Isekai-Project
/
isekai-openid-connect-generic
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Updates Code Base to Pass Level 5 Baseline

Browse Source 
* Ensures PHP Code Sniffs continue to pass.
* Fixes all code base issues to pass a level 5 PHP static analysis.
* Updates PHPStan configurations to use a level 5 baseline.
isekai
Tim Nolte 5 years ago
parent cce7195fe1
commit 78ede5dffb
No known key found for this signature in database
GPG Key ID: 33E7CA1AD448F3B3
10 changed files with 79 additions and 53 deletions
Show Stats Download Patch File Download Diff File

2
grumphp.yml.dist
Unescape Escape View File

@ -31,7 +31,7 @@ parameters:
- '/^assets\/(.*)/' - '/^assets\/(.*)/'
phpstan: phpstan:
configuration: './phpstan.neon.dist' configuration: './phpstan.neon.dist'
level: max level: 5
ignore_patterns: ignore_patterns:
- '/^assets\/(.*)/' - '/^assets\/(.*)/'
memory_limit: '-1' memory_limit: '-1'

38
includes/openid-connect-generic-client-wrapper.php
Unescape Escape View File

@ -141,7 +141,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
/** /**
* Get the authentication url from the client. * Get the authentication url from the client.
* *
* @param array $atts The optional attributes array when called via a shortcode. * @param array<string> $atts The optional attributes array when called via a shortcode.
* *
* @return string * @return string
*/ */
@ -249,11 +249,11 @@ class OpenID_Connect_Generic_Client_Wrapper {
/** /**
* Add the end_session endpoint to WordPress core's whitelist of redirect hosts. * Add the end_session endpoint to WordPress core's whitelist of redirect hosts.
* *
* @param array $allowed The allowed redirect host names. * @param array<string> $allowed The allowed redirect host names.
* *
* @return array|bool * @return array<string>|bool
*/ */
function update_allowed_redirect_hosts( array $allowed ) { function update_allowed_redirect_hosts( $allowed ) {
$host = parse_url( $this->settings->endpoint_end_session, PHP_URL_HOST ); $host = parse_url( $this->settings->endpoint_end_session, PHP_URL_HOST );
if ( ! $host ) { if ( ! $host ) {
return false; return false;
@ -311,8 +311,8 @@ class OpenID_Connect_Generic_Client_Wrapper {
/** /**
* Modify outgoing requests according to settings. * Modify outgoing requests according to settings.
* *
* @param array $request The outgoing request array. * @param array<mixed> $request The outgoing request array.
* @param string $operation The request operation name. * @param string $operation The request operation name.
* *
* @return mixed * @return mixed
*/ */
@ -429,7 +429,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
$this->error_redirect( $user ); $this->error_redirect( $user );
} }
} else { } else {
$this->error_redirect( new WP_Error( 'identity-not-map-existing-user', __( 'User identity is not link to an existing WordPress user' ), $user_claim ) ); $this->error_redirect( new WP_Error( 'identity-not-map-existing-user', __( 'User identity is not linked to an existing WordPress user' ), $user_claim ) );
} }
} else { } else {
// Allow plugins / themes to take action using current claims on existing user (e.g. update role). // Allow plugins / themes to take action using current claims on existing user (e.g. update role).
@ -468,7 +468,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
/** /**
* Validate the potential WP_User. * Validate the potential WP_User.
* *
* @param WP_User $user The user object. * @param WP_User|WP_Error|false $user The user object.
* *
* @return true|WP_Error * @return true|WP_Error
*/ */
@ -514,9 +514,9 @@ class OpenID_Connect_Generic_Client_Wrapper {
/** /**
* Save refresh token to WP session tokens * Save refresh token to WP session tokens
* *
* @param WP_Session_Tokens $manager A user session tokens manager. * @param WP_Session_Tokens $manager A user session tokens manager.
* @param string $token The current users session token. * @param string $token The current users session token.
* @param array $token_response The authentication token response. * @param array|WP_Error|null $token_response The authentication token response.
*/ */
function save_refresh_token( $manager, $token, $token_response ) { function save_refresh_token( $manager, $token, $token_response ) {
if ( ! $this->settings->token_refresh_enable ) { if ( ! $this->settings->token_refresh_enable ) {
@ -578,6 +578,10 @@ class OpenID_Connect_Generic_Client_Wrapper {
* @return string|WP_Error|null * @return string|WP_Error|null
*/ */
private function get_username_from_claim( $user_claim ) { private function get_username_from_claim( $user_claim ) {
// @var string $desired_username
$desired_username = '';
// Allow settings to take first stab at username. // Allow settings to take first stab at username.
if ( ! empty( $this->settings->identity_key ) && isset( $user_claim[ $this->settings->identity_key ] ) ) { if ( ! empty( $this->settings->identity_key ) && isset( $user_claim[ $this->settings->identity_key ] ) ) {
$desired_username = $user_claim[ $this->settings->identity_key ]; $desired_username = $user_claim[ $this->settings->identity_key ];
@ -594,13 +598,14 @@ class OpenID_Connect_Generic_Client_Wrapper {
} }
// Normalize the data a bit. // Normalize the data a bit.
// @var string $transliterated_username The username converted to ASCII from UTF-8.
$transliterated_username = iconv( 'UTF-8', 'ASCII//TRANSLIT', $desired_username ); $transliterated_username = iconv( 'UTF-8', 'ASCII//TRANSLIT', $desired_username );
if ( empty( $transliterated_username ) ) { if ( empty( $transliterated_username ) ) {
return new WP_Error( 'username-transliteration-failed', printf( __( 'Username %1$s could not be transliterated' ), $desired_username ), $desired_username ); return new WP_Error( 'username-transliteration-failed', sprintf( __( 'Username %1$s could not be transliterated' ), $desired_username ), $desired_username );
} }
$normalized_username = strtolower( preg_replace( '/[^a-zA-Z0-9 _.\-@]/', '', $transliterated_username ) ); $normalized_username = strtolower( preg_replace( '/[^a-zA-Z0-9 _.\-@]/', '', $transliterated_username ) );
if ( empty( $normalized_username ) ) { if ( empty( $normalized_username ) ) {
return new WP_Error( 'username-normalization-failed', printf( __( 'Username %1$s could not be normalized' ), $transliterated_username ), $transliterated_username ); return new WP_Error( 'username-normalization-failed', sprintf( __( 'Username %1$s could not be normalized' ), $transliterated_username ), $transliterated_username );
} }
// Copy the username for incrementing. // Copy the username for incrementing.
@ -623,7 +628,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
* *
* @param array $user_claim The IDP authenticated user claim data. * @param array $user_claim The IDP authenticated user claim data.
* *
* @return string|null * @return string|WP_Error|null
*/ */
private function get_nickname_from_claim( $user_claim ) { private function get_nickname_from_claim( $user_claim ) {
$desired_nickname = null; $desired_nickname = null;
@ -631,6 +636,11 @@ class OpenID_Connect_Generic_Client_Wrapper {
if ( ! empty( $this->settings->nickname_key ) && isset( $user_claim[ $this->settings->nickname_key ] ) ) { if ( ! empty( $this->settings->nickname_key ) && isset( $user_claim[ $this->settings->nickname_key ] ) ) {
$desired_nickname = $user_claim[ $this->settings->nickname_key ]; $desired_nickname = $user_claim[ $this->settings->nickname_key ];
} }
if ( empty( $desired_nickname ) ) {
return new WP_Error( 'no-nickname', sprintf( __( 'No nickname found in user claim using key: %1$s.' ), $this->settings->nickname_key ), $this->settings->nickname_key );
}
return $desired_nickname; return $desired_nickname;
} }

18
includes/openid-connect-generic-client.php
Unescape Escape View File

@ -158,9 +158,9 @@ class OpenID_Connect_Generic_Client {
/** /**
* Validate the request for login authentication * Validate the request for login authentication
* *
* @param array $request The authentication request results. * @param array<string> $request The authentication request results.
* *
* @return array|WP_Error * @return array<string>|WP_Error
*/ */
function validate_authentication_request( $request ) { function validate_authentication_request( $request ) {
// Look for an existing error of some kind. // Look for an existing error of some kind.
@ -189,20 +189,24 @@ class OpenID_Connect_Generic_Client {
/** /**
* Get the authorization code from the request * Get the authorization code from the request
* *
* @param array $request The authentication request results. * @param array<string>|WP_Error $request The authentication request results.
* *
* @return string|WP_Error * @return string|WP_Error
*/ */
function get_authentication_code( $request ) { function get_authentication_code( $request ) {
if ( ! isset( $request['code'] ) ) {
return new WP_Error( 'missing-authentication-code', __( 'Missing authentication code.' ), $request );
}
return $request['code']; return $request['code'];
} }
/** /**
* Using the authorization_code, request an authentication token from the IDP. * Using the authorization_code, request an authentication token from the IDP.
* *
* @param string $code The authorization code. * @param string|WP_Error $code The authorization code.
* *
* @return array|WP_Error * @return array<mixed>|WP_Error
*/ */
function request_authentication_token( $code ) { function request_authentication_token( $code ) {
@ -270,9 +274,9 @@ class OpenID_Connect_Generic_Client {
/** /**
* Extract and decode the token body of a token response * Extract and decode the token body of a token response
* *
* @param array $token_result The token response. * @param array<mixed>|WP_Error $token_result The token response.
* *
* @return array|WP_Error|null * @return array<mixed>|WP_Error|null
*/ */
function get_token_response( $token_result ) { function get_token_response( $token_result ) {
if ( ! isset( $token_result['body'] ) ) { if ( ! isset( $token_result['body'] ) ) {

4
includes/openid-connect-generic-login-form.php
Unescape Escape View File

@ -53,7 +53,7 @@ class OpenID_Connect_Generic_Login_Form {
* @param OpenID_Connect_Generic_Option_Settings $settings A plugin settings object instance. * @param OpenID_Connect_Generic_Option_Settings $settings A plugin settings object instance.
* @param OpenID_Connect_Generic_Client_Wrapper $client_wrapper A plugin client wrapper object instance. * @param OpenID_Connect_Generic_Client_Wrapper $client_wrapper A plugin client wrapper object instance.
* *
* @return OpenID_Connect_Generic_Login_Form * @return void
*/ */
static public function register( $settings, $client_wrapper ) { static public function register( $settings, $client_wrapper ) {
$login_form = new self( $settings, $client_wrapper ); $login_form = new self( $settings, $client_wrapper );
@ -65,8 +65,6 @@ class OpenID_Connect_Generic_Login_Form {
add_shortcode( 'openid_connect_generic_login_button', array( $login_form, 'make_login_button' ) ); add_shortcode( 'openid_connect_generic_login_button', array( $login_form, 'make_login_button' ) );
$login_form->handle_redirect_login_type_auto(); $login_form->handle_redirect_login_type_auto();
return $login_form;
} }
/** /**

2
includes/openid-connect-generic-option-logger.php
Unescape Escape View File

@ -243,7 +243,7 @@ class OpenID_Connect_Generic_Option_Logger {
} }
$logs = array_reverse( $logs ); $logs = array_reverse( $logs );
ini_set( 'xdebug.var_display_max_depth', -1 ); ini_set( 'xdebug.var_display_max_depth', '-1' );
ob_start(); ob_start();
?> ?>

16
includes/openid-connect-generic-option-settings.php
Unescape Escape View File

@ -69,28 +69,32 @@ class OpenID_Connect_Generic_Option_Settings {
/** /**
* Stored option values array. * Stored option values array.
* *
* @var array * @var array<mixed>
*/ */
private $values; private $values;
/** /**
* Default plugin settings values. * Default plugin settings values.
* *
* @var array * @var array<mixed>
*/ */
private $default_settings; private $default_settings;
/** /**
* The class constructor. * The class constructor.
* *
* @param string $option_name The option name/key. * @param string $option_name The option name/key.
* @param array $default_settings The default plugin settings values. * @param array<mixed> $default_settings The default plugin settings values.
* @param bool|TRUE $granular_defaults The granular defaults. * @param bool $granular_defaults The granular defaults.
*/ */
function __construct( $option_name, $default_settings = array(), $granular_defaults = true ) { function __construct( $option_name, $default_settings = array(), $granular_defaults = true ) {
$this->option_name = $option_name; $this->option_name = $option_name;
$this->default_settings = $default_settings; $this->default_settings = $default_settings;
$this->values = get_option( $this->option_name, $this->default_settings ); $this->values = array();
if ( ! empty( $this->option_name ) ) {
get_option( $this->option_name, $this->default_settings );
}
if ( $granular_defaults ) { if ( $granular_defaults ) {
$this->values = array_replace_recursive( $this->default_settings, $this->values ); $this->values = array_replace_recursive( $this->default_settings, $this->values );

4
includes/openid-connect-generic-settings-page.php
Unescape Escape View File

@ -85,7 +85,7 @@ class OpenID_Connect_Generic_Settings_Page {
* @param OpenID_Connect_Generic_Option_Settings $settings A plugin settings object instance. * @param OpenID_Connect_Generic_Option_Settings $settings A plugin settings object instance.
* @param OpenID_Connect_Generic_Option_Logger $logger A plugin logger object instance. * @param OpenID_Connect_Generic_Option_Logger $logger A plugin logger object instance.
* *
* @return \OpenID_Connect_Generic_Settings_Page * @return void
*/ */
static public function register( OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ) { static public function register( OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ) {
$settings_page = new self( $settings, $logger ); $settings_page = new self( $settings, $logger );
@ -95,8 +95,6 @@ class OpenID_Connect_Generic_Settings_Page {
// Register our settings. // Register our settings.
add_action( 'admin_init', array( $settings_page, 'admin_init' ) ); add_action( 'admin_init', array( $settings_page, 'admin_init' ) );
return $settings_page;
} }
/** /**

41
openid-connect-generic.php
Unescape Escape View File

@ -103,20 +103,6 @@ class OpenID_Connect_Generic {
*/ */
private $client; private $client;
/**
* Settings admin page.
*
* @var OpenID_Connect_Generic_Settings_Page
*/
private $settings_page;
/**
* Login form adjustments.
*
* @var OpenID_Connect_Generic_Login_Form
*/
private $login_form;
/** /**
* Client wrapper. * Client wrapper.
* *
@ -172,7 +158,7 @@ class OpenID_Connect_Generic {
return; return;
} }
$this->login_form = OpenID_Connect_Generic_Login_Form::register( $this->settings, $this->client_wrapper ); OpenID_Connect_Generic_Login_Form::register( $this->settings, $this->client_wrapper );
// Add a shortcode to get the auth URL. // Add a shortcode to get the auth URL.
add_shortcode( 'openid_connect_generic_auth_url', array( $this->client_wrapper, 'get_authentication_url' ) ); add_shortcode( 'openid_connect_generic_auth_url', array( $this->client_wrapper, 'get_authentication_url' ) );
@ -183,13 +169,15 @@ class OpenID_Connect_Generic {
$this->upgrade(); $this->upgrade();
if ( is_admin() ) { if ( is_admin() ) {
$this->settings_page = OpenID_Connect_Generic_Settings_Page::register( $this->settings, $this->logger ); OpenID_Connect_Generic_Settings_Page::register( $this->settings, $this->logger );
} }
} }
/** /**
* Check if privacy enforcement is enabled, and redirect users that aren't * Check if privacy enforcement is enabled, and redirect users that aren't
* logged in. * logged in.
*
* @return void
*/ */
function enforce_privacy_redirect() { function enforce_privacy_redirect() {
if ( $this->settings->enforce_privacy && ! is_user_logged_in() ) { if ( $this->settings->enforce_privacy && ! is_user_logged_in() ) {
@ -216,6 +204,8 @@ class OpenID_Connect_Generic {
/** /**
* Handle plugin upgrades * Handle plugin upgrades
*
* @return void
*/ */
function upgrade() { function upgrade() {
$last_version = get_option( 'openid-connect-generic-plugin-version', 0 ); $last_version = get_option( 'openid-connect-generic-plugin-version', 0 );
@ -243,6 +233,8 @@ class OpenID_Connect_Generic {
/** /**
* Expire state transients by attempting to access them and allowing the * Expire state transients by attempting to access them and allowing the
* transient's own mechanisms to delete any that have expired. * transient's own mechanisms to delete any that have expired.
*
* @return void
*/ */
function cron_states_garbage_collection() { function cron_states_garbage_collection() {
global $wpdb; global $wpdb;
@ -258,6 +250,8 @@ class OpenID_Connect_Generic {
/** /**
* Ensure cron jobs are added to the schedule. * Ensure cron jobs are added to the schedule.
*
* @return void
*/ */
static public function setup_cron_jobs() { static public function setup_cron_jobs() {
if ( ! wp_next_scheduled( 'openid-connect-generic-cron-daily' ) ) { if ( ! wp_next_scheduled( 'openid-connect-generic-cron-daily' ) ) {
@ -267,6 +261,8 @@ class OpenID_Connect_Generic {
/** /**
* Activation hook. * Activation hook.
*
* @return void
*/ */
static public function activation() { static public function activation() {
self::setup_cron_jobs(); self::setup_cron_jobs();
@ -274,6 +270,8 @@ class OpenID_Connect_Generic {
/** /**
* Deactivation hook. * Deactivation hook.
*
* @return void
*/ */
static public function deactivation() { static public function deactivation() {
wp_clear_scheduled_hook( 'openid-connect-generic-cron-daily' ); wp_clear_scheduled_hook( 'openid-connect-generic-cron-daily' );
@ -283,6 +281,8 @@ class OpenID_Connect_Generic {
* Simple autoloader. * Simple autoloader.
* *
* @param string $class The class name. * @param string $class The class name.
*
* @return void
*/ */
static public function autoload( $class ) { static public function autoload( $class ) {
$prefix = 'OpenID_Connect_Generic_'; $prefix = 'OpenID_Connect_Generic_';
@ -308,9 +308,16 @@ class OpenID_Connect_Generic {
} }
/** /**
* Instantiate the plugin and hook into WP * Instantiate the plugin and hook into WordPress.
*
* @return void
*/ */
static public function bootstrap() { static public function bootstrap() {
/**
* This is a documented valid call for spl_autoload_register.
*
* @link https://www.php.net/manual/en/function.spl-autoload-register.php#71155
*/
spl_autoload_register( array( 'OpenID_Connect_Generic', 'autoload' ) ); spl_autoload_register( array( 'OpenID_Connect_Generic', 'autoload' ) );
$settings = new OpenID_Connect_Generic_Option_Settings( $settings = new OpenID_Connect_Generic_Option_Settings(

2
phpstan.neon.dist
Unescape Escape View File

@ -7,7 +7,7 @@ includes:
# Include this extension # Include this extension
# - vendor/szepeviktor/phpstan-wordpress/extension.neon # - vendor/szepeviktor/phpstan-wordpress/extension.neon
parameters: parameters:
level: max level: 5
inferPrivatePropertyTypeFromConstructor: true inferPrivatePropertyTypeFromConstructor: true
bootstrapFiles: bootstrapFiles:
- tests/phpstan-bootstrap.php - tests/phpstan-bootstrap.php

5
tests/phpstan-bootstrap.php
Unescape Escape View File

@ -12,3 +12,8 @@
// Define WordPress language directory. // Define WordPress language directory.
defined( 'WP_LANG_DIR' ) || define( 'WP_LANG_DIR', 'wordpress/src/wp-includes/languages/' ); defined( 'WP_LANG_DIR' ) || define( 'WP_LANG_DIR', 'wordpress/src/wp-includes/languages/' );
defined( 'COOKIE_DOMAIN' ) || define( 'COOKIE_DOMAIN', 'localhost' );
defined( 'COOKIEPATH' ) || define( 'COOKIEPATH', '/');

Write Preview
Loading…
Cancel
Save