Isekai-Project
/
isekai-openid-connect-generic
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Updates Code Base to Pass Level 5 Baseline

Browse Source 
* Ensures PHP Code Sniffs continue to pass.
* Fixes all code base issues to pass a level 5 PHP static analysis.
* Updates PHPStan configurations to use a level 5 baseline.
isekai
Tim Nolte 4 years ago
parent cce7195fe1
commit 78ede5dffb
No known key found for this signature in database
GPG Key ID: 33E7CA1AD448F3B3
10 changed files with 79 additions and 53 deletions
Show Stats Download Patch File Download Diff File

2
grumphp.yml.dist
Unescape Escape View File

@ -31,7 +31,7 @@ parameters:
- '/^assets\/(.*)/'
phpstan:
configuration: './phpstan.neon.dist'
level: max
level: 5
ignore_patterns:
- '/^assets\/(.*)/'
memory_limit: '-1'

38
includes/openid-connect-generic-client-wrapper.php
Unescape Escape View File

@ -141,7 +141,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
/**
* Get the authentication url from the client.
*
* @param array $atts The optional attributes array when called via a shortcode.
* @param array<string> $atts The optional attributes array when called via a shortcode.
*
* @return string
*/
@ -249,11 +249,11 @@ class OpenID_Connect_Generic_Client_Wrapper {
/**
* Add the end_session endpoint to WordPress core's whitelist of redirect hosts.
*
* @param array $allowed The allowed redirect host names.
* @param array<string> $allowed The allowed redirect host names.
*
* @return array|bool
* @return array<string>|bool
*/
function update_allowed_redirect_hosts( array $allowed ) {
function update_allowed_redirect_hosts( $allowed ) {
$host = parse_url( $this->settings->endpoint_end_session, PHP_URL_HOST );
if ( ! $host ) {
return false;
@ -311,8 +311,8 @@ class OpenID_Connect_Generic_Client_Wrapper {
/**
* Modify outgoing requests according to settings.
*
* @param array $request The outgoing request array.
* @param string $operation The request operation name.
* @param array<mixed> $request The outgoing request array.
* @param string $operation The request operation name.
*
* @return mixed
*/
@ -429,7 +429,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
$this->error_redirect( $user );
}
} else {
$this->error_redirect( new WP_Error( 'identity-not-map-existing-user', __( 'User identity is not link to an existing WordPress user' ), $user_claim ) );
$this->error_redirect( new WP_Error( 'identity-not-map-existing-user', __( 'User identity is not linked to an existing WordPress user' ), $user_claim ) );
}
} else {
// Allow plugins / themes to take action using current claims on existing user (e.g. update role).
@ -468,7 +468,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
/**
* Validate the potential WP_User.
*
* @param WP_User $user The user object.
* @param WP_User|WP_Error|false $user The user object.
*
* @return true|WP_Error
*/
@ -514,9 +514,9 @@ class OpenID_Connect_Generic_Client_Wrapper {
/**
* Save refresh token to WP session tokens
*
* @param WP_Session_Tokens $manager A user session tokens manager.
* @param string $token The current users session token.
* @param array $token_response The authentication token response.
* @param WP_Session_Tokens $manager A user session tokens manager.
* @param string $token The current users session token.
* @param array|WP_Error|null $token_response The authentication token response.
*/
function save_refresh_token( $manager, $token, $token_response ) {
if ( ! $this->settings->token_refresh_enable ) {
@ -578,6 +578,10 @@ class OpenID_Connect_Generic_Client_Wrapper {
* @return string|WP_Error|null
*/
private function get_username_from_claim( $user_claim ) {
// @var string $desired_username
$desired_username = '';
// Allow settings to take first stab at username.
if ( ! empty( $this->settings->identity_key ) && isset( $user_claim[ $this->settings->identity_key ] ) ) {
$desired_username = $user_claim[ $this->settings->identity_key ];
@ -594,13 +598,14 @@ class OpenID_Connect_Generic_Client_Wrapper {
}
// Normalize the data a bit.
// @var string $transliterated_username The username converted to ASCII from UTF-8.
$transliterated_username = iconv( 'UTF-8', 'ASCII//TRANSLIT', $desired_username );
if ( empty( $transliterated_username ) ) {
return new WP_Error( 'username-transliteration-failed', printf( __( 'Username %1$s could not be transliterated' ), $desired_username ), $desired_username );
return new WP_Error( 'username-transliteration-failed', sprintf( __( 'Username %1$s could not be transliterated' ), $desired_username ), $desired_username );
}
$normalized_username = strtolower( preg_replace( '/[^a-zA-Z0-9 _.\-@]/', '', $transliterated_username ) );
if ( empty( $normalized_username ) ) {
return new WP_Error( 'username-normalization-failed', printf( __( 'Username %1$s could not be normalized' ), $transliterated_username ), $transliterated_username );
return new WP_Error( 'username-normalization-failed', sprintf( __( 'Username %1$s could not be normalized' ), $transliterated_username ), $transliterated_username );
}
// Copy the username for incrementing.
@ -623,7 +628,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
*
* @param array $user_claim The IDP authenticated user claim data.
*
* @return string|null
* @return string|WP_Error|null
*/
private function get_nickname_from_claim( $user_claim ) {
$desired_nickname = null;
@ -631,6 +636,11 @@ class OpenID_Connect_Generic_Client_Wrapper {
if ( ! empty( $this->settings->nickname_key ) && isset( $user_claim[ $this->settings->nickname_key ] ) ) {
$desired_nickname = $user_claim[ $this->settings->nickname_key ];
}
if ( empty( $desired_nickname ) ) {
return new WP_Error( 'no-nickname', sprintf( __( 'No nickname found in user claim using key: %1$s.' ), $this->settings->nickname_key ), $this->settings->nickname_key );
}
return $desired_nickname;
}

18
includes/openid-connect-generic-client.php
Unescape Escape View File

@ -158,9 +158,9 @@ class OpenID_Connect_Generic_Client {
/**
* Validate the request for login authentication
*
* @param array $request The authentication request results.
* @param array<string> $request The authentication request results.
*
* @return array|WP_Error
* @return array<string>|WP_Error
*/
function validate_authentication_request( $request ) {
// Look for an existing error of some kind.
@ -189,20 +189,24 @@ class OpenID_Connect_Generic_Client {
/**
* Get the authorization code from the request
*
* @param array $request The authentication request results.
* @param array<string>|WP_Error $request The authentication request results.
*
* @return string|WP_Error
*/
function get_authentication_code( $request ) {
if ( ! isset( $request['code'] ) ) {
return new WP_Error( 'missing-authentication-code', __( 'Missing authentication code.' ), $request );
}
return $request['code'];
}
/**
* Using the authorization_code, request an authentication token from the IDP.
*
* @param string $code The authorization code.
* @param string|WP_Error $code The authorization code.
*
* @return array|WP_Error
* @return array<mixed>|WP_Error
*/
function request_authentication_token( $code ) {
@ -270,9 +274,9 @@ class OpenID_Connect_Generic_Client {
/**
* Extract and decode the token body of a token response
*
* @param array $token_result The token response.
* @param array<mixed>|WP_Error $token_result The token response.
*
* @return array|WP_Error|null
* @return array<mixed>|WP_Error|null
*/
function get_token_response( $token_result ) {
if ( ! isset( $token_result['body'] ) ) {

4
includes/openid-connect-generic-login-form.php
Unescape Escape View File

@ -53,7 +53,7 @@ class OpenID_Connect_Generic_Login_Form {
* @param OpenID_Connect_Generic_Option_Settings $settings A plugin settings object instance.
* @param OpenID_Connect_Generic_Client_Wrapper $client_wrapper A plugin client wrapper object instance.
*
* @return OpenID_Connect_Generic_Login_Form
* @return void
*/
static public function register( $settings, $client_wrapper ) {
$login_form = new self( $settings, $client_wrapper );
@ -65,8 +65,6 @@ class OpenID_Connect_Generic_Login_Form {
add_shortcode( 'openid_connect_generic_login_button', array( $login_form, 'make_login_button' ) );
$login_form->handle_redirect_login_type_auto();
return $login_form;
}
/**

2
includes/openid-connect-generic-option-logger.php
Unescape Escape View File

@ -243,7 +243,7 @@ class OpenID_Connect_Generic_Option_Logger {
}
$logs = array_reverse( $logs );
ini_set( 'xdebug.var_display_max_depth', -1 );
ini_set( 'xdebug.var_display_max_depth', '-1' );
ob_start();
?>

16
includes/openid-connect-generic-option-settings.php
Unescape Escape View File

@ -69,28 +69,32 @@ class OpenID_Connect_Generic_Option_Settings {
/**
* Stored option values array.
*
* @var array
* @var array<mixed>
*/
private $values;
/**
* Default plugin settings values.
*
* @var array
* @var array<mixed>
*/
private $default_settings;
/**
* The class constructor.
*
* @param string $option_name The option name/key.
* @param array $default_settings The default plugin settings values.
* @param bool|TRUE $granular_defaults The granular defaults.
* @param string $option_name The option name/key.
* @param array<mixed> $default_settings The default plugin settings values.
* @param bool $granular_defaults The granular defaults.
*/
function __construct( $option_name, $default_settings = array(), $granular_defaults = true ) {
$this->option_name = $option_name;
$this->default_settings = $default_settings;
$this->values = get_option( $this->option_name, $this->default_settings );
$this->values = array();
if ( ! empty( $this->option_name ) ) {
get_option( $this->option_name, $this->default_settings );
}
if ( $granular_defaults ) {
$this->values = array_replace_recursive( $this->default_settings, $this->values );

4
includes/openid-connect-generic-settings-page.php
Unescape Escape View File

@ -85,7 +85,7 @@ class OpenID_Connect_Generic_Settings_Page {
* @param OpenID_Connect_Generic_Option_Settings $settings A plugin settings object instance.
* @param OpenID_Connect_Generic_Option_Logger $logger A plugin logger object instance.
*
* @return \OpenID_Connect_Generic_Settings_Page
* @return void
*/
static public function register( OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ) {
$settings_page = new self( $settings, $logger );
@ -95,8 +95,6 @@ class OpenID_Connect_Generic_Settings_Page {
// Register our settings.
add_action( 'admin_init', array( $settings_page, 'admin_init' ) );
return $settings_page;
}
/**

41
openid-connect-generic.php
Unescape Escape View File

@ -103,20 +103,6 @@ class OpenID_Connect_Generic {
*/
private $client;
/**
* Settings admin page.
*
* @var OpenID_Connect_Generic_Settings_Page
*/
private $settings_page;
/**
* Login form adjustments.
*
* @var OpenID_Connect_Generic_Login_Form
*/
private $login_form;
/**
* Client wrapper.
*
@ -172,7 +158,7 @@ class OpenID_Connect_Generic {
return;
}
$this->login_form = OpenID_Connect_Generic_Login_Form::register( $this->settings, $this->client_wrapper );
OpenID_Connect_Generic_Login_Form::register( $this->settings, $this->client_wrapper );
// Add a shortcode to get the auth URL.
add_shortcode( 'openid_connect_generic_auth_url', array( $this->client_wrapper, 'get_authentication_url' ) );
@ -183,13 +169,15 @@ class OpenID_Connect_Generic {
$this->upgrade();
if ( is_admin() ) {
$this->settings_page = OpenID_Connect_Generic_Settings_Page::register( $this->settings, $this->logger );
OpenID_Connect_Generic_Settings_Page::register( $this->settings, $this->logger );
}
}
/**
* Check if privacy enforcement is enabled, and redirect users that aren't
* logged in.
*
* @return void
*/
function enforce_privacy_redirect() {
if ( $this->settings->enforce_privacy && ! is_user_logged_in() ) {
@ -216,6 +204,8 @@ class OpenID_Connect_Generic {
/**
* Handle plugin upgrades
*
* @return void
*/
function upgrade() {
$last_version = get_option( 'openid-connect-generic-plugin-version', 0 );
@ -243,6 +233,8 @@ class OpenID_Connect_Generic {
/**
* Expire state transients by attempting to access them and allowing the
* transient's own mechanisms to delete any that have expired.
*
* @return void
*/
function cron_states_garbage_collection() {
global $wpdb;
@ -258,6 +250,8 @@ class OpenID_Connect_Generic {
/**
* Ensure cron jobs are added to the schedule.
*
* @return void
*/
static public function setup_cron_jobs() {
if ( ! wp_next_scheduled( 'openid-connect-generic-cron-daily' ) ) {
@ -267,6 +261,8 @@ class OpenID_Connect_Generic {
/**
* Activation hook.
*
* @return void
*/
static public function activation() {
self::setup_cron_jobs();
@ -274,6 +270,8 @@ class OpenID_Connect_Generic {
/**
* Deactivation hook.
*
* @return void
*/
static public function deactivation() {
wp_clear_scheduled_hook( 'openid-connect-generic-cron-daily' );
@ -283,6 +281,8 @@ class OpenID_Connect_Generic {
* Simple autoloader.
*
* @param string $class The class name.
*
* @return void
*/
static public function autoload( $class ) {
$prefix = 'OpenID_Connect_Generic_';
@ -308,9 +308,16 @@ class OpenID_Connect_Generic {
}
/**
* Instantiate the plugin and hook into WP
* Instantiate the plugin and hook into WordPress.
*
* @return void
*/
static public function bootstrap() {
/**
* This is a documented valid call for spl_autoload_register.
*
* @link https://www.php.net/manual/en/function.spl-autoload-register.php#71155
*/
spl_autoload_register( array( 'OpenID_Connect_Generic', 'autoload' ) );
$settings = new OpenID_Connect_Generic_Option_Settings(

2
phpstan.neon.dist
Unescape Escape View File

@ -7,7 +7,7 @@ includes:
# Include this extension
# - vendor/szepeviktor/phpstan-wordpress/extension.neon
parameters:
level: max
level: 5
inferPrivatePropertyTypeFromConstructor: true
bootstrapFiles:
- tests/phpstan-bootstrap.php

5
tests/phpstan-bootstrap.php
Unescape Escape View File

@ -12,3 +12,8 @@
// Define WordPress language directory.
defined( 'WP_LANG_DIR' ) || define( 'WP_LANG_DIR', 'wordpress/src/wp-includes/languages/' );
defined( 'COOKIE_DOMAIN' ) || define( 'COOKIE_DOMAIN', 'localhost' );
defined( 'COOKIEPATH' ) || define( 'COOKIEPATH', '/');

Write Preview
Loading…
Cancel
Save