Skip to content

Commit

Permalink
phpstan and phpcs fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
skie committed Oct 4, 2024
1 parent 7824da0 commit fc7e72b
Show file tree
Hide file tree
Showing 37 changed files with 223 additions and 99 deletions.
5 changes: 4 additions & 1 deletion composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,12 @@
"firebase/php-jwt": "^6.2"
},
"require-dev": {
"cakephp/cakephp-codesniffer": "~4.4.0",
"cakephp/cakephp-codesniffer": "^4.5",
"league/flysystem-vfs": "^1.0",
"phpstan/phpstan": "^1.8",
"phpunit/phpunit": "^9.5",
"robthree/twofactorauth": "^1.6",
"web-auth/webauthn-lib": "^3.3.11",
"vlucas/phpdotenv": "^3.3"
},
"autoload": {
Expand Down
4 changes: 2 additions & 2 deletions phpstan.neon
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ includes:
- phpstan-baseline.neon

parameters:
level: 4
autoload_files:
level: 2
bootstrapFiles:
- tests/bootstrap.php
ignoreErrors:

Expand Down
1 change: 1 addition & 0 deletions src/Command/ServiceRoutesCommand.php
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ public function execute(Arguments $args, ConsoleIo $io): ?int
$service = ServiceRegistry::getServiceLocator()->get($serviceName);
if ($service === null) {
$io->error(__('Service "{0}" not found', $serviceName));

return Command::CODE_ERROR;
}

Expand Down
2 changes: 1 addition & 1 deletion src/Model/Entity/AuthStore.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
* AuthStore Entity
*
* @property string $id
* @property string|null $store
* @property array|null $store
* @property \Cake\I18n\FrozenTime $created
* @property \Cake\I18n\FrozenTime $modified
*/
Expand Down
4 changes: 2 additions & 2 deletions src/Model/Entity/JwtRefreshToken.php
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ class JwtRefreshToken extends Entity
* be mass assigned. For security purposes, it is advised to set '*' to false
* (or remove it), and explicitly make individual fields accessible as needed.
*
* @var array
* @var array<string, bool>
*/
protected $_accessible = [
'*' => true,
Expand All @@ -45,7 +45,7 @@ class JwtRefreshToken extends Entity
/**
* Fields that are excluded from JSON versions of the entity.
*
* @var array
* @var array<string>
*/
protected $_hidden = [
'token',
Expand Down
5 changes: 0 additions & 5 deletions src/Model/Table/AuthStoreTable.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,6 @@
namespace CakeDC\Api\Model\Table;

use Cake\Database\Schema\TableSchemaInterface;
use Cake\ORM\Query;
use Cake\ORM\RulesChecker;
use Cake\ORM\Table;
use Cake\Validation\Validator;

Expand All @@ -25,7 +23,6 @@
* @method \CakeDC\Api\Model\Entity\AuthStore[]|\Cake\Datasource\ResultSetInterface saveManyOrFail(iterable $entities, $options = [])
* @method \CakeDC\Api\Model\Entity\AuthStore[]|\Cake\Datasource\ResultSetInterface|false deleteMany(iterable $entities, $options = [])
* @method \CakeDC\Api\Model\Entity\AuthStore[]|\Cake\Datasource\ResultSetInterface deleteManyOrFail(iterable $entities, $options = [])
*
* @mixin \Cake\ORM\Behavior\TimestampBehavior
*/
class AuthStoreTable extends Table
Expand Down Expand Up @@ -62,8 +59,6 @@ public function validationDefault(Validator $validator): Validator
return $validator;
}



/**
* Initialize schema
*
Expand Down
5 changes: 1 addition & 4 deletions src/Rbac/Rules/TwoFactorPassedScope.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,18 +13,15 @@
namespace CakeDC\Api\Rbac\Rules;

use Authentication\Authenticator\JwtAuthenticator;
use CakeDC\Auth\Rbac\Rules\AbstractRule;
use Cake\Utility\Hash;
use Cake\Routing\Router;
use OutOfBoundsException;
use CakeDC\Auth\Rbac\Rules\AbstractRule;
use Psr\Http\Message\ServerRequestInterface;

/**
* Owner rule class, used to match ownership permissions
*/
class TwoFactorPassedScope extends AbstractRule
{

protected $_defaultConfig = [
];

Expand Down
5 changes: 1 addition & 4 deletions src/Rbac/Rules/TwoFactorScope.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,18 +13,15 @@
namespace CakeDC\Api\Rbac\Rules;

use Authentication\Authenticator\JwtAuthenticator;
use CakeDC\Auth\Rbac\Rules\AbstractRule;
use Cake\Utility\Hash;
use Cake\Routing\Router;
use OutOfBoundsException;
use CakeDC\Auth\Rbac\Rules\AbstractRule;
use Psr\Http\Message\ServerRequestInterface;

/**
* Owner rule class, used to match ownership permissions
*/
class TwoFactorScope extends AbstractRule
{

protected $_defaultConfig = [
];

Expand Down
8 changes: 4 additions & 4 deletions src/Routing/ApiRouter.php
Original file line number Diff line number Diff line change
Expand Up @@ -95,14 +95,14 @@ class ApiRouter extends Router
/**
* A hash of request context data.
*
* @var array
* @var array<string, mixed>
*/
protected static $_requestContext = [];

/**
* Named expressions
*
* @var array
* @var array<string, string>
*/
protected static $_namedExpressions = [
'Action' => Router::ACTION,
Expand Down Expand Up @@ -132,14 +132,14 @@ class ApiRouter extends Router
* The stack of URL filters to apply against routing URLs before passing the
* parameters to the route collection.
*
* @var array
* @var array<callable(): mixed>
*/
protected static $_urlFilters = [];

/**
* Default extensions defined with Router::extensions()
*
* @var array
* @var array<string>
*/
protected static $_defaultExtensions = [];
}
4 changes: 2 additions & 2 deletions src/Service/Action/Auth/JwtSocialLoginAction.php
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ class JwtSocialLoginAction extends Action
* Execute action.
*
* @return mixed
* @throws \CakeDC\Api\Service\Action\Exception
* @throws \Exception
*/
public function execute()
{
Expand All @@ -38,6 +38,6 @@ public function execute()
return false;
}

return $this->generateTokenResponse($user);
return $this->generateTokenResponse($user, 'login');
}
}
50 changes: 48 additions & 2 deletions src/Service/Action/Auth/JwtTokenTrait.php
Original file line number Diff line number Diff line change
Expand Up @@ -18,20 +18,23 @@
use Cake\Routing\Router;
use Cake\Utility\Hash;
use CakeDC\Api\Service\Auth\TwoFactorAuthentication\OneTimePasswordAuthenticationCheckerFactory;
use CakeDC\Api\Service\Auth\TwoFactorAuthentication\Webauthn2fAuthenticationCheckerFactory;
use CakeDC\Api\Service\Auth\TwoFactorAuthentication\Webauthn2FAuthenticationCheckerFactory;
use DateInterval;
use DateTimeImmutable;
use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Signer\Hmac\Sha512;
use Lcobucci\JWT\Signer\Key\InMemory;

/**
* JwtTokenTrait
*/
trait JwtTokenTrait
{

/**
* Generates token response.
*
* @param \Cake\Datasource\EntityInterface|array $user User info.
* @param string|null $type The type of token being generated.
* @return array
*/
public function generateTokenResponse($user, $type)
Expand All @@ -49,6 +52,13 @@ public function generateTokenResponse($user, $type)
]);
}

/**
* Generates refresh token response.
*
* @param \Cake\Datasource\EntityInterface|array $user User info.
* @param array $payload Additional payload data.
* @return array
*/
public function generateRefreshTokenResponse($user, $payload)
{
$timestamp = new DateTimeImmutable();
Expand All @@ -65,6 +75,8 @@ public function generateRefreshTokenResponse($user, $payload)
*
* @param \Cake\Datasource\EntityInterface|array $user User info.
* @param \DateTimeImmutable $timestamp Timestamp.
* @param string|null $type The type of token being generated.
* @param array|null $payload Additional payload data.
* @return bool|string
*/
public function generateAccessToken($user, $timestamp, $type, $payload = null)
Expand Down Expand Up @@ -92,6 +104,14 @@ public function generateAccessToken($user, $timestamp, $type, $payload = null)
return $token->toString();
}

/**
* Get the audience for the token.
*
* @param \Cake\Datasource\EntityInterface|array $user User info.
* @param string|null $type The type of token being generated.
* @param array|null $payload Additional payload data.
* @return string
*/
public function getAudience($user, $type, $payload)
{
if ($type === null && is_array($payload) && isset($payload['aud'])) {
Expand All @@ -106,11 +126,23 @@ public function getAudience($user, $type, $payload)
return $audience;
}

/**
* Check if 2FA is enabled for the user.
*
* @param \Cake\Datasource\EntityInterface|array $user User info.
* @return bool
*/
protected function is2FAEnabled($user)
{
return $this->isEnabledWebauthn2faAuthentication($user) || $this->isEnabledOneTimePasswordAuthentication($user);
}

/**
* Check if Webauthn 2FA authentication is enabled for the user.
*
* @param \Cake\Datasource\EntityInterface|array $user User info.
* @return bool
*/
public function isEnabledWebauthn2faAuthentication($user)
{
$enabledTwoFactorVerify = Configure::read('Api.2fa.enabled');
Expand All @@ -122,6 +154,12 @@ public function isEnabledWebauthn2faAuthentication($user)
return false;
}

/**
* Check if One-Time Password authentication is enabled for the user.
*
* @param \Cake\Datasource\EntityInterface|array $user User info.
* @return bool
*/
public function isEnabledOneTimePasswordAuthentication($user)
{
$enabledTwoFactorVerify = Configure::read('Api.2fa.enabled');
Expand All @@ -133,6 +171,11 @@ public function isEnabledOneTimePasswordAuthentication($user)
return false;
}

/**
* Get the One-Time Password Authentication Checker.
*
* @return \CakeDC\Auth\Authentication\OneTimePasswordAuthenticationCheckerInterface
*/
protected function getOneTimePasswordAuthenticationChecker()
{
return (new OneTimePasswordAuthenticationCheckerFactory())->build();
Expand All @@ -153,6 +196,8 @@ protected function getWebauthn2fAuthenticationChecker()
*
* @param \Cake\Datasource\EntityInterface|array $user User info.
* @param \DateTimeImmutable $timestamp Timestamp.
* @param string|null $type The type of token being generated.
* @param array|null $payload Additional payload data.
* @return bool|string
*/
public function generateRefreshToken($user, $timestamp, $type, $payload = null)
Expand Down Expand Up @@ -184,6 +229,7 @@ public function generateRefreshToken($user, $timestamp, $type, $payload = null)
$model = $UsersTable->getAlias();

$table = TableRegistry::getTableLocator()->get('CakeDC/Api.JwtRefreshTokens');
/** @var \CakeDC\Api\Model\Entity\JwtRefreshToken $entity */
$entity = $table->find()->where([
'model' => $model,
'foreign_key' => $subject,
Expand Down
9 changes: 7 additions & 2 deletions src/Service/Action/Auth/OtpVerifyAction.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@

namespace CakeDC\Api\Service\Action\Auth;

use Cake\Core\Configure;
use CakeDC\Api\Service\Action\Action;
use CakeDC\Users\Controller\Traits\CustomUsersTableTrait;
use Cake\Core\Configure;
use RobThree\Auth\TwoFactorAuth;

/**
Expand All @@ -32,6 +32,12 @@ abstract class OtpVerifyAction extends Action
*/
public $tfa;

/**
* initialize
*
* @param array $config Configuration.
* @return void
*/
public function initialize(array $config): void
{
$this->tfa = new TwoFactorAuth(
Expand Down Expand Up @@ -78,5 +84,4 @@ public function getQRCodeImageAsDataUri($issuer, $secret)
{
return $this->tfa->getQRCodeImageAsDataUri($issuer, $secret);
}

}
2 changes: 0 additions & 2 deletions src/Service/Action/Auth/OtpVerifyCheckAction.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@

namespace CakeDC\Api\Service\Action\Auth;

use CakeDC\Api\Service\Action\Action;
use CakeDC\Users\Controller\Traits\CustomUsersTableTrait;

/**
Expand Down Expand Up @@ -57,5 +56,4 @@ public function execute()

return $this->generateTokenResponse($user->toArray(), '2fa');
}

}
7 changes: 6 additions & 1 deletion src/Service/Action/Auth/OtpVerifyGetAction.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@

namespace CakeDC\Api\Service\Action\Auth;

use CakeDC\Api\Service\Action\Action;
use CakeDC\Users\Controller\Traits\CustomUsersTableTrait;

/**
Expand Down Expand Up @@ -54,6 +53,12 @@ public function execute()
return $result;
}

/**
* onVerifyGetSecret
*
* @param array $user User.
* @return string
*/
protected function onVerifyGetSecret($user)
{
if (isset($user['secret']) && $user['secret']) {
Expand Down
2 changes: 1 addition & 1 deletion src/Service/Action/Auth/ResetPasswordRequestAction.php
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ public function execute()
'ensureActive' => Configure::read('Users.Registration.ensureActive'),
];
if (!empty($baseUrl)) {
$options['linkGenerator'] = function($token) use ($baseUrl) {
$options['linkGenerator'] = function ($token) use ($baseUrl) {
return $baseUrl . '?token=' . $token;
};
}
Expand Down
6 changes: 2 additions & 4 deletions src/Service/Action/Auth/TwoFactorAuthAction.php
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,8 @@
namespace CakeDC\Api\Service\Action\Auth;

use CakeDC\Api\Service\Action\Action;
use CakeDC\Users\Controller\Traits\CustomUsersTableTrait;
use Cake\Core\Configure;
use CakeDC\Api\Webauthn\RegisterAdapter;
use CakeDC\Users\Controller\Traits\CustomUsersTableTrait;

/**
* Class LoginAction
Expand Down Expand Up @@ -49,6 +48,5 @@ public function execute()
'enabledWebauthn' => $this->isEnabledWebauthn2faAuthentication((array)$user),
'enabledOtp' => $this->isEnabledOneTimePasswordAuthentication((array)$user),
];
}

}
}
Loading

0 comments on commit fc7e72b

Please sign in to comment.