code sniffer fixes

happydude · happydude · commit 15db9032e37b · 2025-04-09T13:21:35.000-07:00
diff --git a/bin/updateMetadata.php b/bin/updateMetadata.php
@@ -4,6 +4,7 @@
 declare(strict_types=1);
 
 if (!isset($argv[1])) {
+    // phpcs:ignore Generic.Files.LineLength.TooLong
     echo "First and only argument is the filename of the FIDO Alliance Metadata v3 blob as can be downloaded from: https://mds3.fidoalliance.org/ \n";
     exit(1);
 }
diff --git a/src/Auth/Process/WebAuthn.php b/src/Auth/Process/WebAuthn.php
@@ -9,6 +9,7 @@
  * @author Stefan Winter <stefan.winter@restena.lu>
  * @package SimpleSAMLphp
  */
+
 declare(strict_types=1);
 
 namespace SimpleSAML\Module\webauthn\Auth\Process;
@@ -17,12 +18,12 @@
 use SimpleSAML\Configuration;
 use SimpleSAML\Logger;
 use SimpleSAML\Module;
-use SimpleSAML\Session;
 use SimpleSAML\Module\webauthn\WebAuthn\StateData;
 use SimpleSAML\Module\webauthn\WebAuthn\StaticProcessHelper;
+use SimpleSAML\Session;
 
-class WebAuthn extends Auth\ProcessingFilter {
-
+class WebAuthn extends Auth\ProcessingFilter
+{
     /**
      * @var boolean should new users be considered as enabled by default?
      */
@@ -74,7 +75,8 @@ class WebAuthn extends Auth\ProcessingFilter {
      *
      * @throws \SimpleSAML\Error\Exception if the configuration is not valid.
      */
-    public function __construct(array $config, $reserved) {
+    public function __construct(array $config, $reserved)
+    {
         parent::__construct($config, $reserved);
 
         $moduleConfig = Configuration::getOptionalConfig('module_webauthn.php')->toArray();
@@ -107,7 +109,8 @@ public function __construct(array $config, $reserved) {
      *
      * @return void
      */
-    public function process(array &$state): void {
+    public function process(array &$state): void
+    {
         if (!array_key_exists($this->stateData->usernameAttrib, $state['Attributes'])) {
             Logger::warning('webauthn: cannot determine if user needs second factor, missing attribute "' .
                     $this->stateData->usernameAttrib . '".');
@@ -118,15 +121,16 @@ public function process(array &$state): void {
                 'urn:rsa:names:tc:SAML:2.0:ac:classes:FIDO';
         Logger::debug('webauthn: userid: ' . $state['Attributes'][$this->stateData->usernameAttrib][0]);
 
-        $localToggle = !empty($state['Attributes'][$this->toggleAttrib]) && !empty($state['Attributes'][$this->toggleAttrib][0]);
+        $localToggle = !empty($state['Attributes'][$this->toggleAttrib]) &&
+            !empty($state['Attributes'][$this->toggleAttrib][0]);
 
         if (
                 $this->stateData->store->is2FAEnabled(
-                        $state['Attributes'][$this->stateData->usernameAttrib][0],
-                        $this->defaultEnabled,
-                        $this->useDatabase,
-                        $localToggle,
-                        $this->force,
+                    $state['Attributes'][$this->stateData->usernameAttrib][0],
+                    $this->defaultEnabled,
+                    $this->useDatabase,
+                    $localToggle,
+                    $this->force,
                 ) === false
         ) {
             // nothing to be done here, end authprocfilter processing
@@ -136,6 +140,7 @@ public function process(array &$state): void {
         if // did we do Passwordless mode successfully before?
         (
                 isset($state['Attributes']['internal:FIDO2PasswordlessAuthentication']) &&
+                // phpcs:ignore Generic.Files.LineLength.TooLong
                 $state['Attributes']['internal:FIDO2PasswordlessAuthentication'][0] == $state['Attributes'][$this->stateData->usernameAttrib][0]
         ) {
             // then no need to trigger a second 2-Factor via authproc
@@ -146,17 +151,16 @@ public function process(array &$state): void {
         $session = Session::getSessionFromRequest();
         $lastSecondFactor = $session->getData("DateTime", 'LastSuccessfulSecondFactor');
         if // do we need to do secondFactor in interval, or even every time?
-           // we skip only if an interval is configured AND we did successfully authenticate, AND are within the interval
+           // we skip only if an interval is configured AND we did successfully authenticate,
+           // AND are within the interval
         (
-                $this->SecondFactorMaxAge >= 0 && // 
-                (
-                $lastSecondFactor instanceof \DateTime
-                )
+                $this->SecondFactorMaxAge >= 0 && $lastSecondFactor instanceof \DateTime
         ) {
-            $interval = $lastSecondFactor->diff( new \DateTime());
+            $interval = $lastSecondFactor->diff(new \DateTime());
             if ($interval->invert == 1) {
                 throw new \Exception("We are talking to a future self. Amazing.");
             }
+            // phpcs:ignore Generic.Files.LineLength.TooLong
             $totalAge = $interval->s + 60 * $interval->i + 3600 * $interval->h + 86400 * $interval->d + 86400 * 30 * $interval->m + 86400 * 365 * $interval->y;
             if ($totalAge < $this->SecondFactorMaxAge) { // we are within the interval indeed, skip calling the AuthProc
                 return;
diff --git a/src/Controller/AuthProcess.php b/src/Controller/AuthProcess.php
@@ -137,6 +137,7 @@ public function main(Request $request): Response
 
         if ($publicKey === false || sizeof($oneToken) === 0) {
             throw new Exception(
+            // phpcs:ignore Generic.Files.LineLength.TooLong
                 "User attempted to authenticate with an unknown credential ID. This should already have been prevented by the browser!",
             );
         }
@@ -167,11 +168,15 @@ public function main(Request $request): Response
          * the lower security level. (level upgrades are of course OK.)
          */
         if ($oneToken[5] > $authObject->getPresenceLevel()) {
+            // phpcs:ignore Generic.Files.LineLength.TooLong
             throw new Exception("Token was initially registered with higher identification guarantees than now authenticated with (was: " . $oneToken[5] . " now " . $authObject->getPresenceLevel() . "!");
         }
 
         // no matter what: if we are passwordless it MUST be presence-verified
-        if ($state['FIDO2PasswordlessAuthMode'] === true && $oneToken[5] !== WebAuthnAbstractEvent::PRESENCE_LEVEL_VERIFIED) {
+        if (
+            $state['FIDO2PasswordlessAuthMode'] === true &&
+            $oneToken[5] !== WebAuthnAbstractEvent::PRESENCE_LEVEL_VERIFIED
+        ) {
             throw new Exception("Attempt to authenticate without User Verification in passwordless mode!");
         }
 
@@ -193,6 +198,7 @@ public function main(Request $request): Response
             $store->updateSignCount($oneToken[0], $counter);
         } else {
             throw new Exception(
+            // phpcs:ignore Generic.Files.LineLength.TooLong
                 "Signature counter less or equal to a previous authentication! Token cloning likely (old: $previousCounter, new: $counter).",
             );
         }
@@ -214,7 +220,8 @@ public function main(Request $request): Response
                 function (WebAuthnAuthenticationEvent $authObject, array $state) {
                     echo $authObject->getDebugBuffer();
                     echo $authObject->getValidateBuffer();
-                    echo "Debug mode, not continuing to " . ($state['FIDO2WantsRegister'] ? "credential registration page." : "destination.");
+                    echo "Debug mode, not continuing to " . ($state['FIDO2WantsRegister'] ?
+                            "credential registration page." : "destination.");
                 },
                 [$authObject, $state],
             );
@@ -228,7 +235,7 @@ function (WebAuthnAuthenticationEvent $authObject, array $state) {
             }
         }
         if ($state['FIDO2PasswordlessAuthMode'] === false) {
-            // take note of the current timestamp so we know 
+            // take note of the current timestamp so we know
             // a) that second-factor was done successfully in the current sesssion
             // b) when that event occured, so as to make regular re-auths configurable
             $this->session->setData("DateTime", 'LastSuccessfulSecondFactor', new \DateTime());
diff --git a/src/Controller/PushbackUserPass.php b/src/Controller/PushbackUserPass.php
@@ -98,7 +98,10 @@ public function loginOverload(string $username, string $password): array
             }
         };
 
-        $attribs = $overrideSource->loginOverload($request->request->get("username"), $request->request->get("password"));
+        $attribs = $overrideSource->loginOverload(
+            $request->request->get("username"),
+            $request->request->get("password"),
+        );
 
         // this is the confirmed username, we store it just like the Passwordless
         // one would have been
diff --git a/src/Controller/RegProcess.php b/src/Controller/RegProcess.php
@@ -112,7 +112,8 @@ public function main(Request $request): Response
             base64_decode($request->request->get('attestation_object')),
             $request->request->get('response_id'),
             $request->request->get('attestation_client_data_json'),
-            ($request->request->get('passwordless') == "on" ? $state['authenticatorAcceptabilityPasswordless'] : $state['authenticatorAcceptability2FA']),
+            ($request->request->get('passwordless') == "on" ?
+                    $state['authenticatorAcceptabilityPasswordless'] : $state['authenticatorAcceptability2FA']),
             $debugEnabled,
         );
         // at this point, we need to talk to the DB
@@ -160,7 +161,10 @@ public function main(Request $request): Response
 
         // did we get any client extensions?
         $isResidentKey = 0;
-        if (strlen($request->request->get('clientext')) > 0 && count(json_decode($request->request->get('clientext'), true)) > 0) {
+        if (
+            strlen($request->request->get('clientext')) > 0 &&
+            count(json_decode($request->request->get('clientext'), true)) > 0
+        ) {
             $extensions = json_decode($request->request->get('clientext'), true);
             if ($extensions['credProps']['rk'] === true) {
                 $isResidentKey = 1;
diff --git a/src/Controller/Registration.php b/src/Controller/Registration.php
@@ -108,13 +108,15 @@ public function main(/** @scrutinizer ignore-unused */ Request $request): Runnab
         $state['Attributes'] = $attrs;
 
         $stateData = new StateData();
+        // phpcs:disable Generic.Files.LineLength.TooLong
         $stateData->requestTokenModel = ($registrationConfig['policy_2fa']['minimum_certification_level'] == WebAuthnRegistrationEvent::CERTIFICATION_NOT_REQUIRED ? false : true);
         $stateData->minCertLevel2FA = $registrationConfig['policy_2fa']['minimum_certification_level'];
         $stateData->aaguidWhitelist2FA = $registrationConfig['policy_2fa']['aaguid_whitelist'] ?? [];
         $stateData->attFmtWhitelist2FA = $registrationConfig['policy_2fa']['attestation_format_whitelist'] ?? [];
         $stateData->minCertLevelPasswordless = $registrationConfig['policy_passwordless']['minimum_certification_level'];
         $stateData->aaguidWhitelistPasswordless = $registrationConfig['policy_passwordless']['aaguid_whitelist'] ?? [];
         $stateData->attFmtWhitelistPasswordless = $registrationConfig['policy_passwordless']['attestation_format_whitelist'] ?? [];
+        // phpcs:enable Generic.Files.LineLength.TooLong
 
         try {
             $stateData->store = Store::parseStoreConfig($moduleConfig->getArray('store'));
diff --git a/src/Controller/WebAuthn.php b/src/Controller/WebAuthn.php
@@ -82,7 +82,10 @@ public static function workflowStateMachine(array $state)
         // OTOH, if we are invoked for passwordless auth, we don't know the
         // username nor whether the user has any credentials. The only thing
         // we can do is authenticate -> final else
-        if ($state['FIDO2PasswordlessAuthMode'] != true && (!isset($state['FIDO2Tokens']) || count($state['FIDO2Tokens']) == 0)) {
+        if (
+            $state['FIDO2PasswordlessAuthMode'] != true &&
+            (!isset($state['FIDO2Tokens']) || count($state['FIDO2Tokens']) == 0)
+        ) {
             return self::STATE_MGMT;
         }
         // from here on we do have a credential to work with
@@ -100,7 +103,8 @@ public static function workflowStateMachine(array $state)
         } else { // in inflow, allow to check the management box; otherwise,
                  // only auth
             $moduleConfig = Configuration::getOptionalConfig('module_webauthn.php')->toArray();
-            return $moduleConfig['registration']['use_inflow_registration'] ? self::STATE_AUTH_ALLOWMGMT : self::STATE_AUTH_NOMGMT;
+            return $moduleConfig['registration']['use_inflow_registration'] ?
+                self::STATE_AUTH_ALLOWMGMT : self::STATE_AUTH_NOMGMT;
         }
     }
 
@@ -124,23 +128,29 @@ public static function loadModuleConfig(array $moduleConfig, StateData &$stateDa
         if (array_key_exists('identifyingAttribute', $moduleConfig)) {
             $stateData->usernameAttrib = $moduleConfig['identifyingAttribute'];
         } else {
-            throw new Error\CriticalConfigurationError('webauthn: it is required to set identifyingAttribute in config.');
+            throw new Error\CriticalConfigurationError(
+                'webauthn: it is required to set identifyingAttribute in config.',
+            );
         }
 
         if (array_key_exists('attrib_displayname', $moduleConfig)) {
             $stateData->displaynameAttrib = $moduleConfig['attrib_displayname'];
         } else {
-            throw new Error\CriticalConfigurationError('webauthn: it is required to set attrib_displayname in config.');
+            throw new Error\CriticalConfigurationError(
+                'webauthn: it is required to set attrib_displayname in config.',
+            );
         }
 
         if (array_key_exists('minimum_certification_level', $moduleConfig['registration']['policy_2fa'])) {
+            // phpcs:disable Generic.Files.LineLength.TooLong
             $stateData->requestTokenModel = ($moduleConfig['registration']['policy_2fa']['minimum_certification_level'] == Module\webauthn\WebAuthn\WebAuthnRegistrationEvent::CERTIFICATION_NOT_REQUIRED ? false : true);
             $stateData->minCertLevel2FA = $moduleConfig['registration']['policy_2fa']['minimum_certification_level'];
             $stateData->aaguidWhitelist2FA = $moduleConfig['registration']['policy_2fa']['aaguid_whitelist'] ?? [];
             $stateData->attFmtWhitelist2FA = $moduleConfig['registration']['policy_2fa']['attestation_format_whitelist'] ?? [];
             $stateData->minCertLevelPasswordless = $moduleConfig['registration']['policy_passwordless']['minimum_certification_level'];
             $stateData->aaguidWhitelistPasswordless = $moduleConfig['registration']['policy_passwordless']['aaguid_whitelist'] ?? [];
             $stateData->attFmtWhitelistPasswordless = $moduleConfig['registration']['policy_passwordless']['attestation_format_whitelist'] ?? [];
+            // phpcs:enable Generic.Files.LineLength.TooLong
         } else {
             $stateData->requestTokenModel = false;
         }
@@ -223,7 +233,8 @@ public function main(Request $request): Template
 
         $t->data['authForm'] = "";
         if (
-            $this->workflowStateMachine($state) == self::STATE_AUTH_ALLOWMGMT || $this->workflowStateMachine($state) == self::STATE_AUTH_NOMGMT
+            $this->workflowStateMachine($state) == self::STATE_AUTH_ALLOWMGMT ||
+            $this->workflowStateMachine($state) == self::STATE_AUTH_NOMGMT
         ) {
             $t->data['authURL'] = Module::getModuleURL('webauthn/authprocess?StateId=' . urlencode($stateId));
             $t->data['delURL'] = Module::getModuleURL('webauthn/managetoken?StateId=' . urlencode($stateId));
diff --git a/src/WebAuthn/Store/Database.php b/src/WebAuthn/Store/Database.php
@@ -59,6 +59,7 @@ public function __construct(array $config)
         $this->config = $config;
         $this->db = SSP_Database::getInstance(Configuration::loadFromArray($config));
         $driver = $this->db->getDriver();
+        // phpcs:disable Generic.Files.LineLength.TooLong
         try {
             $this->db->read("SELECT COUNT(*) FROM credentials");
         } catch (\Exception $e) {
@@ -95,6 +96,7 @@ public function __construct(array $config)
             CONSTRAINT userstatus_user_id_key UNIQUE (user_id)
             )");
         }
+        // phpcs:enable Generic.Files.LineLength.TooLong
     }
 
     /**
@@ -226,6 +228,7 @@ public function storeTokenData(
         string $aaguid,
         string $attLevel,
     ): bool {
+        // phpcs:disable Generic.Files.LineLength.TooLong
         $this->db->write(
             'INSERT INTO credentials ' .
             '(user_id, credentialId, credential, algo, presenceLevel, isResidentKey, signCounter, friendlyName, hashedId, aaguid, attLevel) VALUES ' .
@@ -244,6 +247,7 @@ public function storeTokenData(
                 'attLevel' => $attLevel,
             ],
         );
+        // phpcs:enable Generic.Files.LineLength.TooLong
 
         return true;
     }
@@ -299,6 +303,7 @@ public function getTokenData(string $userId): array
         $ret = [];
 
         $st = $this->db->read(
+        // phpcs:ignore Generic.Files.LineLength.TooLong
             'SELECT credentialId, credential, signCounter, friendlyName, algo, presenceLevel, isResidentKey FROM credentials WHERE user_id = :userId',
             ['userId' => $userId],
         );
diff --git a/src/WebAuthn/WebAuthnRegistrationEvent.php b/src/WebAuthn/WebAuthnRegistrationEvent.php

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`	`declare(strict_types=1);`
`5`	`5`
`6`	`6`	`if (!isset($argv[1])) {`
	`7`	`+ // phpcs:ignore Generic.Files.LineLength.TooLong`
`7`	`8`	`echo "First and only argument is the filename of the FIDO Alliance Metadata v3 blob as can be downloaded from: https://mds3.fidoalliance.org/ \n";`
`8`	`9`	`exit(1);`
`9`	`10`	`}`