Skip to content
Snippets Groups Projects
Commit b0465701 authored by lukasmatusiewicz's avatar lukasmatusiewicz
Browse files

formatting

parent 6bee3f6b
No related branches found
No related tags found
No related merge requests found
......@@ -31,7 +31,8 @@ class PIResponse
{
assert('string' === gettype($json));
if ($json == null || $json == "") {
if ($json == null || $json == "")
{
$privacyIDEA->errorLog("PrivacyIDEA - PIResponse: No response from PI.");
return null;
}
......@@ -41,7 +42,8 @@ class PIResponse
$map = json_decode($json, true);
// If wrong response format - throw error
if ($map == null) {
if ($map == null)
{
$privacyIDEA->errorLog("PrivacyIDEA - PIResponse: Response from PI was in wrong format. JSON expected.");
return null;
}
......@@ -50,28 +52,33 @@ class PIResponse
$ret->raw = $json;
// Possibility to show an error message from PI server if no value
if (!isset($map['result']['value'])) {
if (!isset($map['result']['value']))
{
$ret->errorCode = $map['result']['error']['code'];
$ret->errorMessage = $map['result']['error']['message'];
return $ret;
}
// Set information from PI response to property
if (isset($map['detail']['messages'])) {
if (isset($map['detail']['messages']))
{
$ret->messages = implode(", ", array_unique($map['detail']['messages'])) ?: "";
}
if (isset($map['detail']['transaction_id'])) {
if (isset($map['detail']['transaction_id']))
{
$ret->transactionID = $map['detail']['transaction_id'];
}
$ret->status = $map['result']['status'] ?: false;
$ret->value = $map['result']['value'] ?: false;
// Prepare attributes and detail
if (!empty($map['detail']['user'])) {
if (!empty($map['detail']['user']))
{
$attributes = $map['detail']['user'];
$detail = $map['detail'];
if (isset($attributes['username'])) {
if (isset($attributes['username']))
{
$attributes['realm'] = $map['detail']['user-realm'] ?: "";
$attributes['resolver'] = $map['detail']['user-resolver'] ?: "";
}
......@@ -79,9 +86,11 @@ class PIResponse
}
// Set all challenges to objects and set it all to one array
if (isset($map['detail']['multi_challenge'])) {
if (isset($map['detail']['multi_challenge']))
{
$mc = $map['detail']['multi_challenge'];
foreach ($mc as $challenge) {
foreach ($mc as $challenge)
{
$tmp = new PIChallenge();
$tmp->transactionID = $challenge['transaction_id'];
$tmp->message = $challenge['message'];
......@@ -89,12 +98,14 @@ class PIResponse
$tmp->type = $challenge['type'];
$tmp->attributes = $challenge['attributes'];
if ($tmp->type === "webauthn") {
if ($tmp->type === "webauthn")
{
$t = $challenge['attributes']['webAuthnSignRequest'];
$tmp->webAuthnSignRequest = json_encode($t);
}
if($tmp->type === "u2f") {
if ($tmp->type === "u2f")
{
$t = $challenge['attributes']['u2fSignRequest'];
$tmp->u2fSignRequest = json_encode($t);
}
......@@ -112,7 +123,8 @@ class PIResponse
public function triggeredTokenTypes()
{
$ret = array();
foreach ($this->multiChallenge as $challenge) {
foreach ($this->multiChallenge as $challenge)
{
array_push($ret, $challenge->type);
}
return array_unique($ret);
......@@ -124,8 +136,10 @@ class PIResponse
*/
public function otpMessage()
{
foreach ($this->multiChallenge as $challenge) {
if ($challenge->type !== "push" && $challenge->type !== "webauthn") {
foreach ($this->multiChallenge as $challenge)
{
if ($challenge->type !== "push" && $challenge->type !== "webauthn")
{
return $challenge->message;
}
}
......@@ -138,8 +152,10 @@ class PIResponse
*/
public function pushMessage()
{
foreach ($this->multiChallenge as $challenge) {
if ($challenge->type === "push") {
foreach ($this->multiChallenge as $challenge)
{
if ($challenge->type === "push")
{
return $challenge->message;
}
}
......@@ -152,8 +168,10 @@ class PIResponse
*/
public function webauthnMessage()
{
foreach ($this->multiChallenge as $challenge) {
if ($challenge->type === "webauthn") {
foreach ($this->multiChallenge as $challenge)
{
if ($challenge->type === "webauthn")
{
return $challenge->message;
}
}
......@@ -167,8 +185,10 @@ class PIResponse
public function webAuthnSignRequest()
{
$ret = "";
foreach ($this->multiChallenge as $challenge) {
if ($challenge->type === "webauthn") {
foreach ($this->multiChallenge as $challenge)
{
if ($challenge->type === "webauthn")
{
$ret = $challenge->webAuthnSignRequest;
break;
}
......@@ -179,8 +199,10 @@ class PIResponse
public function u2fSignRequest()
{
$ret = "";
foreach ($this->multiChallenge as $challenge) {
if ($challenge->type === "u2f") {
foreach ($this->multiChallenge as $challenge)
{
if ($challenge->type === "u2f")
{
$ret = $challenge->u2fSignRequest;
break;
}
......
......@@ -51,7 +51,8 @@ class PrivacyIDEA
*/
function debugLog($message)
{
if ($this->logger != null) {
if ($this->logger != null)
{
$this->logger->piDebug($message);
}
}
......@@ -62,7 +63,8 @@ class PrivacyIDEA
*/
function errorLog($message)
{
if ($this->logger != null) {
if ($this->logger != null)
{
$this->logger->piError($message);
}
}
......@@ -85,14 +87,17 @@ class PrivacyIDEA
$this->debugLog("validateCheck() with user=" . $username . ", pass=" . $pass . " and if is set transactionID " . $transactionID);
//Check if parameters are set
if (!empty($username) || !empty($pass)) {
if (!empty($username) || !empty($pass))
{
$params["user"] = $username;
$params["pass"] = $pass;
if (!empty($transactionID)) {
if (!empty($transactionID))
{
//Add transaction ID in case of challenge response
$params["transaction_id"] = $transactionID;
}
if ($this->realm) {
if ($this->realm)
{
$params["realm"] = $this->realm;
}
......@@ -101,11 +106,13 @@ class PrivacyIDEA
//Return the response from /validate/check as PIResponse object
$ret = PIResponse::fromJSON($response, $this);
if ($ret == null) {
if ($ret == null)
{
$this->debugLog("privacyIDEA - Validate Check: no response from PI-server");
}
return $ret;
} else {
} else
{
//Handle debug message if $username is empty
$this->debugLog("privacyIDEA - Validate Check: params incomplete!");
}
......@@ -127,7 +134,8 @@ class PrivacyIDEA
// Log entry of the pollTransaction()
$this->debugLog("triggerChallenge() with username=" . $username);
if ($username) {
if ($username)
{
$authToken = $this->getAuthToken();
// If error occurred in getAuthToken() - return this error in PIResponse object
$header = array("authorization:" . $authToken);
......@@ -140,12 +148,14 @@ class PrivacyIDEA
//Return the response from /validate/triggerchallenge as PIResponse object
$ret = PIResponse::fromJSON($response, $this);
if ($ret == null) {
if ($ret == null)
{
$this->debugLog("privacyIDEA - Trigger Challenge: no response from PI-server");
}
return $ret;
} else {
} else
{
//Handle debug message if empty $username
$this->debugLog("privacyIDEA - Trigger Challenge: no username");
}
......@@ -166,7 +176,8 @@ class PrivacyIDEA
// Log entry of the pollTransaction()
$this->debugLog("pollTransaction() with transaction ID=" . $transactionID);
if (!empty($transactionID)) {
if (!empty($transactionID))
{
$params = array("transaction_id" => $transactionID);
// Call /validate/polltransaction using transactionID and decode it from JSON
$responseJSON = $this->sendRequest($params, array(''), 'GET', '/validate/polltransaction');
......@@ -174,7 +185,8 @@ class PrivacyIDEA
//Return the response from /validate/polltransaction
return $response['result']['value'];
} else {
} else
{
//Handle debug message if $transactionID is empty
$this->debugLog("privacyIDEA - Poll Transaction: No transaction ID");
}
......@@ -197,7 +209,8 @@ class PrivacyIDEA
assert('string' === gettype($username));
assert('string' === gettype($type));
assert('string' === gettype($genkey));
if (isset($description)) {
if (isset($description))
{
assert('string' === gettype($description));
}
......@@ -205,7 +218,8 @@ class PrivacyIDEA
$this->debugLog("privacyIDEA - enrollToken() with user=" . $username . ", genkey=" . $genkey . ", type=" . $type . ", description=" . $description);
// Check if parameters contain the required keys
if (empty($username) || empty($type)) {
if (empty($username) || empty($type))
{
$this->debugLog("privacyIDEA - Enroll Token: Token enrollment not possible because params are not complete");
return array();
}
......@@ -223,11 +237,13 @@ class PrivacyIDEA
// Check if user has token
$tokenInfo = json_decode($this->sendRequest(array("user" => $params['user']), $header, 'GET', '/token/'));
if (!empty($tokenInfo->result->value->tokens)) {
if (!empty($tokenInfo->result->value->tokens))
{
$this->debugLog("privacyIDEA - Enroll Token: User already has a token. No need to enroll a new one.");
return array();
} else {
} else
{
// Call /token/init endpoint and return the PI response
return json_decode($this->sendRequest($params, $header, 'POST', '/token/init'));
}
......@@ -254,14 +270,16 @@ class PrivacyIDEA
$this->debugLog("ValidateCheckWebAuthn with user=" . $username . ", transactionID=" . $transactionID . ", WebAuthnSignResponse=" . $webAuthnSignResponse . ", origin=" . $origin);
// Check if parameters are set
if (!empty($username) || !empty($transactionID)) {
if (!empty($username) || !empty($transactionID))
{
// Compose standard validate/check params
$params["user"] = $username;
$params["pass"] = "";
$params["transaction_id"] = $transactionID;
if ($this->realm) {
if ($this->realm)
{
$params["realm"] = $this->realm;
}
......@@ -273,10 +291,12 @@ class PrivacyIDEA
$params[SIGNATUREDATA] = $tmp[SIGNATUREDATA];
$params[AUTHENTICATORDATA] = $tmp[AUTHENTICATORDATA];
if (!empty($tmp[USERHANDLE])) {
if (!empty($tmp[USERHANDLE]))
{
$params[USERHANDLE] = $tmp[USERHANDLE];
}
if (!empty($tmp[ASSERTIONCLIENTEXTENSIONS])) {
if (!empty($tmp[ASSERTIONCLIENTEXTENSIONS]))
{
$params[ASSERTIONCLIENTEXTENSIONS] = $tmp[ASSERTIONCLIENTEXTENSIONS];
}
......@@ -287,12 +307,14 @@ class PrivacyIDEA
//Return the response from /validate/check as PIResponse object
$ret = PIResponse::fromJSON($response, $this);
if ($ret == null) {
if ($ret == null)
{
$this->debugLog("privacyIDEA - WebAuthn: no response from PI-server");
}
return $ret;
} else {
} else
{
//Handle debug message if $username is empty
$this->debugLog("privacyIDEA - WebAuthn: params incomplete!");
}
......@@ -318,14 +340,16 @@ class PrivacyIDEA
$this->debugLog("ValidateCheckU2F with user=" . $username . ", transactionID=" . $transactionID . ", u2fSignResponse=" . $u2fSignResponse);
// Check if parameters are set
if (!empty($username) || !empty($transactionID) || !empty($u2fSignResponse)) {
if (!empty($username) || !empty($transactionID) || !empty($u2fSignResponse))
{
// Compose standard validate/check params
$params["user"] = $username;
$params["pass"] = "";
$params["transaction_id"] = $transactionID;
if ($this->realm) {
if ($this->realm)
{
$params["realm"] = $this->realm;
}
......@@ -339,12 +363,14 @@ class PrivacyIDEA
//Return the response from /validate/check as PIResponse object
$ret = PIResponse::fromJSON($response, $this);
if ($ret == null) {
if ($ret == null)
{
$this->debugLog("privacyIDEA - U2F: no response from PI-server");
}
return $ret;
} else {
} else
{
//Handle debug message if $username is empty
$this->debugLog("privacyIDEA - U2F: params incomplete!");
}
......@@ -369,7 +395,8 @@ class PrivacyIDEA
*/
public function getAuthToken()
{
if (!$this->serviceAccountAvailable()) {
if (!$this->serviceAccountAvailable())
{
$this->errorLog("Cannot retrieve auth token without service account");
return false;
}
......@@ -380,14 +407,16 @@ class PrivacyIDEA
"password" => $this->serviceAccountPass
);
if ($this->serviceAccountRealm != null && $this->serviceAccountRealm != "") {
if ($this->serviceAccountRealm != null && $this->serviceAccountRealm != "")
{
$params["realm"] = $this->serviceAccountRealm;
}
// Call /auth endpoint and decode the response from JSON to PHP
$response = json_decode($this->sendRequest($params, array(''), 'POST', '/auth'), true);
if (!empty($response['result']['value'])) {
if (!empty($response['result']['value']))
{
// Get auth token from response->result->value->token and return the token
return $response['result']['value']['token'];
}
......@@ -424,19 +453,24 @@ class PrivacyIDEA
curl_setopt($curlInstance, CURLOPT_URL, $completeUrl);
curl_setopt($curlInstance, CURLOPT_HEADER, true);
if ($headers) {
if ($headers)
{
curl_setopt($curlInstance, CURLOPT_HTTPHEADER, $headers);
}
curl_setopt($curlInstance, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curlInstance, CURLOPT_USERAGENT, $this->userAgent);
if ($httpMethod === "POST") {
if ($httpMethod === "POST")
{
curl_setopt($curlInstance, CURLOPT_POST, true);
curl_setopt($curlInstance, CURLOPT_POSTFIELDS, $params);
} elseif ($httpMethod === "GET") {
} elseif ($httpMethod === "GET")
{
$paramsStr = '?';
if (!empty($params)) {
foreach ($params as $key => $value) {
if (!empty($params))
{
foreach ($params as $key => $value)
{
$paramsStr .= $key . "=" . $value . "&";
}
}
......@@ -445,22 +479,27 @@ class PrivacyIDEA
// Check if you should to verify privacyIDEA's SSL certificate in your config
// If true - do it, if false - don't verify
if ($this->sslVerifyHost === true) {
if ($this->sslVerifyHost === true)
{
curl_setopt($curlInstance, CURLOPT_SSL_VERIFYHOST, 2);
} else {
} else
{
curl_setopt($curlInstance, CURLOPT_SSL_VERIFYHOST, 0);
}
if ($this->sslVerifyPeer === true) {
if ($this->sslVerifyPeer === true)
{
curl_setopt($curlInstance, CURLOPT_SSL_VERIFYPEER, 2);
} else {
} else
{
curl_setopt($curlInstance, CURLOPT_SSL_VERIFYPEER, 0);
}
//Store response in the variable
$response = curl_exec($curlInstance);
if (!$response) {
if (!$response)
{
//Handle error if no response and return an empty string
$curlErrno = curl_errno($curlInstance);
$this->errorLog("privacyIDEA-SDK: Bad request to PI server. " . curl_error($curlInstance) . " errno: " . $curlErrno);
......@@ -471,7 +510,8 @@ class PrivacyIDEA
$ret = substr($response, $headerSize);
// Log the response
if ($endpoint != "/auth") {
if ($endpoint != "/auth")
{
$retJson = json_decode($ret, true);
$this->debugLog($endpoint . " returned " . json_encode($retJson, JSON_PRETTY_PRINT));
}
......
......@@ -10,10 +10,12 @@ spl_autoload_register('autoLoader');
function autoLoader($className)
{
$fullPath = dirname(__FILE__) . "/" . $className . ".php";
if (file_exists($fullPath)) {
if (file_exists($fullPath))
{
require_once $fullPath;
return true;
} else {
} else
{
return false;
}
}
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment