simplesamlphp /
simplesamlphp-module-webauthn
@@ -45,7 +45,7 @@ |
||
| 45 | 45 | $config, |
| 46 | 46 | 'authsources[' . var_export($this->authId, true) . ']' |
| 47 | 47 | ); |
| 48 | - $this->authnContextClassRef = $this->authSourceConfig->getOptionalString("authncontextclassref",'urn:rsa:names:tc:SAML:2.0:ac:classes:FIDO'); |
|
| 48 | + $this->authnContextClassRef = $this->authSourceConfig->getOptionalString("authncontextclassref", 'urn:rsa:names:tc:SAML:2.0:ac:classes:FIDO'); |
|
| 49 | 49 | $moduleConfig = Configuration::getOptionalConfig('module_webauthn.php')->toArray(); |
| 50 | 50 | |
| 51 | 51 | $initialStateData = new StateData(); |
@@ -177,7 +177,7 @@ discard block |
||
| 177 | 177 | |
| 178 | 178 | // did we get any client extensions? |
| 179 | 179 | $isResidentKey = 0; |
| 180 | - if (strlen($request->request->get('clientext')) > 0 && count(json_decode($request->request->get('clientext'), true)) > 0 ) { |
|
| 180 | + if (strlen($request->request->get('clientext')) > 0 && count(json_decode($request->request->get('clientext'), true)) > 0) { |
|
| 181 | 181 | $extensions = json_decode($request->request->get('clientext'), true); |
| 182 | 182 | if ($extensions['credProps']['rk'] === true) { |
| 183 | 183 | $isResidentKey = 1; |
@@ -216,7 +216,7 @@ discard block |
||
| 216 | 216 | $id = $this->authState::saveState($state, 'webauthn:request'); |
| 217 | 217 | if ($debugEnabled === true) { |
| 218 | 218 | $response = new RunnableResponse( |
| 219 | - function (WebAuthnRegistrationEvent $regObject, string $id) { |
|
| 219 | + function(WebAuthnRegistrationEvent $regObject, string $id) { |
|
| 220 | 220 | echo $regObject->getDebugBuffer(); |
| 221 | 221 | echo $regObject->getValidateBuffer(); |
| 222 | 222 | echo "<form id='regform' method='POST' action='" . |
@@ -166,7 +166,7 @@ discard block |
||
| 166 | 166 | |
| 167 | 167 | $state = $this->authState::loadState($stateId, 'webauthn:request'); |
| 168 | 168 | |
| 169 | - if ( $this->workflowStateMachine($state) != self::STATE_AUTH_NOMGMT ) { |
|
| 169 | + if ($this->workflowStateMachine($state) != self::STATE_AUTH_NOMGMT) { |
|
| 170 | 170 | $templateFile = 'webauthn:webauthn.twig'; |
| 171 | 171 | } else { |
| 172 | 172 | $templateFile = 'webauthn:authentication.twig'; |
@@ -206,7 +206,7 @@ discard block |
||
| 206 | 206 | $frontendData = []; |
| 207 | 207 | $frontendData['challengeEncoded'] = $challengeEncoded; |
| 208 | 208 | $frontendData['state'] = []; |
| 209 | - foreach (['FIDO2Scope','FIDO2Username','FIDO2Displayname','requestTokenModel'] as $stateItem) { |
|
| 209 | + foreach (['FIDO2Scope', 'FIDO2Username', 'FIDO2Displayname', 'requestTokenModel'] as $stateItem) { |
|
| 210 | 210 | $frontendData['state'][$stateItem] = $state[$stateItem]; |
| 211 | 211 | } |
| 212 | 212 | |
@@ -218,7 +218,7 @@ discard block |
||
| 218 | 218 | $t->data['frontendData'] = json_encode($frontendData); |
| 219 | 219 | |
| 220 | 220 | $t->data['FIDO2AuthSuccessful'] = $state['FIDO2AuthSuccessful']; |
| 221 | - if ( $this->workflowStateMachine($state) == self::STATE_MGMT ) { |
|
| 221 | + if ($this->workflowStateMachine($state) == self::STATE_MGMT) { |
|
| 222 | 222 | $t->data['regURL'] = Module::getModuleURL('webauthn/regprocess?StateId=' . urlencode($stateId)); |
| 223 | 223 | $t->data['delURL'] = Module::getModuleURL('webauthn/managetoken?StateId=' . urlencode($stateId)); |
| 224 | 224 | |
@@ -80,7 +80,7 @@ discard block |
||
| 80 | 80 | * exception. |
| 81 | 81 | * |
| 82 | 82 | */ |
| 83 | - 'aaguid_whitelist' => [ ], |
|
| 83 | + 'aaguid_whitelist' => [], |
|
| 84 | 84 | /* |
| 85 | 85 | * Some authenticators are more equal than others. Apple TouchID and |
| 86 | 86 | * FaceID set their AAGUID to all-zeroes so can't be whitelisted. But |
@@ -93,11 +93,11 @@ discard block |
||
| 93 | 93 | * |
| 94 | 94 | * https://webkit.org/blog/11312/meet-face-id-and-touch-id-for-the-web/ |
| 95 | 95 | */ |
| 96 | - 'attestation_format_whitelist' => [ ], |
|
| 96 | + 'attestation_format_whitelist' => [], |
|
| 97 | 97 | ], |
| 98 | 98 | 'policy_passwordless' => [ |
| 99 | 99 | 'minimum_certification_level' => WebAuthnRegistrationEvent::FIDO_CERTIFIED_L1, |
| 100 | - 'aaguid_whitelist' => [ ], |
|
| 100 | + 'aaguid_whitelist' => [], |
|
| 101 | 101 | 'attestation_format_whitelist' => ['apple'], |
| 102 | 102 | ], |
| 103 | 103 | |
@@ -160,7 +160,7 @@ discard block |
||
| 160 | 160 | base64_decode($request->request->get('client_data_raw')), |
| 161 | 161 | $oneToken[0], |
| 162 | 162 | $oneToken[1], |
| 163 | - (int)$oneToken[4], // algo |
|
| 163 | + (int) $oneToken[4], // algo |
|
| 164 | 164 | base64_decode($request->request->get('signature')), |
| 165 | 165 | $debugEnabled |
| 166 | 166 | ); |
@@ -216,7 +216,7 @@ discard block |
||
| 216 | 216 | |
| 217 | 217 | if ($debugEnabled) { |
| 218 | 218 | $response = new RunnableResponse( |
| 219 | - function (WebAuthnAuthenticationEvent $authObject, array $state) { |
|
| 219 | + function(WebAuthnAuthenticationEvent $authObject, array $state) { |
|
| 220 | 220 | echo $authObject->getDebugBuffer(); |
| 221 | 221 | echo $authObject->getValidateBuffer(); |
| 222 | 222 | echo "Debug mode, not continuing to " . ($state['FIDO2WantsRegister'] ? "credential registration page." : "destination."); |
@@ -240,7 +240,7 @@ discard block |
||
| 240 | 240 | * In passwordless, we're on our own. The one thing we know is the |
| 241 | 241 | * username. |
| 242 | 242 | */ |
| 243 | - $state['Attributes'][$state['FIDO2AttributeStoringUsername']] = [ $state['FIDO2Username'] ]; |
|
| 243 | + $state['Attributes'][$state['FIDO2AttributeStoringUsername']] = [$state['FIDO2Username']]; |
|
| 244 | 244 | // now properly return our final state to the framework |
| 245 | 245 | Source::completeAuth($state); |
| 246 | 246 | } |
