Merge pull request #18 from dBucik/fix_ecs

fix: 🐛 Fix ECS new style

Author: Dominik František Bučík

config-templates/module_elixir.php

@@ -3,25 +3,25 @@
 declare(strict_types=1);
 
 /**
- * The config template for module ELIXIR
+ * The config template for module ELIXIR.
  */
 $config = [
-    /**
+    /*
      * The clientId from CSC_MFA server
      */
     'clientId' => '',
 
-    /**
+    /*
      * The clientSecret from CSC_MFA server
      */
     'clientSecret' => '',
 
-    /**
+    /*
      * List of requested scopes
      */
     'requestedScopes' => [],
 
-    /**
+    /*
      * The openid configuration url of CSC_MFA server
      */
     'openidConfigurationUrl' => '',

ecs.php

@@ -3,28 +3,25 @@
 declare(strict_types=1);
 
 use PhpCsFixer\Fixer\ArrayNotation\ArraySyntaxFixer;
+use PhpCsFixer\Fixer\FunctionNotation\FunctionTypehintSpaceFixer;
+use PhpCsFixer\Fixer\Operator\NotOperatorWithSuccessorSpaceFixer;
 use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
 use Symplify\EasyCodingStandard\ValueObject\Option;
 use Symplify\EasyCodingStandard\ValueObject\Set\SetList;
 
 return static function (ContainerConfigurator $containerConfigurator): void {
-    $services = $containerConfigurator->services();
-    $services->set(ArraySyntaxFixer::class)
-        ->call('configure', [[
-            'syntax' => 'short',
-        ]])
-    ;
-
     $parameters = $containerConfigurator->parameters();
     $parameters->set(Option::PATHS, [
         __DIR__ . '/ecs.php',
         __DIR__ . '/config-templates',
         __DIR__ . '/lib',
         __DIR__ . '/themes',
         __DIR__ . '/www',
-        __DIR__ . '/composer.json',
     ]);
+    $parameters->set(Option::PARALLEL, true);
+    $parameters->set(Option::SKIP, [NotOperatorWithSuccessorSpaceFixer::class, FunctionTypehintSpaceFixer::class]);
 
+    $containerConfigurator->import(SetList::PHP_CS_FIXER);
     $containerConfigurator->import(SetList::CLEAN_CODE);
     $containerConfigurator->import(SetList::SYMPLIFY);
     $containerConfigurator->import(SetList::ARRAY);
@@ -35,5 +32,14 @@
     $containerConfigurator->import(SetList::NAMESPACES);
     $containerConfigurator->import(SetList::PHPUNIT);
     $containerConfigurator->import(SetList::SPACES);
+    $containerConfigurator->import(SetList::STRICT);
+    $containerConfigurator->import(SetList::SYMFONY);
     $containerConfigurator->import(SetList::PSR_12);
+
+    $services = $containerConfigurator->services();
+    $services->set(ArraySyntaxFixer::class)
+        ->call('configure', [[
+            'syntax' => 'short',
+        ]])
+    ;
 };

lib/Auth/Process/CSCMfa.php

@@ -52,22 +52,19 @@ public function __construct($config, $reserved)
 
         if (empty($this->clientId)) {
             throw new Exception(
-                'elixir:CSCMfa: missing mandatory configuration option "' . self::CLIENT_ID .
-                '" in configuration file "' . self::CONFIG_FILE_NAME . '".'
+                'elixir:CSCMfa: missing mandatory configuration option "' . self::CLIENT_ID . '" in configuration file "' . self::CONFIG_FILE_NAME . '".'
             );
         }
 
         if (empty($this->requestedScopes)) {
             throw new Exception(
-                'elixir:CSCMfa: missing mandatory configuration option "' . self::REQUESTED_SCOPES .
-                '" in configuration file "' . self::CONFIG_FILE_NAME . '".'
+                'elixir:CSCMfa: missing mandatory configuration option "' . self::REQUESTED_SCOPES . '" in configuration file "' . self::CONFIG_FILE_NAME . '".'
             );
         }
 
         if (empty($openidConfigurationUrl)) {
             throw new Exception(
-                'elixir:CSCMfa: missing mandatory configuration option "' . self::AUTHORIZATION_ENDPOINT .
-                '" in configuration file "' . self::CONFIG_FILE_NAME . '".'
+                'elixir:CSCMfa: missing mandatory configuration option "' . self::AUTHORIZATION_ENDPOINT . '" in configuration file "' . self::CONFIG_FILE_NAME . '".'
             );
         }
 
@@ -85,41 +82,43 @@ public function process(&$request)
 
         if (isset($request['saml:RequestedAuthnContext']['AuthnContextClassRef'])) {
             $requestedAuthnContextClassRef = $request['saml:RequestedAuthnContext']['AuthnContextClassRef'][0];
-            if (! is_array($requestedAuthnContextClassRef)) {
+            if (!is_array($requestedAuthnContextClassRef)) {
                 $requestedAuthnContextClassRef = [$requestedAuthnContextClassRef];
             }
         }
 
-        if (! in_array(self::MFA_IDENTIFIER, $requestedAuthnContextClassRef, true)) {
-            # Everything is OK, SP didn't requested MFA
+        if (!in_array(self::MFA_IDENTIFIER, $requestedAuthnContextClassRef, true)) {
+            // Everything is OK, SP didn't requested MFA
             Logger::debug('Multi factor authentication is not required');
+
             return;
         }
 
-        # Check if IdP did MFA
+        // Check if IdP did MFA
         $authContextClassRef = [];
         if (isset($request['saml:sp:AuthnContext'])) {
             $authContextClassRef = $request['saml:sp:AuthnContext'];
-            if (! is_array($authContextClassRef)) {
+            if (!is_array($authContextClassRef)) {
                 $authContextClassRef = [$authContextClassRef];
             }
         }
         if (in_array(self::MFA_IDENTIFIER, $authContextClassRef, true)) {
-            # MFA was performed on IdP
+            // MFA was performed on IdP
             Logger::debug('Multi factor authentication was performed on Identity provider side');
+
             return;
         }
 
         Logger::debug('Multi factor authentication wasn\'t performed and will be performed on CSC side.');
 
         $stateId = State::saveState($request, 'elixir:CSCMfa', true);
 
-        if (! isset($request['Attributes']['eduPersonUniqueId'][0])) {
+        if (!isset($request['Attributes']['eduPersonUniqueId'][0])) {
             throw new Exception('elixir:CSCMfa: missing required attribute "eduPersonUniqueId" in request');
         }
         $elixirId = $request['Attributes']['eduPersonUniqueId'][0];
 
-        # Prepare claims
+        // Prepare claims
         $claims = [
             'id_token' => [
                 'sub' => [
@@ -136,7 +135,7 @@ public function process(&$request)
             $claims['id_token']['mobile']['value'] = $phoneNumber;
         }
 
-        # Prepare params
+        // Prepare params
         $params = [
             'response_type' => 'code',
             'scope' => implode(' ', $this->requestedScopes),
@@ -148,7 +147,7 @@ public function process(&$request)
 
         $mfa_url = $this->authorizationEndpoint . '?' . http_build_query($params);
 
-        Header('Location: ' . $mfa_url);
+        header('Location: ' . $mfa_url);
         exit();
     }
 }

themes/elixir/default/includes/footer.php

@@ -2,7 +2,7 @@
 
 use SimpleSAML\Module;
 
-if (! empty($this->data['htmlinject']['htmlContentPost'])) {
+if (!empty($this->data['htmlinject']['htmlContentPost'])) {
     foreach ($this->data['htmlinject']['htmlContentPost'] as $c) {
         echo $c;
     }
@@ -18,7 +18,7 @@
     <div style="margin: 0px auto; max-width: 1000px;">
 
         <div style="float: left;">
-            <img src="<?php echo Module::getModuleUrl('elixir/res/img/logo_64.png') ?>">
+            <img src="<?php echo Module::getModuleUrl('elixir/res/img/logo_64.png'); ?>">
         </div>
 
         <div style="float: left;">

themes/elixir/default/includes/header.php

@@ -2,7 +2,7 @@
 
 use SimpleSAML\Module;
 
-/**
+/*
  * Support the htmlinject hook, which allows modules to change header, pre and post body on all pages.
  */
 $this->data['htmlinject'] = [
@@ -29,7 +29,7 @@
 }
 // - o - o - o - o - o - o - o - o - o - o - o - o -
 
-/**
+/*
  * Do not allow to frame SimpleSAMLphp pages from another location. This prevents clickjacking attacks in modern
  * browsers.
  *
@@ -59,13 +59,13 @@
 
     <?php
 
-    if (! empty($jquery)) {
+    if (!empty($jquery)) {
         $version = '1.8';
         if (array_key_exists('version', $jquery)) {
             $version = $jquery['version'];
         }
 
-        if ($version === '1.8') {
+        if ('1.8' === $version) {
             if (isset($jquery['core']) && $jquery['core']) {
                 echo '<script type="text/javascript" src="/' . $this->data['baseurlpath'] .
                     'resources/jquery-1.8.js"></script>' . "\n";
@@ -88,7 +88,7 @@
             'resources/clipboard.min.js"></script>' . "\n";
     }
 
-    if (! empty($this->data['htmlinject']['htmlContentHead'])) {
+    if (!empty($this->data['htmlinject']['htmlContentHead'])) {
         foreach ($this->data['htmlinject']['htmlContentHead'] as $c) {
             echo $c;
         }
@@ -130,7 +130,7 @@
     $onLoad .= $this->data['onLoad'];
 }
 
-if ($onLoad !== '') {
+if ('' !== $onLoad) {
     $onLoad = ' onload="' . $onLoad . '"';
 }
 
@@ -153,7 +153,7 @@
 
 <?php
 
-if (! empty($this->data['htmlinject']['htmlContentPre'])) {
+if (!empty($this->data['htmlinject']['htmlContentPre'])) {
     foreach ($this->data['htmlinject']['htmlContentPre'] as $c) {
         echo $c;
     }

www/CSCMfaContinue.php

@@ -16,24 +16,21 @@
 $clientId = $conf->getString(CSCMfa::CLIENT_ID, '');
 if (empty($clientId)) {
     throw new Exception(
-        'elixir:CSCMfa_continue: missing mandatory configuration option "' . CSCMfa::CLIENT_ID .
-        '" in configuration file "' . CSCMfa::CONFIG_FILE_NAME . '".'
+        'elixir:CSCMfa_continue: missing mandatory configuration option "' . CSCMfa::CLIENT_ID . '" in configuration file "' . CSCMfa::CONFIG_FILE_NAME . '".'
     );
 }
 
 $clientSecret = $conf->getString(CSCMfa::CLIENT_SECRET, '');
 if (empty($clientSecret)) {
     throw new Exception(
-        'elixir:CSCMfa_continue: missing mandatory configuration option "' . CSCMfa::CLIENT_SECRET .
-        '" in configuration file "' . CSCMfa::CONFIG_FILE_NAME . '".'
+        'elixir:CSCMfa_continue: missing mandatory configuration option "' . CSCMfa::CLIENT_SECRET . '" in configuration file "' . CSCMfa::CONFIG_FILE_NAME . '".'
     );
 }
 
 $openidConfigurationUrl = $conf->getString(CSCMfa::OPENID_CONFIGURATION_URL, '');
 if (empty($openidConfigurationUrl)) {
     throw new Exception(
-        'elixir:CSCMfa_continue: missing mandatory configuration option "' . CSCMfa::TOKEN_ENDPOINT .
-        '" in configuration file "' . CSCMfa::CONFIG_FILE_NAME . '".'
+        'elixir:CSCMfa_continue: missing mandatory configuration option "' . CSCMfa::TOKEN_ENDPOINT . '" in configuration file "' . CSCMfa::CONFIG_FILE_NAME . '".'
     );
 }
 
@@ -47,16 +44,15 @@
     $mfaUserInfoUrl = $metadata[CSCMfa::USERINFO_ENDPOINT];
 }
 
-if ($mfaTokenUrl === null || $mfaUserInfoUrl === null) {
+if (null === $mfaTokenUrl || null === $mfaUserInfoUrl) {
     throw new Exception(
-        'elixir:CSCMfa_continue: Problem to get ' . CSCMfa::TOKEN_ENDPOINT . ' or ' .
-        CSCMfa::USERINFO_ENDPOINT . ' from Openid configuration.'
+        'elixir:CSCMfa_continue: Problem to get ' . CSCMfa::TOKEN_ENDPOINT . ' or ' . CSCMfa::USERINFO_ENDPOINT . ' from Openid configuration.'
     );
 }
 
 $redirectUri = Module::getModuleURL('elixir') . '/CSCMfa_continue.php';
 
-if (! isset($_GET['code'], $_GET['state'])) {
+if (!isset($_GET['code'], $_GET['state'])) {
     throw new Exception('elixir:CSCMfa_continue: One of following required params: "code", "state" is missing.');
 }
 
@@ -65,7 +61,7 @@
 
 $state = State::loadState($stateId, 'elixir:CSCMfa');
 
-# Prepare params for token endpoint
+// Prepare params for token endpoint
 $params = [
     'code' => $code,
     'grant_type' => 'authorization_code',
@@ -75,15 +71,15 @@
     'nonce' => time(),
 ];
 
-# Request to token endpoint
+// Request to token endpoint
 $ch = curl_init();
 curl_setopt($ch, CURLOPT_URL, $mfaTokenUrl);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 curl_setopt($ch, CURLOPT_POST, true);
 curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
 $response = curl_exec($ch);
 
-if ($response === false) {
+if (false === $response) {
     throw new \Exception("Request to token endpoint wasn't successful : " . curl_error($ch));
 }
 $response = json_decode($response, true);
@@ -102,15 +98,15 @@
     'access_token' => $accessToken,
 ];
 
-# Request to userinfo endpoint
+// Request to userinfo endpoint
 $ch = curl_init();
 curl_setopt($ch, CURLOPT_URL, $mfaUserInfoUrl);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 curl_setopt($ch, CURLOPT_POST, true);
 curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
 curl_setopt($ch, CURLOPT_HTTPHEADER, ['Authorization: Bearer ' . $accessToken]);
 $response = curl_exec($ch);
-if ($response === false) {
+if (false === $response) {
     throw new \Exception("Request to token endpoint wasn't successful : " . curl_error($ch));
 }