simplesamlphp /
simplesamlphp-module-webauthn
@@ -182,7 +182,7 @@ |
||
| 182 | 182 | return $this->credential; |
| 183 | 183 | } |
| 184 | 184 | |
| 185 | - /** |
|
| 185 | + /** |
|
| 186 | 186 | * @return int |
| 187 | 187 | */ |
| 188 | 188 | public function getAlgo(): int |
@@ -45,7 +45,7 @@ |
||
| 45 | 45 | $config, |
| 46 | 46 | 'authsources[' . var_export($this->authId, true) . ']' |
| 47 | 47 | ); |
| 48 | - $this->authnContextClassRef = $this->authSourceConfig->getOptionalString("authncontextclassref",'urn:rsa:names:tc:SAML:2.0:ac:classes:FIDO'); |
|
| 48 | + $this->authnContextClassRef = $this->authSourceConfig->getOptionalString("authncontextclassref", 'urn:rsa:names:tc:SAML:2.0:ac:classes:FIDO'); |
|
| 49 | 49 | $moduleConfig = Configuration::getOptionalConfig('module_webauthn.php')->toArray(); |
| 50 | 50 | |
| 51 | 51 | $initialStateData = new StateData(); |
@@ -177,7 +177,7 @@ discard block |
||
| 177 | 177 | |
| 178 | 178 | // did we get any client extensions? |
| 179 | 179 | $isResidentKey = 0; |
| 180 | - if (strlen($request->request->get('clientext')) > 0 && count(json_decode($request->request->get('clientext'), true)) > 0 ) { |
|
| 180 | + if (strlen($request->request->get('clientext')) > 0 && count(json_decode($request->request->get('clientext'), true)) > 0) { |
|
| 181 | 181 | $extensions = json_decode($request->request->get('clientext'), true); |
| 182 | 182 | if ($extensions['credProps']['rk'] === true) { |
| 183 | 183 | $isResidentKey = 1; |
@@ -216,7 +216,7 @@ discard block |
||
| 216 | 216 | $id = $this->authState::saveState($state, 'webauthn:request'); |
| 217 | 217 | if ($debugEnabled === true) { |
| 218 | 218 | $response = new RunnableResponse( |
| 219 | - function (WebAuthnRegistrationEvent $regObject, string $id) { |
|
| 219 | + function(WebAuthnRegistrationEvent $regObject, string $id) { |
|
| 220 | 220 | echo $regObject->getDebugBuffer(); |
| 221 | 221 | echo $regObject->getValidateBuffer(); |
| 222 | 222 | echo "<form id='regform' method='POST' action='" . |
@@ -93,8 +93,8 @@ discard block |
||
| 93 | 93 | public static function loadState(string $id, string $stage, bool $allowMissing = false): ?array |
| 94 | 94 | { |
| 95 | 95 | return [ |
| 96 | - 'FIDO2AuthSuccessful' => true, |
|
| 97 | - 'FIDO2PasswordlessAuthMode' => false, |
|
| 96 | + 'FIDO2AuthSuccessful' => true, |
|
| 97 | + 'FIDO2PasswordlessAuthMode' => false, |
|
| 98 | 98 | ]; |
| 99 | 99 | } |
| 100 | 100 | }); |
@@ -154,8 +154,8 @@ discard block |
||
| 154 | 154 | public static function loadState(string $id, string $stage, bool $allowMissing = false): ?array |
| 155 | 155 | { |
| 156 | 156 | return [ |
| 157 | - 'FIDO2AuthSuccessful' => true, |
|
| 158 | - 'FIDO2PasswordlessAuthMode' => false, |
|
| 157 | + 'FIDO2AuthSuccessful' => true, |
|
| 158 | + 'FIDO2PasswordlessAuthMode' => false, |
|
| 159 | 159 | ]; |
| 160 | 160 | } |
| 161 | 161 | }); |
@@ -189,8 +189,8 @@ discard block |
||
| 189 | 189 | 'FIDO2AuthSuccessful' => false, |
| 190 | 190 | 'FIDO2Tokens' => [0 => "foo"], |
| 191 | 191 | 'FIDO2WantsRegister' => false, |
| 192 | - 'UseInflowRegistration' => false, |
|
| 193 | - 'FIDO2PasswordlessAuthMode' => false, |
|
| 192 | + 'UseInflowRegistration' => false, |
|
| 193 | + 'FIDO2PasswordlessAuthMode' => false, |
|
| 194 | 194 | ]; |
| 195 | 195 | } |
| 196 | 196 | }); |
@@ -85,8 +85,8 @@ |
||
| 85 | 85 | 'FIDO2Scope' => 'Ducktown', |
| 86 | 86 | 'FIDO2Tokens' => [], |
| 87 | 87 | 'FIDO2SignupChallenge' => 'abc123', |
| 88 | - 'FIDO2AuthSuccessful' => true, |
|
| 89 | - 'FIDO2PasswordlessAuthMode' => false, |
|
| 88 | + 'FIDO2AuthSuccessful' => true, |
|
| 89 | + 'FIDO2PasswordlessAuthMode' => false, |
|
| 90 | 90 | 'requestTokenModel' => 'something', |
| 91 | 91 | ]; |
| 92 | 92 | } |
@@ -53,11 +53,11 @@ discard block |
||
| 53 | 53 | 'simplesaml' |
| 54 | 54 | ); |
| 55 | 55 | |
| 56 | - $this->module_config = []; |
|
| 57 | - $this->module_config = Configuration::loadFromArray( |
|
| 58 | - [ |
|
| 59 | - 'registration' => ['use_inflow_registration' => true], |
|
| 60 | - ]); |
|
| 56 | + $this->module_config = []; |
|
| 57 | + $this->module_config = Configuration::loadFromArray( |
|
| 58 | + [ |
|
| 59 | + 'registration' => ['use_inflow_registration' => true], |
|
| 60 | + ]); |
|
| 61 | 61 | |
| 62 | 62 | $this->session = Session::getSessionFromRequest(); |
| 63 | 63 | |
@@ -66,7 +66,7 @@ discard block |
||
| 66 | 66 | { |
| 67 | 67 | // do nothing |
| 68 | 68 | } |
| 69 | - }; |
|
| 69 | + }; |
|
| 70 | 70 | Configuration::setPreLoadedConfig($this->config, 'config.php'); |
| 71 | 71 | Configuration::setPreLoadedConfig($this->module_config, 'module_webauthn.php'); |
| 72 | 72 | } |
@@ -96,11 +96,11 @@ discard block |
||
| 96 | 96 | 'FIDO2Scope' => 'Ducktown', |
| 97 | 97 | 'FIDO2Tokens' => [0 => 'A1B2C3', 1 => 'D4E5F6'], |
| 98 | 98 | 'FIDO2SignupChallenge' => 'A1B2C3', |
| 99 | - 'FIDO2WantsRegister' => false, |
|
| 100 | - 'FIDO2PasswordlessAuthMode' => false, |
|
| 99 | + 'FIDO2WantsRegister' => false, |
|
| 100 | + 'FIDO2PasswordlessAuthMode' => false, |
|
| 101 | 101 | 'FIDO2AuthSuccessful' => false, |
| 102 | - 'requestTokenModel' => 'something', |
|
| 103 | - 'Source' => 'There is no real auth source in this test.', |
|
| 102 | + 'requestTokenModel' => 'something', |
|
| 103 | + 'Source' => 'There is no real auth source in this test.', |
|
| 104 | 104 | ]; |
| 105 | 105 | } |
| 106 | 106 | }); |
@@ -109,7 +109,7 @@ discard block |
||
| 109 | 109 | } |
| 110 | 110 | return self::STATE_AUTH_ALLOWMGMT; |
| 111 | 111 | } else { // in inflow, allow to check the management box; otherwise, |
| 112 | - // only auth |
|
| 112 | + // only auth |
|
| 113 | 113 | $moduleConfig = Configuration::getOptionalConfig('module_webauthn.php')->toArray(); |
| 114 | 114 | return $moduleConfig['registration']['use_inflow_registration'] ? self::STATE_AUTH_ALLOWMGMT : self::STATE_AUTH_NOMGMT; |
| 115 | 115 | } |
@@ -213,8 +213,8 @@ discard block |
||
| 213 | 213 | $t->data['showExitButton'] = !array_key_exists('Registration', $state); |
| 214 | 214 | $frontendData['usernameEncoded'] = $usernameEncoded; |
| 215 | 215 | $frontendData['attestation'] = $state['requestTokenModel'] ? "indirect" : "none"; |
| 216 | - $frontendData['credentialIdEncoded'] = $credentialIdEncoded; |
|
| 217 | - $frontendData['FIDO2PasswordlessAuthMode'] = $state['FIDO2PasswordlessAuthMode']; |
|
| 216 | + $frontendData['credentialIdEncoded'] = $credentialIdEncoded; |
|
| 217 | + $frontendData['FIDO2PasswordlessAuthMode'] = $state['FIDO2PasswordlessAuthMode']; |
|
| 218 | 218 | $t->data['frontendData'] = json_encode($frontendData); |
| 219 | 219 | |
| 220 | 220 | $t->data['FIDO2AuthSuccessful'] = $state['FIDO2AuthSuccessful']; |
@@ -166,7 +166,7 @@ discard block |
||
| 166 | 166 | |
| 167 | 167 | $state = $this->authState::loadState($stateId, 'webauthn:request'); |
| 168 | 168 | |
| 169 | - if ( $this->workflowStateMachine($state) != self::STATE_AUTH_NOMGMT ) { |
|
| 169 | + if ($this->workflowStateMachine($state) != self::STATE_AUTH_NOMGMT) { |
|
| 170 | 170 | $templateFile = 'webauthn:webauthn.twig'; |
| 171 | 171 | } else { |
| 172 | 172 | $templateFile = 'webauthn:authentication.twig'; |
@@ -206,7 +206,7 @@ discard block |
||
| 206 | 206 | $frontendData = []; |
| 207 | 207 | $frontendData['challengeEncoded'] = $challengeEncoded; |
| 208 | 208 | $frontendData['state'] = []; |
| 209 | - foreach (['FIDO2Scope','FIDO2Username','FIDO2Displayname','requestTokenModel'] as $stateItem) { |
|
| 209 | + foreach (['FIDO2Scope', 'FIDO2Username', 'FIDO2Displayname', 'requestTokenModel'] as $stateItem) { |
|
| 210 | 210 | $frontendData['state'][$stateItem] = $state[$stateItem]; |
| 211 | 211 | } |
| 212 | 212 | |
@@ -218,7 +218,7 @@ discard block |
||
| 218 | 218 | $t->data['frontendData'] = json_encode($frontendData); |
| 219 | 219 | |
| 220 | 220 | $t->data['FIDO2AuthSuccessful'] = $state['FIDO2AuthSuccessful']; |
| 221 | - if ( $this->workflowStateMachine($state) == self::STATE_MGMT ) { |
|
| 221 | + if ($this->workflowStateMachine($state) == self::STATE_MGMT) { |
|
| 222 | 222 | $t->data['regURL'] = Module::getModuleURL('webauthn/regprocess?StateId=' . urlencode($stateId)); |
| 223 | 223 | $t->data['delURL'] = Module::getModuleURL('webauthn/managetoken?StateId=' . urlencode($stateId)); |
| 224 | 224 | |
@@ -220,7 +220,7 @@ |
||
| 220 | 220 | $this->db->write( |
| 221 | 221 | 'INSERT INTO credentials ' . |
| 222 | 222 | '(user_id, credentialId, credential, algo, presenceLevel, isResidentKey, signCounter, friendlyName, hashedId, aaguid, attLevel) VALUES ' |
| 223 | - . '(:userId,:credentialId,:credential,:algo,:presenceLevel,:isResidentKey,:signCounter,:friendlyName,:hashedId,:aaguid,:attLevel)', |
|
| 223 | + . '(:userId,:credentialId,:credential,:algo,:presenceLevel,:isResidentKey,:signCounter,:friendlyName,:hashedId,:aaguid,:attLevel)', |
|
| 224 | 224 | [ |
| 225 | 225 | 'userId' => $userId, |
| 226 | 226 | 'credentialId' => $credentialId, |
@@ -659,8 +659,8 @@ |
||
| 659 | 659 | } |
| 660 | 660 | |
| 661 | 661 | /** |
| 662 | - * @return string |
|
| 663 | - */ |
|
| 662 | + * @return string |
|
| 663 | + */ |
|
| 664 | 664 | public function getAttestationLevel() { |
| 665 | 665 | return $this->AAGUIDAssurance; |
| 666 | 666 | } |
@@ -624,7 +624,7 @@ |
||
| 624 | 624 | * STEP 13 of the validation procedure in § 7.1 of the spec: is the algorithm the expected one? |
| 625 | 625 | */ |
| 626 | 626 | if (in_array($arrayPK['3'], self::PK_ALGORITHM)) { // we requested -7 or -257, so want to see it here |
| 627 | - $this->algo = (int)$arrayPK['3']; |
|
| 627 | + $this->algo = (int) $arrayPK['3']; |
|
| 628 | 628 | $this->pass("Public Key Algorithm is expected (" . implode(' or ', WebAuthnRegistrationEvent::PK_ALGORITHM) . ")."); |
| 629 | 629 | } else { |
| 630 | 630 | $this->fail("Public Key Algorithm mismatch!"); |
