diff --git a/.github/workflows/php-cs-fixer.yml b/.github/workflows/php-cs-fixer.yml new file mode 100644 index 0000000..2d37e13 --- /dev/null +++ b/.github/workflows/php-cs-fixer.yml @@ -0,0 +1,7 @@ +name: PHP CS Fixer + +on: push + +jobs: + fixers: + uses: humhub/actions/.github/workflows/module-php-cs-fixer.yml@main diff --git a/Events.php b/Events.php index a9df15b..a7ecdba 100644 --- a/Events.php +++ b/Events.php @@ -8,11 +8,9 @@ namespace humhub\modules\sso\jwt; - use humhub\modules\sso\jwt\authclient\JWT; use Yii; class Events { - } diff --git a/authclient/JWT.php b/authclient/JWT.php index bdaf338..340ad1c 100644 --- a/authclient/JWT.php +++ b/authclient/JWT.php @@ -19,7 +19,6 @@ */ class JWT extends BaseClient implements StandaloneAuthClient { - /** * @var string url of the JWT provider */ @@ -53,7 +52,7 @@ class JWT extends BaseClient implements StandaloneAuthClient public $allowedIPs = []; /** - * @var boolean enable automatic login of 'allowed ips'. + * @var bool enable automatic login of 'allowed ips'. */ public $autoLogin = false; @@ -109,9 +108,9 @@ public function setUserAttributes($userAttributes) if (!isset($userAttributes['id'])) { if ($this->idAttribute == 'email' && isset($userAttributes['email'])) { $userAttributes['id'] = $userAttributes['email']; - } else if ($this->idAttribute == 'guid' && isset($userAttributes['guid'])) { + } elseif ($this->idAttribute == 'guid' && isset($userAttributes['guid'])) { $userAttributes['guid'] = $userAttributes['guid']; - } else if ($this->idAttribute == 'username' && isset($userAttributes['username'])) { + } elseif ($this->idAttribute == 'username' && isset($userAttributes['username'])) { $userAttributes['username'] = $userAttributes['username']; } } diff --git a/authclient/JWTPrimary.php b/authclient/JWTPrimary.php index d306999..685e6e3 100644 --- a/authclient/JWTPrimary.php +++ b/authclient/JWTPrimary.php @@ -28,4 +28,4 @@ public function getSyncAttributes() { return $this->syncAttributes; } -} \ No newline at end of file +} diff --git a/config.php b/config.php index 9e750f5..10fff3f 100644 --- a/config.php +++ b/config.php @@ -10,6 +10,5 @@ 'namespace' => 'humhub\modules\sso\jwt', 'events' => [ [AuthController::class, AuthController::EVENT_BEFORE_ACTION, ['humhub\modules\sso\jwt\Module', 'onAuthClientCollectionInit']], - ] + ], ]; -?> \ No newline at end of file diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index e099db0..25e3705 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -1,6 +1,11 @@ Changelog ========= +1.1.4 (Unreleased) +------------------------- + +- Enh: Use PHP CS Fixer + 1.1.3 (November 23, 2023) ------------------------- diff --git a/examples/php/index.php b/examples/php/index.php index bc4f7a2..8d22bc6 100644 --- a/examples/php/index.php +++ b/examples/php/index.php @@ -12,7 +12,7 @@ // Build token including your user data $now = time(); -$token = array( +$token = [ 'iss' => 'example', 'jti' => md5($now . rand()), 'iat' => $now, @@ -21,7 +21,7 @@ 'firstname' => 'John', 'lastname' => 'Doe', 'email' => 'john.doe@example.com', -); +]; // Create JWT token $jwt = JWT::encode($token, $key); @@ -35,4 +35,3 @@ $location .= "&jwt=" . $jwt; header("Location: " . $location); -?> \ No newline at end of file diff --git a/examples/php/src/BeforeValidException.php b/examples/php/src/BeforeValidException.php index a6ee2f7..c147852 100644 --- a/examples/php/src/BeforeValidException.php +++ b/examples/php/src/BeforeValidException.php @@ -1,7 +1,7 @@ array('hash_hmac', 'SHA256'), - 'HS512' => array('hash_hmac', 'SHA512'), - 'HS384' => array('hash_hmac', 'SHA384'), - 'RS256' => array('openssl', 'SHA256'), - ); + public static $supported_algs = [ + 'HS256' => ['hash_hmac', 'SHA256'], + 'HS512' => ['hash_hmac', 'SHA512'], + 'HS384' => ['hash_hmac', 'SHA384'], + 'RS256' => ['openssl', 'SHA256'], + ]; /** * Decodes a JWT string into a PHP object. @@ -64,7 +64,7 @@ class JWT * @uses jsonDecode * @uses urlsafeB64Decode */ - public static function decode($jwt, $key, $allowed_algs = array()) + public static function decode($jwt, $key, $allowed_algs = []) { $timestamp = is_null(static::$timestamp) ? time() : static::$timestamp; @@ -86,7 +86,7 @@ public static function decode($jwt, $key, $allowed_algs = array()) throw new UnexpectedValueException('Invalid claims encoding'); } $sig = static::urlsafeB64Decode($cryptob64); - + if (empty($header->alg)) { throw new UnexpectedValueException('Empty algorithm'); } @@ -113,7 +113,7 @@ public static function decode($jwt, $key, $allowed_algs = array()) // token can actually be used. If it's not yet that time, abort. if (isset($payload->nbf) && $payload->nbf > ($timestamp + static::$leeway)) { throw new BeforeValidException( - 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf) + 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf), ); } @@ -122,7 +122,7 @@ public static function decode($jwt, $key, $allowed_algs = array()) // correctly used the nbf claim). if (isset($payload->iat) && $payload->iat > ($timestamp + static::$leeway)) { throw new BeforeValidException( - 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->iat) + 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->iat), ); } @@ -152,14 +152,14 @@ public static function decode($jwt, $key, $allowed_algs = array()) */ public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $head = null) { - $header = array('typ' => 'JWT', 'alg' => $alg); + $header = ['typ' => 'JWT', 'alg' => $alg]; if ($keyId !== null) { $header['kid'] = $keyId; } - if ( isset($head) && is_array($head) ) { + if (isset($head) && is_array($head)) { $header = array_merge($head, $header); } - $segments = array(); + $segments = []; $segments[] = static::urlsafeB64Encode(static::jsonEncode($header)); $segments[] = static::urlsafeB64Encode(static::jsonEncode($payload)); $signing_input = implode('.', $segments); @@ -188,7 +188,7 @@ public static function sign($msg, $key, $alg = 'HS256') throw new DomainException('Algorithm not supported'); } list($function, $algorithm) = static::$supported_algs[$alg]; - switch($function) { + switch ($function) { case 'hash_hmac': return hash_hmac($algorithm, $msg, $key, true); case 'openssl': @@ -222,7 +222,7 @@ private static function verify($msg, $signature, $key, $alg) } list($function, $algorithm) = static::$supported_algs[$alg]; - switch($function) { + switch ($function) { case 'openssl': $success = openssl_verify($msg, $signature, $key, $algorithm); if (!$success) { @@ -230,6 +230,7 @@ private static function verify($msg, $signature, $key, $alg) } else { return $signature; } + // no break case 'hash_hmac': default: $hash = hash_hmac($algorithm, $msg, $key, true); @@ -271,7 +272,7 @@ public static function jsonDecode($input) *them to strings) before decoding, hence the preg_replace() call. */ $max_int_length = strlen((string) PHP_INT_MAX) - 1; - $json_without_bigints = preg_replace('/:\s*(-?\d{'.$max_int_length.',})/', ': "$1"', $input); + $json_without_bigints = preg_replace('/:\s*(-?\d{' . $max_int_length . ',})/', ': "$1"', $input); $obj = json_decode($json_without_bigints); } @@ -341,15 +342,15 @@ public static function urlsafeB64Encode($input) */ private static function handleJsonError($errno) { - $messages = array( + $messages = [ JSON_ERROR_DEPTH => 'Maximum stack depth exceeded', JSON_ERROR_CTRL_CHAR => 'Unexpected control character found', - JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON' - ); + JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON', + ]; throw new DomainException( isset($messages[$errno]) ? $messages[$errno] - : 'Unknown JSON error: ' . $errno + : 'Unknown JSON error: ' . $errno, ); } diff --git a/examples/php/src/SignatureInvalidException.php b/examples/php/src/SignatureInvalidException.php index 27332b2..d35dee9 100644 --- a/examples/php/src/SignatureInvalidException.php +++ b/examples/php/src/SignatureInvalidException.php @@ -1,7 +1,7 @@ array('hash_hmac', 'SHA256'), - 'HS512' => array('hash_hmac', 'SHA512'), - 'HS384' => array('hash_hmac', 'SHA384'), - 'RS256' => array('openssl', 'SHA256'), - ); + public static $supported_algs = [ + 'HS256' => ['hash_hmac', 'SHA256'], + 'HS512' => ['hash_hmac', 'SHA512'], + 'HS384' => ['hash_hmac', 'SHA384'], + 'RS256' => ['openssl', 'SHA256'], + ]; /** * Decodes a JWT string into a PHP object. @@ -64,7 +64,7 @@ class JWT * @uses jsonDecode * @uses urlsafeB64Decode */ - public static function decode($jwt, $key, $allowed_algs = array()) + public static function decode($jwt, $key, $allowed_algs = []) { $timestamp = is_null(static::$timestamp) ? time() : static::$timestamp; @@ -86,7 +86,7 @@ public static function decode($jwt, $key, $allowed_algs = array()) throw new UnexpectedValueException('Invalid claims encoding'); } $sig = static::urlsafeB64Decode($cryptob64); - + if (empty($header->alg)) { throw new UnexpectedValueException('Empty algorithm'); } @@ -113,7 +113,7 @@ public static function decode($jwt, $key, $allowed_algs = array()) // token can actually be used. If it's not yet that time, abort. if (isset($payload->nbf) && $payload->nbf > ($timestamp + static::$leeway)) { throw new BeforeValidException( - 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf) + 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf), ); } @@ -122,7 +122,7 @@ public static function decode($jwt, $key, $allowed_algs = array()) // correctly used the nbf claim). if (isset($payload->iat) && $payload->iat > ($timestamp + static::$leeway)) { throw new BeforeValidException( - 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->iat) + 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->iat), ); } @@ -152,14 +152,14 @@ public static function decode($jwt, $key, $allowed_algs = array()) */ public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $head = null) { - $header = array('typ' => 'JWT', 'alg' => $alg); + $header = ['typ' => 'JWT', 'alg' => $alg]; if ($keyId !== null) { $header['kid'] = $keyId; } - if ( isset($head) && is_array($head) ) { + if (isset($head) && is_array($head)) { $header = array_merge($head, $header); } - $segments = array(); + $segments = []; $segments[] = static::urlsafeB64Encode(static::jsonEncode($header)); $segments[] = static::urlsafeB64Encode(static::jsonEncode($payload)); $signing_input = implode('.', $segments); @@ -188,7 +188,7 @@ public static function sign($msg, $key, $alg = 'HS256') throw new DomainException('Algorithm not supported'); } list($function, $algorithm) = static::$supported_algs[$alg]; - switch($function) { + switch ($function) { case 'hash_hmac': return hash_hmac($algorithm, $msg, $key, true); case 'openssl': @@ -222,7 +222,7 @@ private static function verify($msg, $signature, $key, $alg) } list($function, $algorithm) = static::$supported_algs[$alg]; - switch($function) { + switch ($function) { case 'openssl': $success = openssl_verify($msg, $signature, $key, $algorithm); if (!$success) { @@ -230,6 +230,7 @@ private static function verify($msg, $signature, $key, $alg) } else { return $signature; } + // no break case 'hash_hmac': default: $hash = hash_hmac($algorithm, $msg, $key, true); @@ -271,7 +272,7 @@ public static function jsonDecode($input) *them to strings) before decoding, hence the preg_replace() call. */ $max_int_length = strlen((string) PHP_INT_MAX) - 1; - $json_without_bigints = preg_replace('/:\s*(-?\d{'.$max_int_length.',})/', ': "$1"', $input); + $json_without_bigints = preg_replace('/:\s*(-?\d{' . $max_int_length . ',})/', ': "$1"', $input); $obj = json_decode($json_without_bigints); } @@ -341,15 +342,15 @@ public static function urlsafeB64Encode($input) */ private static function handleJsonError($errno) { - $messages = array( + $messages = [ JSON_ERROR_DEPTH => 'Maximum stack depth exceeded', JSON_ERROR_CTRL_CHAR => 'Unexpected control character found', - JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON' - ); + JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON', + ]; throw new DomainException( isset($messages[$errno]) ? $messages[$errno] - : 'Unknown JSON error: ' . $errno + : 'Unknown JSON error: ' . $errno, ); } diff --git a/vendors/php-jwt/src/SignatureInvalidException.php b/vendors/php-jwt/src/SignatureInvalidException.php index 27332b2..d35dee9 100644 --- a/vendors/php-jwt/src/SignatureInvalidException.php +++ b/vendors/php-jwt/src/SignatureInvalidException.php @@ -1,7 +1,7 @@