Issues in Supercharged.php (master) - Issues in master - simplesamlphp/simplesamlphp-module-webauthn - Measure and Improve Code Quality continuously with Scrutinizer

Issues (34)

src/Controller/Supercharged.php (1 issue)

Labels

Bug 1

Severity

Major 1

<?php

declare(strict_types=1);

namespace SimpleSAML\Module\webauthn\Controller;

use SimpleSAML\Error;
use SimpleSAML\Module;
use SimpleSAML\Utils;
use SimpleSAML\XHTML\Template;
use Symfony\Component\HttpFoundation\Request;

/**
 * Controller class for the webauthn module.
 *
 * This class serves the different views available in the module.
 *
 * @package SimpleSAML\Module\webauthn
 */
class Supercharged extends WebAuthn
filter:
    dependency_paths: ["lib/*"]
{
    /**
     * @param \Symfony\Component\HttpFoundation\Request $request
     * @return \SimpleSAML\XHTML\Template  A Symfony Response-object.
     */
    public function main(Request $request): Template
    {
        $this->logger::info('FIDO2 - Accessing Supercharged interface');

        $stateId = $request->query->get('StateId');
        if ($stateId === null) {
            throw new Error\BadRequest('Missing required StateId query parameter.');
        }

        $state = $this->authState::loadState($stateId, 'webauthn:request');

        $templateFile = 'webauthn:supercharged.twig';

        // Make, populate and layout consent form
        $t = new Template($this->config, $templateFile);
        $t->data['UserID'] = $state['FIDO2Username'];
        $t->data['FIDO2Tokens'] = $state['FIDO2Tokens'];
        // in case IdPs want to override UI and display SP-specific content
        $t->data['entityid'] = $state['SPMetadata']['entityid'] ?? 'WEBAUTHN-SP-NONE';

        $challenge = str_split($state['FIDO2SignupChallenge'], 2);
        $configUtils = new Utils\Config();
        $username = str_split(
            hash('sha512', $state['FIDO2Username'] . '|' . $configUtils->getSecretSalt()),
            2,
        );

        $challengeEncoded = [];
        foreach ($challenge as $oneChar) {
            $challengeEncoded[] = hexdec($oneChar);
        }

        $credentialIdEncoded = [];
        foreach ($state['FIDO2Tokens'] as $number => $token) {
            $idSplit = str_split($token[0], 2);
            $credentialIdEncoded[$number] = [];
            foreach ($idSplit as $credIdBlock) {
                $credentialIdEncoded[$number][] = hexdec($credIdBlock);
            }
        }

        $usernameEncoded = [];
        foreach ($username as $oneChar) {
            $usernameEncoded[] = hexdec($oneChar);
        }

        $frontendData = [];
        $frontendData['challengeEncoded'] = $challengeEncoded;
        $frontendData['state'] = [];
        foreach (['FIDO2Scope','FIDO2Username','FIDO2Displayname','requestTokenModel'] as $stateItem) {
            $frontendData['state'][$stateItem] = $state[$stateItem];
        }

        $t->data['showExitButton'] = !array_key_exists('Registration', $state);
        $frontendData['usernameEncoded'] = $usernameEncoded;
        $frontendData['attestation'] = $state['requestTokenModel'] ? "indirect" : "none";
        $frontendData['credentialIdEncoded'] = $credentialIdEncoded;
        $frontendData['FIDO2PasswordlessAuthMode'] = $state['FIDO2PasswordlessAuthMode'];
        $t->data['hasPreviouslyDonePasswordless'] = $_COOKIE['SuccessfullyUsedPasswordlessBefore'] ?? "NO";
        $t->data['frontendData'] = json_encode($frontendData);

        $t->data['authForm'] = "";
        $t->data['authURL'] = Module::getModuleURL('webauthn/authprocess?StateId=' . urlencode($stateId));
        $t->data['pushbackURL'] = Module::getModuleURL('webauthn/pushbackuserpass?StateId=' . urlencode($stateId));

        // dynamically generate the JS code needed for token registration
        return $t;
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace SimpleSAML\Module\webauthn\Controller;
6
7			use SimpleSAML\Error;
8			use SimpleSAML\Module;
9			use SimpleSAML\Utils;
10			use SimpleSAML\XHTML\Template;
11			use Symfony\Component\HttpFoundation\Request;
12
13			/**
14			* Controller class for the webauthn module.
15			*
16			* This class serves the different views available in the module.
17			*
18			* @package SimpleSAML\Module\webauthn
19			*/
20			class Supercharged extends WebAuthn
			0 ignored issues – show Bug introduced 2025-12-19 10:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `SimpleSAML\Module\webauthn\Controller\WebAuthn` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
21			{
22			/**
23			* @param \Symfony\Component\HttpFoundation\Request $request
24			* @return \SimpleSAML\XHTML\Template A Symfony Response-object.
25			*/
26			public function main(Request $request): Template
27			{
28			$this->logger::info('FIDO2 - Accessing Supercharged interface');
29
30			$stateId = $request->query->get('StateId');
31			if ($stateId === null) {
32			throw new Error\BadRequest('Missing required StateId query parameter.');
33			}
34
35			$state = $this->authState::loadState($stateId, 'webauthn:request');
36
37			$templateFile = 'webauthn:supercharged.twig';
38
39			// Make, populate and layout consent form
40			$t = new Template($this->config, $templateFile);
41			$t->data['UserID'] = $state['FIDO2Username'];
42			$t->data['FIDO2Tokens'] = $state['FIDO2Tokens'];
43			// in case IdPs want to override UI and display SP-specific content
44			$t->data['entityid'] = $state['SPMetadata']['entityid'] ?? 'WEBAUTHN-SP-NONE';
45
46			$challenge = str_split($state['FIDO2SignupChallenge'], 2);
47			$configUtils = new Utils\Config();
48			$username = str_split(
49			hash('sha512', $state['FIDO2Username'] . '\|' . $configUtils->getSecretSalt()),
50			2,
51			);
52
53			$challengeEncoded = [];
54			foreach ($challenge as $oneChar) {
55			$challengeEncoded[] = hexdec($oneChar);
56			}
57
58			$credentialIdEncoded = [];
59			foreach ($state['FIDO2Tokens'] as $number => $token) {
60			$idSplit = str_split($token[0], 2);
61			$credentialIdEncoded[$number] = [];
62			foreach ($idSplit as $credIdBlock) {
63			$credentialIdEncoded[$number][] = hexdec($credIdBlock);
64			}
65			}
66
67			$usernameEncoded = [];
68			foreach ($username as $oneChar) {
69			$usernameEncoded[] = hexdec($oneChar);
70			}
71
72			$frontendData = [];
73			$frontendData['challengeEncoded'] = $challengeEncoded;
74			$frontendData['state'] = [];
75			foreach (['FIDO2Scope','FIDO2Username','FIDO2Displayname','requestTokenModel'] as $stateItem) {
76			$frontendData['state'][$stateItem] = $state[$stateItem];
77			}
78
79			$t->data['showExitButton'] = !array_key_exists('Registration', $state);
80			$frontendData['usernameEncoded'] = $usernameEncoded;
81			$frontendData['attestation'] = $state['requestTokenModel'] ? "indirect" : "none";
82			$frontendData['credentialIdEncoded'] = $credentialIdEncoded;
83			$frontendData['FIDO2PasswordlessAuthMode'] = $state['FIDO2PasswordlessAuthMode'];
84			$t->data['hasPreviouslyDonePasswordless'] = $_COOKIE['SuccessfullyUsedPasswordlessBefore'] ?? "NO";
85			$t->data['frontendData'] = json_encode($frontendData);
86
87			$t->data['authForm'] = "";
88			$t->data['authURL'] = Module::getModuleURL('webauthn/authprocess?StateId=' . urlencode($stateId));
89			$t->data['pushbackURL'] = Module::getModuleURL('webauthn/pushbackuserpass?StateId=' . urlencode($stateId));
90
91			// dynamically generate the JS code needed for token registration
92			return $t;
93			}
94			}
95

simplesamlphp / simplesamlphp-module-webauthn

Issues (34)

src/Controller/Supercharged.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like