mdaniels5757 / waca

smarty-plugins/modifier.iphex.php

Indentation +10 added lines, -10 removed lines

@@ -13,17 +13,17 @@
  */
 function smarty_modifier_iphex($input)
 {
-    $output = $input;
+	$output = $input;
 
-    if (filter_var($input, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false) {
-        $octets = explode('.', $input);
-        $output = '';
-        foreach ($octets as $octet) {
-            $output .= str_pad(dechex($octet), 2, '0', STR_PAD_LEFT);
-        }
+	if (filter_var($input, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false) {
+		$octets = explode('.', $input);
+		$output = '';
+		foreach ($octets as $octet) {
+			$output .= str_pad(dechex($octet), 2, '0', STR_PAD_LEFT);
+		}
 
-        $output = str_pad($output, 32, '0', STR_PAD_LEFT);
-    }
+		$output = str_pad($output, 32, '0', STR_PAD_LEFT);
+	}
 
-    return $output;
+	return $output;
 }

smarty-plugins/modifier.relativedate.php

Braces +9 added lines, -18 removed lines

@@ -22,8 +22,7 @@ 
         && (get_class($input) === DateTime::class || get_class($input) === DateTimeImmutable::class)
     ) {
         $then = $input;
-    }
-    else {
+    } else {
         try {
             $then = new DateTime($input);
         }
@@ -53,29 +52,21 @@ 
     if ($secs <= 10) {
         $output = "just now";
         $pluralise = false;
-    }
-    elseif ($secs > 10 && $secs < $minuteCut) {
+    } elseif ($secs > 10 && $secs < $minuteCut) {
         $output = round($secs / $second) . " second";
-    }
-    elseif ($secs >= $minuteCut && $secs < $hourCut) {
+    } elseif ($secs >= $minuteCut && $secs < $hourCut) {
         $output = round($secs / $minute) . " minute";
-    }
-    elseif ($secs >= $hourCut && $secs < $dayCut) {
+    } elseif ($secs >= $hourCut && $secs < $dayCut) {
         $output = round($secs / $hour) . " hour";
-    }
-    elseif ($secs >= $dayCut && $secs < $weekCut) {
+    } elseif ($secs >= $dayCut && $secs < $weekCut) {
         $output = round($secs / $day) . " day";
-    }
-    elseif ($secs >= $weekCut && $secs < $monthCut) {
+    } elseif ($secs >= $weekCut && $secs < $monthCut) {
         $output = round($secs / $week) . " week";
-    }
-    elseif ($secs >= $monthCut && $secs < $yearCut) {
+    } elseif ($secs >= $monthCut && $secs < $yearCut) {
         $output = round($secs / $month) . " month";
-    }
-    elseif ($secs >= $yearCut && $secs < $year * 10) {
+    } elseif ($secs >= $yearCut && $secs < $year * 10) {
         $output = round($secs / $year) . " year";
-    }
-    else {
+    } else {
         $output = "a long time ago";
         $pluralise = false;
     }

Indentation +62 added lines, -62 removed lines

@@ -16,73 +16,73 @@
  */
 function smarty_modifier_relativedate($input)
 {
-    $now = new DateTime();
+	$now = new DateTime();
 
-    if (gettype($input) === 'object'
-        && (get_class($input) === DateTime::class || get_class($input) === DateTimeImmutable::class)
-    ) {
-        $then = $input;
-    }
-    else {
-        try {
-            $then = new DateTime($input);
-        }
-        catch (Exception $ex) {
-            return $input;
-        }
-    }
+	if (gettype($input) === 'object'
+		&& (get_class($input) === DateTime::class || get_class($input) === DateTimeImmutable::class)
+	) {
+		$then = $input;
+	}
+	else {
+		try {
+			$then = new DateTime($input);
+		}
+		catch (Exception $ex) {
+			return $input;
+		}
+	}
 
-    $secs = $now->getTimestamp() - $then->getTimestamp();
+	$secs = $now->getTimestamp() - $then->getTimestamp();
 
-    $second = 1;
-    $minute = 60 * $second;
-    $minuteCut = 60 * $second;
-    $hour = 60 * $minute;
-    $hourCut = 90 * $minute;
-    $day = 24 * $hour;
-    $dayCut = 48 * $hour;
-    $week = 7 * $day;
-    $weekCut = 14 * $day;
-    $month = 30 * $day;
-    $monthCut = 60 * $day;
-    $year = 365 * $day;
-    $yearCut = $year * 2;
+	$second = 1;
+	$minute = 60 * $second;
+	$minuteCut = 60 * $second;
+	$hour = 60 * $minute;
+	$hourCut = 90 * $minute;
+	$day = 24 * $hour;
+	$dayCut = 48 * $hour;
+	$week = 7 * $day;
+	$weekCut = 14 * $day;
+	$month = 30 * $day;
+	$monthCut = 60 * $day;
+	$year = 365 * $day;
+	$yearCut = $year * 2;
 
-    $pluralise = true;
+	$pluralise = true;
 
-    if ($secs <= 10) {
-        $output = "just now";
-        $pluralise = false;
-    }
-    elseif ($secs > 10 && $secs < $minuteCut) {
-        $output = round($secs / $second) . " second";
-    }
-    elseif ($secs >= $minuteCut && $secs < $hourCut) {
-        $output = round($secs / $minute) . " minute";
-    }
-    elseif ($secs >= $hourCut && $secs < $dayCut) {
-        $output = round($secs / $hour) . " hour";
-    }
-    elseif ($secs >= $dayCut && $secs < $weekCut) {
-        $output = round($secs / $day) . " day";
-    }
-    elseif ($secs >= $weekCut && $secs < $monthCut) {
-        $output = round($secs / $week) . " week";
-    }
-    elseif ($secs >= $monthCut && $secs < $yearCut) {
-        $output = round($secs / $month) . " month";
-    }
-    elseif ($secs >= $yearCut && $secs < $year * 10) {
-        $output = round($secs / $year) . " year";
-    }
-    else {
-        $output = "a long time ago";
-        $pluralise = false;
-    }
+	if ($secs <= 10) {
+		$output = "just now";
+		$pluralise = false;
+	}
+	elseif ($secs > 10 && $secs < $minuteCut) {
+		$output = round($secs / $second) . " second";
+	}
+	elseif ($secs >= $minuteCut && $secs < $hourCut) {
+		$output = round($secs / $minute) . " minute";
+	}
+	elseif ($secs >= $hourCut && $secs < $dayCut) {
+		$output = round($secs / $hour) . " hour";
+	}
+	elseif ($secs >= $dayCut && $secs < $weekCut) {
+		$output = round($secs / $day) . " day";
+	}
+	elseif ($secs >= $weekCut && $secs < $monthCut) {
+		$output = round($secs / $week) . " week";
+	}
+	elseif ($secs >= $monthCut && $secs < $yearCut) {
+		$output = round($secs / $month) . " month";
+	}
+	elseif ($secs >= $yearCut && $secs < $year * 10) {
+		$output = round($secs / $year) . " year";
+	}
+	else {
+		$output = "a long time ago";
+		$pluralise = false;
+	}
 
-    if ($pluralise) {
-        $output = (substr($output, 0, 2) <> "1 ") ? $output . "s ago" : $output . " ago";
-    }
+	if ($pluralise) {
+		$output = (substr($output, 0, 2) <> "1 ") ? $output . "s ago" : $output . " ago";
+	}
 
-    return $output;
+	return $output;
 }

smarty-plugins/modifier.demodhex.php

Indentation +5 added lines, -5 removed lines

@@ -13,10 +13,10 @@
  */
 function smarty_modifier_demodhex($input)
 {
-    $hex = preg_replace(
-        array('/c/', '/b/', '/d/', '/e/', '/f/', '/g/', '/h/', '/i/', '/j/', '/k/', '/l/', '/n/', '/r/', '/t/', '/u/', '/v/'),
-        array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'),
-        $input);
+	$hex = preg_replace(
+		array('/c/', '/b/', '/d/', '/e/', '/f/', '/g/', '/h/', '/i/', '/j/', '/k/', '/l/', '/n/', '/r/', '/t/', '/u/', '/v/'),
+		array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'),
+		$input);
 
-    return hexdec($hex);
+	return hexdec($hex);
 }
\ No newline at end of file

includes/Security/EncryptionHelper.php

Indentation +44 added lines, -44 removed lines

@@ -12,48 +12,48 @@
 
 class EncryptionHelper
 {
-    /**
-     * @var SiteConfiguration
-     */
-    private $configuration;
-
-    /**
-     * EncryptionHelper constructor.
-     *
-     * @param SiteConfiguration $configuration
-     */
-    public function __construct(SiteConfiguration $configuration)
-    {
-        $this->configuration = $configuration;
-    }
-
-    public function encryptData($secret)
-    {
-        $iv = openssl_random_pseudo_bytes(16);
-        $password = $this->getEncryptionKey();
-        $encryptedKey = openssl_encrypt($secret, 'aes-256-ctr', $password, OPENSSL_RAW_DATA, $iv);
-
-        $data = base64_encode($iv) . '|' . base64_encode($encryptedKey);
-
-        return $data;
-    }
-
-    public function decryptData($data)
-    {
-        list($iv, $encryptedKey) = array_map('base64_decode', explode('|', $data));
-
-        $password = $this->getEncryptionKey();
-
-        $secret = openssl_decrypt($encryptedKey, 'aes-256-ctr', $password, OPENSSL_RAW_DATA, $iv);
-
-        return $secret;
-    }
-
-    /**
-     * @return string
-     */
-    private function getEncryptionKey()
-    {
-        return openssl_digest($this->configuration->getTotpEncryptionKey(), 'sha256');
-    }
+	/**
+	 * @var SiteConfiguration
+	 */
+	private $configuration;
+
+	/**
+	 * EncryptionHelper constructor.
+	 *
+	 * @param SiteConfiguration $configuration
+	 */
+	public function __construct(SiteConfiguration $configuration)
+	{
+		$this->configuration = $configuration;
+	}
+
+	public function encryptData($secret)
+	{
+		$iv = openssl_random_pseudo_bytes(16);
+		$password = $this->getEncryptionKey();
+		$encryptedKey = openssl_encrypt($secret, 'aes-256-ctr', $password, OPENSSL_RAW_DATA, $iv);
+
+		$data = base64_encode($iv) . '|' . base64_encode($encryptedKey);
+
+		return $data;
+	}
+
+	public function decryptData($data)
+	{
+		list($iv, $encryptedKey) = array_map('base64_decode', explode('|', $data));
+
+		$password = $this->getEncryptionKey();
+
+		$secret = openssl_decrypt($encryptedKey, 'aes-256-ctr', $password, OPENSSL_RAW_DATA, $iv);
+
+		return $secret;
+	}
+
+	/**
+	 * @return string
+	 */
+	private function getEncryptionKey()
+	{
+		return openssl_digest($this->configuration->getTotpEncryptionKey(), 'sha256');
+	}
 }
\ No newline at end of file

includes/Security/ContentSecurityPolicyManager.php

Braces +1 added lines, -2 removed lines

@@ -94,8 +94,7 @@
                 if (!$policyIsSet) {
                     $constructedPolicy .= "'none' ";
                 }
-            }
-            else {
+            } else {
                 $constructedPolicy .= "'none' ";
             }
 

Indentation +86 added lines, -86 removed lines

@@ -12,101 +12,101 @@
 
 class ContentSecurityPolicyManager
 {
-    private $policy = [
-        'default-src'     => [],
-        'script-src'      => ['self', 'nonce'],
-        'script-src-elem' => ['self', 'nonce'],
-        'script-src-attr' => [],
-        'connect-src'     => ['self'],
-        'style-src'       => ['self'],
-        'style-src-elem'  => ['self'],
-        'style-src-attr'  => [],
-        'img-src'         => ['self', 'data:', 'https://upload.wikimedia.org', 'https://accounts-dev.wmflabs.org/'],
-        'font-src'        => ['self'],
-        'form-action'     => ['self', 'oauth'],
-        'frame-ancestors' => ['self'],
-        'frame-src'       => ['self'],
-    ];
-    private $nonce = null;
-    private $reportOnly = false;
-    /**
-     * @var SiteConfiguration
-     */
-    private $configuration;
+	private $policy = [
+		'default-src'     => [],
+		'script-src'      => ['self', 'nonce'],
+		'script-src-elem' => ['self', 'nonce'],
+		'script-src-attr' => [],
+		'connect-src'     => ['self'],
+		'style-src'       => ['self'],
+		'style-src-elem'  => ['self'],
+		'style-src-attr'  => [],
+		'img-src'         => ['self', 'data:', 'https://upload.wikimedia.org', 'https://accounts-dev.wmflabs.org/'],
+		'font-src'        => ['self'],
+		'form-action'     => ['self', 'oauth'],
+		'frame-ancestors' => ['self'],
+		'frame-src'       => ['self'],
+	];
+	private $nonce = null;
+	private $reportOnly = false;
+	/**
+	 * @var SiteConfiguration
+	 */
+	private $configuration;
 
-    /**
-     * ContentSecurityPolicyManager constructor.
-     *
-     * @param SiteConfiguration $configuration
-     */
-    public function __construct(SiteConfiguration $configuration)
-    {
-        $this->configuration = $configuration;
-    }
+	/**
+	 * ContentSecurityPolicyManager constructor.
+	 *
+	 * @param SiteConfiguration $configuration
+	 */
+	public function __construct(SiteConfiguration $configuration)
+	{
+		$this->configuration = $configuration;
+	}
 
-    public function getNonce()
-    {
-        if ($this->nonce === null) {
-            $this->nonce = base64_encode(openssl_random_pseudo_bytes(32));
-        }
+	public function getNonce()
+	{
+		if ($this->nonce === null) {
+			$this->nonce = base64_encode(openssl_random_pseudo_bytes(32));
+		}
 
-        return $this->nonce;
-    }
+		return $this->nonce;
+	}
 
-    public function getHeader(): string
-    {
-        $reportOnly = '';
-        if ($this->reportOnly) {
-            $reportOnly = '-Report-Only';
-        }
+	public function getHeader(): string
+	{
+		$reportOnly = '';
+		if ($this->reportOnly) {
+			$reportOnly = '-Report-Only';
+		}
 
-        $constructedPolicy = "Content-Security-Policy{$reportOnly}: ";
+		$constructedPolicy = "Content-Security-Policy{$reportOnly}: ";
 
-        foreach ($this->policy as $item => $values) {
-            $constructedPolicy .= $item . ' ';
-            $policyIsSet = false;
+		foreach ($this->policy as $item => $values) {
+			$constructedPolicy .= $item . ' ';
+			$policyIsSet = false;
 
-            if (count($values) > 0) {
-                foreach ($values as $value) {
-                    switch ($value) {
-                        case 'none':
-                        case 'self':
-                        case 'strict-dynamic':
-                            $policyIsSet = true;
-                            $constructedPolicy .= "'{$value}' ";
-                            break;
-                        case 'nonce':
-                            if ($this->nonce !== null) {
-                                $policyIsSet = true;
-                                $constructedPolicy .= "'nonce-{$this->nonce}' ";
-                            }
-                            break;
-                        case 'oauth':
-                            $policyIsSet = true;
-                            $constructedPolicy .= "{$this->configuration->getOauthMediaWikiCanonicalServer()} ";
-                            break;
-                        default:
-                            $policyIsSet = true;
-                            $constructedPolicy .= $value . ' ';
-                            break;
-                    }
-                }
+			if (count($values) > 0) {
+				foreach ($values as $value) {
+					switch ($value) {
+						case 'none':
+						case 'self':
+						case 'strict-dynamic':
+							$policyIsSet = true;
+							$constructedPolicy .= "'{$value}' ";
+							break;
+						case 'nonce':
+							if ($this->nonce !== null) {
+								$policyIsSet = true;
+								$constructedPolicy .= "'nonce-{$this->nonce}' ";
+							}
+							break;
+						case 'oauth':
+							$policyIsSet = true;
+							$constructedPolicy .= "{$this->configuration->getOauthMediaWikiCanonicalServer()} ";
+							break;
+						default:
+							$policyIsSet = true;
+							$constructedPolicy .= $value . ' ';
+							break;
+					}
+				}
 
-                if (!$policyIsSet) {
-                    $constructedPolicy .= "'none' ";
-                }
-            }
-            else {
-                $constructedPolicy .= "'none' ";
-            }
+				if (!$policyIsSet) {
+					$constructedPolicy .= "'none' ";
+				}
+			}
+			else {
+				$constructedPolicy .= "'none' ";
+			}
 
-            $constructedPolicy .= '; ';
-        }
+			$constructedPolicy .= '; ';
+		}
 
-        if ($this->configuration->getCspReportUri() !== null) {
-            $constructedPolicy .= 'report-uri ' . $this->configuration->getCspReportUri();
-        }
+		if ($this->configuration->getCspReportUri() !== null) {
+			$constructedPolicy .= 'report-uri ' . $this->configuration->getCspReportUri();
+		}
 
-        return $constructedPolicy;
-    }
+		return $constructedPolicy;
+	}
 }

includes/Security/CredentialProviders/TotpCredentialProvider.php

Indentation +130 added lines, -130 removed lines

@@ -19,137 +19,137 @@
 
 class TotpCredentialProvider extends CredentialProviderBase
 {
-    /** @var EncryptionHelper */
-    private $encryptionHelper;
-
-    /**
-     * TotpCredentialProvider constructor.
-     *
-     * @param PdoDatabase       $database
-     * @param SiteConfiguration $configuration
-     */
-    public function __construct(PdoDatabase $database, SiteConfiguration $configuration)
-    {
-        parent::__construct($database, $configuration, 'totp');
-        $this->encryptionHelper = new EncryptionHelper($configuration);
-    }
-
-    /**
-     * Validates a user-provided credential
-     *
-     * @param User   $user The user to test the authentication against
-     * @param string $data The raw credential data to be validated
-     *
-     * @return bool
-     * @throws ApplicationLogicException
-     */
-    public function authenticate(User $user, $data)
-    {
-        if (is_array($data)) {
-            return false;
-        }
-
-        $storedData = $this->getCredentialData($user->getId());
-
-        if ($storedData === null) {
-            throw new ApplicationLogicException('Credential data not found');
-        }
-
-        $provisioningUrl = $this->encryptionHelper->decryptData($storedData->getData());
-        $totp = Factory::loadFromProvisioningUri($provisioningUrl);
-
-        return $totp->verify($data, null, 2);
-    }
-
-    public function verifyEnable(User $user, $data)
-    {
-        $storedData = $this->getCredentialData($user->getId(), true);
-
-        if ($storedData === null) {
-            throw new ApplicationLogicException('Credential data not found');
-        }
-
-        $provisioningUrl = $this->encryptionHelper->decryptData($storedData->getData());
-        $totp = Factory::loadFromProvisioningUri($provisioningUrl);
-
-        $result = $totp->verify($data, null, 2);
-
-        if ($result && $storedData->getTimeout() > new DateTimeImmutable()) {
-            $storedData->setDisabled(0);
-            $storedData->setPriority(5);
-            $storedData->setTimeout(null);
-            $storedData->save();
-        }
-
-        return $result;
-    }
-
-    /**
-     * @param User   $user   The user the credential belongs to
-     * @param int    $factor The factor this credential provides
-     * @param string $data   Unused here, due to there being no user-provided data. We provide the user with the secret.
-     */
-    public function setCredential(User $user, $factor, $data)
-    {
-        $issuer = 'ACC - ' . $this->getConfiguration()->getIrcNotificationsInstance();
-        $totp = TOTP::create();
-        $totp->setLabel($user->getUsername());
-        $totp->setIssuer($issuer);
-
-        $storedData = $this->getCredentialData($user->getId(), null);
-
-        if ($storedData !== null) {
-            $storedData->delete();
-        }
-
-        $storedData = $this->createNewCredential($user);
-
-        $storedData->setData($this->encryptionHelper->encryptData($totp->getProvisioningUri()));
-        $storedData->setFactor($factor);
-        $storedData->setTimeout(new DateTimeImmutable('+ 1 hour'));
-        $storedData->setDisabled(1);
-        $storedData->setVersion(1);
-
-        $storedData->save();
-    }
-
-    public function getProvisioningUrl(User $user)
-    {
-        $storedData = $this->getCredentialData($user->getId(), true);
-
-        if ($storedData->getTimeout() < new DateTimeImmutable()) {
-            $storedData->delete();
-            $storedData = null;
-        }
-
-        if ($storedData === null) {
-            throw new ApplicationLogicException('Credential data not found');
-        }
-
-        return $this->encryptionHelper->decryptData($storedData->getData());
-    }
-
-    public function isPartiallyEnrolled(User $user)
-    {
-        $storedData = $this->getCredentialData($user->getId(), true);
-
-        if ($storedData->getTimeout() < new DateTimeImmutable()) {
-            $storedData->delete();
-
-            return false;
-        }
-
-        if ($storedData === null) {
-            return false;
-        }
+	/** @var EncryptionHelper */
+	private $encryptionHelper;
+
+	/**
+	 * TotpCredentialProvider constructor.
+	 *
+	 * @param PdoDatabase       $database
+	 * @param SiteConfiguration $configuration
+	 */
+	public function __construct(PdoDatabase $database, SiteConfiguration $configuration)
+	{
+		parent::__construct($database, $configuration, 'totp');
+		$this->encryptionHelper = new EncryptionHelper($configuration);
+	}
+
+	/**
+	 * Validates a user-provided credential
+	 *
+	 * @param User   $user The user to test the authentication against
+	 * @param string $data The raw credential data to be validated
+	 *
+	 * @return bool
+	 * @throws ApplicationLogicException
+	 */
+	public function authenticate(User $user, $data)
+	{
+		if (is_array($data)) {
+			return false;
+		}
+
+		$storedData = $this->getCredentialData($user->getId());
+
+		if ($storedData === null) {
+			throw new ApplicationLogicException('Credential data not found');
+		}
+
+		$provisioningUrl = $this->encryptionHelper->decryptData($storedData->getData());
+		$totp = Factory::loadFromProvisioningUri($provisioningUrl);
+
+		return $totp->verify($data, null, 2);
+	}
+
+	public function verifyEnable(User $user, $data)
+	{
+		$storedData = $this->getCredentialData($user->getId(), true);
+
+		if ($storedData === null) {
+			throw new ApplicationLogicException('Credential data not found');
+		}
+
+		$provisioningUrl = $this->encryptionHelper->decryptData($storedData->getData());
+		$totp = Factory::loadFromProvisioningUri($provisioningUrl);
+
+		$result = $totp->verify($data, null, 2);
+
+		if ($result && $storedData->getTimeout() > new DateTimeImmutable()) {
+			$storedData->setDisabled(0);
+			$storedData->setPriority(5);
+			$storedData->setTimeout(null);
+			$storedData->save();
+		}
+
+		return $result;
+	}
+
+	/**
+	 * @param User   $user   The user the credential belongs to
+	 * @param int    $factor The factor this credential provides
+	 * @param string $data   Unused here, due to there being no user-provided data. We provide the user with the secret.
+	 */
+	public function setCredential(User $user, $factor, $data)
+	{
+		$issuer = 'ACC - ' . $this->getConfiguration()->getIrcNotificationsInstance();
+		$totp = TOTP::create();
+		$totp->setLabel($user->getUsername());
+		$totp->setIssuer($issuer);
+
+		$storedData = $this->getCredentialData($user->getId(), null);
+
+		if ($storedData !== null) {
+			$storedData->delete();
+		}
+
+		$storedData = $this->createNewCredential($user);
+
+		$storedData->setData($this->encryptionHelper->encryptData($totp->getProvisioningUri()));
+		$storedData->setFactor($factor);
+		$storedData->setTimeout(new DateTimeImmutable('+ 1 hour'));
+		$storedData->setDisabled(1);
+		$storedData->setVersion(1);
+
+		$storedData->save();
+	}
+
+	public function getProvisioningUrl(User $user)
+	{
+		$storedData = $this->getCredentialData($user->getId(), true);
+
+		if ($storedData->getTimeout() < new DateTimeImmutable()) {
+			$storedData->delete();
+			$storedData = null;
+		}
+
+		if ($storedData === null) {
+			throw new ApplicationLogicException('Credential data not found');
+		}
+
+		return $this->encryptionHelper->decryptData($storedData->getData());
+	}
+
+	public function isPartiallyEnrolled(User $user)
+	{
+		$storedData = $this->getCredentialData($user->getId(), true);
+
+		if ($storedData->getTimeout() < new DateTimeImmutable()) {
+			$storedData->delete();
+
+			return false;
+		}
+
+		if ($storedData === null) {
+			return false;
+		}
 
-        return true;
-    }
+		return true;
+	}
 
-    public function getSecret(User $user)
-    {
-        $totp = Factory::loadFromProvisioningUri($this->getProvisioningUrl($user));
+	public function getSecret(User $user)
+	{
+		$totp = Factory::loadFromProvisioningUri($this->getProvisioningUrl($user));
 
-        return $totp->getSecret();
-    }
+		return $totp->getSecret();
+	}
 }

includes/Security/CredentialProviders/ICredentialProvider.php

Indentation +25 added lines, -25 removed lines

@@ -12,32 +12,32 @@
 
 interface ICredentialProvider
 {
-    /**
-     * Validates a user-provided credential
-     *
-     * @param User $user The user to test the authentication against
-     * @param string $data The raw credential data to be validated
-     *
-     * @return bool
-     */
-    public function authenticate(User $user, $data);
+	/**
+	 * Validates a user-provided credential
+	 *
+	 * @param User $user The user to test the authentication against
+	 * @param string $data The raw credential data to be validated
+	 *
+	 * @return bool
+	 */
+	public function authenticate(User $user, $data);
 
-    /**
-     * @param User $user The user the credential belongs to
-     * @param int $factor The factor this credential provides
-     * @param string $data
-     */
-    public function setCredential(User $user, $factor, $data);
+	/**
+	 * @param User $user The user the credential belongs to
+	 * @param int $factor The factor this credential provides
+	 * @param string $data
+	 */
+	public function setCredential(User $user, $factor, $data);
 
-    /**
-     * @param User $user
-     */
-    public function deleteCredential(User $user);
+	/**
+	 * @param User $user
+	 */
+	public function deleteCredential(User $user);
 
-    /**
-     * @param int $userId
-     *
-     * @return bool
-     */
-    public function userIsEnrolled($userId);
+	/**
+	 * @param int $userId
+	 *
+	 * @return bool
+	 */
+	public function userIsEnrolled($userId);
 }
\ No newline at end of file

includes/Security/CredentialProviders/YubikeyOtpCredentialProvider.php

Indentation +150 added lines, -150 removed lines

@@ -16,154 +16,154 @@
 
 class YubikeyOtpCredentialProvider extends CredentialProviderBase
 {
-    /** @var HttpHelper */
-    private $httpHelper;
-    /**
-     * @var SiteConfiguration
-     */
-    private $configuration;
-
-    public function __construct(PdoDatabase $database, SiteConfiguration $configuration, HttpHelper $httpHelper)
-    {
-        parent::__construct($database, $configuration, 'yubikeyotp');
-        $this->httpHelper = $httpHelper;
-        $this->configuration = $configuration;
-    }
-
-    public function authenticate(User $user, $data)
-    {
-        if (is_array($data)) {
-            return false;
-        }
-
-        $credentialData = $this->getCredentialData($user->getId());
-
-        if ($credentialData === null) {
-            return false;
-        }
-
-        if ($credentialData->getData() !== $this->getYubikeyId($data)) {
-            // different device
-            return false;
-        }
-
-        return $this->verifyToken($data);
-    }
-
-    public function setCredential(User $user, $factor, $data)
-    {
-        $keyId = $this->getYubikeyId($data);
-        $valid = $this->verifyToken($data);
-
-        if (!$valid) {
-            throw new ApplicationLogicException("Provided token is not valid.");
-        }
-
-        $storedData = $this->getCredentialData($user->getId());
-
-        if ($storedData === null) {
-            $storedData = $this->createNewCredential($user);
-        }
-
-        $storedData->setData($keyId);
-        $storedData->setFactor($factor);
-        $storedData->setVersion(1);
-        $storedData->setPriority(8);
-
-        $storedData->save();
-    }
-
-    /**
-     * Get the Yubikey ID.
-     *
-     * This looks like it's just dumping the "password" that's stored in the database, but it's actually fine.
-     *
-     * We only store the "serial number" of the Yubikey - if we get a validated (by webservice) token prefixed with the
-     * serial number, that's a successful OTP authentication. Thus, retrieving the stored data is just retrieving the
-     * yubikey's serial number (in modhex format), since the actual security credentials are stored on the device.
-     *
-     * Note that the serial number is actually the credential serial number - it's possible to regenerate the keys on
-     * the device, and that will change the serial number too.
-     *
-     * More information about the structure of OTPs can be found here:
-     * https://developers.yubico.com/OTP/OTPs_Explained.html
-     *
-     * @param int $userId
-     *
-     * @return null|string
-     */
-    public function getYubikeyData($userId)
-    {
-        $credential = $this->getCredentialData($userId);
-
-        if ($credential === null) {
-            return null;
-        }
-
-        return $credential->getData();
-    }
-
-    /**
-     * @param $result
-     *
-     * @return array
-     */
-    private function parseYubicoApiResult($result)
-    {
-        $data = array();
-        foreach (explode("\r\n", $result) as $line) {
-            $pos = strpos($line, '=');
-            if ($pos === false) {
-                continue;
-            }
-
-            $data[substr($line, 0, $pos)] = substr($line, $pos + 1);
-        }
-
-        return $data;
-    }
-
-    private function getYubikeyId($data)
-    {
-        return substr($data, 0, -32);
-    }
-
-    private function verifyHmac($apiResponse, $apiKey)
-    {
-        ksort($apiResponse);
-        $signature = $apiResponse['h'];
-        unset($apiResponse['h']);
-
-        $data = array();
-        foreach ($apiResponse as $key => $value) {
-            $data[] = $key . "=" . $value;
-        }
-        $dataString = implode('&', $data);
-
-        $hmac = base64_encode(hash_hmac('sha1', $dataString, base64_decode($apiKey), true));
-
-        return $hmac === $signature;
-    }
-
-    /**
-     * @param $data
-     *
-     * @return bool
-     */
-    private function verifyToken($data)
-    {
-        $result = $this->httpHelper->get('https://api.yubico.com/wsapi/2.0/verify', array(
-            'id'    => $this->configuration->getYubicoApiId(),
-            'otp'   => $data,
-            'nonce' => md5(openssl_random_pseudo_bytes(64)),
-        ));
-
-        $apiResponse = $this->parseYubicoApiResult($result);
-
-        if (!$this->verifyHmac($apiResponse, $this->configuration->getYubicoApiKey())) {
-            return false;
-        }
-
-        return $apiResponse['status'] == 'OK';
-    }
+	/** @var HttpHelper */
+	private $httpHelper;
+	/**
+	 * @var SiteConfiguration
+	 */
+	private $configuration;
+
+	public function __construct(PdoDatabase $database, SiteConfiguration $configuration, HttpHelper $httpHelper)
+	{
+		parent::__construct($database, $configuration, 'yubikeyotp');
+		$this->httpHelper = $httpHelper;
+		$this->configuration = $configuration;
+	}
+
+	public function authenticate(User $user, $data)
+	{
+		if (is_array($data)) {
+			return false;
+		}
+
+		$credentialData = $this->getCredentialData($user->getId());
+
+		if ($credentialData === null) {
+			return false;
+		}
+
+		if ($credentialData->getData() !== $this->getYubikeyId($data)) {
+			// different device
+			return false;
+		}
+
+		return $this->verifyToken($data);
+	}
+
+	public function setCredential(User $user, $factor, $data)
+	{
+		$keyId = $this->getYubikeyId($data);
+		$valid = $this->verifyToken($data);
+
+		if (!$valid) {
+			throw new ApplicationLogicException("Provided token is not valid.");
+		}
+
+		$storedData = $this->getCredentialData($user->getId());
+
+		if ($storedData === null) {
+			$storedData = $this->createNewCredential($user);
+		}
+
+		$storedData->setData($keyId);
+		$storedData->setFactor($factor);
+		$storedData->setVersion(1);
+		$storedData->setPriority(8);
+
+		$storedData->save();
+	}
+
+	/**
+	 * Get the Yubikey ID.
+	 *
+	 * This looks like it's just dumping the "password" that's stored in the database, but it's actually fine.
+	 *
+	 * We only store the "serial number" of the Yubikey - if we get a validated (by webservice) token prefixed with the
+	 * serial number, that's a successful OTP authentication. Thus, retrieving the stored data is just retrieving the
+	 * yubikey's serial number (in modhex format), since the actual security credentials are stored on the device.
+	 *
+	 * Note that the serial number is actually the credential serial number - it's possible to regenerate the keys on
+	 * the device, and that will change the serial number too.
+	 *
+	 * More information about the structure of OTPs can be found here:
+	 * https://developers.yubico.com/OTP/OTPs_Explained.html
+	 *
+	 * @param int $userId
+	 *
+	 * @return null|string
+	 */
+	public function getYubikeyData($userId)
+	{
+		$credential = $this->getCredentialData($userId);
+
+		if ($credential === null) {
+			return null;
+		}
+
+		return $credential->getData();
+	}
+
+	/**
+	 * @param $result
+	 *
+	 * @return array
+	 */
+	private function parseYubicoApiResult($result)
+	{
+		$data = array();
+		foreach (explode("\r\n", $result) as $line) {
+			$pos = strpos($line, '=');
+			if ($pos === false) {
+				continue;
+			}
+
+			$data[substr($line, 0, $pos)] = substr($line, $pos + 1);
+		}
+
+		return $data;
+	}
+
+	private function getYubikeyId($data)
+	{
+		return substr($data, 0, -32);
+	}
+
+	private function verifyHmac($apiResponse, $apiKey)
+	{
+		ksort($apiResponse);
+		$signature = $apiResponse['h'];
+		unset($apiResponse['h']);
+
+		$data = array();
+		foreach ($apiResponse as $key => $value) {
+			$data[] = $key . "=" . $value;
+		}
+		$dataString = implode('&', $data);
+
+		$hmac = base64_encode(hash_hmac('sha1', $dataString, base64_decode($apiKey), true));
+
+		return $hmac === $signature;
+	}
+
+	/**
+	 * @param $data
+	 *
+	 * @return bool
+	 */
+	private function verifyToken($data)
+	{
+		$result = $this->httpHelper->get('https://api.yubico.com/wsapi/2.0/verify', array(
+			'id'    => $this->configuration->getYubicoApiId(),
+			'otp'   => $data,
+			'nonce' => md5(openssl_random_pseudo_bytes(64)),
+		));
+
+		$apiResponse = $this->parseYubicoApiResult($result);
+
+		if (!$this->verifyHmac($apiResponse, $this->configuration->getYubicoApiKey())) {
+			return false;
+		}
+
+		return $apiResponse['status'] == 'OK';
+	}
 }

includes/Providers/GlobalState/GlobalStateProvider.php

Indentation +35 added lines, -35 removed lines

@@ -18,43 +18,43 @@
  */
 class GlobalStateProvider implements IGlobalStateProvider
 {
-    /**
-     * @return array
-     */
-    public function &getServerSuperGlobal()
-    {
-        return $_SERVER;
-    }
+	/**
+	 * @return array
+	 */
+	public function &getServerSuperGlobal()
+	{
+		return $_SERVER;
+	}
 
-    /**
-     * @return array
-     */
-    public function &getGetSuperGlobal()
-    {
-        return $_GET;
-    }
+	/**
+	 * @return array
+	 */
+	public function &getGetSuperGlobal()
+	{
+		return $_GET;
+	}
 
-    /**
-     * @return array
-     */
-    public function &getPostSuperGlobal()
-    {
-        return $_POST;
-    }
+	/**
+	 * @return array
+	 */
+	public function &getPostSuperGlobal()
+	{
+		return $_POST;
+	}
 
-    /**
-     * @return array
-     */
-    public function &getSessionSuperGlobal()
-    {
-        return $_SESSION;
-    }
+	/**
+	 * @return array
+	 */
+	public function &getSessionSuperGlobal()
+	{
+		return $_SESSION;
+	}
 
-    /**
-     * @return array
-     */
-    public function &getCookieSuperGlobal()
-    {
-        return $_COOKIE;
-    }
+	/**
+	 * @return array
+	 */
+	public function &getCookieSuperGlobal()
+	{
+		return $_COOKIE;
+	}
 }
\ No newline at end of file