentialProvider extends CredentialProviderBase
 {
-    /** @var HttpHelper */
-    private $httpHelper;
-    /**
-     * @var SiteConfiguration
-     */
-    private $configuration;
-
-    public function __construct(PdoDatabase $database, SiteConfiguration $configuration, HttpHelper $httpHelper)
-    {
-        parent::__construct($database, $configuration, 'yubikeyotp');
-        $this->httpHelper = $httpHelper;
-        $this->configuration = $configuration;
-    }
-
-    public function authenticate(User $user, $data)
-    {
-        if (is_array($data)) {
-            return false;
-        }
-
-        $credentialData = $this->getCredentialData($user->getId());
-
-        if ($credentialData === null) {
-            return false;
-        }
-
-        if ($credentialData->getData() !== $this->getYubikeyId($data)) {
-            // different device
-            return false;
-        }
-
-        return $this->verifyToken($data);
-    }
-
-    public function setCredential(User $user, $factor, $data)
-    {
-        $keyId = $this->getYubikeyId($data);
-        $valid = $this->verifyToken($data);
-
-        if (!$valid) {
-            throw new ApplicationLogicException("Provided token is not valid.");
-        }
-
-        $storedData = $this->getCredentialData($user->getId());
-
-        if ($storedData === null) {
-            $storedData = $this->createNewCredential($user);
-        }
-
-        $storedData->setData($keyId);
-        $storedData->setFactor($factor);
-        $storedData->setVersion(1);
-        $storedData->setPriority(8);
-
-        $storedData->save();
-    }
-
-    /**
-     * Get the Yubikey ID.
-     *
-     * This looks like it's just dumping the "password" that's stored in the database, but it's actually fine.
-     *
-     * We only store the "serial number" of the Yubikey - if we get a validated (by webservice) token prefixed with the
-     * serial number, that's a successful OTP authentication. Thus, retrieving the stored data is just retrieving the
-     * yubikey's serial number (in modhex format), since the actual security credentials are stored on the device.
-     *
-     * Note that the serial number is actually the credential serial number - it's possible to regenerate the keys on
-     * the device, and that will change the serial number too.
-     *
-     * More information about the structure of OTPs can be found here:
-     * https://developers.yubico.com/OTP/OTPs_Explained.html
-     *
-     * @param int $userId
-     *
-     * @return null|string
-     */
-    public function getYubikeyData($userId)
-    {
-        $credential = $this->getCredentialData($userId);
-
-        if ($credential === null) {
-            return null;
-        }
-
-        return $credential->getData();
-    }
-
-    /**
-     * @param $result
-     *
-     * @return array
-     */
-    private function parseYubicoApiResult($result)
-    {
-        $data = array();
-        foreach (explode("\r\n", $result) as $line) {
-            $pos = strpos($line, '=');
-            if ($pos === false) {
-                continue;
-            }
-
-            $data[substr($line, 0, $pos)] = substr($line, $pos + 1);
-        }
-
-        return $data;
-    }
-
-    private function getYubikeyId($data)
-    {
-        return substr($data, 0, -32);
-    }
-
-    private function verifyHmac($apiResponse, $apiKey)
-    {
-        ksort($apiResponse);
-        $signature = $apiResponse['h'];
-        unset($apiResponse['h']);
-
-        $data = array();
-        foreach ($apiResponse as $key => $value) {
-            $data[] = $key . "=" . $value;
-        }
-        $dataString = implode('&', $data);
-
-        $hmac = base64_encode(hash_hmac('sha1', $dataString, base64_decode($apiKey), true));
-
-        return $hmac === $signature;
-    }
-
-    /**
-     * @param $data
-     *
-     * @return bool
-     */
-    private function verifyToken($data)
-    {
-        $result = $this->httpHelper->get('https://api.yubico.com/wsapi/2.0/verify', array(
-            'id'    => $this->configuration->getYubicoApiId(),
-            'otp'   => $data,
-            'nonce' => md5(openssl_random_pseudo_bytes(64)),
-        ));
-
-        $apiResponse = $this->parseYubicoApiResult($result);
-
-        if (!$this->verifyHmac($apiResponse, $this->configuration->getYubicoApiKey())) {
-            return false;
-        }
-
-        return $apiResponse['status'] == 'OK';
-    }
+	/** @var HttpHelper */
+	private $httpHelper;
+	/**
+	 * @var SiteConfiguration
+	 */
+	private $configuration;
+
+	public function __construct(PdoDatabase $database, SiteConfiguration $configuration, HttpHelper $httpHelper)
+	{
+		parent::__construct($database, $configuration, 'yubikeyotp');
+		$this->httpHelper = $httpHelper;
+		$this->configuration = $configuration;
+	}
+
+	public function authenticate(User $user, $data)
+	{
+		if (is_array($data)) {
+			return false;
+		}
+
+		$credentialData = $this->getCredentialData($user->getId());
+
+		if ($credentialData === null) {
+			return false;
+		}
+
+		if ($credentialData->getData() !== $this->getYubikeyId($data)) {
+			// different device
+			return false;
+		}
+
+		return $this->verifyToken($data);
+	}
+
+	public function setCredential(User $user, $factor, $data)
+	{
+		$keyId = $this->getYubikeyId($data);
+		$valid = $this->verifyToken($data);
+
+		if (!$valid) {
+			throw new ApplicationLogicException("Provided token is not valid.");
+		}
+
+		$storedData = $this->getCredentialData($user->getId());
+
+		if ($storedData === null) {
+			$storedData = $this->createNewCredential($user);
+		}
+
+		$storedData->setData($keyId);
+		$storedData->setFactor($factor);
+		$storedData->setVersion(1);
+		$storedData->setPriority(8);
+
+		$storedData->save();
+	}
+
+	/**
+	 * Get the Yubikey ID.
+	 *
+	 * This looks like it's just dumping the "password" that's stored in the database, but it's actually fine.
+	 *
+	 * We only store the "serial number" of the Yubikey - if we get a validated (by webservice) token prefixed with the
+	 * serial number, that's a successful OTP authentication. Thus, retrieving the stored data is just retrieving the
+	 * yubikey's serial number (in modhex format), since the actual security credentials are stored on the device.
+	 *
+	 * Note that the serial number is actually the credential serial number - it's possible to regenerate the keys on
+	 * the device, and that will change the serial number too.
+	 *
+	 * More information about the structure of OTPs can be found here:
+	 * https://developers.yubico.com/OTP/OTPs_Explained.html
+	 *
+	 * @param int $userId
+	 *
+	 * @return null|string
+	 */
+	public function getYubikeyData($userId)
+	{
+		$credential = $this->getCredentialData($userId);
+
+		if ($credential === null) {
+			return null;
+		}
+
+		return $credential->getData();
+	}
+
+	/**
+	 * @param $result
+	 *
+	 * @return array
+	 */
+	private function parseYubicoApiResult($result)
+	{
+		$data = array();
+		foreach (explode("\r\n", $result) as $line) {
+			$pos = strpos($line, '=');
+			if ($pos === false) {
+				continue;
+			}
+
+			$data[substr($line, 0, $pos)] = substr($line, $pos + 1);
+		}
+
+		return $data;
+	}
+
+	private function getYubikeyId($data)
+	{
+		return substr($data, 0, -32);
+	}
+
+	private function verifyHmac($apiResponse, $apiKey)
+	{
+		ksort($apiResponse);
+		$signature = $apiResponse['h'];
+		unset($apiResponse['h']);
+
+		$data = array();
+		foreach ($apiResponse as $key => $value) {
+			$data[] = $key . "=" . $value;
+		}
+		$dataString = implode('&', $data);
+
+		$hmac = base64_encode(hash_hmac('sha1', $dataString, base64_decode($apiKey), true));
+
+		return $hmac === $signature;
+	}
+
+	/**
+	 * @param $data
+	 *
+	 * @return bool
+	 */
+	private function verifyToken($data)
+	{
+		$result = $this->httpHelper->get('https://api.yubico.com/wsapi/2.0/verify', array(
+			'id'    => $this->configuration->getYubicoApiId(),
+			'otp'   => $data,
+			'nonce' => md5(openssl_random_pseudo_bytes(64)),
+		));
+
+		$apiResponse = $this->parseYubicoApiResult($result);
+
+		if (!$this->verifyHmac($apiResponse, $this->configuration->getYubicoApiKey())) {
+			return false;
+		}
+
+		return $apiResponse['status'] == 'OK';
+	}
 }

includes/Security/CredentialProviders/U2FCredentialProvider.php

Indentation +126 added lines, -126 removed lines

@@ -19,130 +19,130 @@
 
 class U2FCredentialProvider extends CredentialProviderBase
 {
-    /** @var U2F */
-    private $u2f;
-
-    /**
-     * U2FCredentialProvider constructor.
-     *
-     * @param PdoDatabase       $database
-     * @param SiteConfiguration $configuration
-     */
-    public function __construct(PdoDatabase $database, SiteConfiguration $configuration)
-    {
-        parent::__construct($database, $configuration, 'u2f');
-
-        $appId = 'https://' . WebRequest::httpHost();
-        $this->u2f = new U2F($appId);
-    }
-
-    /**
-     * Validates a user-provided credential
-     *
-     * @param User   $user The user to test the authentication against
-     * @param string $data The raw credential data to be validated
-     *
-     * @return bool
-     */
-    public function authenticate(User $user, $data)
-    {
-        if (!is_array($data)) {
-            return false;
-        }
-
-        list($authenticate, $request, $isU2F) = $data;
-
-        if ($isU2F !== 'u2f') {
-            return false;
-        }
-
-        $storedData = $this->getCredentialData($user->getId(), false);
-        $registrations = json_decode($storedData->getData());
-
-        try {
-            $this->u2f->doAuthenticate($request, array($registrations), $authenticate);
-        }
-        catch (Error $ex) {
-            return false;
-        }
-
-        // TODO: counter?
-
-        return true;
-    }
-
-    public function enable(User $user, $request, $u2fData)
-    {
-        $registrationData = $this->u2f->doRegister($request, $u2fData);
-
-        $storedData = $this->getCredentialData($user->getId(), true);
-
-        if ($storedData === null) {
-            throw new ApplicationLogicException('Credential data not found');
-        }
-
-        if ($storedData->getTimeout() > new DateTimeImmutable()) {
-            $storedData->setData(json_encode($registrationData));
-            $storedData->setDisabled(0);
-            $storedData->setTimeout(null);
-            $storedData->save();
-        }
-    }
-
-    /**
-     * @param User   $user   The user the credential belongs to
-     * @param int    $factor The factor this credential provides
-     * @param string $data   Unused here, due to multi-stage enrollment
-     */
-    public function setCredential(User $user, $factor, $data)
-    {
-        $storedData = $this->getCredentialData($user->getId(), null);
-
-        if ($storedData !== null) {
-            $storedData->delete();
-        }
-
-        $storedData = $this->createNewCredential($user);
-
-        $storedData->setData(null);
-        $storedData->setFactor($factor);
-        $storedData->setTimeout(new DateTimeImmutable('+ 1 hour'));
-        $storedData->setDisabled(1);
-        $storedData->setPriority(4);
-        $storedData->setVersion(1);
-
-        $storedData->save();
-    }
-
-    public function isPartiallyEnrolled(User $user)
-    {
-        $storedData = $this->getCredentialData($user->getId(), true);
-
-        if ($storedData->getTimeout() < new DateTimeImmutable()) {
-            $storedData->delete();
-
-            return false;
-        }
-
-        if ($storedData === null) {
-            return false;
-        }
-
-        return true;
-    }
-
-    public function getRegistrationData()
-    {
-        return $this->u2f->getRegisterData();
-    }
-
-    public function getAuthenticationData(User $user)
-    {
-        $storedData = $this->getCredentialData($user->getId(), false);
-        $registrations = json_decode($storedData->getData());
-
-        $authenticateData = $this->u2f->getAuthenticateData(array($registrations));
-
-        return $authenticateData;
-    }
+	/** @var U2F */
+	private $u2f;
+
+	/**
+	 * U2FCredentialProvider constructor.
+	 *
+	 * @param PdoDatabase       $database
+	 * @param SiteConfiguration $configuration
+	 */
+	public function __construct(PdoDatabase $database, SiteConfiguration $configuration)
+	{
+		parent::__construct($database, $configuration, 'u2f');
+
+		$appId = 'https://' . WebRequest::httpHost();
+		$this->u2f = new U2F($appId);
+	}
+
+	/**
+	 * Validates a user-provided credential
+	 *
+	 * @param User   $user The user to test the authentication against
+	 * @param string $data The raw credential data to be validated
+	 *
+	 * @return bool
+	 */
+	public function authenticate(User $user, $data)
+	{
+		if (!is_array($data)) {
+			return false;
+		}
+
+		list($authenticate, $request, $isU2F) = $data;
+
+		if ($isU2F !== 'u2f') {
+			return false;
+		}
+
+		$storedData = $this->getCredentialData($user->getId(), false);
+		$registrations = json_decode($storedData->getData());
+
+		try {
+			$this->u2f->doAuthenticate($request, array($registrations), $authenticate);
+		}
+		catch (Error $ex) {
+			return false;
+		}
+
+		// TODO: counter?
+
+		return true;
+	}
+
+	public function enable(User $user, $request, $u2fData)
+	{
+		$registrationData = $this->u2f->doRegister($request, $u2fData);
+
+		$storedData = $this->getCredentialData($user->getId(), true);
+
+		if ($storedData === null) {
+			throw new ApplicationLogicException('Credential data not found');
+		}
+
+		if ($storedData->getTimeout() > new DateTimeImmutable()) {
+			$storedData->setData(json_encode($registrationData));
+			$storedData->setDisabled(0);
+			$storedData->setTimeout(null);
+			$storedData->save();
+		}
+	}
+
+	/**
+	 * @param User   $user   The user the credential belongs to
+	 * @param int    $factor The factor this credential provides
+	 * @param string $data   Unused here, due to multi-stage enrollment
+	 */
+	public function setCredential(User $user, $factor, $data)
+	{
+		$storedData = $this->getCredentialData($user->getId(), null);
+
+		if ($storedData !== null) {
+			$storedData->delete();
+		}
+
+		$storedData = $this->createNewCredential($user);
+
+		$storedData->setData(null);
+		$storedData->setFactor($factor);
+		$storedData->setTimeout(new DateTimeImmutable('+ 1 hour'));
+		$storedData->setDisabled(1);
+		$storedData->setPriority(4);
+		$storedData->setVersion(1);
+
+		$storedData->save();
+	}
+
+	public function isPartiallyEnrolled(User $user)
+	{
+		$storedData = $this->getCredentialData($user->getId(), true);
+
+		if ($storedData->getTimeout() < new DateTimeImmutable()) {
+			$storedData->delete();
+
+			return false;
+		}
+
+		if ($storedData === null) {
+			return false;
+		}
+
+		return true;
+	}
+
+	public function getRegistrationData()
+	{
+		return $this->u2f->getRegisterData();
+	}
+
+	public function getAuthenticationData(User $user)
+	{
+		$storedData = $this->getCredentialData($user->getId(), false);
+		$registrations = json_decode($storedData->getData());
+
+		$authenticateData = $this->u2f->getAuthenticateData(array($registrations));
+
+		return $authenticateData;
+	}
 }
\ No newline at end of file

includes/Security/CredentialProviders/CredentialProviderBase.php

Indentation +133 added lines, -133 removed lines

@@ -15,137 +15,137 @@
 
 abstract class CredentialProviderBase implements ICredentialProvider
 {
-    /**
-     * @var PdoDatabase
-     */
-    private $database;
-    /**
-     * @var SiteConfiguration
-     */
-    private $configuration;
-    /** @var string */
-    private $type;
-
-    /**
-     * CredentialProviderBase constructor.
-     *
-     * @param PdoDatabase       $database
-     * @param SiteConfiguration $configuration
-     * @param string            $type
-     */
-    public function __construct(PdoDatabase $database, SiteConfiguration $configuration, $type)
-    {
-        $this->database = $database;
-        $this->configuration = $configuration;
-        $this->type = $type;
-    }
-
-    /**
-     * @param int  $userId
-     *
-     * @param bool $disabled
-     *
-     * @return Credential
-     */
-    protected function getCredentialData($userId, $disabled = false)
-    {
-        $sql = 'SELECT * FROM credential WHERE type = :t AND user = :u';
-        $parameters = array(
-            ':u' => $userId,
-            ':t' => $this->type
-        );
-
-        if($disabled !== null) {
-            $sql .= ' AND disabled = :d';
-            $parameters[':d'] = $disabled ? 1 : 0;
-        }
-
-        $statement = $this->database->prepare($sql);
-        $statement->execute($parameters);
-
-        /** @var Credential $obj */
-        $obj = $statement->fetchObject(Credential::class);
-
-        if ($obj === false) {
-            return null;
-        }
-
-        $obj->setDatabase($this->database);
-
-        $statement->closeCursor();
-
-        return $obj;
-    }
-
-    /**
-     * @return PdoDatabase
-     */
-    public function getDatabase()
-    {
-        return $this->database;
-    }
-
-    /**
-     * @return SiteConfiguration
-     */
-    public function getConfiguration()
-    {
-        return $this->configuration;
-    }
-
-    public function deleteCredential(User $user) {
-        // get this factor
-        $statement = $this->database->prepare('SELECT * FROM credential WHERE user = :user AND type = :type');
-        $statement->execute(array(':user' => $user->getId(), ':type' => $this->type));
-        /** @var Credential $credential */
-        $credential = $statement->fetchObject(Credential::class);
-        $credential->setDatabase($this->database);
-        $statement->closeCursor();
-
-        $stage = $credential->getFactor();
-
-        $statement = $this->database->prepare('SELECT COUNT(*) FROM credential WHERE user = :user AND factor = :factor');
-        $statement->execute(array(':user' => $user->getId(), ':factor' => $stage));
-        $alternates = $statement->fetchColumn();
-        $statement->closeCursor();
-
-        if($alternates <= 1) {
-            // decrement the factor for every stage above this
-            $sql = 'UPDATE credential SET factor = factor - 1 WHERE user = :user AND factor > :factor';
-            $statement = $this->database->prepare($sql);
-            $statement->execute(array(':user' => $user->getId(), ':factor' => $stage));
-        }
-        else {
-            // There are other auth factors at this point. Don't renumber the factors just yet.
-        }
-
-        // delete this credential.
-        $credential->delete();
-    }
-
-    /**
-     * @param User $user
-     *
-     * @return Credential
-     */
-    protected function createNewCredential(User $user)
-    {
-        $credential = new Credential();
-        $credential->setDatabase($this->getDatabase());
-        $credential->setUserId($user->getId());
-        $credential->setType($this->type);
-
-        return $credential;
-    }
-
-    /**
-     * @param int $userId
-     *
-     * @return bool
-     */
-    public function userIsEnrolled($userId) {
-        $cred = $this->getCredentialData($userId);
-
-        return $cred !== null;
-    }
+	/**
+	 * @var PdoDatabase
+	 */
+	private $database;
+	/**
+	 * @var SiteConfiguration
+	 */
+	private $configuration;
+	/** @var string */
+	private $type;
+
+	/**
+	 * CredentialProviderBase constructor.
+	 *
+	 * @param PdoDatabase       $database
+	 * @param SiteConfiguration $configuration
+	 * @param string            $type
+	 */
+	public function __construct(PdoDatabase $database, SiteConfiguration $configuration, $type)
+	{
+		$this->database = $database;
+		$this->configuration = $configuration;
+		$this->type = $type;
+	}
+
+	/**
+	 * @param int  $userId
+	 *
+	 * @param bool $disabled
+	 *
+	 * @return Credential
+	 */
+	protected function getCredentialData($userId, $disabled = false)
+	{
+		$sql = 'SELECT * FROM credential WHERE type = :t AND user = :u';
+		$parameters = array(
+			':u' => $userId,
+			':t' => $this->type
+		);
+
+		if($disabled !== null) {
+			$sql .= ' AND disabled = :d';
+			$parameters[':d'] = $disabled ? 1 : 0;
+		}
+
+		$statement = $this->database->prepare($sql);
+		$statement->execute($parameters);
+
+		/** @var Credential $obj */
+		$obj = $statement->fetchObject(Credential::class);
+
+		if ($obj === false) {
+			return null;
+		}
+
+		$obj->setDatabase($this->database);
+
+		$statement->closeCursor();
+
+		return $obj;
+	}
+
+	/**
+	 * @return PdoDatabase
+	 */
+	public function getDatabase()
+	{
+		return $this->database;
+	}
+
+	/**
+	 * @return SiteConfiguration
+	 */
+	public function getConfiguration()
+	{
+		return $this->configuration;
+	}
+
+	public function deleteCredential(User $user) {
+		// get this factor
+		$statement = $this->database->prepare('SELECT * FROM credential WHERE user = :user AND type = :type');
+		$statement->execute(array(':user' => $user->getId(), ':type' => $this->type));
+		/** @var Credential $credential */
+		$credential = $statement->fetchObject(Credential::class);
+		$credential->setDatabase($this->database);
+		$statement->closeCursor();
+
+		$stage = $credential->getFactor();
+
+		$statement = $this->database->prepare('SELECT COUNT(*) FROM credential WHERE user = :user AND factor = :factor');
+		$statement->execute(array(':user' => $user->getId(), ':factor' => $stage));
+		$alternates = $statement->fetchColumn();
+		$statement->closeCursor();
+
+		if($alternates <= 1) {
+			// decrement the factor for every stage above this
+			$sql = 'UPDATE credential SET factor = factor - 1 WHERE user = :user AND factor > :factor';
+			$statement = $this->database->prepare($sql);
+			$statement->execute(array(':user' => $user->getId(), ':factor' => $stage));
+		}
+		else {
+			// There are other auth factors at this point. Don't renumber the factors just yet.
+		}
+
+		// delete this credential.
+		$credential->delete();
+	}
+
+	/**
+	 * @param User $user
+	 *
+	 * @return Credential
+	 */
+	protected function createNewCredential(User $user)
+	{
+		$credential = new Credential();
+		$credential->setDatabase($this->getDatabase());
+		$credential->setUserId($user->getId());
+		$credential->setType($this->type);
+
+		return $credential;
+	}
+
+	/**
+	 * @param int $userId
+	 *
+	 * @return bool
+	 */
+	public function userIsEnrolled($userId) {
+		$cred = $this->getCredentialData($userId);
+
+		return $cred !== null;
+	}
 }
\ No newline at end of file

includes/Security/CredentialProviders/TotpCredentialProvider.php

Indentation +129 added lines, -129 removed lines

@@ -19,136 +19,136 @@
 
 class TotpCredentialProvider extends CredentialProviderBase
 {
-    /** @var EncryptionHelper */
-    private $encryptionHelper;
-
-    /**
-     * TotpCredentialProvider constructor.
-     *
-     * @param PdoDatabase       $database
-     * @param SiteConfiguration $configuration
-     */
-    public function __construct(PdoDatabase $database, SiteConfiguration $configuration)
-    {
-        parent::__construct($database, $configuration, 'totp');
-        $this->encryptionHelper = new EncryptionHelper($configuration);
-    }
-
-    /**
-     * Validates a user-provided credential
-     *
-     * @param User   $user The user to test the authentication against
-     * @param string $data The raw credential data to be validated
-     *
-     * @return bool
-     * @throws ApplicationLogicException
-     */
-    public function authenticate(User $user, $data)
-    {
-        if (is_array($data)) {
-            return false;
-        }
-
-        $storedData = $this->getCredentialData($user->getId());
-
-        if ($storedData === null) {
-            throw new ApplicationLogicException('Credential data not found');
-        }
-
-        $provisioningUrl = $this->encryptionHelper->decryptData($storedData->getData());
-        $totp = Factory::loadFromProvisioningUri($provisioningUrl);
-
-        return $totp->verify($data, null, 2);
-    }
-
-    public function verifyEnable(User $user, $data)
-    {
-        $storedData = $this->getCredentialData($user->getId(), true);
-
-        if ($storedData === null) {
-            throw new ApplicationLogicException('Credential data not found');
-        }
-
-        $provisioningUrl = $this->encryptionHelper->decryptData($storedData->getData());
-        $totp = Factory::loadFromProvisioningUri($provisioningUrl);
-
-        $result = $totp->verify($data, null, 2);
-
-        if ($result && $storedData->getTimeout() > new DateTimeImmutable()) {
-            $storedData->setDisabled(0);
-            $storedData->setPriority(5);
-            $storedData->setTimeout(null);
-            $storedData->save();
-        }
-
-        return $result;
-    }
-
-    /**
-     * @param User   $user   The user the credential belongs to
-     * @param int    $factor The factor this credential provides
-     * @param string $data   Unused here, due to there being no user-provided data. We provide the user with the secret.
-     */
-    public function setCredential(User $user, $factor, $data)
-    {
-        $issuer = 'ACC - ' . $this->getConfiguration()->getIrcNotificationsInstance();
-        $totp = new TOTP($user->getUsername());
-        $totp->setIssuer($issuer);
-
-        $storedData = $this->getCredentialData($user->getId(), null);
-
-        if ($storedData !== null) {
-            $storedData->delete();
-        }
-
-        $storedData = $this->createNewCredential($user);
-
-        $storedData->setData($this->encryptionHelper->encryptData($totp->getProvisioningUri()));
-        $storedData->setFactor($factor);
-        $storedData->setTimeout(new DateTimeImmutable('+ 1 hour'));
-        $storedData->setDisabled(1);
-        $storedData->setVersion(1);
-
-        $storedData->save();
-    }
-
-    public function getProvisioningUrl(User $user)
-    {
-        $storedData = $this->getCredentialData($user->getId(), true);
-
-        if ($storedData->getTimeout() < new DateTimeImmutable()) {
-            $storedData->delete();
-            $storedData = null;
-        }
-
-        if ($storedData === null) {
-            throw new ApplicationLogicException('Credential data not found');
-        }
-
-        return $this->encryptionHelper->decryptData($storedData->getData());
-    }
-
-    public function isPartiallyEnrolled(User $user)
-    {
-        $storedData = $this->getCredentialData($user->getId(), true);
-
-        if ($storedData->getTimeout() < new DateTimeImmutable()) {
-            $storedData->delete();
-
-            return false;
-        }
-
-        if ($storedData === null) {
-            return false;
-        }
+	/** @var EncryptionHelper */
+	private $encryptionHelper;
+
+	/**
+	 * TotpCredentialProvider constructor.
+	 *
+	 * @param PdoDatabase       $database
+	 * @param SiteConfiguration $configuration
+	 */
+	public function __construct(PdoDatabase $database, SiteConfiguration $configuration)
+	{
+		parent::__construct($database, $configuration, 'totp');
+		$this->encryptionHelper = new EncryptionHelper($configuration);
+	}
+
+	/**
+	 * Validates a user-provided credential
+	 *
+	 * @param User   $user The user to test the authentication against
+	 * @param string $data The raw credential data to be validated
+	 *
+	 * @return bool
+	 * @throws ApplicationLogicException
+	 */
+	public function authenticate(User $user, $data)
+	{
+		if (is_array($data)) {
+			return false;
+		}
+
+		$storedData = $this->getCredentialData($user->getId());
+
+		if ($storedData === null) {
+			throw new ApplicationLogicException('Credential data not found');
+		}
+
+		$provisioningUrl = $this->encryptionHelper->decryptData($storedData->getData());
+		$totp = Factory::loadFromProvisioningUri($provisioningUrl);
+
+		return $totp->verify($data, null, 2);
+	}
+
+	public function verifyEnable(User $user, $data)
+	{
+		$storedData = $this->getCredentialData($user->getId(), true);
+
+		if ($storedData === null) {
+			throw new ApplicationLogicException('Credential data not found');
+		}
+
+		$provisioningUrl = $this->encryptionHelper->decryptData($storedData->getData());
+		$totp = Factory::loadFromProvisioningUri($provisioningUrl);
+
+		$result = $totp->verify($data, null, 2);
+
+		if ($result && $storedData->getTimeout() > new DateTimeImmutable()) {
+			$storedData->setDisabled(0);
+			$storedData->setPriority(5);
+			$storedData->setTimeout(null);
+			$storedData->save();
+		}
+
+		return $result;
+	}
+
+	/**
+	 * @param User   $user   The user the credential belongs to
+	 * @param int    $factor The factor this credential provides
+	 * @param string $data   Unused here, due to there being no user-provided data. We provide the user with the secret.
+	 */
+	public function setCredential(User $user, $factor, $data)
+	{
+		$issuer = 'ACC - ' . $this->getConfiguration()->getIrcNotificationsInstance();
+		$totp = new TOTP($user->getUsername());
+		$totp->setIssuer($issuer);
+
+		$storedData = $this->getCredentialData($user->getId(), null);
+
+		if ($storedData !== null) {
+			$storedData->delete();
+		}
+
+		$storedData = $this->createNewCredential($user);
+
+		$storedData->setData($this->encryptionHelper->encryptData($totp->getProvisioningUri()));
+		$storedData->setFactor($factor);
+		$storedData->setTimeout(new DateTimeImmutable('+ 1 hour'));
+		$storedData->setDisabled(1);
+		$storedData->setVersion(1);
+
+		$storedData->save();
+	}
+
+	public function getProvisioningUrl(User $user)
+	{
+		$storedData = $this->getCredentialData($user->getId(), true);
+
+		if ($storedData->getTimeout() < new DateTimeImmutable()) {
+			$storedData->delete();
+			$storedData = null;
+		}
+
+		if ($storedData === null) {
+			throw new ApplicationLogicException('Credential data not found');
+		}
+
+		return $this->encryptionHelper->decryptData($storedData->getData());
+	}
+
+	public function isPartiallyEnrolled(User $user)
+	{
+		$storedData = $this->getCredentialData($user->getId(), true);
+
+		if ($storedData->getTimeout() < new DateTimeImmutable()) {
+			$storedData->delete();
+
+			return false;
+		}
+
+		if ($storedData === null) {
+			return false;
+		}
 
-        return true;
-    }
+		return true;
+	}
 
-    public function getSecret(User $user)
-    {
-        $totp = Factory::loadFromProvisioningUri($this->getProvisioningUrl($user));
+	public function getSecret(User $user)
+	{
+		$totp = Factory::loadFromProvisioningUri($this->getProvisioningUrl($user));
 
-        return $totp->getSecret();
-    }
+		return $totp->getSecret();
+	}
 }
\ No newline at end of file

includes/Security/CredentialProviders/ScratchTokenCredentialProvider.php

Indentation +117 added lines, -117 removed lines

@@ -17,121 +17,121 @@
 
 class ScratchTokenCredentialProvider extends CredentialProviderBase
 {
-    /** @var EncryptionHelper */
-    private $encryptionHelper;
-
-    /**
-     * ScratchTokenCredentialProvider constructor.
-     *
-     * @param PdoDatabase       $database
-     * @param SiteConfiguration $configuration
-     */
-    public function __construct(PdoDatabase $database, SiteConfiguration $configuration)
-    {
-        parent::__construct($database, $configuration, 'scratch');
-        $this->encryptionHelper = new EncryptionHelper($configuration);
-    }
-
-    /**
-     * Validates a user-provided credential
-     *
-     * @param User   $user The user to test the authentication against
-     * @param string $data The raw credential data to be validated
-     *
-     * @return bool
-     * @throws ApplicationLogicException
-     */
-    public function authenticate(User $user, $data)
-    {
-        if (is_array($data)) {
-            return false;
-        }
-
-        $storedData = $this->getCredentialData($user->getId());
-
-        if ($storedData === null) {
-            throw new ApplicationLogicException('Credential data not found');
-        }
-
-        $scratchTokens = unserialize($this->encryptionHelper->decryptData($storedData->getData()));
-
-        $i = array_search($data, $scratchTokens);
-
-        if($i === false) {
-            return false;
-        }
-
-        unset($scratchTokens[$i]);
-
-        $storedData->setData($this->encryptionHelper->encryptData(serialize($scratchTokens)));
-        $storedData->save();
-
-        return true;
-    }
-
-    /**
-     * @param User   $user   The user the credential belongs to
-     * @param int    $factor The factor this credential provides
-     * @param string $data   Unused.
-     */
-    public function setCredential(User $user, $factor, $data)
-    {
-        $scratch = array();
-        for ($i = 0; $i < 5; $i++) {
-            $scratch[] = Base32::encode(openssl_random_pseudo_bytes(10));
-        }
-
-        $storedData = $this->getCredentialData($user->getId(), null);
-
-        if ($storedData !== null) {
-            $storedData->delete();
-        }
-
-        $storedData = $this->createNewCredential($user);
-
-        $storedData->setData($this->encryptionHelper->encryptData(serialize($scratch)));
-        $storedData->setFactor($factor);
-        $storedData->setVersion(1);
-        $storedData->setPriority(9);
-
-        $storedData->save();
-    }
-
-    /**
-     * @param int $userId
-     *
-     * @return int
-     * @throws ApplicationLogicException
-     */
-    public function getRemaining($userId)
-    {
-        $storedData = $this->getCredentialData($userId);
-
-        if ($storedData === null) {
-            return 0;
-        }
-
-        $scratchTokens = unserialize($this->encryptionHelper->decryptData($storedData->getData()));
-
-        return count($scratchTokens);
-    }
-
-    /**
-     * @param int $userId
-     *
-     * @return int
-     * @throws ApplicationLogicException
-     */
-    public function getTokens($userId)
-    {
-        $storedData = $this->getCredentialData($userId);
-
-        if ($storedData === null) {
-            return 0;
-        }
-
-        $scratchTokens = unserialize($this->encryptionHelper->decryptData($storedData->getData()));
-
-        return $scratchTokens;
-    }
+	/** @var EncryptionHelper */
+	private $encryptionHelper;
+
+	/**
+	 * ScratchTokenCredentialProvider constructor.
+	 *
+	 * @param PdoDatabase       $database
+	 * @param SiteConfiguration $configuration
+	 */
+	public function __construct(PdoDatabase $database, SiteConfiguration $configuration)
+	{
+		parent::__construct($database, $configuration, 'scratch');
+		$this->encryptionHelper = new EncryptionHelper($configuration);
+	}
+
+	/**
+	 * Validates a user-provided credential
+	 *
+	 * @param User   $user The user to test the authentication against
+	 * @param string $data The raw credential data to be validated
+	 *
+	 * @return bool
+	 * @throws ApplicationLogicException
+	 */
+	public function authenticate(User $user, $data)
+	{
+		if (is_array($data)) {
+			return false;
+		}
+
+		$storedData = $this->getCredentialData($user->getId());
+
+		if ($storedData === null) {
+			throw new ApplicationLogicException('Credential data not found');
+		}
+
+		$scratchTokens = unserialize($this->encryptionHelper->decryptData($storedData->getData()));
+
+		$i = array_search($data, $scratchTokens);
+
+		if($i === false) {
+			return false;
+		}
+
+		unset($scratchTokens[$i]);
+
+		$storedData->setData($this->encryptionHelper->encryptData(serialize($scratchTokens)));
+		$storedData->save();
+
+		return true;
+	}
+
+	/**
+	 * @param User   $user   The user the credential belongs to
+	 * @param int    $factor The factor this credential provides
+	 * @param string $data   Unused.
+	 */
+	public function setCredential(User $user, $factor, $data)
+	{
+		$scratch = array();
+		for ($i = 0; $i < 5; $i++) {
+			$scratch[] = Base32::encode(openssl_random_pseudo_bytes(10));
+		}
+
+		$storedData = $this->getCredentialData($user->getId(), null);
+
+		if ($storedData !== null) {
+			$storedData->delete();
+		}
+
+		$storedData = $this->createNewCredential($user);
+
+		$storedData->setData($this->encryptionHelper->encryptData(serialize($scratch)));
+		$storedData->setFactor($factor);
+		$storedData->setVersion(1);
+		$storedData->setPriority(9);
+
+		$storedData->save();
+	}
+
+	/**
+	 * @param int $userId
+	 *
+	 * @return int
+	 * @throws ApplicationLogicException
+	 */
+	public function getRemaining($userId)
+	{
+		$storedData = $this->getCredentialData($userId);
+
+		if ($storedData === null) {
+			return 0;
+		}
+
+		$scratchTokens = unserialize($this->encryptionHelper->decryptData($storedData->getData()));
+
+		return count($scratchTokens);
+	}
+
+	/**
+	 * @param int $userId
+	 *
+	 * @return int
+	 * @throws ApplicationLogicException
+	 */
+	public function getTokens($userId)
+	{
+		$storedData = $this->getCredentialData($userId);
+
+		if ($storedData === null) {
+			return 0;
+		}
+
+		$scratchTokens = unserialize($this->encryptionHelper->decryptData($storedData->getData()));
+
+		return $scratchTokens;
+	}
 }
\ No newline at end of file

includes/Security/CredentialProviders/PasswordCredentialProvider.php

Indentation +40 added lines, -40 removed lines

@@ -15,55 +15,55 @@
 
 class PasswordCredentialProvider extends CredentialProviderBase
 {
-    const PASSWORD_COST = 10;
+	const PASSWORD_COST = 10;
 
-    public function __construct(PdoDatabase $database, SiteConfiguration $configuration)
-    {
-        parent::__construct($database, $configuration, 'password');
-    }
+	public function __construct(PdoDatabase $database, SiteConfiguration $configuration)
+	{
+		parent::__construct($database, $configuration, 'password');
+	}
 
-    public function authenticate(User $user, $data)
-    {
-        $storedData = $this->getCredentialData($user->getId());
-        if($storedData === null)
-        {
-            // No available credential matching these parameters
-            return false;
-        }
+	public function authenticate(User $user, $data)
+	{
+		$storedData = $this->getCredentialData($user->getId());
+		if($storedData === null)
+		{
+			// No available credential matching these parameters
+			return false;
+		}
 
-        if($storedData->getVersion() !== 2) {
-            // Non-2 versions are not supported.
-            return false;
-        }
+		if($storedData->getVersion() !== 2) {
+			// Non-2 versions are not supported.
+			return false;
+		}
 
-        if(password_verify($data, $storedData->getData())) {
-            if(password_needs_rehash($storedData->getData(), PASSWORD_BCRYPT, array('cost' => self::PASSWORD_COST))){
-                $this->setCredential($user, $storedData->getFactor(), $data);
-            }
+		if(password_verify($data, $storedData->getData())) {
+			if(password_needs_rehash($storedData->getData(), PASSWORD_BCRYPT, array('cost' => self::PASSWORD_COST))){
+				$this->setCredential($user, $storedData->getFactor(), $data);
+			}
 
-            return true;
-        }
+			return true;
+		}
 
-        return false;
-    }
+		return false;
+	}
 
-    public function setCredential(User $user, $factor, $password)
-    {
-        $storedData = $this->getCredentialData($user->getId());
+	public function setCredential(User $user, $factor, $password)
+	{
+		$storedData = $this->getCredentialData($user->getId());
 
-        if($storedData === null){
-            $storedData = $this->createNewCredential($user);
-        }
+		if($storedData === null){
+			$storedData = $this->createNewCredential($user);
+		}
 
-        $storedData->setData(password_hash($password, PASSWORD_BCRYPT, array('cost' => self::PASSWORD_COST)));
-        $storedData->setFactor($factor);
-        $storedData->setVersion(2);
+		$storedData->setData(password_hash($password, PASSWORD_BCRYPT, array('cost' => self::PASSWORD_COST)));
+		$storedData->setFactor($factor);
+		$storedData->setVersion(2);
 
-        $storedData->save();
-    }
+		$storedData->save();
+	}
 
-    public function deleteCredential(User $user)
-    {
-        throw new ApplicationLogicException('Deletion of password credential is not allowed.');
-    }
+	public function deleteCredential(User $user)
+	{
+		throw new ApplicationLogicException('Deletion of password credential is not allowed.');
+	}
 }
\ No newline at end of file

includes/Security/CredentialProviders/ICredentialProvider.php

Indentation +25 added lines, -25 removed lines

@@ -12,32 +12,32 @@
 
 interface ICredentialProvider
 {
-    /**
-     * Validates a user-provided credential
-     *
-     * @param User $user The user to test the authentication against
-     * @param string $data The raw credential data to be validated
-     *
-     * @return bool
-     */
-    public function authenticate(User $user, $data);
+	/**
+	 * Validates a user-provided credential
+	 *
+	 * @param User $user The user to test the authentication against
+	 * @param string $data The raw credential data to be validated
+	 *
+	 * @return bool
+	 */
+	public function authenticate(User $user, $data);
 
-    /**
-     * @param User $user The user the credential belongs to
-     * @param int $factor The factor this credential provides
-     * @param string $data
-     */
-    public function setCredential(User $user, $factor, $data);
+	/**
+	 * @param User $user The user the credential belongs to
+	 * @param int $factor The factor this credential provides
+	 * @param string $data
+	 */
+	public function setCredential(User $user, $factor, $data);
 
-    /**
-     * @param User $user
-     */
-    public function deleteCredential(User $user);
+	/**
+	 * @param User $user
+	 */
+	public function deleteCredential(User $user);
 
-    /**
-     * @param int $userId
-     *
-     * @return bool
-     */
-    public function userIsEnrolled($userId);
+	/**
+	 * @param int $userId
+	 *
+	 * @return bool
+	 */
+	public function userIsEnrolled($userId);
 }
\ No newline at end of file

includes/Security/EncryptionHelper.php

Indentation +44 added lines, -44 removed lines

@@ -12,48 +12,48 @@
 
 class EncryptionHelper
 {
-    /**
-     * @var SiteConfiguration
-     */
-    private $configuration;
-
-    /**
-     * EncryptionHelper constructor.
-     *
-     * @param SiteConfiguration $configuration
-     */
-    public function __construct(SiteConfiguration $configuration)
-    {
-        $this->configuration = $configuration;
-    }
-
-    public function encryptData($secret)
-    {
-        $iv = openssl_random_pseudo_bytes(16);
-        $password = $this->getEncryptionKey();
-        $encryptedKey = openssl_encrypt($secret, 'aes-256-ctr', $password, OPENSSL_RAW_DATA, $iv);
-
-        $data = base64_encode($iv) . '|' . base64_encode($encryptedKey);
-
-        return $data;
-    }
-
-    public function decryptData($data)
-    {
-        list($iv, $encryptedKey) = array_map('base64_decode', explode('|', $data));
-
-        $password = $this->getEncryptionKey();
-
-        $secret = openssl_decrypt($encryptedKey, 'aes-256-ctr', $password, OPENSSL_RAW_DATA, $iv);
-
-        return $secret;
-    }
-
-    /**
-     * @return string
-     */
-    private function getEncryptionKey()
-    {
-        return openssl_digest($this->configuration->getTotpEncryptionKey(), 'sha256');
-    }
+	/**
+	 * @var SiteConfiguration
+	 */
+	private $configuration;
+
+	/**
+	 * EncryptionHelper constructor.
+	 *
+	 * @param SiteConfiguration $configuration
+	 */
+	public function __construct(SiteConfiguration $configuration)
+	{
+		$this->configuration = $configuration;
+	}
+
+	public function encryptData($secret)
+	{
+		$iv = openssl_random_pseudo_bytes(16);
+		$password = $this->getEncryptionKey();
+		$encryptedKey = openssl_encrypt($secret, 'aes-256-ctr', $password, OPENSSL_RAW_DATA, $iv);
+
+		$data = base64_encode($iv) . '|' . base64_encode($encryptedKey);
+
+		return $data;
+	}
+
+	public function decryptData($data)
+	{
+		list($iv, $encryptedKey) = array_map('base64_decode', explode('|', $data));
+
+		$password = $this->getEncryptionKey();
+
+		$secret = openssl_decrypt($encryptedKey, 'aes-256-ctr', $password, OPENSSL_RAW_DATA, $iv);
+
+		return $secret;
+	}
+
+	/**
+	 * @return string
+	 */
+	private function getEncryptionKey()
+	{
+		return openssl_digest($this->configuration->getTotpEncryptionKey(), 'sha256');
+	}
 }
\ No newline at end of file