Inspection of "Remove email notifications sent twice for users (n..." - nilsteampassnet/TeamPass - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#4952)

unknown

created 2025-12-03 13:51 UTC

Status

Spacing +53 added lines, -53 removed lines patch added patch discarded remove patch

@@ -146,7 +146,7 @@  discard block
 block discarded – undo
     $sessionPwdAttempts = $session->get('pwd_attempts');
     $sessionUrl = $session->get('user-initial_url');
     $server = [];
-    $server['PHP_AUTH_USER'] =  $request->getUser();
+    $server['PHP_AUTH_USER'] = $request->getUser();
     $server['PHP_AUTH_PW'] = $request->getPassword();
     
     // decrypt and retreive data in JSON format
@@ -166,18 +166,18 @@  discard block
 block discarded – undo
     }
 
     // Check if Duo auth is in progress and pass the pw and login back to the standard login process
-    if(
+    if (
         isKeyExistingAndEqual('duo', 1, $SETTINGS) === true
         && $dataReceived['user_2fa_selection'] === 'duo'
         && $session->get('user-duo_status') === 'IN_PROGRESS'
         && !empty($dataReceived['duo_state'])
-    ){
+    ) {
         $key = hash('sha256', $dataReceived['duo_state']);
         $iv = substr(hash('sha256', $dataReceived['duo_state']), 0, 16);
         $duo_data_dec = openssl_decrypt(base64_decode($session->get('user-duo_data')), 'AES-256-CBC', $key, 0, $iv);
         // Clear the data from the Duo process to continue clean with the standard login process
-        $session->set('user-duo_data','');
-        if($duo_data_dec === false) {
+        $session->set('user-duo_data', '');
+        if ($duo_data_dec === false) {
             // Add failed authentication log
             addFailedAuthentication(filter_var($dataReceived['login'], FILTER_SANITIZE_FULL_SPECIAL_CHARS), getClientIpServer());
 
@@ -195,7 +195,7 @@  discard block
 block discarded – undo
         $dataReceived['login'] = $duo_data['duo_login'];
     }
 
-    if(isset($dataReceived['pw']) === false || isset($dataReceived['login']) === false) {
+    if (isset($dataReceived['pw']) === false || isset($dataReceived['login']) === false) {
         echo json_encode([
             'data' => prepareExchangedData(
                 [
@@ -503,7 +503,7 @@  discard block
 block discarded – undo
                 0,
                 (string) $return,
                 (array) $userInfo ?? [],
-                false,  // not success
+                false, // not success
                 'user_is_locked',
                 $lang->get('account_is_locked')
             ),
@@ -519,7 +519,7 @@  discard block
 block discarded – undo
             (int) $sessionPwdAttempts,
             (string) $return,
             (array) $userInfo ?? [],
-            false,  // not success
+            false, // not success
             true,
             $lang->get('error_not_allowed_to_authenticate')
         ),
@@ -801,7 +801,7 @@  discard block
 block discarded – undo
     // Get cache tree info
     $cacheTreeData = DB::queryFirstRow(
         'SELECT visible_folders
-        FROM ' . prefixTable('cache_tree') . '
+        FROM ' . prefixTable('cache_tree').'
         WHERE user_id=%i',
         (int) $session->get('user-id')
     );
@@ -830,7 +830,7 @@  discard block
 block discarded – undo
 if (isKeyExistingAndEqual('enable_send_email_on_user_login', 1, $SETTINGS) === true) {
     
         // get all Admin users
-        $val = DB::queryFirstRow('SELECT email FROM ' . prefixTable('users') . " WHERE admin = %i and email != ''", 1);
+        $val = DB::queryFirstRow('SELECT email FROM '.prefixTable('users')." WHERE admin = %i and email != ''", 1);
         if (DB::count() > 0) {
             // Add email to table
             prepareSendingEmail(
@@ -842,7 +842,7 @@  discard block
 block discarded – undo
                         '#tp_time#',
                     ],
                     [
-                        ' ' . $session->get('user-login') . ' (IP: ' . getClientIpServer() . ')',
+                        ' '.$session->get('user-login').' (IP: '.getClientIpServer().')',
                         date($SETTINGS['date_format'], (int) time()),
                         date($SETTINGS['time_format'], (int) time()),
                     ],
@@ -949,7 +949,7 @@  discard block
 block discarded – undo
     if (is_null($userInfo['roles_from_ad_groups']) === false) {
         $userInfo['fonction_id'] = empty($userInfo['fonction_id']) === true 
             ? $userInfo['roles_from_ad_groups'] 
-            : $userInfo['fonction_id'] . ';' . $userInfo['roles_from_ad_groups'];
+            : $userInfo['fonction_id'].';'.$userInfo['roles_from_ad_groups'];
     }
     
     // Store roles in session
@@ -966,7 +966,7 @@  discard block
 block discarded – undo
         // Get roles from database
         $rolesList = DB::query(
             'SELECT id, title, complexity
-            FROM ' . prefixTable('roles_title') . '
+            FROM ' . prefixTable('roles_title').'
             WHERE id IN %li',
             $session->get('user-roles_array')
         );
@@ -1055,7 +1055,7 @@  discard block
 block discarded – undo
 {
     $rows = DB::query(
         'SELECT date
-        FROM ' . prefixTable('log_system') . "
+        FROM ' . prefixTable('log_system')."
         WHERE field_1 = %s
         AND type = 'failed_auth'
         AND label = 'password_is_not_correct'
@@ -1069,7 +1069,7 @@  discard block
 block discarded – undo
         foreach ($rows as $record) {
             array_push(
                 $arrAttempts,
-                date($SETTINGS['date_format'] . ' ' . $SETTINGS['time_format'], (int) $record['date'])
+                date($SETTINGS['date_format'].' '.$SETTINGS['time_format'], (int) $record['date'])
             );
         }
     }
@@ -1104,7 +1104,7 @@  discard block
 block discarded – undo
     $ldapConnection
 ) : bool
 {
-    include_once $SETTINGS['cpassman_dir'] . '/sources/main.functions.php';
+    include_once $SETTINGS['cpassman_dir'].'/sources/main.functions.php';
 
     if ((int) $userInfoDisabled === 1) {
         return false;
@@ -1192,7 +1192,7 @@  discard block
 block discarded – undo
         // If user has seed but no backup, create it on first successful login
         if (!empty($userInfo['user_derivation_seed']) && empty($userInfo['private_key_backup'])) {
             if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
-                error_log('TEAMPASS Transparent Recovery - Creating backup for user ' . ($userInfo['login'] ?? 'unknown'));
+                error_log('TEAMPASS Transparent Recovery - Creating backup for user '.($userInfo['login'] ?? 'unknown'));
             }
 
             $derivedKey = deriveBackupKey($userInfo['user_derivation_seed'], $userInfo['public_key'], $SETTINGS);
@@ -1362,7 +1362,7 @@  discard block
 block discarded – undo
     } catch (Exception $e) {
         return [
             'error' => true,
-            'message' => "Error: " . $e->getMessage(),
+            'message' => "Error: ".$e->getMessage(),
         ];
     }
 }
@@ -1393,7 +1393,7 @@  discard block
 block discarded – undo
                 'type' => 'OpenLDAP'
             ];
         default:
-            throw new Exception("Unsupported LDAP type: " . $SETTINGS['ldap_type']);
+            throw new Exception("Unsupported LDAP type: ".$SETTINGS['ldap_type']);
     }
 }
 
@@ -1530,7 +1530,7 @@  discard block
 block discarded – undo
         );
     }
     
-    throw new Exception("Unsupported LDAP type: " . $ldapHandler['type']);
+    throw new Exception("Unsupported LDAP type: ".$ldapHandler['type']);
 }
 
 /**
@@ -1547,12 +1547,12 @@  discard block
 block discarded – undo
     if (isset($SETTINGS['enable_ad_users_with_ad_groups']) === true && (int) $SETTINGS['enable_ad_users_with_ad_groups'] === 1) {
         // Get user groups from AD
         $user_ad_groups = [];
-        foreach($groups as $group) {
+        foreach ($groups as $group) {
             //print_r($group);
             // get relation role id for AD group
             $role = DB::queryFirstRow(
                 'SELECT lgr.role_id
-                FROM ' . prefixTable('ldap_groups_roles') . ' AS lgr
+                FROM ' . prefixTable('ldap_groups_roles').' AS lgr
                 WHERE lgr.ldap_group_id = %s',
                 $group
             );
@@ -1615,7 +1615,7 @@  discard block
 block discarded – undo
     $passwordManager = new PasswordManager();
     
     // Migrate password if needed
-    $result  = $passwordManager->migratePassword(
+    $result = $passwordManager->migratePassword(
         $userInfo['pw'],
         $passwordClear,
         (int) $userInfo['id']
@@ -1693,7 +1693,7 @@  discard block
 block discarded – undo
             // Check if exists in DB
             $groupData = DB::queryFirstRow(
                 'SELECT id
-                FROM ' . prefixTable('roles_title') . '
+                FROM ' . prefixTable('roles_title').'
                 WHERE title = %s',
                 $group["displayName"]
             );
@@ -1842,7 +1842,7 @@  discard block
 block discarded – undo
             
             // generate new QR
             $new_2fa_qr = $tfa->getQRCodeImageAsDataUri(
-                'Teampass - ' . $username,
+                'Teampass - '.$username,
                 $userInfo['ga']
             );
             // clear temporary code from DB
@@ -1855,7 +1855,7 @@  discard block
 block discarded – undo
                 $userInfo['id']
             );
             $firstTime = [
-                'value' => '<img src="' . $new_2fa_qr . '">',
+                'value' => '<img src="'.$new_2fa_qr.'">',
                 'user_admin' => isset($sessionAdmin) ? (int) $sessionAdmin : '',
                 'initial_url' => isset($sessionUrl) === true ? $sessionUrl : '',
                 'pwd_attempts' => (int) $sessionPwdAttempts,
@@ -2011,7 +2011,7 @@  discard block
 block discarded – undo
         }*/
         return [
             'error' => true,
-            'message' => $duo_error . $lang->get('duo_error_check_config'),
+            'message' => $duo_error.$lang->get('duo_error_check_config'),
             'pwd_attempts' => (int) $sessionPwdAttempts,
             'debug_message' => $e->getMessage(),
             'proceedIdentification' => false,
@@ -2027,7 +2027,7 @@  discard block
 block discarded – undo
         } catch (DuoException $e) {
             return [
                 'error' => true,
-                'message' => $duo_error . $lang->get('duo_error_url'),
+                'message' => $duo_error.$lang->get('duo_error_url'),
                 'pwd_attempts' => (int) $sessionPwdAttempts,
                 'debug_message' => $e->getMessage(),
                 'proceedIdentification' => false,
@@ -2035,7 +2035,7 @@  discard block
 block discarded – undo
         }
         
         // Somethimes Duo return success but fail to return a URL, double check if the URL has been created
-        if (!empty($duo_redirect_url) && filter_var($duo_redirect_url,FILTER_SANITIZE_URL)) {
+        if (!empty($duo_redirect_url) && filter_var($duo_redirect_url, FILTER_SANITIZE_URL)) {
             // Since Duo Universal requires a redirect, let's store some info when the user get's back after completing the Duo prompt
             $key = hash('sha256', $duo_state);
             $iv = substr(hash('sha256', $duo_state), 0, 16);
@@ -2063,7 +2063,7 @@  discard block
 block discarded – undo
         } else {
             return [
                 'error' => true,
-                'message' => $duo_error . $lang->get('duo_error_url'),
+                'message' => $duo_error.$lang->get('duo_error_url'),
                 'pwd_attempts' => (int) $sessionPwdAttempts,
                 'proceedIdentification' => false,
             ];
@@ -2084,8 +2084,8 @@  discard block
 block discarded – undo
         // return the response (which should be the user name)
         if ($decoded_token['preferred_username'] === $username) {
             $session->set('user-duo_status', 'COMPLET');
-            $session->set('user-duo_state','');
-            $session->set('user-duo_data','');
+            $session->set('user-duo_state', '');
+            $session->set('user-duo_data', '');
             $session->set('user-login', $username);
 
             return [
@@ -2096,9 +2096,9 @@  discard block
 block discarded – undo
             ];
         } else {
             // Something wrong, username from the original Duo request is different than the one received now
-            $session->set('user-duo_status','');
-            $session->set('user-duo_state','');
-            $session->set('user-duo_data','');
+            $session->set('user-duo_status', '');
+            $session->set('user-duo_state', '');
+            $session->set('user-duo_data', '');
 
             return [
                 'error' => true,
@@ -2109,9 +2109,9 @@  discard block
 block discarded – undo
         }
     }
     // If we are here something wrong
-    $session->set('user-duo_status','');
-    $session->set('user-duo_state','');
-    $session->set('user-duo_data','');
+    $session->set('user-duo_status', '');
+    $session->set('user-duo_state', '');
+    $session->set('user-duo_data', '');
     return [
         'error' => true,
         'message' => $lang->get('duo_login_mismatch'),
@@ -2230,7 +2230,7 @@  discard block
 block discarded – undo
         // Check for existing lock
         $unlock_at = DB::queryFirstField(
             'SELECT MAX(unlock_at)
-             FROM ' . prefixTable('auth_failures') . '
+             FROM ' . prefixTable('auth_failures').'
              WHERE unlock_at > %s
              AND ((source = %s AND value = %s) OR (source = %s AND value = %s))',
             date('Y-m-d H:i:s', time()),
@@ -2252,8 +2252,8 @@  discard block
 block discarded – undo
         // Get user info from DB
         $data = DB::queryFirstRow(
             'SELECT u.*, a.value AS api_key
-            FROM ' . prefixTable('users') . ' AS u
-            LEFT JOIN ' . prefixTable('api') . ' AS a ON (u.id = a.user_id)
+            FROM ' . prefixTable('users').' AS u
+            LEFT JOIN ' . prefixTable('api').' AS a ON (u.id = a.user_id)
             WHERE login = %s AND deleted_at IS NULL',
             $login
         );
@@ -2272,9 +2272,9 @@  discard block
 block discarded – undo
         // Check if similar login deleted exists
         DB::queryFirstRow(
             'SELECT id, login
-            FROM ' . prefixTable('users') . '
+            FROM ' . prefixTable('users').'
             WHERE login LIKE %s AND deleted_at IS NOT NULL',
-            $login . '_deleted_%'
+            $login.'_deleted_%'
         );
 
         if (DB::count() > 0) {
@@ -2384,7 +2384,7 @@  discard block
 block discarded – undo
             'array' => [
                 'value' => 'bruteforce_wait',
                 'error' => true,
-                'message' => $lang->get('bruteforce_wait') . (string) $e->getMessage(),
+                'message' => $lang->get('bruteforce_wait').(string) $e->getMessage(),
             ]
         ];
     }
@@ -2489,7 +2489,7 @@  discard block
 block discarded – undo
     // Clean previous failed attempts
     $failedTasks = DB::query(
         'SELECT increment_id
-        FROM ' . prefixTable('background_tasks') . '
+        FROM ' . prefixTable('background_tasks').'
         WHERE process_type = %s
         AND JSON_EXTRACT(arguments, "$.new_user_id") = %i
         AND status = %s',
@@ -2606,7 +2606,7 @@  discard block
 block discarded – undo
                         $userKeys['public_key']
                     );
                 }*/
-                    error_log('Switch user ' . $username . ' auth_type to oauth2');
+                    error_log('Switch user '.$username.' auth_type to oauth2');
                 // Update user in database:
                 DB::update(
                     prefixTable('users'),
@@ -2830,12 +2830,12 @@  discard block
 block discarded – undo
 {
     // Find the latest "create_user_keys" task for the given user_id
     $latestTask = DB::queryFirstRow(
-        'SELECT arguments, status FROM ' . prefixTable('background_tasks') . '
+        'SELECT arguments, status FROM '.prefixTable('background_tasks').'
         WHERE process_type = %s
         AND arguments LIKE %s
         ORDER BY increment_id DESC
         LIMIT 1',
-        'create_user_keys', '%"new_user_id":' . $userId . '%'
+        'create_user_keys', '%"new_user_id":'.$userId.'%'
     );
 
     // If a failed task is found, return an error message
@@ -3047,15 +3047,15 @@  discard block
 block discarded – undo
 
             if ($ret['error'] !== false) {
                 logEvents($SETTINGS, 'failed_auth', 'bad_duo_mfa', '', stripslashes($username), stripslashes($username));
-                $session->set('user-duo_status','');
-                $session->set('user-duo_state','');
-                $session->set('user-duo_data','');
+                $session->set('user-duo_status', '');
+                $session->set('user-duo_state', '');
+                $session->set('user-duo_data', '');
                 return [
                     'error' => true,
                     'mfaData' => $ret,
                     'mfaQRCodeInfos' => false,
                 ];
-            } else if ($ret['duo_url_ready'] === true){
+            } else if ($ret['duo_url_ready'] === true) {
                 return [
                     'error' => false,
                     'mfaData' => $ret,
@@ -3119,7 +3119,7 @@  discard block
 block discarded – undo
     // Count failed attempts from this source
     $count = DB::queryFirstField(
         'SELECT COUNT(*)
-        FROM ' . prefixTable('auth_failures') . '
+        FROM ' . prefixTable('auth_failures').'
         WHERE source = %s AND value = %s',
         $source,
         $value

Please login to merge, or discard this patch.

		@@ -146,7 +146,7 @@ discard block
		block discarded – undo
146	146	$sessionPwdAttempts = $session->get('pwd_attempts');
147	147	$sessionUrl = $session->get('user-initial_url');
148	148	$server = [];
149		- $server['PHP_AUTH_USER'] = $request->getUser();
	149	+ $server['PHP_AUTH_USER'] = $request->getUser();
150	150	$server['PHP_AUTH_PW'] = $request->getPassword();
151	151
152	152	// decrypt and retreive data in JSON format
		@@ -166,18 +166,18 @@ discard block
		block discarded – undo
166	166	}
167	167
168	168	// Check if Duo auth is in progress and pass the pw and login back to the standard login process
169		- if(
	169	+ if (
170	170	isKeyExistingAndEqual('duo', 1, $SETTINGS) === true
171	171	&& $dataReceived['user_2fa_selection'] === 'duo'
172	172	&& $session->get('user-duo_status') === 'IN_PROGRESS'
173	173	&& !empty($dataReceived['duo_state'])
174		- ){
	174	+ ) {
175	175	$key = hash('sha256', $dataReceived['duo_state']);
176	176	$iv = substr(hash('sha256', $dataReceived['duo_state']), 0, 16);
177	177	$duo_data_dec = openssl_decrypt(base64_decode($session->get('user-duo_data')), 'AES-256-CBC', $key, 0, $iv);
178	178	// Clear the data from the Duo process to continue clean with the standard login process
179		- $session->set('user-duo_data','');
180		- if($duo_data_dec === false) {
	179	+ $session->set('user-duo_data', '');
	180	+ if ($duo_data_dec === false) {
181	181	// Add failed authentication log
182	182	addFailedAuthentication(filter_var($dataReceived['login'], FILTER_SANITIZE_FULL_SPECIAL_CHARS), getClientIpServer());
183	183
		@@ -195,7 +195,7 @@ discard block
		block discarded – undo
195	195	$dataReceived['login'] = $duo_data['duo_login'];
196	196	}
197	197
198		- if(isset($dataReceived['pw']) === false \|\| isset($dataReceived['login']) === false) {
	198	+ if (isset($dataReceived['pw']) === false \|\| isset($dataReceived['login']) === false) {
199	199	echo json_encode([
200	200	'data' => prepareExchangedData(
201	201	[
		@@ -503,7 +503,7 @@ discard block
		block discarded – undo
503	503	0,
504	504	(string) $return,
505	505	(array) $userInfo ?? [],
506		- false, // not success
	506	+ false, // not success
507	507	'user_is_locked',
508	508	$lang->get('account_is_locked')
509	509	),
		@@ -519,7 +519,7 @@ discard block
		block discarded – undo
519	519	(int) $sessionPwdAttempts,
520	520	(string) $return,
521	521	(array) $userInfo ?? [],
522		- false, // not success
	522	+ false, // not success
523	523	true,
524	524	$lang->get('error_not_allowed_to_authenticate')
525	525	),
		@@ -801,7 +801,7 @@ discard block
		block discarded – undo
801	801	// Get cache tree info
802	802	$cacheTreeData = DB::queryFirstRow(
803	803	'SELECT visible_folders
804		- FROM ' . prefixTable('cache_tree') . '
	804	+ FROM ' . prefixTable('cache_tree').'
805	805	WHERE user_id=%i',
806	806	(int) $session->get('user-id')
807	807	);
		@@ -830,7 +830,7 @@ discard block
		block discarded – undo
830	830	if (isKeyExistingAndEqual('enable_send_email_on_user_login', 1, $SETTINGS) === true) {
831	831
832	832	// get all Admin users
833		- $val = DB::queryFirstRow('SELECT email FROM ' . prefixTable('users') . " WHERE admin = %i and email != ''", 1);
	833	+ $val = DB::queryFirstRow('SELECT email FROM '.prefixTable('users')." WHERE admin = %i and email != ''", 1);
834	834	if (DB::count() > 0) {
835	835	// Add email to table
836	836	prepareSendingEmail(
		@@ -842,7 +842,7 @@ discard block
		block discarded – undo
842	842	'#tp_time#',
843	843	],
844	844	[
845		- ' ' . $session->get('user-login') . ' (IP: ' . getClientIpServer() . ')',
	845	+ ' '.$session->get('user-login').' (IP: '.getClientIpServer().')',
846	846	date($SETTINGS['date_format'], (int) time()),
847	847	date($SETTINGS['time_format'], (int) time()),
848	848	],
		@@ -949,7 +949,7 @@ discard block
		block discarded – undo
949	949	if (is_null($userInfo['roles_from_ad_groups']) === false) {
950	950	$userInfo['fonction_id'] = empty($userInfo['fonction_id']) === true
951	951	? $userInfo['roles_from_ad_groups']
952		- : $userInfo['fonction_id'] . ';' . $userInfo['roles_from_ad_groups'];
	952	+ : $userInfo['fonction_id'].';'.$userInfo['roles_from_ad_groups'];
953	953	}
954	954
955	955	// Store roles in session
		@@ -966,7 +966,7 @@ discard block
		block discarded – undo
966	966	// Get roles from database
967	967	$rolesList = DB::query(
968	968	'SELECT id, title, complexity
969		- FROM ' . prefixTable('roles_title') . '
	969	+ FROM ' . prefixTable('roles_title').'
970	970	WHERE id IN %li',
971	971	$session->get('user-roles_array')
972	972	);
		@@ -1055,7 +1055,7 @@ discard block
		block discarded – undo
1055	1055	{
1056	1056	$rows = DB::query(
1057	1057	'SELECT date
1058		- FROM ' . prefixTable('log_system') . "
	1058	+ FROM ' . prefixTable('log_system')."
1059	1059	WHERE field_1 = %s
1060	1060	AND type = 'failed_auth'
1061	1061	AND label = 'password_is_not_correct'
		@@ -1069,7 +1069,7 @@ discard block
		block discarded – undo
1069	1069	foreach ($rows as $record) {
1070	1070	array_push(
1071	1071	$arrAttempts,
1072		- date($SETTINGS['date_format'] . ' ' . $SETTINGS['time_format'], (int) $record['date'])
	1072	+ date($SETTINGS['date_format'].' '.$SETTINGS['time_format'], (int) $record['date'])
1073	1073	);
1074	1074	}
1075	1075	}
		@@ -1104,7 +1104,7 @@ discard block
		block discarded – undo
1104	1104	$ldapConnection
1105	1105	) : bool
1106	1106	{
1107		- include_once $SETTINGS['cpassman_dir'] . '/sources/main.functions.php';
	1107	+ include_once $SETTINGS['cpassman_dir'].'/sources/main.functions.php';
1108	1108
1109	1109	if ((int) $userInfoDisabled === 1) {
1110	1110	return false;
		@@ -1192,7 +1192,7 @@ discard block
		block discarded – undo
1192	1192	// If user has seed but no backup, create it on first successful login
1193	1193	if (!empty($userInfo['user_derivation_seed']) && empty($userInfo['private_key_backup'])) {
1194	1194	if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
1195		- error_log('TEAMPASS Transparent Recovery - Creating backup for user ' . ($userInfo['login'] ?? 'unknown'));
	1195	+ error_log('TEAMPASS Transparent Recovery - Creating backup for user '.($userInfo['login'] ?? 'unknown'));
1196	1196	}
1197	1197
1198	1198	$derivedKey = deriveBackupKey($userInfo['user_derivation_seed'], $userInfo['public_key'], $SETTINGS);
		@@ -1362,7 +1362,7 @@ discard block
		block discarded – undo
1362	1362	} catch (Exception $e) {
1363	1363	return [
1364	1364	'error' => true,
1365		- 'message' => "Error: " . $e->getMessage(),
	1365	+ 'message' => "Error: ".$e->getMessage(),
1366	1366	];
1367	1367	}
1368	1368	}
		@@ -1393,7 +1393,7 @@ discard block
		block discarded – undo
1393	1393	'type' => 'OpenLDAP'
1394	1394	];
1395	1395	default:
1396		- throw new Exception("Unsupported LDAP type: " . $SETTINGS['ldap_type']);
	1396	+ throw new Exception("Unsupported LDAP type: ".$SETTINGS['ldap_type']);
1397	1397	}
1398	1398	}
1399	1399
		@@ -1530,7 +1530,7 @@ discard block
		block discarded – undo
1530	1530	);
1531	1531	}
1532	1532
1533		- throw new Exception("Unsupported LDAP type: " . $ldapHandler['type']);
	1533	+ throw new Exception("Unsupported LDAP type: ".$ldapHandler['type']);
1534	1534	}
1535	1535
1536	1536	/**
		@@ -1547,12 +1547,12 @@ discard block
		block discarded – undo
1547	1547	if (isset($SETTINGS['enable_ad_users_with_ad_groups']) === true && (int) $SETTINGS['enable_ad_users_with_ad_groups'] === 1) {
1548	1548	// Get user groups from AD
1549	1549	$user_ad_groups = [];
1550		- foreach($groups as $group) {
	1550	+ foreach ($groups as $group) {
1551	1551	//print_r($group);
1552	1552	// get relation role id for AD group
1553	1553	$role = DB::queryFirstRow(
1554	1554	'SELECT lgr.role_id
1555		- FROM ' . prefixTable('ldap_groups_roles') . ' AS lgr
	1555	+ FROM ' . prefixTable('ldap_groups_roles').' AS lgr
1556	1556	WHERE lgr.ldap_group_id = %s',
1557	1557	$group
1558	1558	);
		@@ -1615,7 +1615,7 @@ discard block
		block discarded – undo
1615	1615	$passwordManager = new PasswordManager();
1616	1616
1617	1617	// Migrate password if needed
1618		- $result = $passwordManager->migratePassword(
	1618	+ $result = $passwordManager->migratePassword(
1619	1619	$userInfo['pw'],
1620	1620	$passwordClear,
1621	1621	(int) $userInfo['id']
		@@ -1693,7 +1693,7 @@ discard block
		block discarded – undo
1693	1693	// Check if exists in DB
1694	1694	$groupData = DB::queryFirstRow(
1695	1695	'SELECT id
1696		- FROM ' . prefixTable('roles_title') . '
	1696	+ FROM ' . prefixTable('roles_title').'
1697	1697	WHERE title = %s',
1698	1698	$group["displayName"]
1699	1699	);
		@@ -1842,7 +1842,7 @@ discard block
		block discarded – undo
1842	1842
1843	1843	// generate new QR
1844	1844	$new_2fa_qr = $tfa->getQRCodeImageAsDataUri(
1845		- 'Teampass - ' . $username,
	1845	+ 'Teampass - '.$username,
1846	1846	$userInfo['ga']
1847	1847	);
1848	1848	// clear temporary code from DB
		@@ -1855,7 +1855,7 @@ discard block
		block discarded – undo
1855	1855	$userInfo['id']
1856	1856	);
1857	1857	$firstTime = [
1858		- 'value' => '<img src="' . $new_2fa_qr . '">',
	1858	+ 'value' => '<img src="'.$new_2fa_qr.'">',
1859	1859	'user_admin' => isset($sessionAdmin) ? (int) $sessionAdmin : '',
1860	1860	'initial_url' => isset($sessionUrl) === true ? $sessionUrl : '',
1861	1861	'pwd_attempts' => (int) $sessionPwdAttempts,
		@@ -2011,7 +2011,7 @@ discard block
		block discarded – undo
2011	2011	}*/
2012	2012	return [
2013	2013	'error' => true,
2014		- 'message' => $duo_error . $lang->get('duo_error_check_config'),
	2014	+ 'message' => $duo_error.$lang->get('duo_error_check_config'),
2015	2015	'pwd_attempts' => (int) $sessionPwdAttempts,
2016	2016	'debug_message' => $e->getMessage(),
2017	2017	'proceedIdentification' => false,
		@@ -2027,7 +2027,7 @@ discard block
		block discarded – undo
2027	2027	} catch (DuoException $e) {
2028	2028	return [
2029	2029	'error' => true,
2030		- 'message' => $duo_error . $lang->get('duo_error_url'),
	2030	+ 'message' => $duo_error.$lang->get('duo_error_url'),
2031	2031	'pwd_attempts' => (int) $sessionPwdAttempts,
2032	2032	'debug_message' => $e->getMessage(),
2033	2033	'proceedIdentification' => false,
		@@ -2035,7 +2035,7 @@ discard block
		block discarded – undo
2035	2035	}
2036	2036
2037	2037	// Somethimes Duo return success but fail to return a URL, double check if the URL has been created
2038		- if (!empty($duo_redirect_url) && filter_var($duo_redirect_url,FILTER_SANITIZE_URL)) {
	2038	+ if (!empty($duo_redirect_url) && filter_var($duo_redirect_url, FILTER_SANITIZE_URL)) {
2039	2039	// Since Duo Universal requires a redirect, let's store some info when the user get's back after completing the Duo prompt
2040	2040	$key = hash('sha256', $duo_state);
2041	2041	$iv = substr(hash('sha256', $duo_state), 0, 16);
		@@ -2063,7 +2063,7 @@ discard block
		block discarded – undo
2063	2063	} else {
2064	2064	return [
2065	2065	'error' => true,
2066		- 'message' => $duo_error . $lang->get('duo_error_url'),
	2066	+ 'message' => $duo_error.$lang->get('duo_error_url'),
2067	2067	'pwd_attempts' => (int) $sessionPwdAttempts,
2068	2068	'proceedIdentification' => false,
2069	2069	];
		@@ -2084,8 +2084,8 @@ discard block
		block discarded – undo
2084	2084	// return the response (which should be the user name)
2085	2085	if ($decoded_token['preferred_username'] === $username) {
2086	2086	$session->set('user-duo_status', 'COMPLET');
2087		- $session->set('user-duo_state','');
2088		- $session->set('user-duo_data','');
	2087	+ $session->set('user-duo_state', '');
	2088	+ $session->set('user-duo_data', '');
2089	2089	$session->set('user-login', $username);
2090	2090
2091	2091	return [
		@@ -2096,9 +2096,9 @@ discard block
		block discarded – undo
2096	2096	];
2097	2097	} else {
2098	2098	// Something wrong, username from the original Duo request is different than the one received now
2099		- $session->set('user-duo_status','');
2100		- $session->set('user-duo_state','');
2101		- $session->set('user-duo_data','');
	2099	+ $session->set('user-duo_status', '');
	2100	+ $session->set('user-duo_state', '');
	2101	+ $session->set('user-duo_data', '');
2102	2102
2103	2103	return [
2104	2104	'error' => true,
		@@ -2109,9 +2109,9 @@ discard block
		block discarded – undo
2109	2109	}
2110	2110	}
2111	2111	// If we are here something wrong
2112		- $session->set('user-duo_status','');
2113		- $session->set('user-duo_state','');
2114		- $session->set('user-duo_data','');
	2112	+ $session->set('user-duo_status', '');
	2113	+ $session->set('user-duo_state', '');
	2114	+ $session->set('user-duo_data', '');
2115	2115	return [
2116	2116	'error' => true,
2117	2117	'message' => $lang->get('duo_login_mismatch'),
		@@ -2230,7 +2230,7 @@ discard block
		block discarded – undo
2230	2230	// Check for existing lock
2231	2231	$unlock_at = DB::queryFirstField(
2232	2232	'SELECT MAX(unlock_at)
2233		- FROM ' . prefixTable('auth_failures') . '
	2233	+ FROM ' . prefixTable('auth_failures').'
2234	2234	WHERE unlock_at > %s
2235	2235	AND ((source = %s AND value = %s) OR (source = %s AND value = %s))',
2236	2236	date('Y-m-d H:i:s', time()),
		@@ -2252,8 +2252,8 @@ discard block
		block discarded – undo
2252	2252	// Get user info from DB
2253	2253	$data = DB::queryFirstRow(
2254	2254	'SELECT u.*, a.value AS api_key
2255		- FROM ' . prefixTable('users') . ' AS u
2256		- LEFT JOIN ' . prefixTable('api') . ' AS a ON (u.id = a.user_id)
	2255	+ FROM ' . prefixTable('users').' AS u
	2256	+ LEFT JOIN ' . prefixTable('api').' AS a ON (u.id = a.user_id)
2257	2257	WHERE login = %s AND deleted_at IS NULL',
2258	2258	$login
2259	2259	);
		@@ -2272,9 +2272,9 @@ discard block
		block discarded – undo
2272	2272	// Check if similar login deleted exists
2273	2273	DB::queryFirstRow(
2274	2274	'SELECT id, login
2275		- FROM ' . prefixTable('users') . '
	2275	+ FROM ' . prefixTable('users').'
2276	2276	WHERE login LIKE %s AND deleted_at IS NOT NULL',
2277		- $login . '_deleted_%'
	2277	+ $login.'_deleted_%'
2278	2278	);
2279	2279
2280	2280	if (DB::count() > 0) {
		@@ -2384,7 +2384,7 @@ discard block
		block discarded – undo
2384	2384	'array' => [
2385	2385	'value' => 'bruteforce_wait',
2386	2386	'error' => true,
2387		- 'message' => $lang->get('bruteforce_wait') . (string) $e->getMessage(),
	2387	+ 'message' => $lang->get('bruteforce_wait').(string) $e->getMessage(),
2388	2388	]
2389	2389	];
2390	2390	}
		@@ -2489,7 +2489,7 @@ discard block
		block discarded – undo
2489	2489	// Clean previous failed attempts
2490	2490	$failedTasks = DB::query(
2491	2491	'SELECT increment_id
2492		- FROM ' . prefixTable('background_tasks') . '
	2492	+ FROM ' . prefixTable('background_tasks').'
2493	2493	WHERE process_type = %s
2494	2494	AND JSON_EXTRACT(arguments, "$.new_user_id") = %i
2495	2495	AND status = %s',
		@@ -2606,7 +2606,7 @@ discard block
		block discarded – undo
2606	2606	$userKeys['public_key']
2607	2607	);
2608	2608	}*/
2609		- error_log('Switch user ' . $username . ' auth_type to oauth2');
	2609	+ error_log('Switch user '.$username.' auth_type to oauth2');
2610	2610	// Update user in database:
2611	2611	DB::update(
2612	2612	prefixTable('users'),
		@@ -2830,12 +2830,12 @@ discard block
		block discarded – undo
2830	2830	{
2831	2831	// Find the latest "create_user_keys" task for the given user_id
2832	2832	$latestTask = DB::queryFirstRow(
2833		- 'SELECT arguments, status FROM ' . prefixTable('background_tasks') . '
	2833	+ 'SELECT arguments, status FROM '.prefixTable('background_tasks').'
2834	2834	WHERE process_type = %s
2835	2835	AND arguments LIKE %s
2836	2836	ORDER BY increment_id DESC
2837	2837	LIMIT 1',
2838		- 'create_user_keys', '%"new_user_id":' . $userId . '%'
	2838	+ 'create_user_keys', '%"new_user_id":'.$userId.'%'
2839	2839	);
2840	2840
2841	2841	// If a failed task is found, return an error message
		@@ -3047,15 +3047,15 @@ discard block
		block discarded – undo
3047	3047
3048	3048	if ($ret['error'] !== false) {
3049	3049	logEvents($SETTINGS, 'failed_auth', 'bad_duo_mfa', '', stripslashes($username), stripslashes($username));
3050		- $session->set('user-duo_status','');
3051		- $session->set('user-duo_state','');
3052		- $session->set('user-duo_data','');
	3050	+ $session->set('user-duo_status', '');
	3051	+ $session->set('user-duo_state', '');
	3052	+ $session->set('user-duo_data', '');
3053	3053	return [
3054	3054	'error' => true,
3055	3055	'mfaData' => $ret,
3056	3056	'mfaQRCodeInfos' => false,
3057	3057	];
3058		- } else if ($ret['duo_url_ready'] === true){
	3058	+ } else if ($ret['duo_url_ready'] === true) {
3059	3059	return [
3060	3060	'error' => false,
3061	3061	'mfaData' => $ret,
		@@ -3119,7 +3119,7 @@ discard block
		block discarded – undo
3119	3119	// Count failed attempts from this source
3120	3120	$count = DB::queryFirstField(
3121	3121	'SELECT COUNT(*)
3122		- FROM ' . prefixTable('auth_failures') . '
	3122	+ FROM ' . prefixTable('auth_failures').'
3123	3123	WHERE source = %s AND value = %s',
3124	3124	$source,
3125	3125	$value

nilsteampassnet / TeamPass

Pull Request — master (#4952)

Status

Category

Spacing +53 added lines, -53 removed lines patch added patch discarded remove patch