Inspection of "Refactor email notification condition" - nilsteampassnet/TeamPass - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#4954)

unknown

created 2025-12-07 11:56 UTC

Status

Spacing +53 added lines, -53 removed lines patch added patch discarded remove patch

@@ -146,7 +146,7 @@  discard block
 block discarded – undo
     $sessionPwdAttempts = $session->get('pwd_attempts');
     $sessionUrl = $session->get('user-initial_url');
     $server = [];
-    $server['PHP_AUTH_USER'] =  $request->getUser();
+    $server['PHP_AUTH_USER'] = $request->getUser();
     $server['PHP_AUTH_PW'] = $request->getPassword();
     
     // decrypt and retreive data in JSON format
@@ -166,18 +166,18 @@  discard block
 block discarded – undo
     }
 
     // Check if Duo auth is in progress and pass the pw and login back to the standard login process
-    if(
+    if (
         isKeyExistingAndEqual('duo', 1, $SETTINGS) === true
         && $dataReceived['user_2fa_selection'] === 'duo'
         && $session->get('user-duo_status') === 'IN_PROGRESS'
         && !empty($dataReceived['duo_state'])
-    ){
+    ) {
         $key = hash('sha256', $dataReceived['duo_state']);
         $iv = substr(hash('sha256', $dataReceived['duo_state']), 0, 16);
         $duo_data_dec = openssl_decrypt(base64_decode($session->get('user-duo_data')), 'AES-256-CBC', $key, 0, $iv);
         // Clear the data from the Duo process to continue clean with the standard login process
-        $session->set('user-duo_data','');
-        if($duo_data_dec === false) {
+        $session->set('user-duo_data', '');
+        if ($duo_data_dec === false) {
             // Add failed authentication log
             addFailedAuthentication(filter_var($dataReceived['login'], FILTER_SANITIZE_FULL_SPECIAL_CHARS), getClientIpServer());
 
@@ -195,7 +195,7 @@  discard block
 block discarded – undo
         $dataReceived['login'] = $duo_data['duo_login'];
     }
 
-    if(isset($dataReceived['pw']) === false || isset($dataReceived['login']) === false) {
+    if (isset($dataReceived['pw']) === false || isset($dataReceived['login']) === false) {
         echo json_encode([
             'data' => prepareExchangedData(
                 [
@@ -503,7 +503,7 @@  discard block
 block discarded – undo
                 0,
                 (string) $return,
                 (array) $userInfo ?? [],
-                false,  // not success
+                false, // not success
                 'user_is_locked',
                 $lang->get('account_is_locked')
             ),
@@ -519,7 +519,7 @@  discard block
 block discarded – undo
             (int) $sessionPwdAttempts,
             (string) $return,
             (array) $userInfo ?? [],
-            false,  // not success
+            false, // not success
             true,
             $lang->get('error_not_allowed_to_authenticate')
         ),
@@ -801,7 +801,7 @@  discard block
 block discarded – undo
     // Get cache tree info
     $cacheTreeData = DB::queryFirstRow(
         'SELECT visible_folders
-        FROM ' . prefixTable('cache_tree') . '
+        FROM ' . prefixTable('cache_tree').'
         WHERE user_id=%i',
         (int) $session->get('user-id')
     );
@@ -829,7 +829,7 @@  discard block
 block discarded – undo
     $lang = new Language($session->get('user-language') ?? 'english');
     if (isKeyExistingAndEqual('enable_send_email_on_user_login', 1, $SETTINGS) === true) {
         // get all Admin users
-        $val = DB::queryFirstRow('SELECT email FROM ' . prefixTable('users') . " WHERE admin = %i and email != ''", 1);
+        $val = DB::queryFirstRow('SELECT email FROM '.prefixTable('users')." WHERE admin = %i and email != ''", 1);
         if (DB::count() > 0) {
             // Add email to table
             prepareSendingEmail(
@@ -841,7 +841,7 @@  discard block
 block discarded – undo
                         '#tp_time#',
                     ],
                     [
-                        ' ' . $session->get('user-login') . ' (IP: ' . getClientIpServer() . ')',
+                        ' '.$session->get('user-login').' (IP: '.getClientIpServer().')',
                         date($SETTINGS['date_format'], (int) time()),
                         date($SETTINGS['time_format'], (int) time()),
                     ],
@@ -948,7 +948,7 @@  discard block
 block discarded – undo
     if (is_null($userInfo['roles_from_ad_groups']) === false) {
         $userInfo['fonction_id'] = empty($userInfo['fonction_id']) === true 
             ? $userInfo['roles_from_ad_groups'] 
-            : $userInfo['fonction_id'] . ';' . $userInfo['roles_from_ad_groups'];
+            : $userInfo['fonction_id'].';'.$userInfo['roles_from_ad_groups'];
     }
     
     // Store roles in session
@@ -965,7 +965,7 @@  discard block
 block discarded – undo
         // Get roles from database
         $rolesList = DB::query(
             'SELECT id, title, complexity
-            FROM ' . prefixTable('roles_title') . '
+            FROM ' . prefixTable('roles_title').'
             WHERE id IN %li',
             $session->get('user-roles_array')
         );
@@ -1054,7 +1054,7 @@  discard block
 block discarded – undo
 {
     $rows = DB::query(
         'SELECT date
-        FROM ' . prefixTable('log_system') . "
+        FROM ' . prefixTable('log_system')."
         WHERE field_1 = %s
         AND type = 'failed_auth'
         AND label = 'password_is_not_correct'
@@ -1068,7 +1068,7 @@  discard block
 block discarded – undo
         foreach ($rows as $record) {
             array_push(
                 $arrAttempts,
-                date($SETTINGS['date_format'] . ' ' . $SETTINGS['time_format'], (int) $record['date'])
+                date($SETTINGS['date_format'].' '.$SETTINGS['time_format'], (int) $record['date'])
             );
         }
     }
@@ -1103,7 +1103,7 @@  discard block
 block discarded – undo
     $ldapConnection
 ) : bool
 {
-    include_once $SETTINGS['cpassman_dir'] . '/sources/main.functions.php';
+    include_once $SETTINGS['cpassman_dir'].'/sources/main.functions.php';
 
     if ((int) $userInfoDisabled === 1) {
         return false;
@@ -1191,7 +1191,7 @@  discard block
 block discarded – undo
         // If user has seed but no backup, create it on first successful login
         if (!empty($userInfo['user_derivation_seed']) && empty($userInfo['private_key_backup'])) {
             if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
-                error_log('TEAMPASS Transparent Recovery - Creating backup for user ' . ($userInfo['login'] ?? 'unknown'));
+                error_log('TEAMPASS Transparent Recovery - Creating backup for user '.($userInfo['login'] ?? 'unknown'));
             }
 
             $derivedKey = deriveBackupKey($userInfo['user_derivation_seed'], $userInfo['public_key'], $SETTINGS);
@@ -1361,7 +1361,7 @@  discard block
 block discarded – undo
     } catch (Exception $e) {
         return [
             'error' => true,
-            'message' => "Error: " . $e->getMessage(),
+            'message' => "Error: ".$e->getMessage(),
         ];
     }
 }
@@ -1392,7 +1392,7 @@  discard block
 block discarded – undo
                 'type' => 'OpenLDAP'
             ];
         default:
-            throw new Exception("Unsupported LDAP type: " . $SETTINGS['ldap_type']);
+            throw new Exception("Unsupported LDAP type: ".$SETTINGS['ldap_type']);
     }
 }
 
@@ -1529,7 +1529,7 @@  discard block
 block discarded – undo
         );
     }
     
-    throw new Exception("Unsupported LDAP type: " . $ldapHandler['type']);
+    throw new Exception("Unsupported LDAP type: ".$ldapHandler['type']);
 }
 
 /**
@@ -1546,12 +1546,12 @@  discard block
 block discarded – undo
     if (isset($SETTINGS['enable_ad_users_with_ad_groups']) === true && (int) $SETTINGS['enable_ad_users_with_ad_groups'] === 1) {
         // Get user groups from AD
         $user_ad_groups = [];
-        foreach($groups as $group) {
+        foreach ($groups as $group) {
             //print_r($group);
             // get relation role id for AD group
             $role = DB::queryFirstRow(
                 'SELECT lgr.role_id
-                FROM ' . prefixTable('ldap_groups_roles') . ' AS lgr
+                FROM ' . prefixTable('ldap_groups_roles').' AS lgr
                 WHERE lgr.ldap_group_id = %s',
                 $group
             );
@@ -1614,7 +1614,7 @@  discard block
 block discarded – undo
     $passwordManager = new PasswordManager();
     
     // Migrate password if needed
-    $result  = $passwordManager->migratePassword(
+    $result = $passwordManager->migratePassword(
         $userInfo['pw'],
         $passwordClear,
         (int) $userInfo['id']
@@ -1692,7 +1692,7 @@  discard block
 block discarded – undo
             // Check if exists in DB
             $groupData = DB::queryFirstRow(
                 'SELECT id
-                FROM ' . prefixTable('roles_title') . '
+                FROM ' . prefixTable('roles_title').'
                 WHERE title = %s',
                 $group["displayName"]
             );
@@ -1841,7 +1841,7 @@  discard block
 block discarded – undo
             
             // generate new QR
             $new_2fa_qr = $tfa->getQRCodeImageAsDataUri(
-                'Teampass - ' . $username,
+                'Teampass - '.$username,
                 $userInfo['ga']
             );
             // clear temporary code from DB
@@ -1854,7 +1854,7 @@  discard block
 block discarded – undo
                 $userInfo['id']
             );
             $firstTime = [
-                'value' => '<img src="' . $new_2fa_qr . '">',
+                'value' => '<img src="'.$new_2fa_qr.'">',
                 'user_admin' => isset($sessionAdmin) ? (int) $sessionAdmin : '',
                 'initial_url' => isset($sessionUrl) === true ? $sessionUrl : '',
                 'pwd_attempts' => (int) $sessionPwdAttempts,
@@ -2010,7 +2010,7 @@  discard block
 block discarded – undo
         }*/
         return [
             'error' => true,
-            'message' => $duo_error . $lang->get('duo_error_check_config'),
+            'message' => $duo_error.$lang->get('duo_error_check_config'),
             'pwd_attempts' => (int) $sessionPwdAttempts,
             'debug_message' => $e->getMessage(),
             'proceedIdentification' => false,
@@ -2026,7 +2026,7 @@  discard block
 block discarded – undo
         } catch (DuoException $e) {
             return [
                 'error' => true,
-                'message' => $duo_error . $lang->get('duo_error_url'),
+                'message' => $duo_error.$lang->get('duo_error_url'),
                 'pwd_attempts' => (int) $sessionPwdAttempts,
                 'debug_message' => $e->getMessage(),
                 'proceedIdentification' => false,
@@ -2034,7 +2034,7 @@  discard block
 block discarded – undo
         }
         
         // Somethimes Duo return success but fail to return a URL, double check if the URL has been created
-        if (!empty($duo_redirect_url) && filter_var($duo_redirect_url,FILTER_SANITIZE_URL)) {
+        if (!empty($duo_redirect_url) && filter_var($duo_redirect_url, FILTER_SANITIZE_URL)) {
             // Since Duo Universal requires a redirect, let's store some info when the user get's back after completing the Duo prompt
             $key = hash('sha256', $duo_state);
             $iv = substr(hash('sha256', $duo_state), 0, 16);
@@ -2062,7 +2062,7 @@  discard block
 block discarded – undo
         } else {
             return [
                 'error' => true,
-                'message' => $duo_error . $lang->get('duo_error_url'),
+                'message' => $duo_error.$lang->get('duo_error_url'),
                 'pwd_attempts' => (int) $sessionPwdAttempts,
                 'proceedIdentification' => false,
             ];
@@ -2083,8 +2083,8 @@  discard block
 block discarded – undo
         // return the response (which should be the user name)
         if ($decoded_token['preferred_username'] === $username) {
             $session->set('user-duo_status', 'COMPLET');
-            $session->set('user-duo_state','');
-            $session->set('user-duo_data','');
+            $session->set('user-duo_state', '');
+            $session->set('user-duo_data', '');
             $session->set('user-login', $username);
 
             return [
@@ -2095,9 +2095,9 @@  discard block
 block discarded – undo
             ];
         } else {
             // Something wrong, username from the original Duo request is different than the one received now
-            $session->set('user-duo_status','');
-            $session->set('user-duo_state','');
-            $session->set('user-duo_data','');
+            $session->set('user-duo_status', '');
+            $session->set('user-duo_state', '');
+            $session->set('user-duo_data', '');
 
             return [
                 'error' => true,
@@ -2108,9 +2108,9 @@  discard block
 block discarded – undo
         }
     }
     // If we are here something wrong
-    $session->set('user-duo_status','');
-    $session->set('user-duo_state','');
-    $session->set('user-duo_data','');
+    $session->set('user-duo_status', '');
+    $session->set('user-duo_state', '');
+    $session->set('user-duo_data', '');
     return [
         'error' => true,
         'message' => $lang->get('duo_login_mismatch'),
@@ -2229,7 +2229,7 @@  discard block
 block discarded – undo
         // Check for existing lock
         $unlock_at = DB::queryFirstField(
             'SELECT MAX(unlock_at)
-             FROM ' . prefixTable('auth_failures') . '
+             FROM ' . prefixTable('auth_failures').'
              WHERE unlock_at > %s
              AND ((source = %s AND value = %s) OR (source = %s AND value = %s))',
             date('Y-m-d H:i:s', time()),
@@ -2251,8 +2251,8 @@  discard block
 block discarded – undo
         // Get user info from DB
         $data = DB::queryFirstRow(
             'SELECT u.*, a.value AS api_key
-            FROM ' . prefixTable('users') . ' AS u
-            LEFT JOIN ' . prefixTable('api') . ' AS a ON (u.id = a.user_id)
+            FROM ' . prefixTable('users').' AS u
+            LEFT JOIN ' . prefixTable('api').' AS a ON (u.id = a.user_id)
             WHERE login = %s AND deleted_at IS NULL',
             $login
         );
@@ -2271,9 +2271,9 @@  discard block
 block discarded – undo
         // Check if similar login deleted exists
         DB::queryFirstRow(
             'SELECT id, login
-            FROM ' . prefixTable('users') . '
+            FROM ' . prefixTable('users').'
             WHERE login LIKE %s AND deleted_at IS NOT NULL',
-            $login . '_deleted_%'
+            $login.'_deleted_%'
         );
 
         if (DB::count() > 0) {
@@ -2383,7 +2383,7 @@  discard block
 block discarded – undo
             'array' => [
                 'value' => 'bruteforce_wait',
                 'error' => true,
-                'message' => $lang->get('bruteforce_wait') . (string) $e->getMessage(),
+                'message' => $lang->get('bruteforce_wait').(string) $e->getMessage(),
             ]
         ];
     }
@@ -2488,7 +2488,7 @@  discard block
 block discarded – undo
     // Clean previous failed attempts
     $failedTasks = DB::query(
         'SELECT increment_id
-        FROM ' . prefixTable('background_tasks') . '
+        FROM ' . prefixTable('background_tasks').'
         WHERE process_type = %s
         AND JSON_EXTRACT(arguments, "$.new_user_id") = %i
         AND status = %s',
@@ -2605,7 +2605,7 @@  discard block
 block discarded – undo
                         $userKeys['public_key']
                     );
                 }*/
-                    error_log('Switch user ' . $username . ' auth_type to oauth2');
+                    error_log('Switch user '.$username.' auth_type to oauth2');
                 // Update user in database:
                 DB::update(
                     prefixTable('users'),
@@ -2829,12 +2829,12 @@  discard block
 block discarded – undo
 {
     // Find the latest "create_user_keys" task for the given user_id
     $latestTask = DB::queryFirstRow(
-        'SELECT arguments, status FROM ' . prefixTable('background_tasks') . '
+        'SELECT arguments, status FROM '.prefixTable('background_tasks').'
         WHERE process_type = %s
         AND arguments LIKE %s
         ORDER BY increment_id DESC
         LIMIT 1',
-        'create_user_keys', '%"new_user_id":' . $userId . '%'
+        'create_user_keys', '%"new_user_id":'.$userId.'%'
     );
 
     // If a failed task is found, return an error message
@@ -3046,15 +3046,15 @@  discard block
 block discarded – undo
 
             if ($ret['error'] !== false) {
                 logEvents($SETTINGS, 'failed_auth', 'bad_duo_mfa', '', stripslashes($username), stripslashes($username));
-                $session->set('user-duo_status','');
-                $session->set('user-duo_state','');
-                $session->set('user-duo_data','');
+                $session->set('user-duo_status', '');
+                $session->set('user-duo_state', '');
+                $session->set('user-duo_data', '');
                 return [
                     'error' => true,
                     'mfaData' => $ret,
                     'mfaQRCodeInfos' => false,
                 ];
-            } else if ($ret['duo_url_ready'] === true){
+            } else if ($ret['duo_url_ready'] === true) {
                 return [
                     'error' => false,
                     'mfaData' => $ret,
@@ -3118,7 +3118,7 @@  discard block
 block discarded – undo
     // Count failed attempts from this source
     $count = DB::queryFirstField(
         'SELECT COUNT(*)
-        FROM ' . prefixTable('auth_failures') . '
+        FROM ' . prefixTable('auth_failures').'
         WHERE source = %s AND value = %s',
         $source,
         $value

Please login to merge, or discard this patch.

		@@ -146,7 +146,7 @@ discard block
		block discarded – undo
146	146	$sessionPwdAttempts = $session->get('pwd_attempts');
147	147	$sessionUrl = $session->get('user-initial_url');
148	148	$server = [];
149		- $server['PHP_AUTH_USER'] = $request->getUser();
	149	+ $server['PHP_AUTH_USER'] = $request->getUser();
150	150	$server['PHP_AUTH_PW'] = $request->getPassword();
151	151
152	152	// decrypt and retreive data in JSON format
		@@ -166,18 +166,18 @@ discard block
		block discarded – undo
166	166	}
167	167
168	168	// Check if Duo auth is in progress and pass the pw and login back to the standard login process
169		- if(
	169	+ if (
170	170	isKeyExistingAndEqual('duo', 1, $SETTINGS) === true
171	171	&& $dataReceived['user_2fa_selection'] === 'duo'
172	172	&& $session->get('user-duo_status') === 'IN_PROGRESS'
173	173	&& !empty($dataReceived['duo_state'])
174		- ){
	174	+ ) {
175	175	$key = hash('sha256', $dataReceived['duo_state']);
176	176	$iv = substr(hash('sha256', $dataReceived['duo_state']), 0, 16);
177	177	$duo_data_dec = openssl_decrypt(base64_decode($session->get('user-duo_data')), 'AES-256-CBC', $key, 0, $iv);
178	178	// Clear the data from the Duo process to continue clean with the standard login process
179		- $session->set('user-duo_data','');
180		- if($duo_data_dec === false) {
	179	+ $session->set('user-duo_data', '');
	180	+ if ($duo_data_dec === false) {
181	181	// Add failed authentication log
182	182	addFailedAuthentication(filter_var($dataReceived['login'], FILTER_SANITIZE_FULL_SPECIAL_CHARS), getClientIpServer());
183	183
		@@ -195,7 +195,7 @@ discard block
		block discarded – undo
195	195	$dataReceived['login'] = $duo_data['duo_login'];
196	196	}
197	197
198		- if(isset($dataReceived['pw']) === false \|\| isset($dataReceived['login']) === false) {
	198	+ if (isset($dataReceived['pw']) === false \|\| isset($dataReceived['login']) === false) {
199	199	echo json_encode([
200	200	'data' => prepareExchangedData(
201	201	[
		@@ -503,7 +503,7 @@ discard block
		block discarded – undo
503	503	0,
504	504	(string) $return,
505	505	(array) $userInfo ?? [],
506		- false, // not success
	506	+ false, // not success
507	507	'user_is_locked',
508	508	$lang->get('account_is_locked')
509	509	),
		@@ -519,7 +519,7 @@ discard block
		block discarded – undo
519	519	(int) $sessionPwdAttempts,
520	520	(string) $return,
521	521	(array) $userInfo ?? [],
522		- false, // not success
	522	+ false, // not success
523	523	true,
524	524	$lang->get('error_not_allowed_to_authenticate')
525	525	),
		@@ -801,7 +801,7 @@ discard block
		block discarded – undo
801	801	// Get cache tree info
802	802	$cacheTreeData = DB::queryFirstRow(
803	803	'SELECT visible_folders
804		- FROM ' . prefixTable('cache_tree') . '
	804	+ FROM ' . prefixTable('cache_tree').'
805	805	WHERE user_id=%i',
806	806	(int) $session->get('user-id')
807	807	);
		@@ -829,7 +829,7 @@ discard block
		block discarded – undo
829	829	$lang = new Language($session->get('user-language') ?? 'english');
830	830	if (isKeyExistingAndEqual('enable_send_email_on_user_login', 1, $SETTINGS) === true) {
831	831	// get all Admin users
832		- $val = DB::queryFirstRow('SELECT email FROM ' . prefixTable('users') . " WHERE admin = %i and email != ''", 1);
	832	+ $val = DB::queryFirstRow('SELECT email FROM '.prefixTable('users')." WHERE admin = %i and email != ''", 1);
833	833	if (DB::count() > 0) {
834	834	// Add email to table
835	835	prepareSendingEmail(
		@@ -841,7 +841,7 @@ discard block
		block discarded – undo
841	841	'#tp_time#',
842	842	],
843	843	[
844		- ' ' . $session->get('user-login') . ' (IP: ' . getClientIpServer() . ')',
	844	+ ' '.$session->get('user-login').' (IP: '.getClientIpServer().')',
845	845	date($SETTINGS['date_format'], (int) time()),
846	846	date($SETTINGS['time_format'], (int) time()),
847	847	],
		@@ -948,7 +948,7 @@ discard block
		block discarded – undo
948	948	if (is_null($userInfo['roles_from_ad_groups']) === false) {
949	949	$userInfo['fonction_id'] = empty($userInfo['fonction_id']) === true
950	950	? $userInfo['roles_from_ad_groups']
951		- : $userInfo['fonction_id'] . ';' . $userInfo['roles_from_ad_groups'];
	951	+ : $userInfo['fonction_id'].';'.$userInfo['roles_from_ad_groups'];
952	952	}
953	953
954	954	// Store roles in session
		@@ -965,7 +965,7 @@ discard block
		block discarded – undo
965	965	// Get roles from database
966	966	$rolesList = DB::query(
967	967	'SELECT id, title, complexity
968		- FROM ' . prefixTable('roles_title') . '
	968	+ FROM ' . prefixTable('roles_title').'
969	969	WHERE id IN %li',
970	970	$session->get('user-roles_array')
971	971	);
		@@ -1054,7 +1054,7 @@ discard block
		block discarded – undo
1054	1054	{
1055	1055	$rows = DB::query(
1056	1056	'SELECT date
1057		- FROM ' . prefixTable('log_system') . "
	1057	+ FROM ' . prefixTable('log_system')."
1058	1058	WHERE field_1 = %s
1059	1059	AND type = 'failed_auth'
1060	1060	AND label = 'password_is_not_correct'
		@@ -1068,7 +1068,7 @@ discard block
		block discarded – undo
1068	1068	foreach ($rows as $record) {
1069	1069	array_push(
1070	1070	$arrAttempts,
1071		- date($SETTINGS['date_format'] . ' ' . $SETTINGS['time_format'], (int) $record['date'])
	1071	+ date($SETTINGS['date_format'].' '.$SETTINGS['time_format'], (int) $record['date'])
1072	1072	);
1073	1073	}
1074	1074	}
		@@ -1103,7 +1103,7 @@ discard block
		block discarded – undo
1103	1103	$ldapConnection
1104	1104	) : bool
1105	1105	{
1106		- include_once $SETTINGS['cpassman_dir'] . '/sources/main.functions.php';
	1106	+ include_once $SETTINGS['cpassman_dir'].'/sources/main.functions.php';
1107	1107
1108	1108	if ((int) $userInfoDisabled === 1) {
1109	1109	return false;
		@@ -1191,7 +1191,7 @@ discard block
		block discarded – undo
1191	1191	// If user has seed but no backup, create it on first successful login
1192	1192	if (!empty($userInfo['user_derivation_seed']) && empty($userInfo['private_key_backup'])) {
1193	1193	if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) {
1194		- error_log('TEAMPASS Transparent Recovery - Creating backup for user ' . ($userInfo['login'] ?? 'unknown'));
	1194	+ error_log('TEAMPASS Transparent Recovery - Creating backup for user '.($userInfo['login'] ?? 'unknown'));
1195	1195	}
1196	1196
1197	1197	$derivedKey = deriveBackupKey($userInfo['user_derivation_seed'], $userInfo['public_key'], $SETTINGS);
		@@ -1361,7 +1361,7 @@ discard block
		block discarded – undo
1361	1361	} catch (Exception $e) {
1362	1362	return [
1363	1363	'error' => true,
1364		- 'message' => "Error: " . $e->getMessage(),
	1364	+ 'message' => "Error: ".$e->getMessage(),
1365	1365	];
1366	1366	}
1367	1367	}
		@@ -1392,7 +1392,7 @@ discard block
		block discarded – undo
1392	1392	'type' => 'OpenLDAP'
1393	1393	];
1394	1394	default:
1395		- throw new Exception("Unsupported LDAP type: " . $SETTINGS['ldap_type']);
	1395	+ throw new Exception("Unsupported LDAP type: ".$SETTINGS['ldap_type']);
1396	1396	}
1397	1397	}
1398	1398
		@@ -1529,7 +1529,7 @@ discard block
		block discarded – undo
1529	1529	);
1530	1530	}
1531	1531
1532		- throw new Exception("Unsupported LDAP type: " . $ldapHandler['type']);
	1532	+ throw new Exception("Unsupported LDAP type: ".$ldapHandler['type']);
1533	1533	}
1534	1534
1535	1535	/**
		@@ -1546,12 +1546,12 @@ discard block
		block discarded – undo
1546	1546	if (isset($SETTINGS['enable_ad_users_with_ad_groups']) === true && (int) $SETTINGS['enable_ad_users_with_ad_groups'] === 1) {
1547	1547	// Get user groups from AD
1548	1548	$user_ad_groups = [];
1549		- foreach($groups as $group) {
	1549	+ foreach ($groups as $group) {
1550	1550	//print_r($group);
1551	1551	// get relation role id for AD group
1552	1552	$role = DB::queryFirstRow(
1553	1553	'SELECT lgr.role_id
1554		- FROM ' . prefixTable('ldap_groups_roles') . ' AS lgr
	1554	+ FROM ' . prefixTable('ldap_groups_roles').' AS lgr
1555	1555	WHERE lgr.ldap_group_id = %s',
1556	1556	$group
1557	1557	);
		@@ -1614,7 +1614,7 @@ discard block
		block discarded – undo
1614	1614	$passwordManager = new PasswordManager();
1615	1615
1616	1616	// Migrate password if needed
1617		- $result = $passwordManager->migratePassword(
	1617	+ $result = $passwordManager->migratePassword(
1618	1618	$userInfo['pw'],
1619	1619	$passwordClear,
1620	1620	(int) $userInfo['id']
		@@ -1692,7 +1692,7 @@ discard block
		block discarded – undo
1692	1692	// Check if exists in DB
1693	1693	$groupData = DB::queryFirstRow(
1694	1694	'SELECT id
1695		- FROM ' . prefixTable('roles_title') . '
	1695	+ FROM ' . prefixTable('roles_title').'
1696	1696	WHERE title = %s',
1697	1697	$group["displayName"]
1698	1698	);
		@@ -1841,7 +1841,7 @@ discard block
		block discarded – undo
1841	1841
1842	1842	// generate new QR
1843	1843	$new_2fa_qr = $tfa->getQRCodeImageAsDataUri(
1844		- 'Teampass - ' . $username,
	1844	+ 'Teampass - '.$username,
1845	1845	$userInfo['ga']
1846	1846	);
1847	1847	// clear temporary code from DB
		@@ -1854,7 +1854,7 @@ discard block
		block discarded – undo
1854	1854	$userInfo['id']
1855	1855	);
1856	1856	$firstTime = [
1857		- 'value' => '<img src="' . $new_2fa_qr . '">',
	1857	+ 'value' => '<img src="'.$new_2fa_qr.'">',
1858	1858	'user_admin' => isset($sessionAdmin) ? (int) $sessionAdmin : '',
1859	1859	'initial_url' => isset($sessionUrl) === true ? $sessionUrl : '',
1860	1860	'pwd_attempts' => (int) $sessionPwdAttempts,
		@@ -2010,7 +2010,7 @@ discard block
		block discarded – undo
2010	2010	}*/
2011	2011	return [
2012	2012	'error' => true,
2013		- 'message' => $duo_error . $lang->get('duo_error_check_config'),
	2013	+ 'message' => $duo_error.$lang->get('duo_error_check_config'),
2014	2014	'pwd_attempts' => (int) $sessionPwdAttempts,
2015	2015	'debug_message' => $e->getMessage(),
2016	2016	'proceedIdentification' => false,
		@@ -2026,7 +2026,7 @@ discard block
		block discarded – undo
2026	2026	} catch (DuoException $e) {
2027	2027	return [
2028	2028	'error' => true,
2029		- 'message' => $duo_error . $lang->get('duo_error_url'),
	2029	+ 'message' => $duo_error.$lang->get('duo_error_url'),
2030	2030	'pwd_attempts' => (int) $sessionPwdAttempts,
2031	2031	'debug_message' => $e->getMessage(),
2032	2032	'proceedIdentification' => false,
		@@ -2034,7 +2034,7 @@ discard block
		block discarded – undo
2034	2034	}
2035	2035
2036	2036	// Somethimes Duo return success but fail to return a URL, double check if the URL has been created
2037		- if (!empty($duo_redirect_url) && filter_var($duo_redirect_url,FILTER_SANITIZE_URL)) {
	2037	+ if (!empty($duo_redirect_url) && filter_var($duo_redirect_url, FILTER_SANITIZE_URL)) {
2038	2038	// Since Duo Universal requires a redirect, let's store some info when the user get's back after completing the Duo prompt
2039	2039	$key = hash('sha256', $duo_state);
2040	2040	$iv = substr(hash('sha256', $duo_state), 0, 16);
		@@ -2062,7 +2062,7 @@ discard block
		block discarded – undo
2062	2062	} else {
2063	2063	return [
2064	2064	'error' => true,
2065		- 'message' => $duo_error . $lang->get('duo_error_url'),
	2065	+ 'message' => $duo_error.$lang->get('duo_error_url'),
2066	2066	'pwd_attempts' => (int) $sessionPwdAttempts,
2067	2067	'proceedIdentification' => false,
2068	2068	];
		@@ -2083,8 +2083,8 @@ discard block
		block discarded – undo
2083	2083	// return the response (which should be the user name)
2084	2084	if ($decoded_token['preferred_username'] === $username) {
2085	2085	$session->set('user-duo_status', 'COMPLET');
2086		- $session->set('user-duo_state','');
2087		- $session->set('user-duo_data','');
	2086	+ $session->set('user-duo_state', '');
	2087	+ $session->set('user-duo_data', '');
2088	2088	$session->set('user-login', $username);
2089	2089
2090	2090	return [
		@@ -2095,9 +2095,9 @@ discard block
		block discarded – undo
2095	2095	];
2096	2096	} else {
2097	2097	// Something wrong, username from the original Duo request is different than the one received now
2098		- $session->set('user-duo_status','');
2099		- $session->set('user-duo_state','');
2100		- $session->set('user-duo_data','');
	2098	+ $session->set('user-duo_status', '');
	2099	+ $session->set('user-duo_state', '');
	2100	+ $session->set('user-duo_data', '');
2101	2101
2102	2102	return [
2103	2103	'error' => true,
		@@ -2108,9 +2108,9 @@ discard block
		block discarded – undo
2108	2108	}
2109	2109	}
2110	2110	// If we are here something wrong
2111		- $session->set('user-duo_status','');
2112		- $session->set('user-duo_state','');
2113		- $session->set('user-duo_data','');
	2111	+ $session->set('user-duo_status', '');
	2112	+ $session->set('user-duo_state', '');
	2113	+ $session->set('user-duo_data', '');
2114	2114	return [
2115	2115	'error' => true,
2116	2116	'message' => $lang->get('duo_login_mismatch'),
		@@ -2229,7 +2229,7 @@ discard block
		block discarded – undo
2229	2229	// Check for existing lock
2230	2230	$unlock_at = DB::queryFirstField(
2231	2231	'SELECT MAX(unlock_at)
2232		- FROM ' . prefixTable('auth_failures') . '
	2232	+ FROM ' . prefixTable('auth_failures').'
2233	2233	WHERE unlock_at > %s
2234	2234	AND ((source = %s AND value = %s) OR (source = %s AND value = %s))',
2235	2235	date('Y-m-d H:i:s', time()),
		@@ -2251,8 +2251,8 @@ discard block
		block discarded – undo
2251	2251	// Get user info from DB
2252	2252	$data = DB::queryFirstRow(
2253	2253	'SELECT u.*, a.value AS api_key
2254		- FROM ' . prefixTable('users') . ' AS u
2255		- LEFT JOIN ' . prefixTable('api') . ' AS a ON (u.id = a.user_id)
	2254	+ FROM ' . prefixTable('users').' AS u
	2255	+ LEFT JOIN ' . prefixTable('api').' AS a ON (u.id = a.user_id)
2256	2256	WHERE login = %s AND deleted_at IS NULL',
2257	2257	$login
2258	2258	);
		@@ -2271,9 +2271,9 @@ discard block
		block discarded – undo
2271	2271	// Check if similar login deleted exists
2272	2272	DB::queryFirstRow(
2273	2273	'SELECT id, login
2274		- FROM ' . prefixTable('users') . '
	2274	+ FROM ' . prefixTable('users').'
2275	2275	WHERE login LIKE %s AND deleted_at IS NOT NULL',
2276		- $login . '_deleted_%'
	2276	+ $login.'_deleted_%'
2277	2277	);
2278	2278
2279	2279	if (DB::count() > 0) {
		@@ -2383,7 +2383,7 @@ discard block
		block discarded – undo
2383	2383	'array' => [
2384	2384	'value' => 'bruteforce_wait',
2385	2385	'error' => true,
2386		- 'message' => $lang->get('bruteforce_wait') . (string) $e->getMessage(),
	2386	+ 'message' => $lang->get('bruteforce_wait').(string) $e->getMessage(),
2387	2387	]
2388	2388	];
2389	2389	}
		@@ -2488,7 +2488,7 @@ discard block
		block discarded – undo
2488	2488	// Clean previous failed attempts
2489	2489	$failedTasks = DB::query(
2490	2490	'SELECT increment_id
2491		- FROM ' . prefixTable('background_tasks') . '
	2491	+ FROM ' . prefixTable('background_tasks').'
2492	2492	WHERE process_type = %s
2493	2493	AND JSON_EXTRACT(arguments, "$.new_user_id") = %i
2494	2494	AND status = %s',
		@@ -2605,7 +2605,7 @@ discard block
		block discarded – undo
2605	2605	$userKeys['public_key']
2606	2606	);
2607	2607	}*/
2608		- error_log('Switch user ' . $username . ' auth_type to oauth2');
	2608	+ error_log('Switch user '.$username.' auth_type to oauth2');
2609	2609	// Update user in database:
2610	2610	DB::update(
2611	2611	prefixTable('users'),
		@@ -2829,12 +2829,12 @@ discard block
		block discarded – undo
2829	2829	{
2830	2830	// Find the latest "create_user_keys" task for the given user_id
2831	2831	$latestTask = DB::queryFirstRow(
2832		- 'SELECT arguments, status FROM ' . prefixTable('background_tasks') . '
	2832	+ 'SELECT arguments, status FROM '.prefixTable('background_tasks').'
2833	2833	WHERE process_type = %s
2834	2834	AND arguments LIKE %s
2835	2835	ORDER BY increment_id DESC
2836	2836	LIMIT 1',
2837		- 'create_user_keys', '%"new_user_id":' . $userId . '%'
	2837	+ 'create_user_keys', '%"new_user_id":'.$userId.'%'
2838	2838	);
2839	2839
2840	2840	// If a failed task is found, return an error message
		@@ -3046,15 +3046,15 @@ discard block
		block discarded – undo
3046	3046
3047	3047	if ($ret['error'] !== false) {
3048	3048	logEvents($SETTINGS, 'failed_auth', 'bad_duo_mfa', '', stripslashes($username), stripslashes($username));
3049		- $session->set('user-duo_status','');
3050		- $session->set('user-duo_state','');
3051		- $session->set('user-duo_data','');
	3049	+ $session->set('user-duo_status', '');
	3050	+ $session->set('user-duo_state', '');
	3051	+ $session->set('user-duo_data', '');
3052	3052	return [
3053	3053	'error' => true,
3054	3054	'mfaData' => $ret,
3055	3055	'mfaQRCodeInfos' => false,
3056	3056	];
3057		- } else if ($ret['duo_url_ready'] === true){
	3057	+ } else if ($ret['duo_url_ready'] === true) {
3058	3058	return [
3059	3059	'error' => false,
3060	3060	'mfaData' => $ret,
		@@ -3118,7 +3118,7 @@ discard block
		block discarded – undo
3118	3118	// Count failed attempts from this source
3119	3119	$count = DB::queryFirstField(
3120	3120	'SELECT COUNT(*)
3121		- FROM ' . prefixTable('auth_failures') . '
	3121	+ FROM ' . prefixTable('auth_failures').'
3122	3122	WHERE source = %s AND value = %s',
3123	3123	$source,
3124	3124	$value

nilsteampassnet / TeamPass

Pull Request — master (#4954)

Status

Category

Spacing +53 added lines, -53 removed lines patch added patch discarded remove patch