diff --git a/modules/saml/hooks/hook_metadata_hosted.php b/modules/saml/hooks/hook_metadata_hosted.php
index e1dc65c36f81892947e651fc296020ad3bfb7090..9a13aa878befa7da01edfa760b48b7bc2fe19caa 100644
--- a/modules/saml/hooks/hook_metadata_hosted.php
+++ b/modules/saml/hooks/hook_metadata_hosted.php
@@ -4,8 +4,8 @@
* Hook to add the metadata for hosted entities to the frontpage.
*
* @param array &$metadataHosted The metadata links for hosted metadata on the frontpage.
+ * @return void
*/
-
function saml_hook_metadata_hosted(&$metadataHosted)
{
assert(is_array($metadataHosted));
@@ -13,6 +13,7 @@ function saml_hook_metadata_hosted(&$metadataHosted)
$sources = \SimpleSAML\Auth\Source::getSourcesOfType('saml:SP');
foreach ($sources as $source) {
+ /** @var \SimpleSAML\Auth\Source $source */
$metadata = $source->getMetadata();
$name = $metadata->getValue('name', null);
diff --git a/modules/saml/lib/Auth/Process/AuthnContextClassRef.php b/modules/saml/lib/Auth/Process/AuthnContextClassRef.php
index 106d7b51f06f7472ece5bc013f6f38e3fa938958..f579d2c5528802ed4e65c7e3afe8b0609f8e8693 100644
--- a/modules/saml/lib/Auth/Process/AuthnContextClassRef.php
+++ b/modules/saml/lib/Auth/Process/AuthnContextClassRef.php
@@ -7,15 +7,14 @@ namespace SimpleSAML\Module\saml\Auth\Process;
*
* @package SimpleSAMLphp
*/
-
class AuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
{
/**
* The URI we should set as the AuthnContextClassRef in the login response.
*
- * @var string
+ * @var string|null
*/
- private $authnContextClassRef;
+ private $authnContextClassRef = null;
/**
@@ -43,6 +42,7 @@ class AuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
* Set the AuthnContextClassRef in the SAML 2 response.
*
* @param array &$state The state array for this request.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
index fd6277732326b7bfad1cc82bce053b7f3d217b85..b7aa14698a55f5443b104c520737dd6862850d20 100644
--- a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
+++ b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
@@ -29,9 +29,9 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
/**
* AuthnContextClassRef of the assertion
- * @var string
+ * @var string|null
*/
- private $AuthnContextClassRef;
+ private $AuthnContextClassRef = null;
/**
@@ -62,6 +62,7 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
/**
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
@@ -87,6 +88,7 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
* permission logic.
*
* @param array $request
+ * @return void
*/
protected function unauthorized(&$request)
{
diff --git a/modules/saml/lib/Auth/Process/FilterScopes.php b/modules/saml/lib/Auth/Process/FilterScopes.php
index 67ef886df09e4dec683df2fbced1bf02d6c1ca44..1478112be462d1a4956a16d818dbca8f61609faa 100644
--- a/modules/saml/lib/Auth/Process/FilterScopes.php
+++ b/modules/saml/lib/Auth/Process/FilterScopes.php
@@ -15,7 +15,7 @@ use SimpleSAML\Logger;
class FilterScopes extends \SimpleSAML\Auth\ProcessingFilter
{
/**
- * Stores any pre-configured scoped attributes which come from the filter configuration.
+ * @var array Stores any pre-configured scoped attributes which come from the filter configuration.
*/
private $scopedAttributes = [
'eduPersonScopedAffiliation',
@@ -44,6 +44,7 @@ class FilterScopes extends \SimpleSAML\Auth\ProcessingFilter
* This method applies the filter, removing any values
*
* @param array &$request the current request
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/saml/lib/Auth/Process/NameIDAttribute.php b/modules/saml/lib/Auth/Process/NameIDAttribute.php
index e8c27dba78416342ff436bb0b6e73b64b6cb33a5..1ee6e5f421cd4faaed1fe65f346e64269b117f0c 100644
--- a/modules/saml/lib/Auth/Process/NameIDAttribute.php
+++ b/modules/saml/lib/Auth/Process/NameIDAttribute.php
@@ -103,6 +103,7 @@ class NameIDAttribute extends \SimpleSAML\Auth\ProcessingFilter
* Convert NameID to attribute.
*
* @param array &$state The request state.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
index f627f164e777314b908164d3081e6510cba26a75..7bf2e2f1bbc1043da516f141ae333f38dab0dbf7 100644
--- a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
+++ b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
@@ -21,7 +21,7 @@ class PersistentNameID2TargetedID extends \SimpleSAML\Auth\ProcessingFilter
/**
* Whether we should insert it as an saml:NameID element.
*
- * @var boolean
+ * @var bool
*/
private $nameId;
@@ -55,6 +55,7 @@ class PersistentNameID2TargetedID extends \SimpleSAML\Auth\ProcessingFilter
* Store a NameID to attribute.
*
* @param array &$state The request state.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index 9187ed846df8b77813ac994018aa381b0bff957f..62cf5331e1b3cad865a1400317a54a0fd7b49f92 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -86,6 +86,7 @@ class SP extends Source
}
}
+
/**
* Retrieve the URL to the metadata of this SP.
*
@@ -96,6 +97,7 @@ class SP extends Source
return \SimpleSAML\Module::getModuleURL('saml/sp/metadata.php/'.urlencode($this->authId));
}
+
/**
* Retrieve the entity id of this SP.
*
@@ -440,6 +442,7 @@ class SP extends Source
*
* @param \SimpleSAML\Configuration $idpMetadata The metadata of the IdP.
* @param array $state The state array for the current authentication.
+ * @return void
*/
private function startSSO1(\SimpleSAML\Configuration $idpMetadata, array $state)
{
@@ -471,11 +474,13 @@ class SP extends Source
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
}
+
/**
* Send a SAML2 SSO request to an IdP
*
* @param \SimpleSAML\Configuration $idpMetadata The metadata of the IdP.
* @param array $state The state array for the current authentication.
+ * @return void
*/
private function startSSO2(\SimpleSAML\Configuration $idpMetadata, array $state)
{
@@ -647,6 +652,7 @@ class SP extends Source
assert(false);
}
+
/**
* Function to actually send the authentication request.
*
@@ -655,6 +661,7 @@ class SP extends Source
* @param array &$state The state array.
* @param \SAML2\Binding $binding The binding.
* @param \SAML2\AuthnRequest $ar The authentication request.
+ * @return void
*/
public function sendSAML2AuthnRequest(array &$state, \SAML2\Binding $binding, \SAML2\AuthnRequest $ar)
{
@@ -662,11 +669,13 @@ class SP extends Source
assert(false);
}
+
/**
* Send a SSO request to an IdP.
*
* @param string $idp The entity ID of the IdP.
* @param array $state The state array for the current authentication.
+ * @return void
*/
public function startSSO($idp, array $state)
{
@@ -688,10 +697,12 @@ class SP extends Source
}
}
+
/**
* Start an IdP discovery service operation.
*
* @param array $state The state array.
+ * @return void
*/
private function startDisco(array $state)
{
@@ -722,12 +733,14 @@ class SP extends Source
\SimpleSAML\Utils\HTTP::redirectTrustedURL($discoURL, $params);
}
+
/**
* Start login.
*
* This function saves the information about the login, and redirects to the IdP.
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authenticate(&$state)
{
@@ -779,6 +792,7 @@ class SP extends Source
assert(false);
}
+
/**
* Re-authenticate an user.
*
@@ -786,6 +800,7 @@ class SP extends Source
* interact with the user even in the case when the user is already authenticated.
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function reauthenticate(array &$state)
{
@@ -867,6 +882,7 @@ class SP extends Source
* - 'core:IdP': the identifier of the local IdP.
* - 'SPMetadata': an array with the metadata of this local SP.
*
+ * @return void
* @throws \SimpleSAML\Error\NoPassive In case the authentication request was passive.
*/
public static function askForIdPChange(array &$state)
@@ -891,12 +907,14 @@ class SP extends Source
assert(false);
}
+
/**
* Log the user out before logging in again.
*
* This method will never return.
*
* @param array $state The state array.
+ * @return void
*/
public static function reauthLogout(array $state)
{
@@ -912,10 +930,12 @@ class SP extends Source
assert(false);
}
+
/**
* Complete login operation after re-authenticating the user on another IdP.
*
* @param array $state The authentication state.
+ * @return void
*/
public static function reauthPostLogin(array $state)
{
@@ -931,6 +951,7 @@ class SP extends Source
assert(false);
}
+
/**
* Post-logout handler for re-authentication.
*
@@ -938,6 +959,7 @@ class SP extends Source
*
* @param \SimpleSAML\IdP $idp The IdP we are logging out from.
* @param array &$state The state array with the state during logout.
+ * @return void
*/
public static function reauthPostLogout(\SimpleSAML\IdP $idp, array $state)
{
@@ -956,10 +978,12 @@ class SP extends Source
assert(false);
}
+
/**
* Start a SAML 2 logout operation.
*
* @param array $state The logout state.
+ * @return void
*/
public function startSLO2(&$state)
{
@@ -1004,10 +1028,12 @@ class SP extends Source
assert(false);
}
+
/**
* Start logout operation.
*
* @param array $state The logout state.
+ * @return void
*/
public function logout(&$state)
{
@@ -1028,12 +1054,14 @@ class SP extends Source
}
}
+
/**
* Handle a response from a SSO operation.
*
* @param array $state The authentication state.
* @param string $idp The entity id of the IdP.
* @param array $attributes The attributes.
+ * @return void
*/
public function handleResponse(array $state, $idp, array $attributes)
{
@@ -1073,10 +1101,12 @@ class SP extends Source
self::onProcessingCompleted($authProcState);
}
+
/**
* Handle a logout request from an IdP.
*
* @param string $idpEntityId The entity ID of the IdP.
+ * @return void
*/
public function handleLogout($idpEntityId)
{
@@ -1086,6 +1116,7 @@ class SP extends Source
$this->callLogoutCallback($idpEntityId);
}
+
/**
* Handle an unsolicited login operations.
*
@@ -1099,6 +1130,7 @@ class SP extends Source
* the session. The function will check if the URL is allowed, so there is no need to
* manually check the URL on beforehand. Please refer to the 'trusted.url.domains'
* configuration directive for more information about allowing (or disallowing) URLs.
+ * @return void
*/
public static function handleUnsolicitedAuth($authId, array $state, $redirectTo)
{
@@ -1111,10 +1143,12 @@ class SP extends Source
\SimpleSAML\Utils\HTTP::redirectUntrustedURL($redirectTo);
}
+
/**
* Called when we have completed the procssing chain.
*
* @param array $authProcState The processing chain state.
+ * @return void
*/
public static function onProcessingCompleted(array $authProcState)
{
diff --git a/modules/saml/lib/BaseNameIDGenerator.php b/modules/saml/lib/BaseNameIDGenerator.php
index 39a4a3f00e61969ad8a7a264806554829ca1c98b..7c7bcf2c2064927e723e1ab1efe61c865b0b73ef 100644
--- a/modules/saml/lib/BaseNameIDGenerator.php
+++ b/modules/saml/lib/BaseNameIDGenerator.php
@@ -7,7 +7,6 @@ namespace SimpleSAML\Module\saml;
*
* @package SimpleSAMLphp
*/
-
abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter
{
/**
@@ -37,11 +36,11 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter
/**
* The format of this NameID.
*
- * This property must be initialized the subclass.
+ * This property must be set by the subclass.
*
- * @var string
+ * @var string|null
*/
- protected $format;
+ protected $format = null;
/**
@@ -81,6 +80,7 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter
* Generate transient NameID.
*
* @param array &$state The request state.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/saml/lib/IdP/SAML1.php b/modules/saml/lib/IdP/SAML1.php
index e158a666b590f08c8b7add6e289ce48a4cd2b324..5e78d48278a6bc7e63728120b41b60e2f88ab643 100644
--- a/modules/saml/lib/IdP/SAML1.php
+++ b/modules/saml/lib/IdP/SAML1.php
@@ -12,10 +12,8 @@ use SimpleSAML\Utils\HTTP;
*
* @package SimpleSAMLphp
*/
-
class SAML1
{
-
/**
* Retrieve the metadata of a hosted SAML 1.1 IdP.
*
@@ -73,7 +71,7 @@ class SAML1
);
if (!$config->hasValue('OrganizationURL')) {
- throw new \SimpleSAMl\Error\Exception('If OrganizationName is set, OrganizationURL must also be set.');
+ throw new \SimpleSAML\Error\Exception('If OrganizationName is set, OrganizationURL must also be set.');
}
$metadata['OrganizationURL'] = $config->getLocalizedString('OrganizationURL');
}
@@ -125,6 +123,7 @@ class SAML1
* Send a response to the SP.
*
* @param array $state The authentication state.
+ * @return void
*/
public static function sendResponse(array $state)
{
@@ -176,6 +175,7 @@ class SAML1
* Receive an authentication request.
*
* @param \SimpleSAML\IdP $idp The IdP we are receiving it for.
+ * @return void
*/
public static function receiveAuthnRequest(\SimpleSAML\IdP $idp)
{
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index bce1bf077dbb38802f86e6cd13bea26e087b54c0..59e03177590329097414cb1421dd34917c1afded 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -17,13 +17,13 @@ use SimpleSAML\Utils\HTTP;
*
* @package SimpleSAMLphp
*/
-
class SAML2
{
/**
* Send a response to the SP.
*
* @param array $state The authentication state.
+ * @return void
*/
public static function sendResponse(array $state)
{
@@ -101,6 +101,7 @@ class SAML2
* \SimpleSAML\Error\Exception $exception The exception.
*
* @param array $state The error state.
+ * @return void
*/
public static function handleAuthError(\SimpleSAML\Error\Exception $exception, array $state)
{
@@ -162,11 +163,11 @@ class SAML2
*
* @param array $supportedBindings The bindings we allow for the response.
* @param \SimpleSAML\Configuration $spMetadata The metadata for the SP.
- * @param string|NULL $AssertionConsumerServiceURL AssertionConsumerServiceURL from request.
- * @param string|NULL $ProtocolBinding ProtocolBinding from request.
- * @param int|NULL $AssertionConsumerServiceIndex AssertionConsumerServiceIndex from request.
+ * @param string|null $AssertionConsumerServiceURL AssertionConsumerServiceURL from request.
+ * @param string|null $ProtocolBinding ProtocolBinding from request.
+ * @param int|null $AssertionConsumerServiceIndex AssertionConsumerServiceIndex from request.
*
- * @return array Array with the Location and Binding we should use for the response.
+ * @return array|null Array with the Location and Binding we should use for the response.
*/
private static function getAssertionConsumerService(
array $supportedBindings,
@@ -252,6 +253,7 @@ class SAML2
* Receive an authentication request.
*
* @param \SimpleSAML\IdP $idp The IdP we are receiving it for.
+ * @return void
* @throws \SimpleSAML\Error\BadRequest In case an error occurs when trying to receive the request.
*/
public static function receiveAuthnRequest(\SimpleSAML\IdP $idp)
@@ -463,12 +465,14 @@ class SAML2
$idp->handleAuthenticationRequest($state);
}
+
/**
* Send a logout request to a given association.
*
* @param \SimpleSAML\IdP $idp The IdP we are sending a logout request from.
* @param array $association The association that should be terminated.
- * @param string|NULL $relayState An id that should be carried across the logout.
+ * @param string|null $relayState An id that should be carried across the logout.
+ * @return void
*/
public static function sendLogoutRequest(\SimpleSAML\IdP $idp, array $association, $relayState)
{
@@ -505,6 +509,7 @@ class SAML2
*
* @param \SimpleSAML\IdP $idp The IdP we are sending a logout request from.
* @param array &$state The logout state array.
+ * @return void
*/
public static function sendLogoutResponse(\SimpleSAML\IdP $idp, array $state)
{
@@ -562,6 +567,7 @@ class SAML2
* Receive a logout message.
*
* @param \SimpleSAML\IdP $idp The IdP we are receiving it for.
+ * @return void
* @throws \SimpleSAML\Error\BadRequest In case an error occurs while trying to receive the logout message.
*/
public static function receiveLogoutMessage(\SimpleSAML\IdP $idp)
diff --git a/modules/saml/lib/IdP/SQLNameID.php b/modules/saml/lib/IdP/SQLNameID.php
index 95d5712df26a64a808b072144af9e397b905acee..e62f77f0f76787b89500621397dbc74cec1b2aef 100644
--- a/modules/saml/lib/IdP/SQLNameID.php
+++ b/modules/saml/lib/IdP/SQLNameID.php
@@ -7,13 +7,13 @@ namespace SimpleSAML\Module\saml\IdP;
*
* @package SimpleSAMLphp
*/
-
class SQLNameID
{
/**
* Create NameID table in SQL, if it is missing.
*
* @param \SimpleSAML\Store\SQL $store The datastore.
+ * @return void
*/
private static function createTable(\SimpleSAML\Store\SQL $store)
{
@@ -68,6 +68,7 @@ class SQLNameID
* @param string $spEntityId The SP entityID.
* @param string $user The user's unique identificator (e.g. username).
* @param string $value The NameID value.
+ * @return void
*/
public static function add($idpEntityId, $spEntityId, $user, $value)
{
@@ -98,7 +99,7 @@ class SQLNameID
* @param string $idpEntityId The IdP entityID.
* @param string $spEntityId The SP entityID.
* @param string $user The user's unique identificator (e.g. username).
- * @return string|NULL $value The NameID value, or NULL of no NameID value was found.
+ * @return string|null $value The NameID value, or NULL of no NameID value was found.
*/
public static function get($idpEntityId, $spEntityId, $user)
{
@@ -135,6 +136,7 @@ class SQLNameID
* @param string $idpEntityId The IdP entityID.
* @param string $spEntityId The SP entityID.
* @param string $user The user's unique identificator (e.g. username).
+ * @return void
*/
public static function delete($idpEntityId, $spEntityId, $user)
{
diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index a0f71931047530360fb41d4168301d57d6b14393..c68a2647cb7f597db4ec2f8fa3b2ee8ac77bba7a 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -19,6 +19,7 @@ class Message
* @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender.
* @param \SimpleSAML\Configuration $dstMetadata The metadata of the recipient.
* @param \SAML2\SignedElement $element The element we should add the data to.
+ * @return void
*/
public static function addSign(
\SimpleSAML\Configuration $srcMetadata,
@@ -68,6 +69,7 @@ class Message
* @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender.
* @param \SimpleSAML\Configuration $dstMetadata The metadata of the recipient.
* @param \SAML2\Message $message The message we should add the data to.
+ * @return void
*/
private static function addRedirectSign(
\SimpleSAML\Configuration $srcMetadata,
@@ -144,7 +146,7 @@ class Message
*
* @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender.
* @param \SAML2\SignedElement $element Either a \SAML2\Response or a \SAML2\Assertion.
- * @return boolean True if the signature is correct, false otherwise.
+ * @return bool True if the signature is correct, false otherwise.
*
* @throws \SimpleSAML\Error\Exception if there is not certificate in the metadata for the entity.
* @throws \Exception if the signature validation fails with an exception.
@@ -233,6 +235,7 @@ class Message
* @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender.
* @param \SimpleSAML\Configuration $dstMetadata The metadata of the recipient.
* @param \SAML2\Message $message The message we should check the signature on.
+ * @return void
*
* @throws \SimpleSAML\Error\Exception if message validation is enabled, but there is no signature in the message.
*/
@@ -396,6 +399,8 @@ class Message
$lastException = $e;
}
}
+
+ /** @var \Exception $lastException */
throw $lastException;
}
diff --git a/modules/saml/lib/SP/LogoutStore.php b/modules/saml/lib/SP/LogoutStore.php
index 8ea35423a5c3e81bd937f1d7bcd9cff1857f547d..7d995b369a01f0a43a947e91a2b83d96d1e33806 100644
--- a/modules/saml/lib/SP/LogoutStore.php
+++ b/modules/saml/lib/SP/LogoutStore.php
@@ -14,6 +14,7 @@ class LogoutStore
* Create logout table in SQL, if it is missing.
*
* @param \SimpleSAML\Store\SQL $store The datastore.
+ * @return void
*/
private static function createLogoutTable(\SimpleSAML\Store\SQL $store)
{
@@ -70,6 +71,7 @@ class LogoutStore
* Clean the logout table of expired entries.
*
* @param \SimpleSAML\Store\SQL $store The datastore.
+ * @return void
*/
private static function cleanLogoutStore(\SimpleSAML\Store\SQL $store)
{
@@ -90,6 +92,9 @@ class LogoutStore
* @param string $authId The authsource ID.
* @param string $nameId The hash of the users NameID.
* @param string $sessionIndex The SessionIndex of the user.
+ * @param int $expire
+ * @param string $sessionId
+ * @return void
*/
private static function addSessionSQL(
\SimpleSAML\Store\SQL $store,
@@ -102,8 +107,8 @@ class LogoutStore
assert(is_string($authId));
assert(is_string($nameId));
assert(is_string($sessionIndex));
- assert(is_string($sessionId));
assert(is_int($expire));
+ assert(is_string($sessionId));
self::createLogoutTable($store);
@@ -202,6 +207,8 @@ class LogoutStore
* @param string $authId The authsource ID.
* @param \SAML2\XML\saml\NameID $nameId The NameID of the user.
* @param string|null $sessionIndex The SessionIndex of the user.
+ * @param int $expire
+ * @return void
*/
public static function addSession($authId, $nameId, $sessionIndex, $expire)
{
@@ -254,7 +261,7 @@ class LogoutStore
* @param string $authId The authsource ID.
* @param \SAML2\XML\saml\NameID $nameId The NameID of the user.
* @param array $sessionIndexes The SessionIndexes we should log out of. Logs out of all if this is empty.
- * @returns int|false Number of sessions logged out, or FALSE if not supported.
+ * @return int|false Number of sessions logged out, or FALSE if not supported.
*/
public static function logoutSessions($authId, $nameId, array $sessionIndexes)
{