enwikipedia-acc / waca

includes/Pages/PageViewRequest.php

Spacing +2 added lines, -2 removed lines

@@ -130,7 +130,7 @@ 
             }
         }
 
-        $this->setHtmlTitle($statusSymbol . ' #' . $request->getId());
+        $this->setHtmlTitle($statusSymbol.' #'.$request->getId());
     }
 
     /**
@@ -227,7 +227,7 @@ 
 
                 $entryComment = $entry->getComment();
 
-                if($entry->getAction() === 'JobIssueRequest' || $entry->getAction() === 'JobCompletedRequest'){
+                if ($entry->getAction() === 'JobIssueRequest' || $entry->getAction() === 'JobCompletedRequest') {
                     $data = unserialize($entry->getComment());
                     /** @var JobQueue $job */
                     $job = JobQueue::getById($data['job'], $database);

Braces +3 added lines, -2 removed lines

@@ -227,7 +227,7 @@ 
 
                 $entryComment = $entry->getComment();
 
-                if($entry->getAction() === 'JobIssueRequest' || $entry->getAction() === 'JobCompletedRequest'){
+                if($entry->getAction() === 'JobIssueRequest' || $entry->getAction() === 'JobCompletedRequest') {
                     $data = unserialize($entry->getComment());
                     /** @var JobQueue $job */
                     $job = JobQueue::getById($data['job'], $database);
@@ -243,7 +243,8 @@ 
                         'jobId'    => $job->getId(),
                         'jobDesc'  => JobQueue::getTaskDescriptions()[$job->getTask()],
                     );
-                } else {
+                }
+                else {
                     $requestLogs[] = array(
                         'type'     => 'log',
                         'security' => 'user',

Indentation +276 added lines, -276 removed lines

@@ -25,280 +25,280 @@
 
 class PageViewRequest extends InternalPageBase
 {
-    use RequestData;
-    const STATUS_SYMBOL_OPEN = '&#x2610';
-    const STATUS_SYMBOL_ACCEPTED = '&#x2611';
-    const STATUS_SYMBOL_REJECTED = '&#x2612';
-
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @throws ApplicationLogicException
-     */
-    protected function main()
-    {
-        // set up csrf protection
-        $this->assignCSRFToken();
-
-        // get some useful objects
-        $database = $this->getDatabase();
-        $request = $this->getRequest($database, WebRequest::getInt('id'));
-        $config = $this->getSiteConfiguration();
-        $currentUser = User::getCurrent($database);
-
-        // Test we should be able to look at this request
-        if ($config->getEmailConfirmationEnabled()) {
-            if ($request->getEmailConfirm() !== 'Confirmed') {
-                // Not allowed to look at this yet.
-                throw new ApplicationLogicException('The email address has not yet been confirmed for this request.');
-            }
-        }
-
-        $this->setupBasicData($request, $config);
-
-        $this->setupUsernameData($request);
-
-        $this->setupTitle($request);
-
-        $this->setupReservationDetails($request->getReserved(), $database, $currentUser);
-        $this->setupGeneralData($database);
-
-        $this->assign('requestDataCleared', false);
-        if ($request->getEmail() === $this->getSiteConfiguration()->getDataClearEmail()) {
-            $this->assign('requestDataCleared', true);
-        }
-
-        $allowedPrivateData = $this->isAllowedPrivateData($request, $currentUser);
-
-        $this->setupCreationTypes($currentUser);
-
-        $this->setupLogData($request, $database);
-
-        $this->addJs("/api.php?action=templates&targetVariable=templateconfirms");
-
-        if ($allowedPrivateData) {
-            $this->setTemplate('view-request/main-with-data.tpl');
-            $this->setupPrivateData($request, $currentUser, $this->getSiteConfiguration(), $database);
-
-            $this->assign('canSetBan', $this->barrierTest('set', $currentUser, PageBan::class));
-            $this->assign('canSeeCheckuserData', $this->barrierTest('seeUserAgentData', $currentUser, 'RequestData'));
-
-            if ($this->barrierTest('seeUserAgentData', $currentUser, 'RequestData')) {
-                $this->setTemplate('view-request/main-with-checkuser-data.tpl');
-                $this->setupCheckUserData($request);
-            }
-        }
-        else {
-            $this->setTemplate('view-request/main.tpl');
-        }
-    }
-
-    /**
-     * @param Request $request
-     */
-    protected function setupTitle(Request $request)
-    {
-        $statusSymbol = self::STATUS_SYMBOL_OPEN;
-        if ($request->getStatus() === 'Closed') {
-            if ($request->getWasCreated()) {
-                $statusSymbol = self::STATUS_SYMBOL_ACCEPTED;
-            }
-            else {
-                $statusSymbol = self::STATUS_SYMBOL_REJECTED;
-            }
-        }
-
-        $this->setHtmlTitle($statusSymbol . ' #' . $request->getId());
-    }
-
-    /**
-     * Sets up data unrelated to the request, such as the email template information
-     *
-     * @param PdoDatabase $database
-     */
-    protected function setupGeneralData(PdoDatabase $database)
-    {
-        $config = $this->getSiteConfiguration();
-
-        $this->assign('createAccountReason', 'Requested account at [[WP:ACC]], request #');
-
-        $this->assign('defaultRequestState', $config->getDefaultRequestStateKey());
-
-        $this->assign('requestStates', $config->getRequestStates());
-
-        /** @var EmailTemplate $createdTemplate */
-        $createdTemplate = EmailTemplate::getById($config->getDefaultCreatedTemplateId(), $database);
-
-        $this->assign('createdHasJsQuestion', $createdTemplate->getJsquestion() != '');
-        $this->assign('createdId', $createdTemplate->getId());
-        $this->assign('createdName', $createdTemplate->getName());
-
-        $createReasons = EmailTemplate::getActiveTemplates(EmailTemplate::CREATED, $database);
-        $this->assign("createReasons", $createReasons);
-        $declineReasons = EmailTemplate::getActiveTemplates(EmailTemplate::NOT_CREATED, $database);
-        $this->assign("declineReasons", $declineReasons);
-
-        $allCreateReasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::CREATED, $database);
-        $this->assign("allCreateReasons", $allCreateReasons);
-        $allDeclineReasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::NOT_CREATED, $database);
-        $this->assign("allDeclineReasons", $allDeclineReasons);
-        $allOtherReasons = EmailTemplate::getAllActiveTemplates(false, $database);
-        $this->assign("allOtherReasons", $allOtherReasons);
-    }
-
-    private function setupLogData(Request $request, PdoDatabase $database)
-    {
-        $currentUser = User::getCurrent($database);
-
-        $logs = LogHelper::getRequestLogsWithComments($request->getId(), $database, $this->getSecurityManager());
-        $requestLogs = array();
-
-        if (trim($request->getComment()) !== "") {
-            $requestLogs[] = array(
-                'type'     => 'comment',
-                'security' => 'user',
-                'userid'   => null,
-                'user'     => $request->getName(),
-                'entry'    => null,
-                'time'     => $request->getDate(),
-                'canedit'  => false,
-                'id'       => $request->getId(),
-                'comment'  => $request->getComment(),
-            );
-        }
-
-        /** @var User[] $nameCache */
-        $nameCache = array();
-
-        $editableComments = $this->barrierTest('editOthers', $currentUser, PageEditComment::class);
-
-        /** @var Log|Comment $entry */
-        foreach ($logs as $entry) {
-            // both log and comment have a 'user' field
-            if (!array_key_exists($entry->getUser(), $nameCache)) {
-                $entryUser = User::getById($entry->getUser(), $database);
-                $nameCache[$entry->getUser()] = $entryUser;
-            }
-
-            if ($entry instanceof Comment) {
-                $requestLogs[] = array(
-                    'type'     => 'comment',
-                    'security' => $entry->getVisibility(),
-                    'user'     => $nameCache[$entry->getUser()]->getUsername(),
-                    'userid'   => $entry->getUser() == -1 ? null : $entry->getUser(),
-                    'entry'    => null,
-                    'time'     => $entry->getTime(),
-                    'canedit'  => ($editableComments || $entry->getUser() == $currentUser->getId()),
-                    'id'       => $entry->getId(),
-                    'comment'  => $entry->getComment(),
-                );
-            }
-
-            if ($entry instanceof Log) {
-                $invalidUserId = $entry->getUser() === -1 || $entry->getUser() === 0;
-                $entryUser = $invalidUserId ? User::getCommunity() : $nameCache[$entry->getUser()];
-
-                $entryComment = $entry->getComment();
-
-                if($entry->getAction() === 'JobIssueRequest' || $entry->getAction() === 'JobCompletedRequest'){
-                    $data = unserialize($entry->getComment());
-                    /** @var JobQueue $job */
-                    $job = JobQueue::getById($data['job'], $database);
-                    $requestLogs[] = array(
-                        'type'     => 'joblog',
-                        'security' => 'user',
-                        'userid'   => $entry->getUser() == -1 ? null : $entry->getUser(),
-                        'user'     => $entryUser->getUsername(),
-                        'entry'    => LogHelper::getLogDescription($entry),
-                        'time'     => $entry->getTimestamp(),
-                        'canedit'  => false,
-                        'id'       => $entry->getId(),
-                        'jobId'    => $job->getId(),
-                        'jobDesc'  => JobQueue::getTaskDescriptions()[$job->getTask()],
-                    );
-                } else {
-                    $requestLogs[] = array(
-                        'type'     => 'log',
-                        'security' => 'user',
-                        'userid'   => $entry->getUser() == -1 ? null : $entry->getUser(),
-                        'user'     => $entryUser->getUsername(),
-                        'entry'    => LogHelper::getLogDescription($entry),
-                        'time'     => $entry->getTimestamp(),
-                        'canedit'  => false,
-                        'id'       => $entry->getId(),
-                        'comment'  => $entryComment,
-                    );
-                }
-            }
-        }
-
-        $this->addJs("/api.php?action=users&targetVariable=typeaheaddata");
-
-        $this->assign("requestLogs", $requestLogs);
-    }
-
-    /**
-     * @param Request $request
-     */
-    protected function setupUsernameData(Request $request)
-    {
-        $blacklistData = $this->getBlacklistHelper()->isBlacklisted($request->getName());
-
-        $this->assign('requestIsBlacklisted', $blacklistData !== false);
-        $this->assign('requestBlacklist', $blacklistData);
-
-        try {
-            $spoofs = $this->getAntiSpoofProvider()->getSpoofs($request->getName());
-        }
-        catch (Exception $ex) {
-            $spoofs = $ex->getMessage();
-        }
-
-        $this->assign("spoofs", $spoofs);
-    }
-
-    private function setupCreationTypes(User $user)
-    {
-        $this->assign('allowWelcomeSkip', false);
-        $this->assign('forceWelcomeSkip', false);
-
-        $oauth = new OAuthUserHelper($user, $this->getDatabase(), $this->getOAuthProtocolHelper(), $this->getSiteConfiguration());
-
-        if ($user->getWelcomeTemplate() != 0) {
-            $this->assign('allowWelcomeSkip', true);
-
-            if (!$oauth->canWelcome()) {
-                $this->assign('forceWelcomeSkip', true);
-            }
-        }
-
-        // test credentials
-        $canManualCreate = $this->barrierTest(User::CREATION_MANUAL, $user, 'RequestCreation');
-        $canOauthCreate = $this->barrierTest(User::CREATION_OAUTH, $user, 'RequestCreation');
-        $canBotCreate = $this->barrierTest(User::CREATION_BOT, $user, 'RequestCreation');
-
-        $this->assign('canManualCreate', $canManualCreate);
-        $this->assign('canOauthCreate', $canOauthCreate);
-        $this->assign('canBotCreate', $canBotCreate);
-
-        // show/hide the type radio buttons
-        $creationHasChoice = count(array_filter([$canManualCreate, $canOauthCreate, $canBotCreate])) > 1;
-
-        if (!$this->barrierTest($user->getCreationMode(), $user, 'RequestCreation')) {
-            // user is not allowed to use their default. Force a choice.
-            $creationHasChoice = true;
-        }
-
-        $this->assign('creationHasChoice', $creationHasChoice);
-
-        // determine problems in creation types
-        $this->assign('botProblem', false);
-        if ($canBotCreate && $this->getSiteConfiguration()->getCreationBotPassword() === null) {
-            $this->assign('botProblem', true);
-        }
-
-        $this->assign('oauthProblem', false);
-        if ($canOauthCreate && !$oauth->canCreateAccount()) {
-            $this->assign('oauthProblem', true);
-        }
-    }
+	use RequestData;
+	const STATUS_SYMBOL_OPEN = '&#x2610';
+	const STATUS_SYMBOL_ACCEPTED = '&#x2611';
+	const STATUS_SYMBOL_REJECTED = '&#x2612';
+
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @throws ApplicationLogicException
+	 */
+	protected function main()
+	{
+		// set up csrf protection
+		$this->assignCSRFToken();
+
+		// get some useful objects
+		$database = $this->getDatabase();
+		$request = $this->getRequest($database, WebRequest::getInt('id'));
+		$config = $this->getSiteConfiguration();
+		$currentUser = User::getCurrent($database);
+
+		// Test we should be able to look at this request
+		if ($config->getEmailConfirmationEnabled()) {
+			if ($request->getEmailConfirm() !== 'Confirmed') {
+				// Not allowed to look at this yet.
+				throw new ApplicationLogicException('The email address has not yet been confirmed for this request.');
+			}
+		}
+
+		$this->setupBasicData($request, $config);
+
+		$this->setupUsernameData($request);
+
+		$this->setupTitle($request);
+
+		$this->setupReservationDetails($request->getReserved(), $database, $currentUser);
+		$this->setupGeneralData($database);
+
+		$this->assign('requestDataCleared', false);
+		if ($request->getEmail() === $this->getSiteConfiguration()->getDataClearEmail()) {
+			$this->assign('requestDataCleared', true);
+		}
+
+		$allowedPrivateData = $this->isAllowedPrivateData($request, $currentUser);
+
+		$this->setupCreationTypes($currentUser);
+
+		$this->setupLogData($request, $database);
+
+		$this->addJs("/api.php?action=templates&targetVariable=templateconfirms");
+
+		if ($allowedPrivateData) {
+			$this->setTemplate('view-request/main-with-data.tpl');
+			$this->setupPrivateData($request, $currentUser, $this->getSiteConfiguration(), $database);
+
+			$this->assign('canSetBan', $this->barrierTest('set', $currentUser, PageBan::class));
+			$this->assign('canSeeCheckuserData', $this->barrierTest('seeUserAgentData', $currentUser, 'RequestData'));
+
+			if ($this->barrierTest('seeUserAgentData', $currentUser, 'RequestData')) {
+				$this->setTemplate('view-request/main-with-checkuser-data.tpl');
+				$this->setupCheckUserData($request);
+			}
+		}
+		else {
+			$this->setTemplate('view-request/main.tpl');
+		}
+	}
+
+	/**
+	 * @param Request $request
+	 */
+	protected function setupTitle(Request $request)
+	{
+		$statusSymbol = self::STATUS_SYMBOL_OPEN;
+		if ($request->getStatus() === 'Closed') {
+			if ($request->getWasCreated()) {
+				$statusSymbol = self::STATUS_SYMBOL_ACCEPTED;
+			}
+			else {
+				$statusSymbol = self::STATUS_SYMBOL_REJECTED;
+			}
+		}
+
+		$this->setHtmlTitle($statusSymbol . ' #' . $request->getId());
+	}
+
+	/**
+	 * Sets up data unrelated to the request, such as the email template information
+	 *
+	 * @param PdoDatabase $database
+	 */
+	protected function setupGeneralData(PdoDatabase $database)
+	{
+		$config = $this->getSiteConfiguration();
+
+		$this->assign('createAccountReason', 'Requested account at [[WP:ACC]], request #');
+
+		$this->assign('defaultRequestState', $config->getDefaultRequestStateKey());
+
+		$this->assign('requestStates', $config->getRequestStates());
+
+		/** @var EmailTemplate $createdTemplate */
+		$createdTemplate = EmailTemplate::getById($config->getDefaultCreatedTemplateId(), $database);
+
+		$this->assign('createdHasJsQuestion', $createdTemplate->getJsquestion() != '');
+		$this->assign('createdId', $createdTemplate->getId());
+		$this->assign('createdName', $createdTemplate->getName());
+
+		$createReasons = EmailTemplate::getActiveTemplates(EmailTemplate::CREATED, $database);
+		$this->assign("createReasons", $createReasons);
+		$declineReasons = EmailTemplate::getActiveTemplates(EmailTemplate::NOT_CREATED, $database);
+		$this->assign("declineReasons", $declineReasons);
+
+		$allCreateReasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::CREATED, $database);
+		$this->assign("allCreateReasons", $allCreateReasons);
+		$allDeclineReasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::NOT_CREATED, $database);
+		$this->assign("allDeclineReasons", $allDeclineReasons);
+		$allOtherReasons = EmailTemplate::getAllActiveTemplates(false, $database);
+		$this->assign("allOtherReasons", $allOtherReasons);
+	}
+
+	private function setupLogData(Request $request, PdoDatabase $database)
+	{
+		$currentUser = User::getCurrent($database);
+
+		$logs = LogHelper::getRequestLogsWithComments($request->getId(), $database, $this->getSecurityManager());
+		$requestLogs = array();
+
+		if (trim($request->getComment()) !== "") {
+			$requestLogs[] = array(
+				'type'     => 'comment',
+				'security' => 'user',
+				'userid'   => null,
+				'user'     => $request->getName(),
+				'entry'    => null,
+				'time'     => $request->getDate(),
+				'canedit'  => false,
+				'id'       => $request->getId(),
+				'comment'  => $request->getComment(),
+			);
+		}
+
+		/** @var User[] $nameCache */
+		$nameCache = array();
+
+		$editableComments = $this->barrierTest('editOthers', $currentUser, PageEditComment::class);
+
+		/** @var Log|Comment $entry */
+		foreach ($logs as $entry) {
+			// both log and comment have a 'user' field
+			if (!array_key_exists($entry->getUser(), $nameCache)) {
+				$entryUser = User::getById($entry->getUser(), $database);
+				$nameCache[$entry->getUser()] = $entryUser;
+			}
+
+			if ($entry instanceof Comment) {
+				$requestLogs[] = array(
+					'type'     => 'comment',
+					'security' => $entry->getVisibility(),
+					'user'     => $nameCache[$entry->getUser()]->getUsername(),
+					'userid'   => $entry->getUser() == -1 ? null : $entry->getUser(),
+					'entry'    => null,
+					'time'     => $entry->getTime(),
+					'canedit'  => ($editableComments || $entry->getUser() == $currentUser->getId()),
+					'id'       => $entry->getId(),
+					'comment'  => $entry->getComment(),
+				);
+			}
+
+			if ($entry instanceof Log) {
+				$invalidUserId = $entry->getUser() === -1 || $entry->getUser() === 0;
+				$entryUser = $invalidUserId ? User::getCommunity() : $nameCache[$entry->getUser()];
+
+				$entryComment = $entry->getComment();
+
+				if($entry->getAction() === 'JobIssueRequest' || $entry->getAction() === 'JobCompletedRequest'){
+					$data = unserialize($entry->getComment());
+					/** @var JobQueue $job */
+					$job = JobQueue::getById($data['job'], $database);
+					$requestLogs[] = array(
+						'type'     => 'joblog',
+						'security' => 'user',
+						'userid'   => $entry->getUser() == -1 ? null : $entry->getUser(),
+						'user'     => $entryUser->getUsername(),
+						'entry'    => LogHelper::getLogDescription($entry),
+						'time'     => $entry->getTimestamp(),
+						'canedit'  => false,
+						'id'       => $entry->getId(),
+						'jobId'    => $job->getId(),
+						'jobDesc'  => JobQueue::getTaskDescriptions()[$job->getTask()],
+					);
+				} else {
+					$requestLogs[] = array(
+						'type'     => 'log',
+						'security' => 'user',
+						'userid'   => $entry->getUser() == -1 ? null : $entry->getUser(),
+						'user'     => $entryUser->getUsername(),
+						'entry'    => LogHelper::getLogDescription($entry),
+						'time'     => $entry->getTimestamp(),
+						'canedit'  => false,
+						'id'       => $entry->getId(),
+						'comment'  => $entryComment,
+					);
+				}
+			}
+		}
+
+		$this->addJs("/api.php?action=users&targetVariable=typeaheaddata");
+
+		$this->assign("requestLogs", $requestLogs);
+	}
+
+	/**
+	 * @param Request $request
+	 */
+	protected function setupUsernameData(Request $request)
+	{
+		$blacklistData = $this->getBlacklistHelper()->isBlacklisted($request->getName());
+
+		$this->assign('requestIsBlacklisted', $blacklistData !== false);
+		$this->assign('requestBlacklist', $blacklistData);
+
+		try {
+			$spoofs = $this->getAntiSpoofProvider()->getSpoofs($request->getName());
+		}
+		catch (Exception $ex) {
+			$spoofs = $ex->getMessage();
+		}
+
+		$this->assign("spoofs", $spoofs);
+	}
+
+	private function setupCreationTypes(User $user)
+	{
+		$this->assign('allowWelcomeSkip', false);
+		$this->assign('forceWelcomeSkip', false);
+
+		$oauth = new OAuthUserHelper($user, $this->getDatabase(), $this->getOAuthProtocolHelper(), $this->getSiteConfiguration());
+
+		if ($user->getWelcomeTemplate() != 0) {
+			$this->assign('allowWelcomeSkip', true);
+
+			if (!$oauth->canWelcome()) {
+				$this->assign('forceWelcomeSkip', true);
+			}
+		}
+
+		// test credentials
+		$canManualCreate = $this->barrierTest(User::CREATION_MANUAL, $user, 'RequestCreation');
+		$canOauthCreate = $this->barrierTest(User::CREATION_OAUTH, $user, 'RequestCreation');
+		$canBotCreate = $this->barrierTest(User::CREATION_BOT, $user, 'RequestCreation');
+
+		$this->assign('canManualCreate', $canManualCreate);
+		$this->assign('canOauthCreate', $canOauthCreate);
+		$this->assign('canBotCreate', $canBotCreate);
+
+		// show/hide the type radio buttons
+		$creationHasChoice = count(array_filter([$canManualCreate, $canOauthCreate, $canBotCreate])) > 1;
+
+		if (!$this->barrierTest($user->getCreationMode(), $user, 'RequestCreation')) {
+			// user is not allowed to use their default. Force a choice.
+			$creationHasChoice = true;
+		}
+
+		$this->assign('creationHasChoice', $creationHasChoice);
+
+		// determine problems in creation types
+		$this->assign('botProblem', false);
+		if ($canBotCreate && $this->getSiteConfiguration()->getCreationBotPassword() === null) {
+			$this->assign('botProblem', true);
+		}
+
+		$this->assign('oauthProblem', false);
+		if ($canOauthCreate && !$oauth->canCreateAccount()) {
+			$this->assign('oauthProblem', true);
+		}
+	}
 }

includes/Pages/UserAuth/PageOAuth.php

Indentation +73 added lines, -73 removed lines

@@ -21,77 +21,77 @@
 
 class PageOAuth extends InternalPageBase
 {
-    /**
-     * Attach entry point
-     *
-     * must be posted, or will redirect to preferences
-     */
-    protected function attach()
-    {
-        if (!WebRequest::wasPosted()) {
-            $this->redirect('preferences');
-
-            return;
-        }
-
-        $database = $this->getDatabase();
-
-        $this->validateCSRFToken();
-
-        $oauthProtocolHelper = $this->getOAuthProtocolHelper();
-        $user = User::getCurrent($database);
-        $oauth = new OAuthUserHelper($user, $database, $oauthProtocolHelper, $this->getSiteConfiguration());
-
-        try {
-            $authoriseUrl = $oauth->getRequestToken();
-            $this->redirectUrl($authoriseUrl);
-        }
-        catch (CurlException $ex) {
-            throw new ApplicationLogicException($ex->getMessage(), 0, $ex);
-        }
-    }
-
-    /**
-     * Detach account entry point
-     */
-    protected function detach()
-    {
-        if ($this->getSiteConfiguration()->getEnforceOAuth()) {
-            throw new AccessDeniedException($this->getSecurityManager());
-        }
-
-        $database = $this->getDatabase();
-        $user = User::getCurrent($database);
-        $oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(), $this->getSiteConfiguration());
-
-        try {
-            $oauth->refreshIdentity();
-        }
-        catch (CurlException $ex) {
-            // do nothing. The user's already revoked this access anyway.
-        }
-        catch (OAuthException $ex) {
-            // do nothing. The user's already revoked this access anyway.
-        }
-
-        $oauth->detach();
-
-        // TODO: figure out why we need to force logout after a detach.
-        $user->setForcelogout(true);
-        $user->save();
-
-        // force the user to log out
-        Session::destroy();
-
-        $this->redirect('login');
-    }
-
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     */
-    protected function main()
-    {
-        $this->redirect('preferences');
-    }
+	/**
+	 * Attach entry point
+	 *
+	 * must be posted, or will redirect to preferences
+	 */
+	protected function attach()
+	{
+		if (!WebRequest::wasPosted()) {
+			$this->redirect('preferences');
+
+			return;
+		}
+
+		$database = $this->getDatabase();
+
+		$this->validateCSRFToken();
+
+		$oauthProtocolHelper = $this->getOAuthProtocolHelper();
+		$user = User::getCurrent($database);
+		$oauth = new OAuthUserHelper($user, $database, $oauthProtocolHelper, $this->getSiteConfiguration());
+
+		try {
+			$authoriseUrl = $oauth->getRequestToken();
+			$this->redirectUrl($authoriseUrl);
+		}
+		catch (CurlException $ex) {
+			throw new ApplicationLogicException($ex->getMessage(), 0, $ex);
+		}
+	}
+
+	/**
+	 * Detach account entry point
+	 */
+	protected function detach()
+	{
+		if ($this->getSiteConfiguration()->getEnforceOAuth()) {
+			throw new AccessDeniedException($this->getSecurityManager());
+		}
+
+		$database = $this->getDatabase();
+		$user = User::getCurrent($database);
+		$oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(), $this->getSiteConfiguration());
+
+		try {
+			$oauth->refreshIdentity();
+		}
+		catch (CurlException $ex) {
+			// do nothing. The user's already revoked this access anyway.
+		}
+		catch (OAuthException $ex) {
+			// do nothing. The user's already revoked this access anyway.
+		}
+
+		$oauth->detach();
+
+		// TODO: figure out why we need to force logout after a detach.
+		$user->setForcelogout(true);
+		$user->save();
+
+		// force the user to log out
+		Session::destroy();
+
+		$this->redirect('login');
+	}
+
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 */
+	protected function main()
+	{
+		$this->redirect('preferences');
+	}
 }

includes/Pages/UserAuth/PageChangePassword.php

Indentation +56 added lines, -56 removed lines

@@ -17,70 +17,70 @@
 
 class PageChangePassword extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     */
-    protected function main()
-    {
-        $this->setHtmlTitle('Change Password');
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 */
+	protected function main()
+	{
+		$this->setHtmlTitle('Change Password');
 
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            try {
-                $oldPassword = WebRequest::postString('oldpassword');
-                $newPassword = WebRequest::postString('newpassword');
-                $newPasswordConfirmation = WebRequest::postString('newpasswordconfirm');
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			try {
+				$oldPassword = WebRequest::postString('oldpassword');
+				$newPassword = WebRequest::postString('newpassword');
+				$newPasswordConfirmation = WebRequest::postString('newpasswordconfirm');
 
-                $user = User::getCurrent($this->getDatabase());
-                if (!$user instanceof User) {
-                    throw new ApplicationLogicException('User not found');
-                }
+				$user = User::getCurrent($this->getDatabase());
+				if (!$user instanceof User) {
+					throw new ApplicationLogicException('User not found');
+				}
 
-                $this->validateNewPassword($oldPassword, $newPassword, $newPasswordConfirmation, $user);
-            }
-            catch (ApplicationLogicException $ex) {
-                SessionAlert::error($ex->getMessage());
-                $this->redirect('changePassword');
+				$this->validateNewPassword($oldPassword, $newPassword, $newPasswordConfirmation, $user);
+			}
+			catch (ApplicationLogicException $ex) {
+				SessionAlert::error($ex->getMessage());
+				$this->redirect('changePassword');
 
-                return;
-            }
+				return;
+			}
 
-            $passwordProvider = new PasswordCredentialProvider($this->getDatabase(), $this->getSiteConfiguration());
-            $passwordProvider->setCredential($user, 1, $newPassword);
+			$passwordProvider = new PasswordCredentialProvider($this->getDatabase(), $this->getSiteConfiguration());
+			$passwordProvider->setCredential($user, 1, $newPassword);
 
-            SessionAlert::success('Password changed successfully!');
+			SessionAlert::success('Password changed successfully!');
 
-            $this->redirect('preferences');
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->setTemplate('preferences/changePassword.tpl');
-        }
-    }
+			$this->redirect('preferences');
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->setTemplate('preferences/changePassword.tpl');
+		}
+	}
 
-    /**
-     * @param string $oldPassword
-     * @param string $newPassword
-     * @param string $newPasswordConfirmation
-     * @param User   $user
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function validateNewPassword($oldPassword, $newPassword, $newPasswordConfirmation, User $user)
-    {
-        if ($oldPassword === null || $newPassword === null || $newPasswordConfirmation === null) {
-            throw new ApplicationLogicException('All three fields must be completed to change your password');
-        }
+	/**
+	 * @param string $oldPassword
+	 * @param string $newPassword
+	 * @param string $newPasswordConfirmation
+	 * @param User   $user
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function validateNewPassword($oldPassword, $newPassword, $newPasswordConfirmation, User $user)
+	{
+		if ($oldPassword === null || $newPassword === null || $newPasswordConfirmation === null) {
+			throw new ApplicationLogicException('All three fields must be completed to change your password');
+		}
 
-        if ($newPassword !== $newPasswordConfirmation) {
-            throw new ApplicationLogicException('Your new passwords did not match!');
-        }
+		if ($newPassword !== $newPasswordConfirmation) {
+			throw new ApplicationLogicException('Your new passwords did not match!');
+		}
 
-        // TODO: adapt for MFA support
-        $passwordProvider = new PasswordCredentialProvider($this->getDatabase(), $this->getSiteConfiguration());
-        if (!$passwordProvider->authenticate($user, $oldPassword)) {
-            throw new ApplicationLogicException('The password you entered was incorrect.');
-        }
-    }
+		// TODO: adapt for MFA support
+		$passwordProvider = new PasswordCredentialProvider($this->getDatabase(), $this->getSiteConfiguration());
+		if (!$passwordProvider->authenticate($user, $oldPassword)) {
+			throw new ApplicationLogicException('The password you entered was incorrect.');
+		}
+	}
 }
\ No newline at end of file

includes/DataObjects/Credential.php

Indentation +196 added lines, -196 removed lines

@@ -15,187 +15,187 @@ 
 
 class Credential extends DataObject
 {
-    /** @var int */
-    private $user;
-    /** @var int */
-    private $factor;
-    /** @var string */
-    private $type;
-    /** @var string */
-    private $data;
-    /** @var int */
-    private $version;
-    private $timeout;
-    /** @var int */
-    private $disabled = 0;
-    /** @var int */
-    private $priority;
-
-    /**
-     * @return int
-     */
-    public function getUserId()
-    {
-        return $this->user;
-    }
-
-    /**
-     * @param int $user
-     */
-    public function setUserId($user)
-    {
-        $this->user = $user;
-    }
-
-    /**
-     * @return int
-     */
-    public function getFactor()
-    {
-        return $this->factor;
-    }
-
-    /**
-     * @param int $factor
-     */
-    public function setFactor($factor)
-    {
-        $this->factor = $factor;
-    }
-
-    /**
-     * @return string
-     */
-    public function getType()
-    {
-        return $this->type;
-    }
-
-    /**
-     * @param string $type
-     */
-    public function setType($type)
-    {
-        $this->type = $type;
-    }
-
-    /**
-     * @return string
-     */
-    public function getData()
-    {
-        return $this->data;
-    }
-
-    /**
-     * @param string $data
-     */
-    public function setData($data)
-    {
-        $this->data = $data;
-    }
-
-    /**
-     * @return int
-     */
-    public function getVersion()
-    {
-        return $this->version;
-    }
-
-    /**
-     * @param int $version
-     */
-    public function setVersion($version)
-    {
-        $this->version = $version;
-    }
-
-    /**
-     * @return mixed
-     */
-    public function getTimeout()
-    {
-        if ($this->timeout === null) {
-            return null;
-        }
-
-        return new DateTimeImmutable($this->timeout);
-    }
-
-    /**
-     * @param mixed $timeout
-     */
-    public function setTimeout(DateTimeImmutable $timeout = null)
-    {
-        if ($timeout === null) {
-            $this->timeout = null;
-        }
-        else {
-            $this->timeout = $timeout->format('Y-m-d H:i:s');
-        }
-    }
-
-    /**
-     * @return int
-     */
-    public function getDisabled()
-    {
-        return $this->disabled;
-    }
-
-    /**
-     * @param int $disabled
-     */
-    public function setDisabled($disabled)
-    {
-        $this->disabled = $disabled;
-    }
-
-    /**
-     * @return int
-     */
-    public function getPriority()
-    {
-        return $this->priority;
-    }
-
-    /**
-     * @param int $priority
-     */
-    public function setPriority($priority)
-    {
-        $this->priority = $priority;
-    }
-
-    public function save()
-    {
-        if ($this->isNew()) {
-            // insert
-            $statement = $this->dbObject->prepare(<<<SQL
+	/** @var int */
+	private $user;
+	/** @var int */
+	private $factor;
+	/** @var string */
+	private $type;
+	/** @var string */
+	private $data;
+	/** @var int */
+	private $version;
+	private $timeout;
+	/** @var int */
+	private $disabled = 0;
+	/** @var int */
+	private $priority;
+
+	/**
+	 * @return int
+	 */
+	public function getUserId()
+	{
+		return $this->user;
+	}
+
+	/**
+	 * @param int $user
+	 */
+	public function setUserId($user)
+	{
+		$this->user = $user;
+	}
+
+	/**
+	 * @return int
+	 */
+	public function getFactor()
+	{
+		return $this->factor;
+	}
+
+	/**
+	 * @param int $factor
+	 */
+	public function setFactor($factor)
+	{
+		$this->factor = $factor;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getType()
+	{
+		return $this->type;
+	}
+
+	/**
+	 * @param string $type
+	 */
+	public function setType($type)
+	{
+		$this->type = $type;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getData()
+	{
+		return $this->data;
+	}
+
+	/**
+	 * @param string $data
+	 */
+	public function setData($data)
+	{
+		$this->data = $data;
+	}
+
+	/**
+	 * @return int
+	 */
+	public function getVersion()
+	{
+		return $this->version;
+	}
+
+	/**
+	 * @param int $version
+	 */
+	public function setVersion($version)
+	{
+		$this->version = $version;
+	}
+
+	/**
+	 * @return mixed
+	 */
+	public function getTimeout()
+	{
+		if ($this->timeout === null) {
+			return null;
+		}
+
+		return new DateTimeImmutable($this->timeout);
+	}
+
+	/**
+	 * @param mixed $timeout
+	 */
+	public function setTimeout(DateTimeImmutable $timeout = null)
+	{
+		if ($timeout === null) {
+			$this->timeout = null;
+		}
+		else {
+			$this->timeout = $timeout->format('Y-m-d H:i:s');
+		}
+	}
+
+	/**
+	 * @return int
+	 */
+	public function getDisabled()
+	{
+		return $this->disabled;
+	}
+
+	/**
+	 * @param int $disabled
+	 */
+	public function setDisabled($disabled)
+	{
+		$this->disabled = $disabled;
+	}
+
+	/**
+	 * @return int
+	 */
+	public function getPriority()
+	{
+		return $this->priority;
+	}
+
+	/**
+	 * @param int $priority
+	 */
+	public function setPriority($priority)
+	{
+		$this->priority = $priority;
+	}
+
+	public function save()
+	{
+		if ($this->isNew()) {
+			// insert
+			$statement = $this->dbObject->prepare(<<<SQL
 INSERT INTO credential ( updateversion, user, factor, type, data, version, timeout, disabled, priority )
 VALUES ( 0, :user, :factor, :type, :data, :version, :timeout, :disabled, :priority );
 SQL
-            );
-            $statement->bindValue(":user", $this->user);
-            $statement->bindValue(":factor", $this->factor);
-            $statement->bindValue(":type", $this->type);
-            $statement->bindValue(":data", $this->data);
-            $statement->bindValue(":version", $this->version);
-            $statement->bindValue(":timeout", $this->timeout);
-            $statement->bindValue(":disabled", $this->disabled);
-            $statement->bindValue(":priority", $this->priority);
-
-            if ($statement->execute()) {
-                $this->id = (int)$this->dbObject->lastInsertId();
-            }
-            else {
-                throw new Exception($statement->errorInfo());
-            }
-        }
-        else {
-            // update
-            $statement = $this->dbObject->prepare(<<<SQL
+			);
+			$statement->bindValue(":user", $this->user);
+			$statement->bindValue(":factor", $this->factor);
+			$statement->bindValue(":type", $this->type);
+			$statement->bindValue(":data", $this->data);
+			$statement->bindValue(":version", $this->version);
+			$statement->bindValue(":timeout", $this->timeout);
+			$statement->bindValue(":disabled", $this->disabled);
+			$statement->bindValue(":priority", $this->priority);
+
+			if ($statement->execute()) {
+				$this->id = (int)$this->dbObject->lastInsertId();
+			}
+			else {
+				throw new Exception($statement->errorInfo());
+			}
+		}
+		else {
+			// update
+			$statement = $this->dbObject->prepare(<<<SQL
                 UPDATE credential
                 SET   factor = :factor
                     , data = :data
@@ -206,27 +206,27 @@ 
                     , updateversion = updateversion + 1
                 WHERE id = :id AND updateversion = :updateversion;
 SQL
-            );
+			);
 
-            $statement->bindValue(':id', $this->id);
-            $statement->bindValue(':updateversion', $this->updateversion);
+			$statement->bindValue(':id', $this->id);
+			$statement->bindValue(':updateversion', $this->updateversion);
 
-            $statement->bindValue(":factor", $this->factor);
-            $statement->bindValue(":data", $this->data);
-            $statement->bindValue(":version", $this->version);
-            $statement->bindValue(":timeout", $this->timeout);
-            $statement->bindValue(":disabled", $this->disabled);
-            $statement->bindValue(":priority", $this->priority);
+			$statement->bindValue(":factor", $this->factor);
+			$statement->bindValue(":data", $this->data);
+			$statement->bindValue(":version", $this->version);
+			$statement->bindValue(":timeout", $this->timeout);
+			$statement->bindValue(":disabled", $this->disabled);
+			$statement->bindValue(":priority", $this->priority);
 
-            if (!$statement->execute()) {
-                throw new Exception($statement->errorInfo());
-            }
+			if (!$statement->execute()) {
+				throw new Exception($statement->errorInfo());
+			}
 
-            if ($statement->rowCount() !== 1) {
-                throw new OptimisticLockFailedException();
-            }
+			if ($statement->rowCount() !== 1) {
+				throw new OptimisticLockFailedException();
+			}
 
-            $this->updateversion++;
-        }
-    }
+			$this->updateversion++;
+		}
+	}
 }
\ No newline at end of file

includes/Pages/UserAuth/MultiFactor/PageMultiFactor.php

Braces +4 added lines, -2 removed lines

@@ -229,7 +229,8 @@ 
         $this->deleteCredential($database, $currentUser, $otpCredentialProvider, $factorType);
     }
 
-    protected function enableU2F() {
+    protected function enableU2F()
+    {
         $database = $this->getDatabase();
         $currentUser = User::getCurrent($database);
 
@@ -336,7 +337,8 @@ 
         }
     }
 
-    protected function disableU2F() {
+    protected function disableU2F()
+    {
         $database = $this->getDatabase();
         $currentUser = User::getCurrent($database);
 

Spacing +7 added lines, -7 removed lines

@@ -77,7 +77,7 @@ 
                     SessionAlert::success('Enabled YubiKey OTP.');
 
                     $scratchProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration());
-                    if($scratchProvider->getRemaining($currentUser->getId()) < 3) {
+                    if ($scratchProvider->getRemaining($currentUser->getId()) < 3) {
                         $scratchProvider->setCredential($currentUser, 2, null);
                         $tokens = $scratchProvider->getTokens();
                         $this->assign('tokens', $tokens);
@@ -86,7 +86,7 @@ 
                     }
                 }
                 catch (ApplicationLogicException $ex) {
-                    SessionAlert::error('Error enabling YubiKey OTP: ' . $ex->getMessage());
+                    SessionAlert::error('Error enabling YubiKey OTP: '.$ex->getMessage());
                 }
 
                 $this->redirect('multiFactor');
@@ -177,7 +177,7 @@ 
                         SessionAlert::success('Enabled TOTP.');
 
                         $scratchProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration());
-                        if($scratchProvider->getRemaining($currentUser->getId()) < 3) {
+                        if ($scratchProvider->getRemaining($currentUser->getId()) < 3) {
                             $scratchProvider->setCredential($currentUser, 2, null);
                             $tokens = $scratchProvider->getTokens();
                             $this->assign('tokens', $tokens);
@@ -257,7 +257,7 @@ 
 
                     list($data, $reqs) = $otpCredentialProvider->getRegistrationData();
 
-                    $u2fRequest =json_encode($data);
+                    $u2fRequest = json_encode($data);
                     $u2fSigns = json_encode($reqs);
 
                     $this->addJs('/vendor/yubico/u2flib-server/examples/assets/u2f-api.js');
@@ -306,7 +306,7 @@ 
                     SessionAlert::success('Enabled U2F.');
 
                     $scratchProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration());
-                    if($scratchProvider->getRemaining($currentUser->getId()) < 3) {
+                    if ($scratchProvider->getRemaining($currentUser->getId()) < 3) {
                         $scratchProvider->setCredential($currentUser, 2, null);
                         $tokens = $scratchProvider->getTokens();
                         $this->assign('tokens', $tokens);
@@ -419,11 +419,11 @@ 
 
             if ($result) {
                 $otpCredentialProvider->deleteCredential($currentUser);
-                SessionAlert::success('Disabled ' . $factorType . '.');
+                SessionAlert::success('Disabled '.$factorType.'.');
                 $this->redirect('multiFactor');
             }
             else {
-                SessionAlert::error('Error disabling ' . $factorType . ' - invalid credentials.');
+                SessionAlert::error('Error disabling '.$factorType.' - invalid credentials.');
                 $this->redirect('multiFactor');
             }
         }

Indentation +389 added lines, -389 removed lines

@@ -25,247 +25,247 @@ 
 
 class PageMultiFactor extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     */
-    protected function main()
-    {
-        $database = $this->getDatabase();
-        $currentUser = User::getCurrent($database);
-
-        $yubikeyOtpCredentialProvider = new YubikeyOtpCredentialProvider($database, $this->getSiteConfiguration(),
-            $this->getHttpHelper());
-        $this->assign('yubikeyOtpIdentity', $yubikeyOtpCredentialProvider->getYubikeyData($currentUser->getId()));
-        $this->assign('yubikeyOtpEnrolled', $yubikeyOtpCredentialProvider->userIsEnrolled($currentUser->getId()));
-
-        $totpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration());
-        $this->assign('totpEnrolled', $totpCredentialProvider->userIsEnrolled($currentUser->getId()));
-
-        $u2fCredentialProvider = new U2FCredentialProvider($database, $this->getSiteConfiguration());
-        $this->assign('u2fEnrolled', $u2fCredentialProvider->userIsEnrolled($currentUser->getId()));
-
-        $scratchCredentialProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration());
-        $this->assign('scratchEnrolled', $scratchCredentialProvider->userIsEnrolled($currentUser->getId()));
-        $this->assign('scratchRemaining', $scratchCredentialProvider->getRemaining($currentUser->getId()));
-
-        $this->assign('allowedTotp', $this->barrierTest('enableTotp', $currentUser));
-        $this->assign('allowedYubikey', $this->barrierTest('enableYubikeyOtp', $currentUser));
-        $this->assign('allowedU2f', $this->barrierTest('enableU2F', $currentUser));
-
-        $this->setTemplate('mfa/mfa.tpl');
-    }
-
-    protected function enableYubikeyOtp()
-    {
-        $database = $this->getDatabase();
-        $currentUser = User::getCurrent($database);
-
-        $otpCredentialProvider = new YubikeyOtpCredentialProvider($database,
-            $this->getSiteConfiguration(), $this->getHttpHelper());
-
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-
-            $passwordCredentialProvider = new PasswordCredentialProvider($database,
-                $this->getSiteConfiguration());
-
-            $password = WebRequest::postString('password');
-            $otp = WebRequest::postString('otp');
-
-            $result = $passwordCredentialProvider->authenticate($currentUser, $password);
-
-            if ($result) {
-                try {
-                    $otpCredentialProvider->setCredential($currentUser, 2, $otp);
-                    SessionAlert::success('Enabled YubiKey OTP.');
-
-                    $scratchProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration());
-                    if($scratchProvider->getRemaining($currentUser->getId()) < 3) {
-                        $scratchProvider->setCredential($currentUser, 2, null);
-                        $tokens = $scratchProvider->getTokens();
-                        $this->assign('tokens', $tokens);
-                        $this->setTemplate('mfa/regenScratchTokens.tpl');
-                        return;
-                    }
-                }
-                catch (ApplicationLogicException $ex) {
-                    SessionAlert::error('Error enabling YubiKey OTP: ' . $ex->getMessage());
-                }
-
-                $this->redirect('multiFactor');
-            }
-            else {
-                SessionAlert::error('Error enabling YubiKey OTP - invalid credentials.');
-                $this->redirect('multiFactor');
-            }
-        }
-        else {
-            if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) {
-                // user is not enrolled, we shouldn't have got here.
-                throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism');
-            }
-
-            $this->assignCSRFToken();
-            $this->setTemplate('mfa/enableYubikey.tpl');
-        }
-    }
-
-    protected function disableYubikeyOtp()
-    {
-        $database = $this->getDatabase();
-        $currentUser = User::getCurrent($database);
-
-        $otpCredentialProvider = new YubikeyOtpCredentialProvider($database,
-            $this->getSiteConfiguration(), $this->getHttpHelper());
-
-        $factorType = 'YubiKey OTP';
-
-        $this->deleteCredential($database, $currentUser, $otpCredentialProvider, $factorType);
-    }
-
-    protected function enableTotp()
-    {
-        $database = $this->getDatabase();
-        $currentUser = User::getCurrent($database);
-
-        $otpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration());
-
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-
-            // used for routing only, not security
-            $stage = WebRequest::postString('stage');
-
-            if ($stage === "auth") {
-                $password = WebRequest::postString('password');
-
-                $passwordCredentialProvider = new PasswordCredentialProvider($database,
-                    $this->getSiteConfiguration());
-                $result = $passwordCredentialProvider->authenticate($currentUser, $password);
-
-                if ($result) {
-                    $otpCredentialProvider->setCredential($currentUser, 2, null);
-
-                    $provisioningUrl = $otpCredentialProvider->getProvisioningUrl($currentUser);
-
-                    $renderer = new Svg();
-                    $renderer->setHeight(256);
-                    $renderer->setWidth(256);
-                    $writer = new Writer($renderer);
-                    $svg = $writer->writeString($provisioningUrl);
-
-                    $this->assign('svg', $svg);
-                    $this->assign('secret', $otpCredentialProvider->getSecret($currentUser));
-
-                    $this->assignCSRFToken();
-                    $this->setTemplate('mfa/enableTotpEnroll.tpl');
-
-                    return;
-                }
-                else {
-                    SessionAlert::error('Error enabling TOTP - invalid credentials.');
-                    $this->redirect('multiFactor');
-
-                    return;
-                }
-            }
-
-            if ($stage === "enroll") {
-                // we *must* have a defined credential already here,
-                if ($otpCredentialProvider->isPartiallyEnrolled($currentUser)) {
-                    $otp = WebRequest::postString('otp');
-                    $result = $otpCredentialProvider->verifyEnable($currentUser, $otp);
-
-                    if ($result) {
-                        SessionAlert::success('Enabled TOTP.');
-
-                        $scratchProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration());
-                        if($scratchProvider->getRemaining($currentUser->getId()) < 3) {
-                            $scratchProvider->setCredential($currentUser, 2, null);
-                            $tokens = $scratchProvider->getTokens();
-                            $this->assign('tokens', $tokens);
-                            $this->setTemplate('mfa/regenScratchTokens.tpl');
-                            return;
-                        }
-                    }
-                    else {
-                        $otpCredentialProvider->deleteCredential($currentUser);
-                        SessionAlert::error('Error enabling TOTP: invalid token provided');
-                    }
-
-
-                    $this->redirect('multiFactor');
-                    return;
-                }
-                else {
-                    SessionAlert::error('Error enabling TOTP - no enrollment found or enrollment expired.');
-                    $this->redirect('multiFactor');
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 */
+	protected function main()
+	{
+		$database = $this->getDatabase();
+		$currentUser = User::getCurrent($database);
+
+		$yubikeyOtpCredentialProvider = new YubikeyOtpCredentialProvider($database, $this->getSiteConfiguration(),
+			$this->getHttpHelper());
+		$this->assign('yubikeyOtpIdentity', $yubikeyOtpCredentialProvider->getYubikeyData($currentUser->getId()));
+		$this->assign('yubikeyOtpEnrolled', $yubikeyOtpCredentialProvider->userIsEnrolled($currentUser->getId()));
+
+		$totpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration());
+		$this->assign('totpEnrolled', $totpCredentialProvider->userIsEnrolled($currentUser->getId()));
+
+		$u2fCredentialProvider = new U2FCredentialProvider($database, $this->getSiteConfiguration());
+		$this->assign('u2fEnrolled', $u2fCredentialProvider->userIsEnrolled($currentUser->getId()));
+
+		$scratchCredentialProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration());
+		$this->assign('scratchEnrolled', $scratchCredentialProvider->userIsEnrolled($currentUser->getId()));
+		$this->assign('scratchRemaining', $scratchCredentialProvider->getRemaining($currentUser->getId()));
+
+		$this->assign('allowedTotp', $this->barrierTest('enableTotp', $currentUser));
+		$this->assign('allowedYubikey', $this->barrierTest('enableYubikeyOtp', $currentUser));
+		$this->assign('allowedU2f', $this->barrierTest('enableU2F', $currentUser));
+
+		$this->setTemplate('mfa/mfa.tpl');
+	}
 
-                    return;
-                }
-            }
+	protected function enableYubikeyOtp()
+	{
+		$database = $this->getDatabase();
+		$currentUser = User::getCurrent($database);
+
+		$otpCredentialProvider = new YubikeyOtpCredentialProvider($database,
+			$this->getSiteConfiguration(), $this->getHttpHelper());
+
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+
+			$passwordCredentialProvider = new PasswordCredentialProvider($database,
+				$this->getSiteConfiguration());
+
+			$password = WebRequest::postString('password');
+			$otp = WebRequest::postString('otp');
+
+			$result = $passwordCredentialProvider->authenticate($currentUser, $password);
+
+			if ($result) {
+				try {
+					$otpCredentialProvider->setCredential($currentUser, 2, $otp);
+					SessionAlert::success('Enabled YubiKey OTP.');
+
+					$scratchProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration());
+					if($scratchProvider->getRemaining($currentUser->getId()) < 3) {
+						$scratchProvider->setCredential($currentUser, 2, null);
+						$tokens = $scratchProvider->getTokens();
+						$this->assign('tokens', $tokens);
+						$this->setTemplate('mfa/regenScratchTokens.tpl');
+						return;
+					}
+				}
+				catch (ApplicationLogicException $ex) {
+					SessionAlert::error('Error enabling YubiKey OTP: ' . $ex->getMessage());
+				}
+
+				$this->redirect('multiFactor');
+			}
+			else {
+				SessionAlert::error('Error enabling YubiKey OTP - invalid credentials.');
+				$this->redirect('multiFactor');
+			}
+		}
+		else {
+			if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) {
+				// user is not enrolled, we shouldn't have got here.
+				throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism');
+			}
+
+			$this->assignCSRFToken();
+			$this->setTemplate('mfa/enableYubikey.tpl');
+		}
+	}
 
-            // urgh, dunno what happened, but it's not something expected.
-            throw new ApplicationLogicException();
-        }
-        else {
-            if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) {
-                // user is not enrolled, we shouldn't have got here.
-                throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism');
-            }
+	protected function disableYubikeyOtp()
+	{
+		$database = $this->getDatabase();
+		$currentUser = User::getCurrent($database);
 
-            $this->assignCSRFToken();
+		$otpCredentialProvider = new YubikeyOtpCredentialProvider($database,
+			$this->getSiteConfiguration(), $this->getHttpHelper());
 
-            $this->assign('alertmessage', 'To enable your multi-factor credentials, please prove you are who you say you are by providing the information below.');
-            $this->assign('alertheader', 'Provide credentials');
-            $this->assign('continueText', 'Verify password');
-            $this->setTemplate('mfa/enableAuth.tpl');
-        }
-    }
+		$factorType = 'YubiKey OTP';
 
-    protected function disableTotp()
-    {
-        $database = $this->getDatabase();
-        $currentUser = User::getCurrent($database);
+		$this->deleteCredential($database, $currentUser, $otpCredentialProvider, $factorType);
+	}
+
+	protected function enableTotp()
+	{
+		$database = $this->getDatabase();
+		$currentUser = User::getCurrent($database);
+
+		$otpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration());
+
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+
+			// used for routing only, not security
+			$stage = WebRequest::postString('stage');
+
+			if ($stage === "auth") {
+				$password = WebRequest::postString('password');
+
+				$passwordCredentialProvider = new PasswordCredentialProvider($database,
+					$this->getSiteConfiguration());
+				$result = $passwordCredentialProvider->authenticate($currentUser, $password);
+
+				if ($result) {
+					$otpCredentialProvider->setCredential($currentUser, 2, null);
+
+					$provisioningUrl = $otpCredentialProvider->getProvisioningUrl($currentUser);
+
+					$renderer = new Svg();
+					$renderer->setHeight(256);
+					$renderer->setWidth(256);
+					$writer = new Writer($renderer);
+					$svg = $writer->writeString($provisioningUrl);
+
+					$this->assign('svg', $svg);
+					$this->assign('secret', $otpCredentialProvider->getSecret($currentUser));
+
+					$this->assignCSRFToken();
+					$this->setTemplate('mfa/enableTotpEnroll.tpl');
+
+					return;
+				}
+				else {
+					SessionAlert::error('Error enabling TOTP - invalid credentials.');
+					$this->redirect('multiFactor');
+
+					return;
+				}
+			}
+
+			if ($stage === "enroll") {
+				// we *must* have a defined credential already here,
+				if ($otpCredentialProvider->isPartiallyEnrolled($currentUser)) {
+					$otp = WebRequest::postString('otp');
+					$result = $otpCredentialProvider->verifyEnable($currentUser, $otp);
+
+					if ($result) {
+						SessionAlert::success('Enabled TOTP.');
+
+						$scratchProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration());
+						if($scratchProvider->getRemaining($currentUser->getId()) < 3) {
+							$scratchProvider->setCredential($currentUser, 2, null);
+							$tokens = $scratchProvider->getTokens();
+							$this->assign('tokens', $tokens);
+							$this->setTemplate('mfa/regenScratchTokens.tpl');
+							return;
+						}
+					}
+					else {
+						$otpCredentialProvider->deleteCredential($currentUser);
+						SessionAlert::error('Error enabling TOTP: invalid token provided');
+					}
+
+
+					$this->redirect('multiFactor');
+					return;
+				}
+				else {
+					SessionAlert::error('Error enabling TOTP - no enrollment found or enrollment expired.');
+					$this->redirect('multiFactor');
+
+					return;
+				}
+			}
+
+			// urgh, dunno what happened, but it's not something expected.
+			throw new ApplicationLogicException();
+		}
+		else {
+			if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) {
+				// user is not enrolled, we shouldn't have got here.
+				throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism');
+			}
+
+			$this->assignCSRFToken();
+
+			$this->assign('alertmessage', 'To enable your multi-factor credentials, please prove you are who you say you are by providing the information below.');
+			$this->assign('alertheader', 'Provide credentials');
+			$this->assign('continueText', 'Verify password');
+			$this->setTemplate('mfa/enableAuth.tpl');
+		}
+	}
 
-        $otpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration());
+	protected function disableTotp()
+	{
+		$database = $this->getDatabase();
+		$currentUser = User::getCurrent($database);
+
+		$otpCredentialProvider = new TotpCredentialProvider($database, $this->getSiteConfiguration());
+
+		$factorType = 'TOTP';
+
+		$this->deleteCredential($database, $currentUser, $otpCredentialProvider, $factorType);
+	}
 
-        $factorType = 'TOTP';
+	protected function enableU2F() {
+		$database = $this->getDatabase();
+		$currentUser = User::getCurrent($database);
 
-        $this->deleteCredential($database, $currentUser, $otpCredentialProvider, $factorType);
-    }
+		$otpCredentialProvider = new U2FCredentialProvider($database, $this->getSiteConfiguration());
 
-    protected function enableU2F() {
-        $database = $this->getDatabase();
-        $currentUser = User::getCurrent($database);
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
 
-        $otpCredentialProvider = new U2FCredentialProvider($database, $this->getSiteConfiguration());
-
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-
-            // used for routing only, not security
-            $stage = WebRequest::postString('stage');
-
-            if ($stage === "auth") {
-                $password = WebRequest::postString('password');
-
-                $passwordCredentialProvider = new PasswordCredentialProvider($database,
-                    $this->getSiteConfiguration());
-                $result = $passwordCredentialProvider->authenticate($currentUser, $password);
-
-                if ($result) {
-                    $otpCredentialProvider->setCredential($currentUser, 2, null);
-                    $this->assignCSRFToken();
-
-                    list($data, $reqs) = $otpCredentialProvider->getRegistrationData();
-
-                    $u2fRequest =json_encode($data);
-                    $u2fSigns = json_encode($reqs);
-
-                    $this->addJs('/vendor/yubico/u2flib-server/examples/assets/u2f-api.js');
-                    $this->setTailScript($this->getCspManager()->getNonce(), <<<JS
+			// used for routing only, not security
+			$stage = WebRequest::postString('stage');
+
+			if ($stage === "auth") {
+				$password = WebRequest::postString('password');
+
+				$passwordCredentialProvider = new PasswordCredentialProvider($database,
+					$this->getSiteConfiguration());
+				$result = $passwordCredentialProvider->authenticate($currentUser, $password);
+
+				if ($result) {
+					$otpCredentialProvider->setCredential($currentUser, 2, null);
+					$this->assignCSRFToken();
+
+					list($data, $reqs) = $otpCredentialProvider->getRegistrationData();
+
+					$u2fRequest =json_encode($data);
+					$u2fSigns = json_encode($reqs);
+
+					$this->addJs('/vendor/yubico/u2flib-server/examples/assets/u2f-api.js');
+					$this->setTailScript($this->getCspManager()->getNonce(), <<<JS
 var request = ${u2fRequest};
 var signs = ${u2fSigns};
 
@@ -284,162 +284,162 @@ 
 	form.submit();
 });
 JS
-                    );
-
-                    $this->setTemplate('mfa/enableU2FEnroll.tpl');
-
-                    return;
-                }
-                else {
-                    SessionAlert::error('Error enabling TOTP - invalid credentials.');
-                    $this->redirect('multiFactor');
-
-                    return;
-                }
-            }
-
-            if ($stage === "enroll") {
-                // we *must* have a defined credential already here,
-                if ($otpCredentialProvider->isPartiallyEnrolled($currentUser)) {
-
-                    $request = json_decode(WebRequest::postString('u2fRequest'));
-                    $u2fData = json_decode(WebRequest::postString('u2fData'));
-
-                    $otpCredentialProvider->enable($currentUser, $request, $u2fData);
-
-                    SessionAlert::success('Enabled U2F.');
-
-                    $scratchProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration());
-                    if($scratchProvider->getRemaining($currentUser->getId()) < 3) {
-                        $scratchProvider->setCredential($currentUser, 2, null);
-                        $tokens = $scratchProvider->getTokens();
-                        $this->assign('tokens', $tokens);
-                        $this->setTemplate('mfa/regenScratchTokens.tpl');
-                        return;
-                    }
-
-                    $this->redirect('multiFactor');
-                    return;
-                }
-                else {
-                    SessionAlert::error('Error enabling TOTP - no enrollment found or enrollment expired.');
-                    $this->redirect('multiFactor');
-
-                    return;
-                }
-            }
-
-            // urgh, dunno what happened, but it's not something expected.
-            throw new ApplicationLogicException();
-        }
-        else {
-            if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) {
-                // user is not enrolled, we shouldn't have got here.
-                throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism');
-            }
-
-            $this->assignCSRFToken();
-
-            $this->assign('alertmessage', 'To enable your multi-factor credentials, please prove you are who you say you are by providing the information below.');
-            $this->assign('alertheader', 'Provide credentials');
-            $this->assign('continueText', 'Verify password');
-            $this->setTemplate('mfa/enableAuth.tpl');
-        }
-    }
-
-    protected function disableU2F() {
-        $database = $this->getDatabase();
-        $currentUser = User::getCurrent($database);
-
-        $otpCredentialProvider = new U2FCredentialProvider($database, $this->getSiteConfiguration());
-
-        $factorType = 'U2F';
-
-        $this->deleteCredential($database, $currentUser, $otpCredentialProvider, $factorType);
-    }
-
-    protected function scratch()
-    {
-        $database = $this->getDatabase();
-        $currentUser = User::getCurrent($database);
-
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-
-            $passwordCredentialProvider = new PasswordCredentialProvider($database,
-                $this->getSiteConfiguration());
-
-            $otpCredentialProvider = new ScratchTokenCredentialProvider($database,
-                $this->getSiteConfiguration());
-
-            $password = WebRequest::postString('password');
-
-            $result = $passwordCredentialProvider->authenticate($currentUser, $password);
-
-            if ($result) {
-                $otpCredentialProvider->setCredential($currentUser, 2, null);
-                $tokens = $otpCredentialProvider->getTokens();
-                $this->assign('tokens', $tokens);
-                $this->setTemplate('mfa/regenScratchTokens.tpl');
-            }
-            else {
-                SessionAlert::error('Error refreshing scratch tokens - invalid credentials.');
-                $this->redirect('multiFactor');
-            }
-        }
-        else {
-            $this->assignCSRFToken();
-
-            $this->assign('alertmessage', 'To regenerate your emergency scratch tokens, please prove you are who you say you are by providing the information below. Note that continuing will invalidate all remaining scratch tokens, and provide a set of new ones.');
-            $this->assign('alertheader', 'Re-generate scratch tokens');
-            $this->assign('continueText', 'Regenerate Scratch Tokens');
-
-            $this->setTemplate('mfa/enableAuth.tpl');
-        }
-    }
-
-    /**
-     * @param PdoDatabase         $database
-     * @param User                $currentUser
-     * @param ICredentialProvider $otpCredentialProvider
-     * @param string              $factorType
-     *
-     * @throws ApplicationLogicException
-     */
-    private function deleteCredential(
-        PdoDatabase $database,
-        User $currentUser,
-        ICredentialProvider $otpCredentialProvider,
-        $factorType
-    ) {
-        if (WebRequest::wasPosted()) {
-            $passwordCredentialProvider = new PasswordCredentialProvider($database,
-                $this->getSiteConfiguration());
-
-            $this->validateCSRFToken();
-
-            $password = WebRequest::postString('password');
-            $result = $passwordCredentialProvider->authenticate($currentUser, $password);
-
-            if ($result) {
-                $otpCredentialProvider->deleteCredential($currentUser);
-                SessionAlert::success('Disabled ' . $factorType . '.');
-                $this->redirect('multiFactor');
-            }
-            else {
-                SessionAlert::error('Error disabling ' . $factorType . ' - invalid credentials.');
-                $this->redirect('multiFactor');
-            }
-        }
-        else {
-            if (!$otpCredentialProvider->userIsEnrolled($currentUser->getId())) {
-                // user is not enrolled, we shouldn't have got here.
-                throw new ApplicationLogicException('User is not enrolled in the selected MFA mechanism');
-            }
-
-            $this->assignCSRFToken();
-            $this->assign('otpType', $factorType);
-            $this->setTemplate('mfa/disableOtp.tpl');
-        }
-    }
+					);
+
+					$this->setTemplate('mfa/enableU2FEnroll.tpl');
+
+					return;
+				}
+				else {
+					SessionAlert::error('Error enabling TOTP - invalid credentials.');
+					$this->redirect('multiFactor');
+
+					return;
+				}
+			}
+
+			if ($stage === "enroll") {
+				// we *must* have a defined credential already here,
+				if ($otpCredentialProvider->isPartiallyEnrolled($currentUser)) {
+
+					$request = json_decode(WebRequest::postString('u2fRequest'));
+					$u2fData = json_decode(WebRequest::postString('u2fData'));
+
+					$otpCredentialProvider->enable($currentUser, $request, $u2fData);
+
+					SessionAlert::success('Enabled U2F.');
+
+					$scratchProvider = new ScratchTokenCredentialProvider($database, $this->getSiteConfiguration());
+					if($scratchProvider->getRemaining($currentUser->getId()) < 3) {
+						$scratchProvider->setCredential($currentUser, 2, null);
+						$tokens = $scratchProvider->getTokens();
+						$this->assign('tokens', $tokens);
+						$this->setTemplate('mfa/regenScratchTokens.tpl');
+						return;
+					}
+
+					$this->redirect('multiFactor');
+					return;
+				}
+				else {
+					SessionAlert::error('Error enabling TOTP - no enrollment found or enrollment expired.');
+					$this->redirect('multiFactor');
+
+					return;
+				}
+			}
+
+			// urgh, dunno what happened, but it's not something expected.
+			throw new ApplicationLogicException();
+		}
+		else {
+			if ($otpCredentialProvider->userIsEnrolled($currentUser->getId())) {
+				// user is not enrolled, we shouldn't have got here.
+				throw new ApplicationLogicException('User is already enrolled in the selected MFA mechanism');
+			}
+
+			$this->assignCSRFToken();
+
+			$this->assign('alertmessage', 'To enable your multi-factor credentials, please prove you are who you say you are by providing the information below.');
+			$this->assign('alertheader', 'Provide credentials');
+			$this->assign('continueText', 'Verify password');
+			$this->setTemplate('mfa/enableAuth.tpl');
+		}
+	}
+
+	protected function disableU2F() {
+		$database = $this->getDatabase();
+		$currentUser = User::getCurrent($database);
+
+		$otpCredentialProvider = new U2FCredentialProvider($database, $this->getSiteConfiguration());
+
+		$factorType = 'U2F';
+
+		$this->deleteCredential($database, $currentUser, $otpCredentialProvider, $factorType);
+	}
+
+	protected function scratch()
+	{
+		$database = $this->getDatabase();
+		$currentUser = User::getCurrent($database);
+
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+
+			$passwordCredentialProvider = new PasswordCredentialProvider($database,
+				$this->getSiteConfiguration());
+
+			$otpCredentialProvider = new ScratchTokenCredentialProvider($database,
+				$this->getSiteConfiguration());
+
+			$password = WebRequest::postString('password');
+
+			$result = $passwordCredentialProvider->authenticate($currentUser, $password);
+
+			if ($result) {
+				$otpCredentialProvider->setCredential($currentUser, 2, null);
+				$tokens = $otpCredentialProvider->getTokens();
+				$this->assign('tokens', $tokens);
+				$this->setTemplate('mfa/regenScratchTokens.tpl');
+			}
+			else {
+				SessionAlert::error('Error refreshing scratch tokens - invalid credentials.');
+				$this->redirect('multiFactor');
+			}
+		}
+		else {
+			$this->assignCSRFToken();
+
+			$this->assign('alertmessage', 'To regenerate your emergency scratch tokens, please prove you are who you say you are by providing the information below. Note that continuing will invalidate all remaining scratch tokens, and provide a set of new ones.');
+			$this->assign('alertheader', 'Re-generate scratch tokens');
+			$this->assign('continueText', 'Regenerate Scratch Tokens');
+
+			$this->setTemplate('mfa/enableAuth.tpl');
+		}
+	}
+
+	/**
+	 * @param PdoDatabase         $database
+	 * @param User                $currentUser
+	 * @param ICredentialProvider $otpCredentialProvider
+	 * @param string              $factorType
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function deleteCredential(
+		PdoDatabase $database,
+		User $currentUser,
+		ICredentialProvider $otpCredentialProvider,
+		$factorType
+	) {
+		if (WebRequest::wasPosted()) {
+			$passwordCredentialProvider = new PasswordCredentialProvider($database,
+				$this->getSiteConfiguration());
+
+			$this->validateCSRFToken();
+
+			$password = WebRequest::postString('password');
+			$result = $passwordCredentialProvider->authenticate($currentUser, $password);
+
+			if ($result) {
+				$otpCredentialProvider->deleteCredential($currentUser);
+				SessionAlert::success('Disabled ' . $factorType . '.');
+				$this->redirect('multiFactor');
+			}
+			else {
+				SessionAlert::error('Error disabling ' . $factorType . ' - invalid credentials.');
+				$this->redirect('multiFactor');
+			}
+		}
+		else {
+			if (!$otpCredentialProvider->userIsEnrolled($currentUser->getId())) {
+				// user is not enrolled, we shouldn't have got here.
+				throw new ApplicationLogicException('User is not enrolled in the selected MFA mechanism');
+			}
+
+			$this->assignCSRFToken();
+			$this->assign('otpType', $factorType);
+			$this->setTemplate('mfa/disableOtp.tpl');
+		}
+	}
 }

includes/Pages/UserAuth/PageOAuthCallback.php

Indentation +75 added lines, -75 removed lines

@@ -17,90 +17,90 @@
 
 class PageOAuthCallback extends InternalPageBase
 {
-    /**
-     * @return bool
-     */
-    protected function isProtectedPage()
-    {
-        // This page is critical to ensuring OAuth functionality is operational.
-        return false;
-    }
+	/**
+	 * @return bool
+	 */
+	protected function isProtectedPage()
+	{
+		// This page is critical to ensuring OAuth functionality is operational.
+		return false;
+	}
 
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     */
-    protected function main()
-    {
-        // This should never get hit except by URL manipulation.
-        $this->redirect('');
-    }
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 */
+	protected function main()
+	{
+		// This should never get hit except by URL manipulation.
+		$this->redirect('');
+	}
 
-    /**
-     * Registered endpoint for the account creation callback.
-     *
-     * If this ever gets hit, something is wrong somewhere.
-     */
-    protected function create()
-    {
-        throw new Exception('OAuth account creation endpoint triggered.');
-    }
+	/**
+	 * Registered endpoint for the account creation callback.
+	 *
+	 * If this ever gets hit, something is wrong somewhere.
+	 */
+	protected function create()
+	{
+		throw new Exception('OAuth account creation endpoint triggered.');
+	}
 
-    /**
-     * Callback entry point
-     */
-    protected function authorise()
-    {
-        $oauthToken = WebRequest::getString('oauth_token');
-        $oauthVerifier = WebRequest::getString('oauth_verifier');
+	/**
+	 * Callback entry point
+	 */
+	protected function authorise()
+	{
+		$oauthToken = WebRequest::getString('oauth_token');
+		$oauthVerifier = WebRequest::getString('oauth_verifier');
 
-        $this->doCallbackValidation($oauthToken, $oauthVerifier);
+		$this->doCallbackValidation($oauthToken, $oauthVerifier);
 
-        $database = $this->getDatabase();
+		$database = $this->getDatabase();
 
-        $user = OAuthUserHelper::findUserByRequestToken($oauthToken, $database);
-        $oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(), $this->getSiteConfiguration());
+		$user = OAuthUserHelper::findUserByRequestToken($oauthToken, $database);
+		$oauth = new OAuthUserHelper($user, $database, $this->getOAuthProtocolHelper(), $this->getSiteConfiguration());
 
-        try {
-            $oauth->completeHandshake($oauthVerifier);
-        }
-        catch (CurlException $ex) {
-            throw new ApplicationLogicException($ex->getMessage(), 0, $ex);
-        }
+		try {
+			$oauth->completeHandshake($oauthVerifier);
+		}
+		catch (CurlException $ex) {
+			throw new ApplicationLogicException($ex->getMessage(), 0, $ex);
+		}
 
-        // OK, we're the same session that just did a partial login that was redirected to OAuth. Let's upgrade the
-        // login to a full login
-        if (WebRequest::getOAuthPartialLogin() === $user->getId()) {
-            WebRequest::setLoggedInUser($user);
-        }
+		// OK, we're the same session that just did a partial login that was redirected to OAuth. Let's upgrade the
+		// login to a full login
+		if (WebRequest::getOAuthPartialLogin() === $user->getId()) {
+			WebRequest::setLoggedInUser($user);
+		}
 
-        // My thinking is there are three cases here:
-        //   a) new user => redirect to prefs - it's the only thing they can access other than stats
-        //   b) existing user hit the connect button in prefs => redirect to prefs since it's where they were
-        //   c) existing user logging in => redirect to wherever they came from
-        $redirectDestination = WebRequest::clearPostLoginRedirect();
-        if ($redirectDestination !== null && !$user->isNewUser()) {
-            $this->redirectUrl($redirectDestination);
-        }
-        else {
-            $this->redirect('preferences', null, null, 'internal.php');
-        }
-    }
+		// My thinking is there are three cases here:
+		//   a) new user => redirect to prefs - it's the only thing they can access other than stats
+		//   b) existing user hit the connect button in prefs => redirect to prefs since it's where they were
+		//   c) existing user logging in => redirect to wherever they came from
+		$redirectDestination = WebRequest::clearPostLoginRedirect();
+		if ($redirectDestination !== null && !$user->isNewUser()) {
+			$this->redirectUrl($redirectDestination);
+		}
+		else {
+			$this->redirect('preferences', null, null, 'internal.php');
+		}
+	}
 
-    /**
-     * @param string $oauthToken
-     * @param string $oauthVerifier
-     *
-     * @throws ApplicationLogicException
-     */
-    private function doCallbackValidation($oauthToken, $oauthVerifier)
-    {
-        if ($oauthToken === null) {
-            throw new ApplicationLogicException('No token provided');
-        }
+	/**
+	 * @param string $oauthToken
+	 * @param string $oauthVerifier
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function doCallbackValidation($oauthToken, $oauthVerifier)
+	{
+		if ($oauthToken === null) {
+			throw new ApplicationLogicException('No token provided');
+		}
 
-        if ($oauthVerifier === null) {
-            throw new ApplicationLogicException('No oauth verifier provided.');
-        }
-    }
+		if ($oauthVerifier === null) {
+			throw new ApplicationLogicException('No oauth verifier provided.');
+		}
+	}
 }
\ No newline at end of file

includes/Pages/UserAuth/Login/LoginCredentialPageBase.php

Indentation +311 added lines, -311 removed lines

@@ -21,315 +21,315 @@
 
 abstract class LoginCredentialPageBase extends InternalPageBase
 {
-    /** @var User */
-    protected $partialUser = null;
-    protected $nextPageMap = array(
-        'yubikeyotp' => 'otp',
-        'totp'       => 'otp',
-        'scratch'    => 'otp',
-        'u2f'        => 'u2f',
-    );
-    protected $names = array(
-        'yubikeyotp' => 'Yubikey OTP',
-        'totp'       => 'TOTP (phone code generator)',
-        'scratch'    => 'scratch token',
-        'u2f'        => 'U2F security token',
-    );
-
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     */
-    protected function main()
-    {
-        if (!$this->enforceHttps()) {
-            return;
-        }
-
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-
-            $database = $this->getDatabase();
-            try {
-                list($partialId, $partialStage) = WebRequest::getAuthPartialLogin();
-
-                if ($partialStage === null) {
-                    $partialStage = 1;
-                }
-
-                if ($partialId === null) {
-                    $username = WebRequest::postString('username');
-
-                    if ($username === null || trim($username) === '') {
-                        throw new ApplicationLogicException('No username specified.');
-                    }
-
-                    $user = User::getByUsername($username, $database);
-                }
-                else {
-                    $user = User::getById($partialId, $database);
-                }
-
-                if ($user === false) {
-                    throw new ApplicationLogicException("Authentication failed");
-                }
-
-                $authMan = new AuthenticationManager($database, $this->getSiteConfiguration(),
-                    $this->getHttpHelper());
-
-                $credential = $this->getProviderCredentials();
-
-                $authResult = $authMan->authenticate($user, $credential, $partialStage);
-
-                if ($authResult === AuthenticationManager::AUTH_FAIL) {
-                    throw new ApplicationLogicException("Authentication failed");
-                }
-
-                if ($authResult === AuthenticationManager::AUTH_REQUIRE_NEXT_STAGE) {
-                    $this->processJumpNextStage($user, $partialStage, $database);
-
-                    return;
-                }
-
-                if ($authResult === AuthenticationManager::AUTH_OK) {
-                    $this->processLoginSuccess($user);
-
-                    return;
-                }
-            }
-            catch (ApplicationLogicException $ex) {
-                WebRequest::clearAuthPartialLogin();
-
-                SessionAlert::error($ex->getMessage());
-                $this->redirect('login');
-
-                return;
-            }
-        }
-        else {
-            $this->assign('showSignIn', true);
-
-            $this->setupPartial();
-            $this->assignCSRFToken();
-            $this->providerSpecificSetup();
-        }
-    }
-
-    protected function isProtectedPage()
-    {
-        return false;
-    }
-
-    /**
-     * Enforces HTTPS on the login form
-     *
-     * @return bool
-     */
-    private function enforceHttps()
-    {
-        if ($this->getSiteConfiguration()->getUseStrictTransportSecurity() !== false) {
-            if (WebRequest::isHttps()) {
-                // Client can clearly use HTTPS, so let's enforce it for all connections.
-                $this->headerQueue[] = "Strict-Transport-Security: max-age=15768000";
-            }
-            else {
-                // This is the login form, not the request form. We need protection here.
-                $this->redirectUrl('https://' . WebRequest::serverName() . WebRequest::requestUri());
-
-                return false;
-            }
-        }
-
-        return true;
-    }
-
-    protected abstract function providerSpecificSetup();
-
-    protected function setupPartial()
-    {
-        $database = $this->getDatabase();
-
-        // default stuff
-        $this->assign('alternatives', array()); // 'u2f' => array('U2F token'), 'otp' => array('TOTP', 'scratch', 'yubiotp')));
-
-        // is this stage one?
-        list($partialId, $partialStage) = WebRequest::getAuthPartialLogin();
-        if ($partialStage === null || $partialId === null) {
-            WebRequest::clearAuthPartialLogin();
-        }
-
-        // Check to see if we have a partial login in progress
-        $username = null;
-        if ($partialId !== null) {
-            // Yes, enforce this username
-            $this->partialUser = User::getById($partialId, $database);
-            $username = $this->partialUser->getUsername();
-
-            $this->setupAlternates($this->partialUser, $partialStage, $database);
-        }
-        else {
-            // No, see if we've preloaded a username
-            $preloadUsername = WebRequest::getString('tplUsername');
-            if ($preloadUsername !== null) {
-                $username = $preloadUsername;
-            }
-        }
-
-        if ($partialStage === null) {
-            $partialStage = 1;
-        }
-
-        $this->assign('partialStage', $partialStage);
-        $this->assign('username', $username);
-    }
-
-    /**
-     * Redirect the user back to wherever they came from after a successful login
-     *
-     * @param User $user
-     */
-    protected function goBackWhenceYouCame(User $user)
-    {
-        // Redirect to wherever the user came from
-        $redirectDestination = WebRequest::clearPostLoginRedirect();
-        if ($redirectDestination !== null) {
-            $this->redirectUrl($redirectDestination);
-        }
-        else {
-            if ($user->isNewUser()) {
-                // home page isn't allowed, go to preferences instead
-                $this->redirect('preferences');
-            }
-            else {
-                // go to the home page
-                $this->redirect('');
-            }
-        }
-    }
-
-    private function processLoginSuccess(User $user)
-    {
-        // Touch force logout
-        $user->setForceLogout(false);
-        $user->save();
-
-        $oauth = new OAuthUserHelper($user, $this->getDatabase(), $this->getOAuthProtocolHelper(),
-            $this->getSiteConfiguration());
-
-        if ($oauth->isFullyLinked()) {
-            try {
-                // Reload the user's identity ticket.
-                $oauth->refreshIdentity();
-
-                // Check for blocks
-                if ($oauth->getIdentity()->getBlocked()) {
-                    // blocked!
-                    SessionAlert::error("You are currently blocked on-wiki. You will not be able to log in until you are unblocked.");
-                    $this->redirect('login');
-
-                    return;
-                }
-            }
-            catch (OAuthException $ex) {
-                // Oops. Refreshing ticket failed. Force a re-auth.
-                $authoriseUrl = $oauth->getRequestToken();
-                WebRequest::setOAuthPartialLogin($user);
-                $this->redirectUrl($authoriseUrl);
-
-                return;
-            }
-        }
-
-        if (($this->getSiteConfiguration()->getEnforceOAuth() && !$oauth->isFullyLinked())
-            || $oauth->isPartiallyLinked()
-        ) {
-            $authoriseUrl = $oauth->getRequestToken();
-            WebRequest::setOAuthPartialLogin($user);
-            $this->redirectUrl($authoriseUrl);
-
-            return;
-        }
-
-        WebRequest::setLoggedInUser($user);
-
-        $this->goBackWhenceYouCame($user);
-    }
-
-    protected abstract function getProviderCredentials();
-
-    /**
-     * @param User        $user
-     * @param int         $partialStage
-     * @param PdoDatabase $database
-     *
-     * @throws ApplicationLogicException
-     */
-    private function processJumpNextStage(User $user, $partialStage, PdoDatabase $database)
-    {
-        WebRequest::setAuthPartialLogin($user->getId(), $partialStage + 1);
-
-        $sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority';
-        $statement = $database->prepare($sql);
-        $statement->execute(array(':user' => $user->getId(), ':stage' => $partialStage + 1));
-        $nextStage = $statement->fetchColumn();
-        $statement->closeCursor();
-
-        if (!isset($this->nextPageMap[$nextStage])) {
-            throw new ApplicationLogicException('Unknown page handler for next authentication stage.');
-        }
-
-        $this->redirect("login/" . $this->nextPageMap[$nextStage]);
-    }
-
-    private function setupAlternates(User $user, $partialStage, PdoDatabase $database)
-    {
-        // get the providers available
-        $sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0';
-        $statement = $database->prepare($sql);
-        $statement->execute(array(':user' => $user->getId(), ':stage' => $partialStage));
-        $alternates = $statement->fetchAll(PDO::FETCH_COLUMN);
-
-        $types = array();
-        foreach ($alternates as $item) {
-            $type = $this->nextPageMap[$item];
-            if (!isset($types[$type])) {
-                $types[$type] = array();
-            }
-
-            $types[$type][] = $item;
-        }
-
-        $userOptions = array();
-        if (get_called_class() === PageOtpLogin::class) {
-            $userOptions = $this->setupUserOptionsForType($types, 'u2f', $userOptions);
-        }
-
-        if (get_called_class() === PageU2FLogin::class) {
-            $userOptions = $this->setupUserOptionsForType($types, 'otp', $userOptions);
-        }
-
-        $this->assign('alternatives', $userOptions);
-    }
-
-    /**
-     * @param $types
-     * @param $type
-     * @param $userOptions
-     *
-     * @return mixed
-     */
-    private function setupUserOptionsForType($types, $type, $userOptions)
-    {
-        if (isset($types[$type])) {
-            $options = $types[$type];
-
-            array_walk($options, function(&$val) {
-                $val = $this->names[$val];
-            });
-
-            $userOptions[$type] = $options;
-        }
-
-        return $userOptions;
-    }
+	/** @var User */
+	protected $partialUser = null;
+	protected $nextPageMap = array(
+		'yubikeyotp' => 'otp',
+		'totp'       => 'otp',
+		'scratch'    => 'otp',
+		'u2f'        => 'u2f',
+	);
+	protected $names = array(
+		'yubikeyotp' => 'Yubikey OTP',
+		'totp'       => 'TOTP (phone code generator)',
+		'scratch'    => 'scratch token',
+		'u2f'        => 'U2F security token',
+	);
+
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 */
+	protected function main()
+	{
+		if (!$this->enforceHttps()) {
+			return;
+		}
+
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+
+			$database = $this->getDatabase();
+			try {
+				list($partialId, $partialStage) = WebRequest::getAuthPartialLogin();
+
+				if ($partialStage === null) {
+					$partialStage = 1;
+				}
+
+				if ($partialId === null) {
+					$username = WebRequest::postString('username');
+
+					if ($username === null || trim($username) === '') {
+						throw new ApplicationLogicException('No username specified.');
+					}
+
+					$user = User::getByUsername($username, $database);
+				}
+				else {
+					$user = User::getById($partialId, $database);
+				}
+
+				if ($user === false) {
+					throw new ApplicationLogicException("Authentication failed");
+				}
+
+				$authMan = new AuthenticationManager($database, $this->getSiteConfiguration(),
+					$this->getHttpHelper());
+
+				$credential = $this->getProviderCredentials();
+
+				$authResult = $authMan->authenticate($user, $credential, $partialStage);
+
+				if ($authResult === AuthenticationManager::AUTH_FAIL) {
+					throw new ApplicationLogicException("Authentication failed");
+				}
+
+				if ($authResult === AuthenticationManager::AUTH_REQUIRE_NEXT_STAGE) {
+					$this->processJumpNextStage($user, $partialStage, $database);
+
+					return;
+				}
+
+				if ($authResult === AuthenticationManager::AUTH_OK) {
+					$this->processLoginSuccess($user);
+
+					return;
+				}
+			}
+			catch (ApplicationLogicException $ex) {
+				WebRequest::clearAuthPartialLogin();
+
+				SessionAlert::error($ex->getMessage());
+				$this->redirect('login');
+
+				return;
+			}
+		}
+		else {
+			$this->assign('showSignIn', true);
+
+			$this->setupPartial();
+			$this->assignCSRFToken();
+			$this->providerSpecificSetup();
+		}
+	}
+
+	protected function isProtectedPage()
+	{
+		return false;
+	}
+
+	/**
+	 * Enforces HTTPS on the login form
+	 *
+	 * @return bool
+	 */
+	private function enforceHttps()
+	{
+		if ($this->getSiteConfiguration()->getUseStrictTransportSecurity() !== false) {
+			if (WebRequest::isHttps()) {
+				// Client can clearly use HTTPS, so let's enforce it for all connections.
+				$this->headerQueue[] = "Strict-Transport-Security: max-age=15768000";
+			}
+			else {
+				// This is the login form, not the request form. We need protection here.
+				$this->redirectUrl('https://' . WebRequest::serverName() . WebRequest::requestUri());
+
+				return false;
+			}
+		}
+
+		return true;
+	}
+
+	protected abstract function providerSpecificSetup();
+
+	protected function setupPartial()
+	{
+		$database = $this->getDatabase();
+
+		// default stuff
+		$this->assign('alternatives', array()); // 'u2f' => array('U2F token'), 'otp' => array('TOTP', 'scratch', 'yubiotp')));
+
+		// is this stage one?
+		list($partialId, $partialStage) = WebRequest::getAuthPartialLogin();
+		if ($partialStage === null || $partialId === null) {
+			WebRequest::clearAuthPartialLogin();
+		}
+
+		// Check to see if we have a partial login in progress
+		$username = null;
+		if ($partialId !== null) {
+			// Yes, enforce this username
+			$this->partialUser = User::getById($partialId, $database);
+			$username = $this->partialUser->getUsername();
+
+			$this->setupAlternates($this->partialUser, $partialStage, $database);
+		}
+		else {
+			// No, see if we've preloaded a username
+			$preloadUsername = WebRequest::getString('tplUsername');
+			if ($preloadUsername !== null) {
+				$username = $preloadUsername;
+			}
+		}
+
+		if ($partialStage === null) {
+			$partialStage = 1;
+		}
+
+		$this->assign('partialStage', $partialStage);
+		$this->assign('username', $username);
+	}
+
+	/**
+	 * Redirect the user back to wherever they came from after a successful login
+	 *
+	 * @param User $user
+	 */
+	protected function goBackWhenceYouCame(User $user)
+	{
+		// Redirect to wherever the user came from
+		$redirectDestination = WebRequest::clearPostLoginRedirect();
+		if ($redirectDestination !== null) {
+			$this->redirectUrl($redirectDestination);
+		}
+		else {
+			if ($user->isNewUser()) {
+				// home page isn't allowed, go to preferences instead
+				$this->redirect('preferences');
+			}
+			else {
+				// go to the home page
+				$this->redirect('');
+			}
+		}
+	}
+
+	private function processLoginSuccess(User $user)
+	{
+		// Touch force logout
+		$user->setForceLogout(false);
+		$user->save();
+
+		$oauth = new OAuthUserHelper($user, $this->getDatabase(), $this->getOAuthProtocolHelper(),
+			$this->getSiteConfiguration());
+
+		if ($oauth->isFullyLinked()) {
+			try {
+				// Reload the user's identity ticket.
+				$oauth->refreshIdentity();
+
+				// Check for blocks
+				if ($oauth->getIdentity()->getBlocked()) {
+					// blocked!
+					SessionAlert::error("You are currently blocked on-wiki. You will not be able to log in until you are unblocked.");
+					$this->redirect('login');
+
+					return;
+				}
+			}
+			catch (OAuthException $ex) {
+				// Oops. Refreshing ticket failed. Force a re-auth.
+				$authoriseUrl = $oauth->getRequestToken();
+				WebRequest::setOAuthPartialLogin($user);
+				$this->redirectUrl($authoriseUrl);
+
+				return;
+			}
+		}
+
+		if (($this->getSiteConfiguration()->getEnforceOAuth() && !$oauth->isFullyLinked())
+			|| $oauth->isPartiallyLinked()
+		) {
+			$authoriseUrl = $oauth->getRequestToken();
+			WebRequest::setOAuthPartialLogin($user);
+			$this->redirectUrl($authoriseUrl);
+
+			return;
+		}
+
+		WebRequest::setLoggedInUser($user);
+
+		$this->goBackWhenceYouCame($user);
+	}
+
+	protected abstract function getProviderCredentials();
+
+	/**
+	 * @param User        $user
+	 * @param int         $partialStage
+	 * @param PdoDatabase $database
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function processJumpNextStage(User $user, $partialStage, PdoDatabase $database)
+	{
+		WebRequest::setAuthPartialLogin($user->getId(), $partialStage + 1);
+
+		$sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority';
+		$statement = $database->prepare($sql);
+		$statement->execute(array(':user' => $user->getId(), ':stage' => $partialStage + 1));
+		$nextStage = $statement->fetchColumn();
+		$statement->closeCursor();
+
+		if (!isset($this->nextPageMap[$nextStage])) {
+			throw new ApplicationLogicException('Unknown page handler for next authentication stage.');
+		}
+
+		$this->redirect("login/" . $this->nextPageMap[$nextStage]);
+	}
+
+	private function setupAlternates(User $user, $partialStage, PdoDatabase $database)
+	{
+		// get the providers available
+		$sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0';
+		$statement = $database->prepare($sql);
+		$statement->execute(array(':user' => $user->getId(), ':stage' => $partialStage));
+		$alternates = $statement->fetchAll(PDO::FETCH_COLUMN);
+
+		$types = array();
+		foreach ($alternates as $item) {
+			$type = $this->nextPageMap[$item];
+			if (!isset($types[$type])) {
+				$types[$type] = array();
+			}
+
+			$types[$type][] = $item;
+		}
+
+		$userOptions = array();
+		if (get_called_class() === PageOtpLogin::class) {
+			$userOptions = $this->setupUserOptionsForType($types, 'u2f', $userOptions);
+		}
+
+		if (get_called_class() === PageU2FLogin::class) {
+			$userOptions = $this->setupUserOptionsForType($types, 'otp', $userOptions);
+		}
+
+		$this->assign('alternatives', $userOptions);
+	}
+
+	/**
+	 * @param $types
+	 * @param $type
+	 * @param $userOptions
+	 *
+	 * @return mixed
+	 */
+	private function setupUserOptionsForType($types, $type, $userOptions)
+	{
+		if (isset($types[$type])) {
+			$options = $types[$type];
+
+			array_walk($options, function(&$val) {
+				$val = $this->names[$val];
+			});
+
+			$userOptions[$type] = $options;
+		}
+
+		return $userOptions;
+	}
 }

Spacing +2 added lines, -2 removed lines

@@ -134,7 +134,7 @@ 
             }
             else {
                 // This is the login form, not the request form. We need protection here.
-                $this->redirectUrl('https://' . WebRequest::serverName() . WebRequest::requestUri());
+                $this->redirectUrl('https://'.WebRequest::serverName().WebRequest::requestUri());
 
                 return false;
             }
@@ -278,7 +278,7 @@ 
             throw new ApplicationLogicException('Unknown page handler for next authentication stage.');
         }
 
-        $this->redirect("login/" . $this->nextPageMap[$nextStage]);
+        $this->redirect("login/".$this->nextPageMap[$nextStage]);
     }
 
     private function setupAlternates(User $user, $partialStage, PdoDatabase $database)

includes/Pages/UserAuth/Login/PagePasswordLogin.php

Indentation +27 added lines, -27 removed lines

@@ -13,31 +13,31 @@
 
 class PagePasswordLogin extends LoginCredentialPageBase
 {
-    protected function providerSpecificSetup()
-    {
-        list($partialId, $partialStage) = WebRequest::getAuthPartialLogin();
-
-        if($partialId !== null && $partialStage > 1) {
-            $sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority';
-            $statement = $this->getDatabase()->prepare($sql);
-            $statement->execute(array(':user' => $partialId, ':stage' => $partialStage));
-            $nextStage = $statement->fetchColumn();
-            $statement->closeCursor();
-
-            $this->redirect("login/" . $this->nextPageMap[$nextStage]);
-            return;
-        }
-
-        $this->setTemplate('login/password.tpl');
-    }
-
-    protected function getProviderCredentials()
-    {
-        $password = WebRequest::postString("password");
-        if ($password === null || $password === "") {
-            throw new ApplicationLogicException("No password specified");
-        }
-
-        return $password;
-    }
+	protected function providerSpecificSetup()
+	{
+		list($partialId, $partialStage) = WebRequest::getAuthPartialLogin();
+
+		if($partialId !== null && $partialStage > 1) {
+			$sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority';
+			$statement = $this->getDatabase()->prepare($sql);
+			$statement->execute(array(':user' => $partialId, ':stage' => $partialStage));
+			$nextStage = $statement->fetchColumn();
+			$statement->closeCursor();
+
+			$this->redirect("login/" . $this->nextPageMap[$nextStage]);
+			return;
+		}
+
+		$this->setTemplate('login/password.tpl');
+	}
+
+	protected function getProviderCredentials()
+	{
+		$password = WebRequest::postString("password");
+		if ($password === null || $password === "") {
+			throw new ApplicationLogicException("No password specified");
+		}
+
+		return $password;
+	}
 }
\ No newline at end of file

Spacing +2 added lines, -2 removed lines

@@ -17,14 +17,14 @@
     {
         list($partialId, $partialStage) = WebRequest::getAuthPartialLogin();
 
-        if($partialId !== null && $partialStage > 1) {
+        if ($partialId !== null && $partialStage > 1) {
             $sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority';
             $statement = $this->getDatabase()->prepare($sql);
             $statement->execute(array(':user' => $partialId, ':stage' => $partialStage));
             $nextStage = $statement->fetchColumn();
             $statement->closeCursor();
 
-            $this->redirect("login/" . $this->nextPageMap[$nextStage]);
+            $this->redirect("login/".$this->nextPageMap[$nextStage]);
             return;
         }
 

includes/Pages/UserAuth/Login/PageOtpLogin.php

Indentation +12 added lines, -12 removed lines

@@ -13,18 +13,18 @@
 
 class PageOtpLogin extends LoginCredentialPageBase
 {
-    protected function providerSpecificSetup()
-    {
-        $this->setTemplate('login/otp.tpl');
-    }
+	protected function providerSpecificSetup()
+	{
+		$this->setTemplate('login/otp.tpl');
+	}
 
-    protected function getProviderCredentials()
-    {
-        $otp = WebRequest::postString("otp");
-        if ($otp === null || $otp === "") {
-            throw new ApplicationLogicException("No one-time code specified");
-        }
+	protected function getProviderCredentials()
+	{
+		$otp = WebRequest::postString("otp");
+		if ($otp === null || $otp === "") {
+			throw new ApplicationLogicException("No one-time code specified");
+		}
 
-        return $otp;
-    }
+		return $otp;
+	}
 }
\ No newline at end of file