From fab5d312bcff43c7f7bbe42237d5419ca6e7f7da Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Mon, 4 Feb 2019 18:08:53 +0100
Subject: [PATCH] Fixes for modules/saml

---
 modules/saml/hooks/hook_metadata_hosted.php   |  3 +-
 .../lib/Auth/Process/AuthnContextClassRef.php |  6 ++--
 .../Process/ExpectedAuthnContextClassRef.php  |  6 ++--
 .../saml/lib/Auth/Process/FilterScopes.php    |  3 +-
 .../saml/lib/Auth/Process/NameIDAttribute.php |  1 +
 .../Process/PersistentNameID2TargetedID.php   |  3 +-
 modules/saml/lib/Auth/Source/SP.php           | 34 +++++++++++++++++++
 modules/saml/lib/BaseNameIDGenerator.php      |  8 ++---
 modules/saml/lib/IdP/SAML1.php                |  6 ++--
 modules/saml/lib/IdP/SAML2.php                | 18 ++++++----
 modules/saml/lib/IdP/SQLNameID.php            |  6 ++--
 modules/saml/lib/Message.php                  |  7 +++-
 modules/saml/lib/SP/LogoutStore.php           | 11 ++++--
 13 files changed, 86 insertions(+), 26 deletions(-)

diff --git a/modules/saml/hooks/hook_metadata_hosted.php b/modules/saml/hooks/hook_metadata_hosted.php
index e1dc65c36..9a13aa878 100644
--- a/modules/saml/hooks/hook_metadata_hosted.php
+++ b/modules/saml/hooks/hook_metadata_hosted.php
@@ -4,8 +4,8 @@
  * Hook to add the metadata for hosted entities to the frontpage.
  *
  * @param array &$metadataHosted  The metadata links for hosted metadata on the frontpage.
+ * @return void
  */
-
 function saml_hook_metadata_hosted(&$metadataHosted)
 {
     assert(is_array($metadataHosted));
@@ -13,6 +13,7 @@ function saml_hook_metadata_hosted(&$metadataHosted)
     $sources = \SimpleSAML\Auth\Source::getSourcesOfType('saml:SP');
 
     foreach ($sources as $source) {
+        /** @var \SimpleSAML\Auth\Source $source */
         $metadata = $source->getMetadata();
 
         $name = $metadata->getValue('name', null);
diff --git a/modules/saml/lib/Auth/Process/AuthnContextClassRef.php b/modules/saml/lib/Auth/Process/AuthnContextClassRef.php
index 106d7b51f..f579d2c55 100644
--- a/modules/saml/lib/Auth/Process/AuthnContextClassRef.php
+++ b/modules/saml/lib/Auth/Process/AuthnContextClassRef.php
@@ -7,15 +7,14 @@ namespace SimpleSAML\Module\saml\Auth\Process;
  *
  * @package SimpleSAMLphp
  */
-
 class AuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
 {
     /**
      * The URI we should set as the AuthnContextClassRef in the login response.
      *
-     * @var string
+     * @var string|null
      */
-    private $authnContextClassRef;
+    private $authnContextClassRef = null;
 
 
     /**
@@ -43,6 +42,7 @@ class AuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
      * Set the AuthnContextClassRef in the SAML 2 response.
      *
      * @param array &$state The state array for this request.
+     * @return void
      */
     public function process(&$state)
     {
diff --git a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
index fd6277732..b7aa14698 100644
--- a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
+++ b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
@@ -29,9 +29,9 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
 
     /**
      * AuthnContextClassRef of the assertion
-     * @var string
+     * @var string|null
      */
-    private $AuthnContextClassRef;
+    private $AuthnContextClassRef = null;
 
 
     /**
@@ -62,6 +62,7 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
     /**
      *
      * @param array &$request The current request
+     * @return void
      */
     public function process(&$request)
     {
@@ -87,6 +88,7 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
      * permission logic.
      *
      * @param array $request
+     * @return void
      */
     protected function unauthorized(&$request)
     {
diff --git a/modules/saml/lib/Auth/Process/FilterScopes.php b/modules/saml/lib/Auth/Process/FilterScopes.php
index 67ef886df..1478112be 100644
--- a/modules/saml/lib/Auth/Process/FilterScopes.php
+++ b/modules/saml/lib/Auth/Process/FilterScopes.php
@@ -15,7 +15,7 @@ use SimpleSAML\Logger;
 class FilterScopes extends \SimpleSAML\Auth\ProcessingFilter
 {
     /**
-     * Stores any pre-configured scoped attributes which come from the filter configuration.
+     * @var array Stores any pre-configured scoped attributes which come from the filter configuration.
      */
     private $scopedAttributes = [
         'eduPersonScopedAffiliation',
@@ -44,6 +44,7 @@ class FilterScopes extends \SimpleSAML\Auth\ProcessingFilter
      * This method applies the filter, removing any values
      *
      * @param array &$request the current request
+     * @return void
      */
     public function process(&$request)
     {
diff --git a/modules/saml/lib/Auth/Process/NameIDAttribute.php b/modules/saml/lib/Auth/Process/NameIDAttribute.php
index e8c27dba7..1ee6e5f42 100644
--- a/modules/saml/lib/Auth/Process/NameIDAttribute.php
+++ b/modules/saml/lib/Auth/Process/NameIDAttribute.php
@@ -103,6 +103,7 @@ class NameIDAttribute extends \SimpleSAML\Auth\ProcessingFilter
      * Convert NameID to attribute.
      *
      * @param array &$state The request state.
+     * @return void
      */
     public function process(&$state)
     {
diff --git a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
index f627f164e..7bf2e2f1b 100644
--- a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
+++ b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
@@ -21,7 +21,7 @@ class PersistentNameID2TargetedID extends \SimpleSAML\Auth\ProcessingFilter
     /**
      * Whether we should insert it as an saml:NameID element.
      *
-     * @var boolean
+     * @var bool
      */
     private $nameId;
 
@@ -55,6 +55,7 @@ class PersistentNameID2TargetedID extends \SimpleSAML\Auth\ProcessingFilter
      * Store a NameID to attribute.
      *
      * @param array &$state The request state.
+     * @return void
      */
     public function process(&$state)
     {
diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index 9187ed846..62cf5331e 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -86,6 +86,7 @@ class SP extends Source
         }
     }
 
+
     /**
      * Retrieve the URL to the metadata of this SP.
      *
@@ -96,6 +97,7 @@ class SP extends Source
         return \SimpleSAML\Module::getModuleURL('saml/sp/metadata.php/'.urlencode($this->authId));
     }
 
+
     /**
      * Retrieve the entity id of this SP.
      *
@@ -440,6 +442,7 @@ class SP extends Source
      *
      * @param \SimpleSAML\Configuration $idpMetadata  The metadata of the IdP.
      * @param array $state  The state array for the current authentication.
+     * @return void
      */
     private function startSSO1(\SimpleSAML\Configuration $idpMetadata, array $state)
     {
@@ -471,11 +474,13 @@ class SP extends Source
         \SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
     }
 
+
     /**
      * Send a SAML2 SSO request to an IdP
      *
      * @param \SimpleSAML\Configuration $idpMetadata  The metadata of the IdP.
      * @param array $state  The state array for the current authentication.
+     * @return void
      */
     private function startSSO2(\SimpleSAML\Configuration $idpMetadata, array $state)
     {
@@ -647,6 +652,7 @@ class SP extends Source
         assert(false);
     }
 
+
     /**
      * Function to actually send the authentication request.
      *
@@ -655,6 +661,7 @@ class SP extends Source
      * @param array &$state  The state array.
      * @param \SAML2\Binding $binding  The binding.
      * @param \SAML2\AuthnRequest  $ar  The authentication request.
+     * @return void
      */
     public function sendSAML2AuthnRequest(array &$state, \SAML2\Binding $binding, \SAML2\AuthnRequest $ar)
     {
@@ -662,11 +669,13 @@ class SP extends Source
         assert(false);
     }
 
+
     /**
      * Send a SSO request to an IdP.
      *
      * @param string $idp  The entity ID of the IdP.
      * @param array $state  The state array for the current authentication.
+     * @return void
      */
     public function startSSO($idp, array $state)
     {
@@ -688,10 +697,12 @@ class SP extends Source
         }
     }
 
+
     /**
      * Start an IdP discovery service operation.
      *
      * @param array $state  The state array.
+     * @return void
      */
     private function startDisco(array $state)
     {
@@ -722,12 +733,14 @@ class SP extends Source
         \SimpleSAML\Utils\HTTP::redirectTrustedURL($discoURL, $params);
     }
 
+
     /**
      * Start login.
      *
      * This function saves the information about the login, and redirects to the IdP.
      *
      * @param array &$state  Information about the current authentication.
+     * @return void
      */
     public function authenticate(&$state)
     {
@@ -779,6 +792,7 @@ class SP extends Source
         assert(false);
     }
 
+
     /**
      * Re-authenticate an user.
      *
@@ -786,6 +800,7 @@ class SP extends Source
      * interact with the user even in the case when the user is already authenticated.
      *
      * @param array &$state  Information about the current authentication.
+     * @return void
      */
     public function reauthenticate(array &$state)
     {
@@ -867,6 +882,7 @@ class SP extends Source
      * - 'core:IdP': the identifier of the local IdP.
      * - 'SPMetadata': an array with the metadata of this local SP.
      *
+     * @return void
      * @throws \SimpleSAML\Error\NoPassive In case the authentication request was passive.
      */
     public static function askForIdPChange(array &$state)
@@ -891,12 +907,14 @@ class SP extends Source
         assert(false);
     }
 
+
     /**
      * Log the user out before logging in again.
      *
      * This method will never return.
      *
      * @param array $state The state array.
+     * @return void
      */
     public static function reauthLogout(array $state)
     {
@@ -912,10 +930,12 @@ class SP extends Source
         assert(false);
     }
 
+
     /**
      * Complete login operation after re-authenticating the user on another IdP.
      *
      * @param array $state  The authentication state.
+     * @return void
      */
     public static function reauthPostLogin(array $state)
     {
@@ -931,6 +951,7 @@ class SP extends Source
         assert(false);
     }
 
+
     /**
      * Post-logout handler for re-authentication.
      *
@@ -938,6 +959,7 @@ class SP extends Source
      *
      * @param \SimpleSAML\IdP $idp The IdP we are logging out from.
      * @param array &$state The state array with the state during logout.
+     * @return void
      */
     public static function reauthPostLogout(\SimpleSAML\IdP $idp, array $state)
     {
@@ -956,10 +978,12 @@ class SP extends Source
         assert(false);
     }
 
+
     /**
      * Start a SAML 2 logout operation.
      *
      * @param array $state  The logout state.
+     * @return void
      */
     public function startSLO2(&$state)
     {
@@ -1004,10 +1028,12 @@ class SP extends Source
         assert(false);
     }
 
+
     /**
      * Start logout operation.
      *
      * @param array $state  The logout state.
+     * @return void
      */
     public function logout(&$state)
     {
@@ -1028,12 +1054,14 @@ class SP extends Source
         }
     }
 
+
     /**
      * Handle a response from a SSO operation.
      *
      * @param array $state  The authentication state.
      * @param string $idp  The entity id of the IdP.
      * @param array $attributes  The attributes.
+     * @return void
      */
     public function handleResponse(array $state, $idp, array $attributes)
     {
@@ -1073,10 +1101,12 @@ class SP extends Source
         self::onProcessingCompleted($authProcState);
     }
 
+
     /**
      * Handle a logout request from an IdP.
      *
      * @param string $idpEntityId  The entity ID of the IdP.
+     * @return void
      */
     public function handleLogout($idpEntityId)
     {
@@ -1086,6 +1116,7 @@ class SP extends Source
         $this->callLogoutCallback($idpEntityId);
     }
 
+
     /**
      * Handle an unsolicited login operations.
      *
@@ -1099,6 +1130,7 @@ class SP extends Source
      * the session. The function will check if the URL is allowed, so there is no need to
      * manually check the URL on beforehand. Please refer to the 'trusted.url.domains'
      * configuration directive for more information about allowing (or disallowing) URLs.
+     * @return void
      */
     public static function handleUnsolicitedAuth($authId, array $state, $redirectTo)
     {
@@ -1111,10 +1143,12 @@ class SP extends Source
         \SimpleSAML\Utils\HTTP::redirectUntrustedURL($redirectTo);
     }
 
+
     /**
      * Called when we have completed the procssing chain.
      *
      * @param array $authProcState  The processing chain state.
+     * @return void
      */
     public static function onProcessingCompleted(array $authProcState)
     {
diff --git a/modules/saml/lib/BaseNameIDGenerator.php b/modules/saml/lib/BaseNameIDGenerator.php
index 39a4a3f00..7c7bcf2c2 100644
--- a/modules/saml/lib/BaseNameIDGenerator.php
+++ b/modules/saml/lib/BaseNameIDGenerator.php
@@ -7,7 +7,6 @@ namespace SimpleSAML\Module\saml;
  *
  * @package SimpleSAMLphp
  */
-
 abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter
 {
     /**
@@ -37,11 +36,11 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter
     /**
      * The format of this NameID.
      *
-     * This property must be initialized the subclass.
+     * This property must be set by the subclass.
      *
-     * @var string
+     * @var string|null
      */
-    protected $format;
+    protected $format = null;
 
 
     /**
@@ -81,6 +80,7 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter
      * Generate transient NameID.
      *
      * @param array &$state  The request state.
+     * @return void
      */
     public function process(&$state)
     {
diff --git a/modules/saml/lib/IdP/SAML1.php b/modules/saml/lib/IdP/SAML1.php
index e158a666b..5e78d4827 100644
--- a/modules/saml/lib/IdP/SAML1.php
+++ b/modules/saml/lib/IdP/SAML1.php
@@ -12,10 +12,8 @@ use SimpleSAML\Utils\HTTP;
  *
  * @package SimpleSAMLphp
  */
-
 class SAML1
 {
-
     /**
      * Retrieve the metadata of a hosted SAML 1.1 IdP.
      *
@@ -73,7 +71,7 @@ class SAML1
             );
 
             if (!$config->hasValue('OrganizationURL')) {
-                throw new \SimpleSAMl\Error\Exception('If OrganizationName is set, OrganizationURL must also be set.');
+                throw new \SimpleSAML\Error\Exception('If OrganizationName is set, OrganizationURL must also be set.');
             }
             $metadata['OrganizationURL'] = $config->getLocalizedString('OrganizationURL');
         }
@@ -125,6 +123,7 @@ class SAML1
      * Send a response to the SP.
      *
      * @param array $state  The authentication state.
+     * @return void
      */
     public static function sendResponse(array $state)
     {
@@ -176,6 +175,7 @@ class SAML1
      * Receive an authentication request.
      *
      * @param \SimpleSAML\IdP $idp  The IdP we are receiving it for.
+     * @return void
      */
     public static function receiveAuthnRequest(\SimpleSAML\IdP $idp)
     {
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index bce1bf077..59e031775 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -17,13 +17,13 @@ use SimpleSAML\Utils\HTTP;
  *
  * @package SimpleSAMLphp
  */
-
 class SAML2
 {
     /**
      * Send a response to the SP.
      *
      * @param array $state The authentication state.
+     * @return void
      */
     public static function sendResponse(array $state)
     {
@@ -101,6 +101,7 @@ class SAML2
      * \SimpleSAML\Error\Exception $exception  The exception.
      *
      * @param array $state The error state.
+     * @return void
      */
     public static function handleAuthError(\SimpleSAML\Error\Exception $exception, array $state)
     {
@@ -162,11 +163,11 @@ class SAML2
      *
      * @param array                     $supportedBindings The bindings we allow for the response.
      * @param \SimpleSAML\Configuration $spMetadata The metadata for the SP.
-     * @param string|NULL               $AssertionConsumerServiceURL AssertionConsumerServiceURL from request.
-     * @param string|NULL               $ProtocolBinding ProtocolBinding from request.
-     * @param int|NULL                  $AssertionConsumerServiceIndex AssertionConsumerServiceIndex from request.
+     * @param string|null               $AssertionConsumerServiceURL AssertionConsumerServiceURL from request.
+     * @param string|null               $ProtocolBinding ProtocolBinding from request.
+     * @param int|null                  $AssertionConsumerServiceIndex AssertionConsumerServiceIndex from request.
      *
-     * @return array  Array with the Location and Binding we should use for the response.
+     * @return array|null  Array with the Location and Binding we should use for the response.
      */
     private static function getAssertionConsumerService(
         array $supportedBindings,
@@ -252,6 +253,7 @@ class SAML2
      * Receive an authentication request.
      *
      * @param \SimpleSAML\IdP $idp The IdP we are receiving it for.
+     * @return void
      * @throws \SimpleSAML\Error\BadRequest In case an error occurs when trying to receive the request.
      */
     public static function receiveAuthnRequest(\SimpleSAML\IdP $idp)
@@ -463,12 +465,14 @@ class SAML2
         $idp->handleAuthenticationRequest($state);
     }
 
+
     /**
      * Send a logout request to a given association.
      *
      * @param \SimpleSAML\IdP $idp The IdP we are sending a logout request from.
      * @param array           $association The association that should be terminated.
-     * @param string|NULL     $relayState An id that should be carried across the logout.
+     * @param string|null     $relayState An id that should be carried across the logout.
+     * @return void
      */
     public static function sendLogoutRequest(\SimpleSAML\IdP $idp, array $association, $relayState)
     {
@@ -505,6 +509,7 @@ class SAML2
      *
      * @param \SimpleSAML\IdP $idp The IdP we are sending a logout request from.
      * @param array           &$state The logout state array.
+     * @return void
      */
     public static function sendLogoutResponse(\SimpleSAML\IdP $idp, array $state)
     {
@@ -562,6 +567,7 @@ class SAML2
      * Receive a logout message.
      *
      * @param \SimpleSAML\IdP $idp The IdP we are receiving it for.
+     * @return void
      * @throws \SimpleSAML\Error\BadRequest In case an error occurs while trying to receive the logout message.
      */
     public static function receiveLogoutMessage(\SimpleSAML\IdP $idp)
diff --git a/modules/saml/lib/IdP/SQLNameID.php b/modules/saml/lib/IdP/SQLNameID.php
index 95d5712df..e62f77f0f 100644
--- a/modules/saml/lib/IdP/SQLNameID.php
+++ b/modules/saml/lib/IdP/SQLNameID.php
@@ -7,13 +7,13 @@ namespace SimpleSAML\Module\saml\IdP;
  *
  * @package SimpleSAMLphp
  */
-
 class SQLNameID
 {
     /**
      * Create NameID table in SQL, if it is missing.
      *
      * @param \SimpleSAML\Store\SQL $store  The datastore.
+     * @return void
      */
     private static function createTable(\SimpleSAML\Store\SQL $store)
     {
@@ -68,6 +68,7 @@ class SQLNameID
      * @param string $spEntityId  The SP entityID.
      * @param string $user  The user's unique identificator (e.g. username).
      * @param string $value  The NameID value.
+     * @return void
      */
     public static function add($idpEntityId, $spEntityId, $user, $value)
     {
@@ -98,7 +99,7 @@ class SQLNameID
      * @param string $idpEntityId  The IdP entityID.
      * @param string $spEntityId  The SP entityID.
      * @param string $user  The user's unique identificator (e.g. username).
-     * @return string|NULL $value  The NameID value, or NULL of no NameID value was found.
+     * @return string|null $value  The NameID value, or NULL of no NameID value was found.
      */
     public static function get($idpEntityId, $spEntityId, $user)
     {
@@ -135,6 +136,7 @@ class SQLNameID
      * @param string $idpEntityId  The IdP entityID.
      * @param string $spEntityId  The SP entityID.
      * @param string $user  The user's unique identificator (e.g. username).
+     * @return void
      */
     public static function delete($idpEntityId, $spEntityId, $user)
     {
diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index a0f719310..c68a2647c 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -19,6 +19,7 @@ class Message
      * @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender.
      * @param \SimpleSAML\Configuration $dstMetadata The metadata of the recipient.
      * @param \SAML2\SignedElement $element The element we should add the data to.
+     * @return void
      */
     public static function addSign(
         \SimpleSAML\Configuration $srcMetadata,
@@ -68,6 +69,7 @@ class Message
      * @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender.
      * @param \SimpleSAML\Configuration $dstMetadata The metadata of the recipient.
      * @param \SAML2\Message $message The message we should add the data to.
+     * @return void
      */
     private static function addRedirectSign(
         \SimpleSAML\Configuration $srcMetadata,
@@ -144,7 +146,7 @@ class Message
      *
      * @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender.
      * @param \SAML2\SignedElement $element Either a \SAML2\Response or a \SAML2\Assertion.
-     * @return boolean True if the signature is correct, false otherwise.
+     * @return bool True if the signature is correct, false otherwise.
      *
      * @throws \SimpleSAML\Error\Exception if there is not certificate in the metadata for the entity.
      * @throws \Exception if the signature validation fails with an exception.
@@ -233,6 +235,7 @@ class Message
      * @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender.
      * @param \SimpleSAML\Configuration $dstMetadata The metadata of the recipient.
      * @param \SAML2\Message $message The message we should check the signature on.
+     * @return void
      *
      * @throws \SimpleSAML\Error\Exception if message validation is enabled, but there is no signature in the message.
      */
@@ -396,6 +399,8 @@ class Message
                 $lastException = $e;
             }
         }
+
+        /** @var \Exception $lastException */
         throw $lastException;
     }
 
diff --git a/modules/saml/lib/SP/LogoutStore.php b/modules/saml/lib/SP/LogoutStore.php
index 8ea35423a..7d995b369 100644
--- a/modules/saml/lib/SP/LogoutStore.php
+++ b/modules/saml/lib/SP/LogoutStore.php
@@ -14,6 +14,7 @@ class LogoutStore
      * Create logout table in SQL, if it is missing.
      *
      * @param \SimpleSAML\Store\SQL $store  The datastore.
+     * @return void
      */
     private static function createLogoutTable(\SimpleSAML\Store\SQL $store)
     {
@@ -70,6 +71,7 @@ class LogoutStore
      * Clean the logout table of expired entries.
      *
      * @param \SimpleSAML\Store\SQL $store  The datastore.
+     * @return void
      */
     private static function cleanLogoutStore(\SimpleSAML\Store\SQL $store)
     {
@@ -90,6 +92,9 @@ class LogoutStore
      * @param string $authId  The authsource ID.
      * @param string $nameId  The hash of the users NameID.
      * @param string $sessionIndex  The SessionIndex of the user.
+     * @param int $expire
+     * @param string $sessionId
+     * @return void
      */
     private static function addSessionSQL(
         \SimpleSAML\Store\SQL $store,
@@ -102,8 +107,8 @@ class LogoutStore
         assert(is_string($authId));
         assert(is_string($nameId));
         assert(is_string($sessionIndex));
-        assert(is_string($sessionId));
         assert(is_int($expire));
+        assert(is_string($sessionId));
 
         self::createLogoutTable($store);
 
@@ -202,6 +207,8 @@ class LogoutStore
      * @param string $authId  The authsource ID.
      * @param \SAML2\XML\saml\NameID $nameId The NameID of the user.
      * @param string|null $sessionIndex  The SessionIndex of the user.
+     * @param int $expire
+     * @return void
      */
     public static function addSession($authId, $nameId, $sessionIndex, $expire)
     {
@@ -254,7 +261,7 @@ class LogoutStore
      * @param string $authId  The authsource ID.
      * @param \SAML2\XML\saml\NameID $nameId The NameID of the user.
      * @param array $sessionIndexes  The SessionIndexes we should log out of. Logs out of all if this is empty.
-     * @returns int|false  Number of sessions logged out, or FALSE if not supported.
+     * @return int|false  Number of sessions logged out, or FALSE if not supported.
      */
     public static function logoutSessions($authId, $nameId, array $sessionIndexes)
     {
-- 
GitLab