thomasvargiu /
php-openid-client
@@ -37,11 +37,11 @@ |
||
| 37 | 37 | $tokenSet = $request->getAttribute(TokenSetInterface::class); |
| 38 | 38 | $client = $this->client ?: $request->getAttribute(ClientInterface::class); |
| 39 | 39 | |
| 40 | - if (! $client instanceof ClientInterface) { |
|
| 40 | + if (!$client instanceof ClientInterface) { |
|
| 41 | 41 | throw new LogicException('No OpenID client provided'); |
| 42 | 42 | } |
| 43 | 43 | |
| 44 | - if (! $tokenSet instanceof TokenSetInterface) { |
|
| 44 | + if (!$tokenSet instanceof TokenSetInterface) { |
|
| 45 | 45 | throw new RuntimeException('Unable to get token response attribute'); |
| 46 | 46 | } |
| 47 | 47 | |
@@ -57,7 +57,7 @@ discard block |
||
| 57 | 57 | { |
| 58 | 58 | $accessToken = $tokenSet->getAccessToken(); |
| 59 | 59 | |
| 60 | - if (! $accessToken) { |
|
| 60 | + if (!$accessToken) { |
|
| 61 | 61 | throw new RuntimeException('Unable to get an access token from the token set'); |
| 62 | 62 | } |
| 63 | 63 | |
@@ -72,7 +72,7 @@ discard block |
||
| 72 | 72 | $endpointUri = $issuerMetadata->getMtlsEndpointAliases()['userinfo_endpoint'] ?? $endpointUri; |
| 73 | 73 | } |
| 74 | 74 | |
| 75 | - if (! $endpointUri) { |
|
| 75 | + if (!$endpointUri) { |
|
| 76 | 76 | throw new InvalidArgumentException('Invalid issuer userinfo endpoint'); |
| 77 | 77 | } |
| 78 | 78 | |
@@ -101,20 +101,20 @@ discard block |
||
| 101 | 101 | $payload = \json_decode((string) $response->getBody(), true); |
| 102 | 102 | } |
| 103 | 103 | |
| 104 | - if (! \is_array($payload)) { |
|
| 104 | + if (!\is_array($payload)) { |
|
| 105 | 105 | throw new RuntimeException('Unable to parse userinfo claims'); |
| 106 | 106 | } |
| 107 | 107 | |
| 108 | 108 | $idToken = $tokenSet->getIdToken(); |
| 109 | 109 | |
| 110 | - if (! $idToken) { |
|
| 110 | + if (!$idToken) { |
|
| 111 | 111 | return $payload; |
| 112 | 112 | } |
| 113 | 113 | |
| 114 | 114 | // check expected sub |
| 115 | 115 | $expectedSub = $tokenSet->claims()['sub'] ?? null; |
| 116 | 116 | |
| 117 | - if (! $expectedSub) { |
|
| 117 | + if (!$expectedSub) { |
|
| 118 | 118 | throw new RuntimeException('Unable to get sub claim from id_token'); |
| 119 | 119 | } |
| 120 | 120 | |
@@ -55,7 +55,7 @@ discard block |
||
| 55 | 55 | : $resource |
| 56 | 56 | ); |
| 57 | 57 | |
| 58 | - if (! \is_array($parsedUrl) || ! \array_key_exists('host', $parsedUrl)) { |
|
| 58 | + if (!\is_array($parsedUrl) || !\array_key_exists('host', $parsedUrl)) { |
|
| 59 | 59 | throw new RuntimeException('Unable to parse resource'); |
| 60 | 60 | } |
| 61 | 61 | |
@@ -79,7 +79,7 @@ discard block |
||
| 79 | 79 | $links = $data['links'] ?? []; |
| 80 | 80 | $href = null; |
| 81 | 81 | foreach ($links as $link) { |
| 82 | - if (! \is_array($link)) { |
|
| 82 | + if (!\is_array($link)) { |
|
| 83 | 83 | continue; |
| 84 | 84 | } |
| 85 | 85 | |
@@ -87,14 +87,14 @@ discard block |
||
| 87 | 87 | continue; |
| 88 | 88 | } |
| 89 | 89 | |
| 90 | - if (! \array_key_exists('href', $link)) { |
|
| 90 | + if (!\array_key_exists('href', $link)) { |
|
| 91 | 91 | continue; |
| 92 | 92 | } |
| 93 | 93 | |
| 94 | 94 | $href = $link['href']; |
| 95 | 95 | } |
| 96 | 96 | |
| 97 | - if (! \is_string($href) || 0 !== \strpos($href, 'https://')) { |
|
| 97 | + if (!\is_string($href) || 0 !== \strpos($href, 'https://')) { |
|
| 98 | 98 | throw new InvalidArgumentException('Invalid issuer location'); |
| 99 | 99 | } |
| 100 | 100 | |
@@ -144,7 +144,7 @@ discard block |
||
| 144 | 144 | throw new RuntimeException('Unable to fetch provider metadata', 0, $e); |
| 145 | 145 | } |
| 146 | 146 | |
| 147 | - if (! \array_key_exists('issuer', $data)) { |
|
| 147 | + if (!\array_key_exists('issuer', $data)) { |
|
| 148 | 148 | throw new RuntimeException('Invalid metadata content, no "issuer" key found'); |
| 149 | 149 | } |
| 150 | 150 | |
@@ -11,7 +11,7 @@ discard block |
||
| 11 | 11 | */ |
| 12 | 12 | function normalize_webfinger(string $input): string |
| 13 | 13 | { |
| 14 | - $hasScheme = static function (string $resource): bool { |
|
| 14 | + $hasScheme = static function(string $resource): bool { |
|
| 15 | 15 | if (false !== \strpos($resource, '://')) { |
| 16 | 16 | return true; |
| 17 | 17 | } |
@@ -24,10 +24,10 @@ discard block |
||
| 24 | 24 | |
| 25 | 25 | $hostOrPort = \substr($resource, $index + 1); |
| 26 | 26 | |
| 27 | - return ! \preg_match('/^\d+$/', $hostOrPort); |
|
| 27 | + return !\preg_match('/^\d+$/', $hostOrPort); |
|
| 28 | 28 | }; |
| 29 | 29 | |
| 30 | - $acctSchemeAssumed = static function (string $input): bool { |
|
| 30 | + $acctSchemeAssumed = static function(string $input): bool { |
|
| 31 | 31 | if (false === \strpos($input, '@')) { |
| 32 | 32 | return false; |
| 33 | 33 | } |
@@ -36,7 +36,7 @@ discard block |
||
| 36 | 36 | /** @var string $host */ |
| 37 | 37 | $host = \array_pop($parts); |
| 38 | 38 | |
| 39 | - return ! \preg_match('/[:\/?]+/', $host); |
|
| 39 | + return !\preg_match('/[:\/?]+/', $host); |
|
| 40 | 40 | }; |
| 41 | 41 | |
| 42 | 42 | if ($hasScheme($input)) { |
@@ -52,7 +52,7 @@ discard block |
||
| 52 | 52 | ): array { |
| 53 | 53 | $registrationEndpoint = $issuer->getMetadata()->getRegistrationEndpoint(); |
| 54 | 54 | |
| 55 | - if (! $registrationEndpoint) { |
|
| 55 | + if (!$registrationEndpoint) { |
|
| 56 | 56 | throw new InvalidArgumentException('Issuer does not support dynamic client registration'); |
| 57 | 57 | } |
| 58 | 58 | |
@@ -80,7 +80,7 @@ discard block |
||
| 80 | 80 | |
| 81 | 81 | $data = parse_metadata_response($response, 201); |
| 82 | 82 | |
| 83 | - if (! \array_key_exists('client_id', $data)) { |
|
| 83 | + if (!\array_key_exists('client_id', $data)) { |
|
| 84 | 84 | throw new RuntimeException('Registration response did not return a client_id field'); |
| 85 | 85 | } |
| 86 | 86 | |
@@ -101,7 +101,7 @@ discard block |
||
| 101 | 101 | |
| 102 | 102 | $claims = parse_metadata_response($response, 200); |
| 103 | 103 | |
| 104 | - if (! \array_key_exists('client_id', $claims)) { |
|
| 104 | + if (!\array_key_exists('client_id', $claims)) { |
|
| 105 | 105 | throw new RuntimeException('Registration response did not return a client_id field'); |
| 106 | 106 | } |
| 107 | 107 | |
@@ -139,7 +139,7 @@ discard block |
||
| 139 | 139 | |
| 140 | 140 | $data = parse_metadata_response($response, 200); |
| 141 | 141 | |
| 142 | - if (! \array_key_exists('client_id', $data)) { |
|
| 142 | + if (!\array_key_exists('client_id', $data)) { |
|
| 143 | 143 | throw new RuntimeException('Registration response did not return a client_id field'); |
| 144 | 144 | } |
| 145 | 145 | |
@@ -19,7 +19,7 @@ |
||
| 19 | 19 | if ('POST' === $method) { |
| 20 | 20 | \parse_str((string) $serverRequest->getBody(), $params); |
| 21 | 21 | |
| 22 | - if (! \is_array($params)) { |
|
| 22 | + if (!\is_array($params)) { |
|
| 23 | 23 | throw new RuntimeException('Invalid parsed body'); |
| 24 | 24 | } |
| 25 | 25 | |
@@ -93,7 +93,7 @@ discard block |
||
| 93 | 93 | 'redirect_uri' => $clientMetadata->getRedirectUris()[0] ?? null, |
| 94 | 94 | ], $params); |
| 95 | 95 | |
| 96 | - $params = \array_filter($params, static function ($value) { |
|
| 96 | + $params = \array_filter($params, static function($value) { |
|
| 97 | 97 | return null !== $value; |
| 98 | 98 | }); |
| 99 | 99 | |
@@ -102,7 +102,7 @@ discard block |
||
| 102 | 102 | unset($params[$key]); |
| 103 | 103 | } elseif ('claims' === $key && (\is_array($value) || $value instanceof JsonSerializable)) { |
| 104 | 104 | $params['claims'] = \json_encode($value); |
| 105 | - } elseif (! \is_string($value)) { |
|
| 105 | + } elseif (!\is_string($value)) { |
|
| 106 | 106 | $params[$key] = (string) $value; |
| 107 | 107 | } |
| 108 | 108 | } |
@@ -136,7 +136,7 @@ discard block |
||
| 136 | 136 | $this->tokenSetVerifier->validate($tokenSet, $client, $authSession, true, $maxAge); |
| 137 | 137 | } |
| 138 | 138 | |
| 139 | - if (! $tokenSet->getCode()) { |
|
| 139 | + if (!$tokenSet->getCode()) { |
|
| 140 | 140 | return $tokenSet; |
| 141 | 141 | } |
| 142 | 142 | |
@@ -153,15 +153,15 @@ discard block |
||
| 153 | 153 | ): TokenSetInterface { |
| 154 | 154 | $code = $tokenSet->getCode(); |
| 155 | 155 | |
| 156 | - if (! $code) { |
|
| 156 | + if (!$code) { |
|
| 157 | 157 | throw new RuntimeException('Unable to fetch token without a code'); |
| 158 | 158 | } |
| 159 | 159 | |
| 160 | - if (! $redirectUri) { |
|
| 160 | + if (!$redirectUri) { |
|
| 161 | 161 | $redirectUri = $client->getMetadata()->getRedirectUris()[0] ?? null; |
| 162 | 162 | } |
| 163 | 163 | |
| 164 | - if (! $redirectUri) { |
|
| 164 | + if (!$redirectUri) { |
|
| 165 | 165 | throw new InvalidArgumentException('A redirect_uri should be provided'); |
| 166 | 166 | } |
| 167 | 167 | |
@@ -171,7 +171,7 @@ discard block |
||
| 171 | 171 | 'redirect_uri' => $redirectUri, |
| 172 | 172 | ]); |
| 173 | 173 | |
| 174 | - if (! ($params['id_token'] ?? null)) { |
|
| 174 | + if (!($params['id_token'] ?? null)) { |
|
| 175 | 175 | return TokenSet::fromParams($params); |
| 176 | 176 | } |
| 177 | 177 | |
@@ -85,7 +85,7 @@ discard block |
||
| 85 | 85 | ? $metadata->getUserinfoSignedResponseAlg() |
| 86 | 86 | : $metadata->getIdTokenSignedResponseAlg(); |
| 87 | 87 | |
| 88 | - if (! $expectedAlg) { |
|
| 88 | + if (!$expectedAlg) { |
|
| 89 | 89 | throw new RuntimeException('Unable to verify id_token without an alg value'); |
| 90 | 90 | } |
| 91 | 91 | |
@@ -97,7 +97,7 @@ discard block |
||
| 97 | 97 | |
| 98 | 98 | $payload = \json_decode(base64url_decode(\explode('.', $idToken)[1] ?? '{}'), true); |
| 99 | 99 | |
| 100 | - if (! \is_array($payload)) { |
|
| 100 | + if (!\is_array($payload)) { |
|
| 101 | 101 | throw new InvalidArgumentException('Unable to decode token payload'); |
| 102 | 102 | } |
| 103 | 103 | |
@@ -122,7 +122,7 @@ discard block |
||
| 122 | 122 | |
| 123 | 123 | $requiredClaims = []; |
| 124 | 124 | |
| 125 | - if (! $fromUserInfo) { |
|
| 125 | + if (!$fromUserInfo) { |
|
| 126 | 126 | $requiredClaims = ['iss', 'sub', 'aud', 'exp', 'iat']; |
| 127 | 127 | } |
| 128 | 128 | |
@@ -150,7 +150,7 @@ discard block |
||
| 150 | 150 | |
| 151 | 151 | $jwks = $this->getSigningJWKSet($client, $expectedAlg, $kid); |
| 152 | 152 | |
| 153 | - if (! $jwsVerifier->verifyWithKeySet($jws, $jwks, 0)) { |
|
| 153 | + if (!$jwsVerifier->verifyWithKeySet($jws, $jwks, 0)) { |
|
| 154 | 154 | throw new InvalidArgumentException('Failed to validate JWT signature'); |
| 155 | 155 | } |
| 156 | 156 | |
@@ -171,7 +171,7 @@ discard block |
||
| 171 | 171 | |
| 172 | 172 | $clientSecret = $metadata->getClientSecret(); |
| 173 | 173 | |
| 174 | - if (! $clientSecret) { |
|
| 174 | + if (!$clientSecret) { |
|
| 175 | 175 | throw new RuntimeException('Unable to verify token without client_secret'); |
| 176 | 176 | } |
| 177 | 177 | |
@@ -184,12 +184,12 @@ discard block |
||
| 184 | 184 | |
| 185 | 185 | $jwk = $jwks->selectKey('sig', null, ['kid' => $kid]); |
| 186 | 186 | |
| 187 | - if (! $jwk) { |
|
| 187 | + if (!$jwk) { |
|
| 188 | 188 | $issuer->updateJwks(); |
| 189 | 189 | $jwk = $issuer->getJwks()->selectKey('sig', null, ['kid' => $kid]); |
| 190 | 190 | } |
| 191 | 191 | |
| 192 | - if (! $jwk) { |
|
| 192 | + if (!$jwk) { |
|
| 193 | 193 | throw new RuntimeException('Unable to find the jwk with the provided kid: ' . $kid); |
| 194 | 194 | } |
| 195 | 195 | |
@@ -74,7 +74,7 @@ discard block |
||
| 74 | 74 | 'exp' => \time() + 300, |
| 75 | 75 | ])); |
| 76 | 76 | |
| 77 | - if (! $payload) { |
|
| 77 | + if (!$payload) { |
|
| 78 | 78 | throw new RuntimeException('Unable to encode payload'); |
| 79 | 79 | } |
| 80 | 80 | |
@@ -102,7 +102,7 @@ discard block |
||
| 102 | 102 | $jwk = $client->getJWKS()->selectKey('sig', null, ['alg' => $alg]); |
| 103 | 103 | } |
| 104 | 104 | |
| 105 | - if (! $jwk) { |
|
| 105 | + if (!$jwk) { |
|
| 106 | 106 | throw new RuntimeException('No key to sign with alg ' . $alg); |
| 107 | 107 | } |
| 108 | 108 | |
@@ -111,7 +111,7 @@ discard block |
||
| 111 | 111 | $header = \array_filter([ |
| 112 | 112 | 'alg' => $alg, |
| 113 | 113 | 'typ' => 'JWT', |
| 114 | - 'kid' => ! $ktyIsOct && $jwk->has('kid') ? $jwk->get('kid') : null, |
|
| 114 | + 'kid' => !$ktyIsOct && $jwk->has('kid') ? $jwk->get('kid') : null, |
|
| 115 | 115 | ]); |
| 116 | 116 | |
| 117 | 117 | $jws = $this->jwsBuilder->create() |
@@ -130,7 +130,7 @@ discard block |
||
| 130 | 130 | /** @var null|string $alg */ |
| 131 | 131 | $alg = $metadata->get('request_object_encryption_alg'); |
| 132 | 132 | |
| 133 | - if (! $alg) { |
|
| 133 | + if (!$alg) { |
|
| 134 | 134 | return $payload; |
| 135 | 135 | } |
| 136 | 136 | |
@@ -146,7 +146,7 @@ discard block |
||
| 146 | 146 | ); |
| 147 | 147 | } |
| 148 | 148 | |
| 149 | - if (! $jwk) { |
|
| 149 | + if (!$jwk) { |
|
| 150 | 150 | throw new RuntimeException('No key to sign with alg ' . $alg); |
| 151 | 151 | } |
| 152 | 152 | |
@@ -156,7 +156,7 @@ discard block |
||
| 156 | 156 | 'alg' => $alg, |
| 157 | 157 | 'enc' => $enc, |
| 158 | 158 | 'cty' => 'JWT', |
| 159 | - 'kid' => ! $ktyIsOct && $jwk->has('kid') ? $jwk->get('kid') : null, |
|
| 159 | + 'kid' => !$ktyIsOct && $jwk->has('kid') ? $jwk->get('kid') : null, |
|
| 160 | 160 | ]); |
| 161 | 161 | |
| 162 | 162 | $jwe = $this->jweBuilder->create() |
