Merge branch 'master' into Xnew-ui

0d5b908b · Tim van Dijen · GitHub · 7e502d47 · ea234eea · 0d5b908b
Unverified Commit 0d5b908b authored 6 years ago by Tim van Dijen Committed by GitHub 6 years ago
--- a/modules/oauth/config-template/module_oauth.php
+++ b/modules/oauth/config-template/module_oauth.php
@@ -4,15 +4,15 @@
 * 
 */

-$config = array (
+$config = array(
    /* Enable the getUserInfo endpoint. Do not enable unless you know what you do.
     * It may give external parties access to userInfo unless properly secured.
     */
    'getUserInfo.enable' => true,

-    'requestTokenDuration' => 60*30, // 30 minutes
-    'accessTokenDuration'  => 60*60*24, // 24 hours
-    'nonceCache'           => 60*60*24*14, // 14 days
+    'requestTokenDuration' => 60 * 30, // 30 minutes
+    'accessTokenDuration'  => 60 * 60 * 24, // 24 hours
+    'nonceCache'           => 60 * 60 * 24 * 14, // 14 days

    // Tag to run storage cleanup script using the cron module...
    'cron_tag' => 'hourly',
@@ -21,4 +21,4 @@ $config = array (
    // useridattr is the attribute-name that contains the userid as returned from idp
    'auth' => 'default-sp',
    'useridattr', 'user',
-);
+);
\ No newline at end of file
--- a/modules/oauth/hooks/hook_cron.php
+++ b/modules/oauth/hooks/hook_cron.php
@@ -24,10 +24,10 @@ function oauth_hook_cron(&$croninfo)
    try {
        $store = new \SimpleSAML\Module\core\Storage\SQLPermanentStorage('oauth');
        $cleaned = $store->removeExpired();
-        $croninfo['summary'][] = 'OAuth clean up. Removed ' . $cleaned . ' expired entries from OAuth storage.';
+        $croninfo['summary'][] = 'OAuth clean up. Removed '.$cleaned.' expired entries from OAuth storage.';
    } catch (\Exception $e) {
-        $message = 'OAuth clean up cron script failed: ' . $e->getMessage();
+        $message = 'OAuth clean up cron script failed: '.$e->getMessage();
        \SimpleSAML\Logger::warning($message);
        $croninfo['summary'][] = $message;
    }
-}
+}
\ No newline at end of file
--- a/modules/oauth/lib/Registry.php
+++ b/modules/oauth/lib/Registry.php
@@ -13,8 +13,8 @@ class Registry
 {
    protected function getStandardField($request, &$entry, $key)
    {
-        if (array_key_exists('field_' . $key, $request)) {
-            $entry[$key] = $request['field_' . $key];
+        if (array_key_exists('field_'.$key, $request)) {
+            $entry[$key] = $request['field_'.$key];
        } else if (isset($entry[$key])) {
            unset($entry[$key]);
        }
@@ -39,10 +39,12 @@ class Registry

    protected function requireStandardField($request, $key)
    {
-        if (!array_key_exists('field_' . $key, $request))
-            throw new \Exception('Required field [' . $key . '] was missing.');
-        if (empty($request['field_' . $key]))
-            throw new \Exception('Required field [' . $key . '] was empty.');
+        if (!array_key_exists('field_'.$key, $request)) {
+            throw new \Exception('Required field ['.$key.'] was missing.');
+        }
+        if (empty($request['field_'.$key])) {
+            throw new \Exception('Required field ['.$key.'] was empty.');
+        }
    }

    public function checkForm($request)
@@ -54,7 +56,7 @@ class Registry
 	
    protected function header($name)
    {
-        return '<tr><td>&nbsp;</td><td class="header">' . $name . '</td></tr>';
+        return '<tr><td>&nbsp;</td><td class="header">'.$name.'</td></tr>';
    }

    protected function readonlyDateField($metadata, $key, $name)
@@ -63,7 +65,7 @@ class Registry
        if (array_key_exists($key, $metadata)) {
            $value = date('j. F Y, G:i', $metadata[$key]);
        }
-	return '<tr><td class="name">' . $name . '</td><td class="data">' . $value . '</td></tr>';
+        return '<tr><td class="name">'.$name.'</td><td class="data">'.$value.'</td></tr>';
    }

    protected function readonlyField($metadata, $key, $name)
@@ -72,12 +74,12 @@ class Registry
        if (array_key_exists($key, $metadata)) {
            $value = $metadata[$key];
        }
-        return '<tr><td class="name">' . $name . '</td><td class="data">' . htmlspecialchars($value) . '</td></tr>';
+        return '<tr><td class="name">'.$name.'</td><td class="data">'.htmlspecialchars($value).'</td></tr>';
    }

    protected function hiddenField($key, $value)
    {
-        return '<input type="hidden" name="' . $key . '" value="' . htmlspecialchars($value) . '" />';
+        return '<input type="hidden" name="'.$key.'" value="'.htmlspecialchars($value).'" />';
    }

    protected function flattenLanguageField(&$metadata, $key)
@@ -101,33 +103,33 @@ class Registry
        }

        if ($textarea) {
-            return '<tr><td class="name">' . $name . '</td><td class="data">
-                <textarea name="field_' . $key . '" rows="5" cols="50">' . $value . '</textarea></td></tr>';
+            return '<tr><td class="name">'.$name.'</td><td class="data">
+                <textarea name="field_'.$key.'" rows="5" cols="50">'.$value.'</textarea></td></tr>';
        } else {
-            return '<tr><td class="name">' . $name . '</td><td class="data">
-                <input type="text" size="60" name="field_' . $key . '" value="' . $value . '" /></td></tr>';
+            return '<tr><td class="name">'.$name.'</td><td class="data">
+                <input type="text" size="60" name="field_'.$key.'" value="'.$value.'" /></td></tr>';
        }
    }

    public function metaToForm($metadata)
    {
-        return '<form action="registry.edit.php" method="post">' .
-            '<div id="tabdiv">' .
-            '<ul class="tabset_tabs">' .
-            '<li class="tab-link current" data-tab="basic"><a href="#basic">Name and description</a></li>' .
-            '</ul>' .
-            '<div id="basic" class="tabset_content current"><table class="formtable">' .
-                $this->standardField($metadata, 'name', 'Name of client') .
-                $this->standardField($metadata, 'description', 'Description of client', true) .
-                $this->readonlyField($metadata, 'owner', 'Owner') .
-                $this->standardField($metadata, 'key', 'Consumer Key') .
-                $this->readonlyField($metadata, 'secret', 'Consumer Secret<br />(Used for HMAC_SHA1 signatures)') .
-                $this->standardField($metadata, 'RSAcertificate', 'RSA certificate (PEM)<br />(Used for RSA_SHA1 signatures)', true) .
-                $this->standardField($metadata, 'callback_url', 'Static/enforcing callback-url') .
-            '</table></div>' .
-            '</div>' .
-            $this->hiddenField('field_secret', $metadata['secret']) .
-            '<input type="submit" name="submit" value="Save" style="margin-top: 5px" />' .
+        return '<form action="registry.edit.php" method="post">'.
+            '<div id="tabdiv">'.
+            '<ul class="tabset_tabs">'.
+            '<li class="tab-link current" data-tab="basic"><a href="#basic">Name and description</a></li>'.
+            '</ul>'.
+            '<div id="basic" class="tabset_content current"><table class="formtable">'.
+                $this->standardField($metadata, 'name', 'Name of client').
+                $this->standardField($metadata, 'description', 'Description of client', true).
+                $this->readonlyField($metadata, 'owner', 'Owner').
+                $this->standardField($metadata, 'key', 'Consumer Key').
+                $this->readonlyField($metadata, 'secret', 'Consumer Secret<br />(Used for HMAC_SHA1 signatures)').
+                $this->standardField($metadata, 'RSAcertificate', 'RSA certificate (PEM)<br />(Used for RSA_SHA1 signatures)', true).
+                $this->standardField($metadata, 'callback_url', 'Static/enforcing callback-url').
+            '</table></div>'.
+            '</div>'.
+            $this->hiddenField('field_secret', $metadata['secret']).
+            '<input type="submit" name="submit" value="Save" style="margin-top: 5px" />'.
            '</form>';
    }
 }
--- a/modules/oauth/libextinc/OAuth.php
+++ b/modules/oauth/libextinc/OAuth.php
@@ -61,10 +61,10 @@ class OAuthToken
     */
    public function to_string()
    {
-        return "oauth_token=" .
-        OAuthUtil::urlencode_rfc3986($this->key) .
-        "&oauth_token_secret=" .
-        OAuthUtil::urlencode_rfc3986($this->secret) .
+        return "oauth_token=".
+        OAuthUtil::urlencode_rfc3986($this->key).
+        "&oauth_token_secret=".
+        OAuthUtil::urlencode_rfc3986($this->secret).
        "&oauth_callback_confirmed=true";
    }

@@ -295,10 +295,10 @@ class OAuthRequest
        $scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on")
            ? 'http'
            : 'https';
-        $http_url = ($http_url) ? $http_url : $scheme .
-            '://' . $_SERVER['SERVER_NAME'] .
-            ':' .
-            $_SERVER['SERVER_PORT'] .
+        $http_url = ($http_url) ? $http_url : $scheme.
+            '://'.$_SERVER['SERVER_NAME'].
+            ':'.
+            $_SERVER['SERVER_PORT'].
            $_SERVER['REQUEST_URI'];
        $http_method = ($http_method) ? $http_method : $_SERVER['REQUEST_METHOD'];

@@ -345,13 +345,14 @@ class OAuthRequest
     */
    public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters = null)
    {
-        $parameters = ($parameters) ?  $parameters : array();
+        $parameters = ($parameters) ? $parameters : array();
        $defaults = array("oauth_version" => OAuthRequest::$version,
-                          "oauth_nonce" => OAuthRequest::generate_nonce(),
-                          "oauth_timestamp" => OAuthRequest::generate_timestamp(),
-                          "oauth_consumer_key" => $consumer->key);
-        if ($token)
+                            "oauth_nonce" => OAuthRequest::generate_nonce(),
+                            "oauth_timestamp" => OAuthRequest::generate_timestamp(),
+                            "oauth_consumer_key" => $consumer->key);
+        if ($token) {
            $defaults['oauth_token'] = $token->key;
+        }

        $parameters = array_merge($defaults, $parameters);

@@ -483,7 +484,7 @@ class OAuthRequest
    {
        $first = true;
        if ($realm) {
-            $out = 'Authorization: OAuth realm="' . OAuthUtil::urlencode_rfc3986($realm) . '"';
+            $out = 'Authorization: OAuth realm="'.OAuthUtil::urlencode_rfc3986($realm).'"';
            $first = false;
        } else {
            $out = 'Authorization: OAuth';
@@ -497,9 +498,9 @@ class OAuthRequest
                throw new OAuthException('Arrays not supported in headers');
            }
            $out .= ($first) ? ' ' : ',';
-            $out .= OAuthUtil::urlencode_rfc3986($k) .
-                '="' .
-                OAuthUtil::urlencode_rfc3986($v) .
+            $out .= OAuthUtil::urlencode_rfc3986($k).
+                '="'.
+                OAuthUtil::urlencode_rfc3986($v).
                '"';
            $first = false;
        }
@@ -545,14 +546,14 @@ class OAuthRequest
        $mt = microtime();
        $rand = mt_rand();

-        return md5($mt . $rand); // md5s look nicer than numbers
+        return md5($mt.$rand); // md5s look nicer than numbers
    }
 }

 class OAuthServer
 {
    protected $timestamp_threshold = 300; // in seconds, five minutes
-    protected $version = '1.0';           // hi blaine
+    protected $version = '1.0'; // hi blaine
    protected $signature_methods = array();

    protected $data_store;
@@ -662,8 +663,8 @@ class OAuthServer
        if (!in_array($signature_method,
            array_keys($this->signature_methods))) {
            throw new OAuthException(
-                "Signature method '$signature_method' not supported " .
-                "try one of the following: " .
+                "Signature method '$signature_method' not supported ".
+                "try one of the following: ".
                implode(", ", array_keys($this->signature_methods))
            );
        }
@@ -694,7 +695,7 @@ class OAuthServer
    /**
     * try to find the token for the provided request's token key
     */
-    private function get_token($request, $consumer, $token_type="access")
+    private function get_token($request, $consumer, $token_type = "access")
    {
        $token_field = $request instanceof OAuthRequest
            ? $request->get_parameter('oauth_token')
@@ -705,10 +706,9 @@ class OAuthServer
                $consumer, $token_type, $token_field
            );
            if (!$token) {
-                throw new OAuthException("Invalid $token_type token: $token_field");
+                throw new OAuthException('Invalid '.$token_type.' token: '.$token_field);
            }
-        }
-        else {
+        } else {
            $token = new OAuthToken('', '');
        }
        return $token;
@@ -978,10 +978,10 @@ class OAuthUtil
                // June 12th, 2010 - changed to sort because of issue 164 by hidetaka
                sort($value, SORT_STRING);
                foreach ($value as $duplicate_value) {
-                    $pairs[] = $parameter . '=' . $duplicate_value;
+                    $pairs[] = $parameter.'='.$duplicate_value;
                }
            } else {
-                $pairs[] = $parameter . '=' . $value;
+                $pairs[] = $parameter.'='.$value;
            }
        }
        // For each parameter, the name is separated from the corresponding value by an '=' character (ASCII code 61)

--- a/modules/oauth/www/registry.edit.php
+++ b/modules/oauth/www/registry.edit.php
@@ -24,10 +24,12 @@ if ($session->isValid($authsource)) {

 function requireOwnership($entry, $userid)
 {
-    if (!isset($entry['owner']))
+    if (!isset($entry['owner'])) {
        throw new \Exception('OAuth Consumer has no owner. Which means no one is granted access, not even you.');
-    if ($entry['owner'] !== $userid) 
+    }
+    if ($entry['owner'] !== $userid) {
        throw new \Exception('OAuth Consumer has an owner that is not equal to your userid, hence you are not granted access.');
+    }
 }

 if (array_key_exists('editkey', $_REQUEST)) {

--- a/modules/oauth/www/registry.php
+++ b/modules/oauth/www/registry.php
@@ -24,10 +24,12 @@ if ($session->isValid($authsource)) {

 function requireOwnership($entry, $userid)
 {
-    if (!isset($entry['owner']))
+    if (!isset($entry['owner'])) {
        throw new \Exception('OAuth Consumer has no owner. Which means no one is granted access, not even you.');
-    if ($entry['owner'] !== $userid) 
+    }
+    if ($entry['owner'] !== $userid) {
        throw new \Exception('OAuth Consumer has an owner that is not equal to your userid, hence you are not granted access.');
+    }
 }

 if (isset($_REQUEST['delete'])) {