diff --git a/modules/saml/hooks/hook_metadata_hosted.php b/modules/saml/hooks/hook_metadata_hosted.php index e1dc65c36f81892947e651fc296020ad3bfb7090..9a13aa878befa7da01edfa760b48b7bc2fe19caa 100644 --- a/modules/saml/hooks/hook_metadata_hosted.php +++ b/modules/saml/hooks/hook_metadata_hosted.php @@ -4,8 +4,8 @@ * Hook to add the metadata for hosted entities to the frontpage. * * @param array &$metadataHosted The metadata links for hosted metadata on the frontpage. + * @return void */ - function saml_hook_metadata_hosted(&$metadataHosted) { assert(is_array($metadataHosted)); @@ -13,6 +13,7 @@ function saml_hook_metadata_hosted(&$metadataHosted) $sources = \SimpleSAML\Auth\Source::getSourcesOfType('saml:SP'); foreach ($sources as $source) { + /** @var \SimpleSAML\Auth\Source $source */ $metadata = $source->getMetadata(); $name = $metadata->getValue('name', null); diff --git a/modules/saml/lib/Auth/Process/AuthnContextClassRef.php b/modules/saml/lib/Auth/Process/AuthnContextClassRef.php index 106d7b51f06f7472ece5bc013f6f38e3fa938958..f579d2c5528802ed4e65c7e3afe8b0609f8e8693 100644 --- a/modules/saml/lib/Auth/Process/AuthnContextClassRef.php +++ b/modules/saml/lib/Auth/Process/AuthnContextClassRef.php @@ -7,15 +7,14 @@ namespace SimpleSAML\Module\saml\Auth\Process; * * @package SimpleSAMLphp */ - class AuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter { /** * The URI we should set as the AuthnContextClassRef in the login response. * - * @var string + * @var string|null */ - private $authnContextClassRef; + private $authnContextClassRef = null; /** @@ -43,6 +42,7 @@ class AuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter * Set the AuthnContextClassRef in the SAML 2 response. * * @param array &$state The state array for this request. + * @return void */ public function process(&$state) { diff --git a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php index fd6277732326b7bfad1cc82bce053b7f3d217b85..b7aa14698a55f5443b104c520737dd6862850d20 100644 --- a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php +++ b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php @@ -29,9 +29,9 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter /** * AuthnContextClassRef of the assertion - * @var string + * @var string|null */ - private $AuthnContextClassRef; + private $AuthnContextClassRef = null; /** @@ -62,6 +62,7 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter /** * * @param array &$request The current request + * @return void */ public function process(&$request) { @@ -87,6 +88,7 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter * permission logic. * * @param array $request + * @return void */ protected function unauthorized(&$request) { diff --git a/modules/saml/lib/Auth/Process/FilterScopes.php b/modules/saml/lib/Auth/Process/FilterScopes.php index 67ef886df09e4dec683df2fbced1bf02d6c1ca44..1478112be462d1a4956a16d818dbca8f61609faa 100644 --- a/modules/saml/lib/Auth/Process/FilterScopes.php +++ b/modules/saml/lib/Auth/Process/FilterScopes.php @@ -15,7 +15,7 @@ use SimpleSAML\Logger; class FilterScopes extends \SimpleSAML\Auth\ProcessingFilter { /** - * Stores any pre-configured scoped attributes which come from the filter configuration. + * @var array Stores any pre-configured scoped attributes which come from the filter configuration. */ private $scopedAttributes = [ 'eduPersonScopedAffiliation', @@ -44,6 +44,7 @@ class FilterScopes extends \SimpleSAML\Auth\ProcessingFilter * This method applies the filter, removing any values * * @param array &$request the current request + * @return void */ public function process(&$request) { diff --git a/modules/saml/lib/Auth/Process/NameIDAttribute.php b/modules/saml/lib/Auth/Process/NameIDAttribute.php index e8c27dba78416342ff436bb0b6e73b64b6cb33a5..1ee6e5f421cd4faaed1fe65f346e64269b117f0c 100644 --- a/modules/saml/lib/Auth/Process/NameIDAttribute.php +++ b/modules/saml/lib/Auth/Process/NameIDAttribute.php @@ -103,6 +103,7 @@ class NameIDAttribute extends \SimpleSAML\Auth\ProcessingFilter * Convert NameID to attribute. * * @param array &$state The request state. + * @return void */ public function process(&$state) { diff --git a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php index f627f164e777314b908164d3081e6510cba26a75..7bf2e2f1bbc1043da516f141ae333f38dab0dbf7 100644 --- a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php +++ b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php @@ -21,7 +21,7 @@ class PersistentNameID2TargetedID extends \SimpleSAML\Auth\ProcessingFilter /** * Whether we should insert it as an saml:NameID element. * - * @var boolean + * @var bool */ private $nameId; @@ -55,6 +55,7 @@ class PersistentNameID2TargetedID extends \SimpleSAML\Auth\ProcessingFilter * Store a NameID to attribute. * * @param array &$state The request state. + * @return void */ public function process(&$state) { diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php index 9187ed846df8b77813ac994018aa381b0bff957f..62cf5331e1b3cad865a1400317a54a0fd7b49f92 100644 --- a/modules/saml/lib/Auth/Source/SP.php +++ b/modules/saml/lib/Auth/Source/SP.php @@ -86,6 +86,7 @@ class SP extends Source } } + /** * Retrieve the URL to the metadata of this SP. * @@ -96,6 +97,7 @@ class SP extends Source return \SimpleSAML\Module::getModuleURL('saml/sp/metadata.php/'.urlencode($this->authId)); } + /** * Retrieve the entity id of this SP. * @@ -440,6 +442,7 @@ class SP extends Source * * @param \SimpleSAML\Configuration $idpMetadata The metadata of the IdP. * @param array $state The state array for the current authentication. + * @return void */ private function startSSO1(\SimpleSAML\Configuration $idpMetadata, array $state) { @@ -471,11 +474,13 @@ class SP extends Source \SimpleSAML\Utils\HTTP::redirectTrustedURL($url); } + /** * Send a SAML2 SSO request to an IdP * * @param \SimpleSAML\Configuration $idpMetadata The metadata of the IdP. * @param array $state The state array for the current authentication. + * @return void */ private function startSSO2(\SimpleSAML\Configuration $idpMetadata, array $state) { @@ -647,6 +652,7 @@ class SP extends Source assert(false); } + /** * Function to actually send the authentication request. * @@ -655,6 +661,7 @@ class SP extends Source * @param array &$state The state array. * @param \SAML2\Binding $binding The binding. * @param \SAML2\AuthnRequest $ar The authentication request. + * @return void */ public function sendSAML2AuthnRequest(array &$state, \SAML2\Binding $binding, \SAML2\AuthnRequest $ar) { @@ -662,11 +669,13 @@ class SP extends Source assert(false); } + /** * Send a SSO request to an IdP. * * @param string $idp The entity ID of the IdP. * @param array $state The state array for the current authentication. + * @return void */ public function startSSO($idp, array $state) { @@ -688,10 +697,12 @@ class SP extends Source } } + /** * Start an IdP discovery service operation. * * @param array $state The state array. + * @return void */ private function startDisco(array $state) { @@ -722,12 +733,14 @@ class SP extends Source \SimpleSAML\Utils\HTTP::redirectTrustedURL($discoURL, $params); } + /** * Start login. * * This function saves the information about the login, and redirects to the IdP. * * @param array &$state Information about the current authentication. + * @return void */ public function authenticate(&$state) { @@ -779,6 +792,7 @@ class SP extends Source assert(false); } + /** * Re-authenticate an user. * @@ -786,6 +800,7 @@ class SP extends Source * interact with the user even in the case when the user is already authenticated. * * @param array &$state Information about the current authentication. + * @return void */ public function reauthenticate(array &$state) { @@ -867,6 +882,7 @@ class SP extends Source * - 'core:IdP': the identifier of the local IdP. * - 'SPMetadata': an array with the metadata of this local SP. * + * @return void * @throws \SimpleSAML\Error\NoPassive In case the authentication request was passive. */ public static function askForIdPChange(array &$state) @@ -891,12 +907,14 @@ class SP extends Source assert(false); } + /** * Log the user out before logging in again. * * This method will never return. * * @param array $state The state array. + * @return void */ public static function reauthLogout(array $state) { @@ -912,10 +930,12 @@ class SP extends Source assert(false); } + /** * Complete login operation after re-authenticating the user on another IdP. * * @param array $state The authentication state. + * @return void */ public static function reauthPostLogin(array $state) { @@ -931,6 +951,7 @@ class SP extends Source assert(false); } + /** * Post-logout handler for re-authentication. * @@ -938,6 +959,7 @@ class SP extends Source * * @param \SimpleSAML\IdP $idp The IdP we are logging out from. * @param array &$state The state array with the state during logout. + * @return void */ public static function reauthPostLogout(\SimpleSAML\IdP $idp, array $state) { @@ -956,10 +978,12 @@ class SP extends Source assert(false); } + /** * Start a SAML 2 logout operation. * * @param array $state The logout state. + * @return void */ public function startSLO2(&$state) { @@ -1004,10 +1028,12 @@ class SP extends Source assert(false); } + /** * Start logout operation. * * @param array $state The logout state. + * @return void */ public function logout(&$state) { @@ -1028,12 +1054,14 @@ class SP extends Source } } + /** * Handle a response from a SSO operation. * * @param array $state The authentication state. * @param string $idp The entity id of the IdP. * @param array $attributes The attributes. + * @return void */ public function handleResponse(array $state, $idp, array $attributes) { @@ -1073,10 +1101,12 @@ class SP extends Source self::onProcessingCompleted($authProcState); } + /** * Handle a logout request from an IdP. * * @param string $idpEntityId The entity ID of the IdP. + * @return void */ public function handleLogout($idpEntityId) { @@ -1086,6 +1116,7 @@ class SP extends Source $this->callLogoutCallback($idpEntityId); } + /** * Handle an unsolicited login operations. * @@ -1099,6 +1130,7 @@ class SP extends Source * the session. The function will check if the URL is allowed, so there is no need to * manually check the URL on beforehand. Please refer to the 'trusted.url.domains' * configuration directive for more information about allowing (or disallowing) URLs. + * @return void */ public static function handleUnsolicitedAuth($authId, array $state, $redirectTo) { @@ -1111,10 +1143,12 @@ class SP extends Source \SimpleSAML\Utils\HTTP::redirectUntrustedURL($redirectTo); } + /** * Called when we have completed the procssing chain. * * @param array $authProcState The processing chain state. + * @return void */ public static function onProcessingCompleted(array $authProcState) { diff --git a/modules/saml/lib/BaseNameIDGenerator.php b/modules/saml/lib/BaseNameIDGenerator.php index 39a4a3f00e61969ad8a7a264806554829ca1c98b..7c7bcf2c2064927e723e1ab1efe61c865b0b73ef 100644 --- a/modules/saml/lib/BaseNameIDGenerator.php +++ b/modules/saml/lib/BaseNameIDGenerator.php @@ -7,7 +7,6 @@ namespace SimpleSAML\Module\saml; * * @package SimpleSAMLphp */ - abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter { /** @@ -37,11 +36,11 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter /** * The format of this NameID. * - * This property must be initialized the subclass. + * This property must be set by the subclass. * - * @var string + * @var string|null */ - protected $format; + protected $format = null; /** @@ -81,6 +80,7 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter * Generate transient NameID. * * @param array &$state The request state. + * @return void */ public function process(&$state) { diff --git a/modules/saml/lib/IdP/SAML1.php b/modules/saml/lib/IdP/SAML1.php index e158a666b590f08c8b7add6e289ce48a4cd2b324..5e78d48278a6bc7e63728120b41b60e2f88ab643 100644 --- a/modules/saml/lib/IdP/SAML1.php +++ b/modules/saml/lib/IdP/SAML1.php @@ -12,10 +12,8 @@ use SimpleSAML\Utils\HTTP; * * @package SimpleSAMLphp */ - class SAML1 { - /** * Retrieve the metadata of a hosted SAML 1.1 IdP. * @@ -73,7 +71,7 @@ class SAML1 ); if (!$config->hasValue('OrganizationURL')) { - throw new \SimpleSAMl\Error\Exception('If OrganizationName is set, OrganizationURL must also be set.'); + throw new \SimpleSAML\Error\Exception('If OrganizationName is set, OrganizationURL must also be set.'); } $metadata['OrganizationURL'] = $config->getLocalizedString('OrganizationURL'); } @@ -125,6 +123,7 @@ class SAML1 * Send a response to the SP. * * @param array $state The authentication state. + * @return void */ public static function sendResponse(array $state) { @@ -176,6 +175,7 @@ class SAML1 * Receive an authentication request. * * @param \SimpleSAML\IdP $idp The IdP we are receiving it for. + * @return void */ public static function receiveAuthnRequest(\SimpleSAML\IdP $idp) { diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php index bce1bf077dbb38802f86e6cd13bea26e087b54c0..59e03177590329097414cb1421dd34917c1afded 100644 --- a/modules/saml/lib/IdP/SAML2.php +++ b/modules/saml/lib/IdP/SAML2.php @@ -17,13 +17,13 @@ use SimpleSAML\Utils\HTTP; * * @package SimpleSAMLphp */ - class SAML2 { /** * Send a response to the SP. * * @param array $state The authentication state. + * @return void */ public static function sendResponse(array $state) { @@ -101,6 +101,7 @@ class SAML2 * \SimpleSAML\Error\Exception $exception The exception. * * @param array $state The error state. + * @return void */ public static function handleAuthError(\SimpleSAML\Error\Exception $exception, array $state) { @@ -162,11 +163,11 @@ class SAML2 * * @param array $supportedBindings The bindings we allow for the response. * @param \SimpleSAML\Configuration $spMetadata The metadata for the SP. - * @param string|NULL $AssertionConsumerServiceURL AssertionConsumerServiceURL from request. - * @param string|NULL $ProtocolBinding ProtocolBinding from request. - * @param int|NULL $AssertionConsumerServiceIndex AssertionConsumerServiceIndex from request. + * @param string|null $AssertionConsumerServiceURL AssertionConsumerServiceURL from request. + * @param string|null $ProtocolBinding ProtocolBinding from request. + * @param int|null $AssertionConsumerServiceIndex AssertionConsumerServiceIndex from request. * - * @return array Array with the Location and Binding we should use for the response. + * @return array|null Array with the Location and Binding we should use for the response. */ private static function getAssertionConsumerService( array $supportedBindings, @@ -252,6 +253,7 @@ class SAML2 * Receive an authentication request. * * @param \SimpleSAML\IdP $idp The IdP we are receiving it for. + * @return void * @throws \SimpleSAML\Error\BadRequest In case an error occurs when trying to receive the request. */ public static function receiveAuthnRequest(\SimpleSAML\IdP $idp) @@ -463,12 +465,14 @@ class SAML2 $idp->handleAuthenticationRequest($state); } + /** * Send a logout request to a given association. * * @param \SimpleSAML\IdP $idp The IdP we are sending a logout request from. * @param array $association The association that should be terminated. - * @param string|NULL $relayState An id that should be carried across the logout. + * @param string|null $relayState An id that should be carried across the logout. + * @return void */ public static function sendLogoutRequest(\SimpleSAML\IdP $idp, array $association, $relayState) { @@ -505,6 +509,7 @@ class SAML2 * * @param \SimpleSAML\IdP $idp The IdP we are sending a logout request from. * @param array &$state The logout state array. + * @return void */ public static function sendLogoutResponse(\SimpleSAML\IdP $idp, array $state) { @@ -562,6 +567,7 @@ class SAML2 * Receive a logout message. * * @param \SimpleSAML\IdP $idp The IdP we are receiving it for. + * @return void * @throws \SimpleSAML\Error\BadRequest In case an error occurs while trying to receive the logout message. */ public static function receiveLogoutMessage(\SimpleSAML\IdP $idp) diff --git a/modules/saml/lib/IdP/SQLNameID.php b/modules/saml/lib/IdP/SQLNameID.php index 95d5712df26a64a808b072144af9e397b905acee..e62f77f0f76787b89500621397dbc74cec1b2aef 100644 --- a/modules/saml/lib/IdP/SQLNameID.php +++ b/modules/saml/lib/IdP/SQLNameID.php @@ -7,13 +7,13 @@ namespace SimpleSAML\Module\saml\IdP; * * @package SimpleSAMLphp */ - class SQLNameID { /** * Create NameID table in SQL, if it is missing. * * @param \SimpleSAML\Store\SQL $store The datastore. + * @return void */ private static function createTable(\SimpleSAML\Store\SQL $store) { @@ -68,6 +68,7 @@ class SQLNameID * @param string $spEntityId The SP entityID. * @param string $user The user's unique identificator (e.g. username). * @param string $value The NameID value. + * @return void */ public static function add($idpEntityId, $spEntityId, $user, $value) { @@ -98,7 +99,7 @@ class SQLNameID * @param string $idpEntityId The IdP entityID. * @param string $spEntityId The SP entityID. * @param string $user The user's unique identificator (e.g. username). - * @return string|NULL $value The NameID value, or NULL of no NameID value was found. + * @return string|null $value The NameID value, or NULL of no NameID value was found. */ public static function get($idpEntityId, $spEntityId, $user) { @@ -135,6 +136,7 @@ class SQLNameID * @param string $idpEntityId The IdP entityID. * @param string $spEntityId The SP entityID. * @param string $user The user's unique identificator (e.g. username). + * @return void */ public static function delete($idpEntityId, $spEntityId, $user) { diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php index a0f71931047530360fb41d4168301d57d6b14393..c68a2647cb7f597db4ec2f8fa3b2ee8ac77bba7a 100644 --- a/modules/saml/lib/Message.php +++ b/modules/saml/lib/Message.php @@ -19,6 +19,7 @@ class Message * @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender. * @param \SimpleSAML\Configuration $dstMetadata The metadata of the recipient. * @param \SAML2\SignedElement $element The element we should add the data to. + * @return void */ public static function addSign( \SimpleSAML\Configuration $srcMetadata, @@ -68,6 +69,7 @@ class Message * @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender. * @param \SimpleSAML\Configuration $dstMetadata The metadata of the recipient. * @param \SAML2\Message $message The message we should add the data to. + * @return void */ private static function addRedirectSign( \SimpleSAML\Configuration $srcMetadata, @@ -144,7 +146,7 @@ class Message * * @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender. * @param \SAML2\SignedElement $element Either a \SAML2\Response or a \SAML2\Assertion. - * @return boolean True if the signature is correct, false otherwise. + * @return bool True if the signature is correct, false otherwise. * * @throws \SimpleSAML\Error\Exception if there is not certificate in the metadata for the entity. * @throws \Exception if the signature validation fails with an exception. @@ -233,6 +235,7 @@ class Message * @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender. * @param \SimpleSAML\Configuration $dstMetadata The metadata of the recipient. * @param \SAML2\Message $message The message we should check the signature on. + * @return void * * @throws \SimpleSAML\Error\Exception if message validation is enabled, but there is no signature in the message. */ @@ -396,6 +399,8 @@ class Message $lastException = $e; } } + + /** @var \Exception $lastException */ throw $lastException; } diff --git a/modules/saml/lib/SP/LogoutStore.php b/modules/saml/lib/SP/LogoutStore.php index 8ea35423a5c3e81bd937f1d7bcd9cff1857f547d..7d995b369a01f0a43a947e91a2b83d96d1e33806 100644 --- a/modules/saml/lib/SP/LogoutStore.php +++ b/modules/saml/lib/SP/LogoutStore.php @@ -14,6 +14,7 @@ class LogoutStore * Create logout table in SQL, if it is missing. * * @param \SimpleSAML\Store\SQL $store The datastore. + * @return void */ private static function createLogoutTable(\SimpleSAML\Store\SQL $store) { @@ -70,6 +71,7 @@ class LogoutStore * Clean the logout table of expired entries. * * @param \SimpleSAML\Store\SQL $store The datastore. + * @return void */ private static function cleanLogoutStore(\SimpleSAML\Store\SQL $store) { @@ -90,6 +92,9 @@ class LogoutStore * @param string $authId The authsource ID. * @param string $nameId The hash of the users NameID. * @param string $sessionIndex The SessionIndex of the user. + * @param int $expire + * @param string $sessionId + * @return void */ private static function addSessionSQL( \SimpleSAML\Store\SQL $store, @@ -102,8 +107,8 @@ class LogoutStore assert(is_string($authId)); assert(is_string($nameId)); assert(is_string($sessionIndex)); - assert(is_string($sessionId)); assert(is_int($expire)); + assert(is_string($sessionId)); self::createLogoutTable($store); @@ -202,6 +207,8 @@ class LogoutStore * @param string $authId The authsource ID. * @param \SAML2\XML\saml\NameID $nameId The NameID of the user. * @param string|null $sessionIndex The SessionIndex of the user. + * @param int $expire + * @return void */ public static function addSession($authId, $nameId, $sessionIndex, $expire) { @@ -254,7 +261,7 @@ class LogoutStore * @param string $authId The authsource ID. * @param \SAML2\XML\saml\NameID $nameId The NameID of the user. * @param array $sessionIndexes The SessionIndexes we should log out of. Logs out of all if this is empty. - * @returns int|false Number of sessions logged out, or FALSE if not supported. + * @return int|false Number of sessions logged out, or FALSE if not supported. */ public static function logoutSessions($authId, $nameId, array $sessionIndexes) {