thomasvargiu /
php-openid-client
@@ -37,11 +37,11 @@ |
||
| 37 | 37 | $tokenSet = $request->getAttribute(TokenSetInterface::class); |
| 38 | 38 | $client = $this->client ?: $request->getAttribute(ClientInterface::class); |
| 39 | 39 | |
| 40 | - if (! $client instanceof ClientInterface) { |
|
| 40 | + if (!$client instanceof ClientInterface) { |
|
| 41 | 41 | throw new LogicException('No OpenID client provided'); |
| 42 | 42 | } |
| 43 | 43 | |
| 44 | - if (! $tokenSet instanceof TokenSetInterface) { |
|
| 44 | + if (!$tokenSet instanceof TokenSetInterface) { |
|
| 45 | 45 | throw new RuntimeException('Unable to get token response attribute'); |
| 46 | 46 | } |
| 47 | 47 | |
@@ -57,7 +57,7 @@ discard block |
||
| 57 | 57 | { |
| 58 | 58 | $accessToken = $tokenSet->getAccessToken(); |
| 59 | 59 | |
| 60 | - if (! $accessToken) { |
|
| 60 | + if (!$accessToken) { |
|
| 61 | 61 | throw new RuntimeException('Unable to get an access token from the token set'); |
| 62 | 62 | } |
| 63 | 63 | |
@@ -72,7 +72,7 @@ discard block |
||
| 72 | 72 | $endpointUri = $issuerMetadata->getMtlsEndpointAliases()['userinfo_endpoint'] ?? $endpointUri; |
| 73 | 73 | } |
| 74 | 74 | |
| 75 | - if (! $endpointUri) { |
|
| 75 | + if (!$endpointUri) { |
|
| 76 | 76 | throw new InvalidArgumentException('Invalid issuer userinfo endpoint'); |
| 77 | 77 | } |
| 78 | 78 | |
@@ -101,20 +101,20 @@ discard block |
||
| 101 | 101 | $payload = \json_decode((string) $response->getBody(), true); |
| 102 | 102 | } |
| 103 | 103 | |
| 104 | - if (! \is_array($payload)) { |
|
| 104 | + if (!\is_array($payload)) { |
|
| 105 | 105 | throw new RuntimeException('Unable to parse userinfo claims'); |
| 106 | 106 | } |
| 107 | 107 | |
| 108 | 108 | $idToken = $tokenSet->getIdToken(); |
| 109 | 109 | |
| 110 | - if (! $idToken) { |
|
| 110 | + if (!$idToken) { |
|
| 111 | 111 | return $payload; |
| 112 | 112 | } |
| 113 | 113 | |
| 114 | 114 | // check expected sub |
| 115 | 115 | $expectedSub = $tokenSet->claims()['sub'] ?? null; |
| 116 | 116 | |
| 117 | - if (! $expectedSub) { |
|
| 117 | + if (!$expectedSub) { |
|
| 118 | 118 | throw new RuntimeException('Unable to get sub claim from id_token'); |
| 119 | 119 | } |
| 120 | 120 | |
@@ -55,7 +55,7 @@ discard block |
||
| 55 | 55 | : $resource |
| 56 | 56 | ); |
| 57 | 57 | |
| 58 | - if (! \is_array($parsedUrl) || ! \array_key_exists('host', $parsedUrl)) { |
|
| 58 | + if (!\is_array($parsedUrl) || !\array_key_exists('host', $parsedUrl)) { |
|
| 59 | 59 | throw new RuntimeException('Unable to parse resource'); |
| 60 | 60 | } |
| 61 | 61 | |
@@ -79,7 +79,7 @@ discard block |
||
| 79 | 79 | $links = $data['links'] ?? []; |
| 80 | 80 | $href = null; |
| 81 | 81 | foreach ($links as $link) { |
| 82 | - if (! \is_array($link)) { |
|
| 82 | + if (!\is_array($link)) { |
|
| 83 | 83 | continue; |
| 84 | 84 | } |
| 85 | 85 | |
@@ -87,14 +87,14 @@ discard block |
||
| 87 | 87 | continue; |
| 88 | 88 | } |
| 89 | 89 | |
| 90 | - if (! \array_key_exists('href', $link)) { |
|
| 90 | + if (!\array_key_exists('href', $link)) { |
|
| 91 | 91 | continue; |
| 92 | 92 | } |
| 93 | 93 | |
| 94 | 94 | $href = $link['href']; |
| 95 | 95 | } |
| 96 | 96 | |
| 97 | - if (! \is_string($href) || 0 !== \strpos($href, 'https://')) { |
|
| 97 | + if (!\is_string($href) || 0 !== \strpos($href, 'https://')) { |
|
| 98 | 98 | throw new InvalidArgumentException('Invalid issuer location'); |
| 99 | 99 | } |
| 100 | 100 | |
@@ -144,7 +144,7 @@ discard block |
||
| 144 | 144 | throw new RuntimeException('Unable to fetch provider metadata', 0, $e); |
| 145 | 145 | } |
| 146 | 146 | |
| 147 | - if (! \array_key_exists('issuer', $data)) { |
|
| 147 | + if (!\array_key_exists('issuer', $data)) { |
|
| 148 | 148 | throw new RuntimeException('Invalid metadata content, no "issuer" key found'); |
| 149 | 149 | } |
| 150 | 150 | |
@@ -11,7 +11,7 @@ discard block |
||
| 11 | 11 | */ |
| 12 | 12 | function normalize_webfinger(string $input): string |
| 13 | 13 | { |
| 14 | - $hasScheme = static function (string $resource): bool { |
|
| 14 | + $hasScheme = static function(string $resource): bool { |
|
| 15 | 15 | if (false !== \strpos($resource, '://')) { |
| 16 | 16 | return true; |
| 17 | 17 | } |
@@ -24,10 +24,10 @@ discard block |
||
| 24 | 24 | |
| 25 | 25 | $hostOrPort = \substr($resource, $index + 1); |
| 26 | 26 | |
| 27 | - return ! \preg_match('/^\d+$/', $hostOrPort); |
|
| 27 | + return !\preg_match('/^\d+$/', $hostOrPort); |
|
| 28 | 28 | }; |
| 29 | 29 | |
| 30 | - $acctSchemeAssumed = static function (string $input): bool { |
|
| 30 | + $acctSchemeAssumed = static function(string $input): bool { |
|
| 31 | 31 | if (false === \strpos($input, '@')) { |
| 32 | 32 | return false; |
| 33 | 33 | } |
@@ -36,7 +36,7 @@ discard block |
||
| 36 | 36 | /** @var string $host */ |
| 37 | 37 | $host = \array_pop($parts); |
| 38 | 38 | |
| 39 | - return ! \preg_match('/[:\/?]+/', $host); |
|
| 39 | + return !\preg_match('/[:\/?]+/', $host); |
|
| 40 | 40 | }; |
| 41 | 41 | |
| 42 | 42 | if ($hasScheme($input)) { |
@@ -52,7 +52,7 @@ discard block |
||
| 52 | 52 | ): array { |
| 53 | 53 | $registrationEndpoint = $issuer->getMetadata()->getRegistrationEndpoint(); |
| 54 | 54 | |
| 55 | - if (! $registrationEndpoint) { |
|
| 55 | + if (!$registrationEndpoint) { |
|
| 56 | 56 | throw new InvalidArgumentException('Issuer does not support dynamic client registration'); |
| 57 | 57 | } |
| 58 | 58 | |
@@ -80,7 +80,7 @@ discard block |
||
| 80 | 80 | |
| 81 | 81 | $data = parse_metadata_response($response, 201); |
| 82 | 82 | |
| 83 | - if (! \array_key_exists('client_id', $data)) { |
|
| 83 | + if (!\array_key_exists('client_id', $data)) { |
|
| 84 | 84 | throw new RuntimeException('Registration response did not return a client_id field'); |
| 85 | 85 | } |
| 86 | 86 | |
@@ -101,7 +101,7 @@ discard block |
||
| 101 | 101 | |
| 102 | 102 | $claims = parse_metadata_response($response, 200); |
| 103 | 103 | |
| 104 | - if (! \array_key_exists('client_id', $claims)) { |
|
| 104 | + if (!\array_key_exists('client_id', $claims)) { |
|
| 105 | 105 | throw new RuntimeException('Registration response did not return a client_id field'); |
| 106 | 106 | } |
| 107 | 107 | |
@@ -139,7 +139,7 @@ discard block |
||
| 139 | 139 | |
| 140 | 140 | $data = parse_metadata_response($response, 200); |
| 141 | 141 | |
| 142 | - if (! \array_key_exists('client_id', $data)) { |
|
| 142 | + if (!\array_key_exists('client_id', $data)) { |
|
| 143 | 143 | throw new RuntimeException('Registration response did not return a client_id field'); |
| 144 | 144 | } |
| 145 | 145 | |
@@ -19,7 +19,7 @@ |
||
| 19 | 19 | if ('POST' === $method) { |
| 20 | 20 | \parse_str((string) $serverRequest->getBody(), $params); |
| 21 | 21 | |
| 22 | - if (! \is_array($params)) { |
|
| 22 | + if (!\is_array($params)) { |
|
| 23 | 23 | throw new RuntimeException('Invalid parsed body'); |
| 24 | 24 | } |
| 25 | 25 | |
@@ -93,7 +93,7 @@ discard block |
||
| 93 | 93 | 'redirect_uri' => $clientMetadata->getRedirectUris()[0] ?? null, |
| 94 | 94 | ], $params); |
| 95 | 95 | |
| 96 | - $params = \array_filter($params, static function ($value) { |
|
| 96 | + $params = \array_filter($params, static function($value) { |
|
| 97 | 97 | return null !== $value; |
| 98 | 98 | }); |
| 99 | 99 | |
@@ -102,7 +102,7 @@ discard block |
||
| 102 | 102 | unset($params[$key]); |
| 103 | 103 | } elseif ('claims' === $key && (\is_array($value) || $value instanceof JsonSerializable)) { |
| 104 | 104 | $params['claims'] = \json_encode($value); |
| 105 | - } elseif (! \is_string($value)) { |
|
| 105 | + } elseif (!\is_string($value)) { |
|
| 106 | 106 | $params[$key] = (string) $value; |
| 107 | 107 | } |
| 108 | 108 | } |
@@ -136,7 +136,7 @@ discard block |
||
| 136 | 136 | $this->tokenSetVerifier->validate($tokenSet, $client, $authSession, true, $maxAge); |
| 137 | 137 | } |
| 138 | 138 | |
| 139 | - if (! $tokenSet->getCode()) { |
|
| 139 | + if (!$tokenSet->getCode()) { |
|
| 140 | 140 | return $tokenSet; |
| 141 | 141 | } |
| 142 | 142 | |
@@ -153,15 +153,15 @@ discard block |
||
| 153 | 153 | ): TokenSetInterface { |
| 154 | 154 | $code = $tokenSet->getCode(); |
| 155 | 155 | |
| 156 | - if (! $code) { |
|
| 156 | + if (!$code) { |
|
| 157 | 157 | throw new RuntimeException('Unable to fetch token without a code'); |
| 158 | 158 | } |
| 159 | 159 | |
| 160 | - if (! $redirectUri) { |
|
| 160 | + if (!$redirectUri) { |
|
| 161 | 161 | $redirectUri = $client->getMetadata()->getRedirectUris()[0] ?? null; |
| 162 | 162 | } |
| 163 | 163 | |
| 164 | - if (! $redirectUri) { |
|
| 164 | + if (!$redirectUri) { |
|
| 165 | 165 | throw new InvalidArgumentException('A redirect_uri should be provided'); |
| 166 | 166 | } |
| 167 | 167 | |
@@ -171,7 +171,7 @@ discard block |
||
| 171 | 171 | 'redirect_uri' => $redirectUri, |
| 172 | 172 | ]); |
| 173 | 173 | |
| 174 | - if (! ($params['id_token'] ?? null)) { |
|
| 174 | + if (!($params['id_token'] ?? null)) { |
|
| 175 | 175 | return TokenSet::fromParams($params); |
| 176 | 176 | } |
| 177 | 177 | |
@@ -78,7 +78,7 @@ discard block |
||
| 78 | 78 | ? $metadata->getUserinfoSignedResponseAlg() |
| 79 | 79 | : $metadata->getIdTokenSignedResponseAlg(); |
| 80 | 80 | |
| 81 | - if (! $expectedAlg) { |
|
| 81 | + if (!$expectedAlg) { |
|
| 82 | 82 | throw new RuntimeException('Unable to verify id_token without an alg value'); |
| 83 | 83 | } |
| 84 | 84 | |
@@ -90,7 +90,7 @@ discard block |
||
| 90 | 90 | |
| 91 | 91 | $payload = \json_decode(base64url_decode(\explode('.', $idToken)[1] ?? '{}'), true); |
| 92 | 92 | |
| 93 | - if (! \is_array($payload)) { |
|
| 93 | + if (!\is_array($payload)) { |
|
| 94 | 94 | throw new InvalidArgumentException('Unable to decode token payload'); |
| 95 | 95 | } |
| 96 | 96 | |
@@ -115,7 +115,7 @@ discard block |
||
| 115 | 115 | |
| 116 | 116 | $requiredClaims = []; |
| 117 | 117 | |
| 118 | - if (! $fromUserInfo) { |
|
| 118 | + if (!$fromUserInfo) { |
|
| 119 | 119 | $requiredClaims = ['iss', 'sub', 'aud', 'exp', 'iat']; |
| 120 | 120 | } |
| 121 | 121 | |
@@ -139,7 +139,7 @@ discard block |
||
| 139 | 139 | |
| 140 | 140 | $jwks = $this->getSigningJWKSet($client, $expectedAlg, $kid); |
| 141 | 141 | |
| 142 | - if (! $this->jwsVerifier->verifyWithKeySet($jws, $jwks, 0)) { |
|
| 142 | + if (!$this->jwsVerifier->verifyWithKeySet($jws, $jwks, 0)) { |
|
| 143 | 143 | throw new InvalidArgumentException('Failed to validate JWT signature'); |
| 144 | 144 | } |
| 145 | 145 | |
@@ -160,7 +160,7 @@ discard block |
||
| 160 | 160 | |
| 161 | 161 | $clientSecret = $metadata->getClientSecret(); |
| 162 | 162 | |
| 163 | - if (! $clientSecret) { |
|
| 163 | + if (!$clientSecret) { |
|
| 164 | 164 | throw new RuntimeException('Unable to verify token without client_secret'); |
| 165 | 165 | } |
| 166 | 166 | |
@@ -173,12 +173,12 @@ discard block |
||
| 173 | 173 | |
| 174 | 174 | $jwk = $jwks->selectKey('sig', null, ['kid' => $kid]); |
| 175 | 175 | |
| 176 | - if (! $jwk) { |
|
| 176 | + if (!$jwk) { |
|
| 177 | 177 | $issuer->updateJwks(); |
| 178 | 178 | $jwk = $issuer->getJwks()->selectKey('sig', null, ['kid' => $kid]); |
| 179 | 179 | } |
| 180 | 180 | |
| 181 | - if (! $jwk) { |
|
| 181 | + if (!$jwk) { |
|
| 182 | 182 | throw new RuntimeException('Unable to find the jwk with the provided kid: ' . $kid); |
| 183 | 183 | } |
| 184 | 184 | |
@@ -45,7 +45,7 @@ discard block |
||
| 45 | 45 | ?JWSSerializer $signatureSerializer = null, |
| 46 | 46 | ?JWESerializer $encryptionSerializer = null |
| 47 | 47 | ) { |
| 48 | - if (! $algorithmManagerFactory) { |
|
| 48 | + if (!$algorithmManagerFactory) { |
|
| 49 | 49 | $algorithmManagerFactory = new AlgorithmManagerFactory(); |
| 50 | 50 | $algorithmManagerFactory->add('none', new None()); |
| 51 | 51 | $algorithmManagerFactory->add('RS256', new RS256()); |
@@ -84,7 +84,7 @@ discard block |
||
| 84 | 84 | 'exp' => \time() + 300, |
| 85 | 85 | ])); |
| 86 | 86 | |
| 87 | - if (! $payload) { |
|
| 87 | + if (!$payload) { |
|
| 88 | 88 | throw new RuntimeException('Unable to encode payload'); |
| 89 | 89 | } |
| 90 | 90 | |
@@ -112,7 +112,7 @@ discard block |
||
| 112 | 112 | $jwk = $client->getJWKS()->selectKey('sig', $this->algorithmManagerFactory->create([$alg])->get($alg)); |
| 113 | 113 | } |
| 114 | 114 | |
| 115 | - if (! $jwk) { |
|
| 115 | + if (!$jwk) { |
|
| 116 | 116 | throw new RuntimeException('No key to sign with alg ' . $alg); |
| 117 | 117 | } |
| 118 | 118 | |
@@ -121,7 +121,7 @@ discard block |
||
| 121 | 121 | $header = \array_filter([ |
| 122 | 122 | 'alg' => $alg, |
| 123 | 123 | 'typ' => 'JWT', |
| 124 | - 'kid' => ! $ktyIsOct && $jwk->has('kid') ? $jwk->get('kid') : null, |
|
| 124 | + 'kid' => !$ktyIsOct && $jwk->has('kid') ? $jwk->get('kid') : null, |
|
| 125 | 125 | ]); |
| 126 | 126 | |
| 127 | 127 | $jws = $this->jwsBuilder->create() |
@@ -139,7 +139,7 @@ discard block |
||
| 139 | 139 | /** @var null|string $alg */ |
| 140 | 140 | $alg = $metadata->get('request_object_encryption_alg'); |
| 141 | 141 | |
| 142 | - if (! $alg) { |
|
| 142 | + if (!$alg) { |
|
| 143 | 143 | return $payload; |
| 144 | 144 | } |
| 145 | 145 | |
@@ -155,7 +155,7 @@ discard block |
||
| 155 | 155 | ); |
| 156 | 156 | } |
| 157 | 157 | |
| 158 | - if (! $jwk) { |
|
| 158 | + if (!$jwk) { |
|
| 159 | 159 | throw new RuntimeException('No key to sign with alg ' . $alg); |
| 160 | 160 | } |
| 161 | 161 | |
@@ -165,7 +165,7 @@ discard block |
||
| 165 | 165 | 'alg' => $alg, |
| 166 | 166 | 'enc' => $enc, |
| 167 | 167 | 'cty' => 'JWT', |
| 168 | - 'kid' => ! $ktyIsOct && $jwk->has('kid') ? $jwk->get('kid') : null, |
|
| 168 | + 'kid' => !$ktyIsOct && $jwk->has('kid') ? $jwk->get('kid') : null, |
|
| 169 | 169 | ]); |
| 170 | 170 | |
| 171 | 171 | $jwe = $this->jweBuilder->create() |
