Fixing findings of the PHP8-Review

Author: pascalseeland

Services/Init/classes/class.ilStartUpGUI.php

@@ -1929,7 +1929,11 @@ protected function doOpenIdConnectAuthentication()
         switch ($status->getStatus()) {
             case ilAuthStatus::STATUS_AUTHENTICATED:
                 $this->logger->debug('Authentication successful; Redirecting to starting page.');
-                ilInitialisation::redirectToStartingPage();
+                if ($credentials->getRedirectionTarget()) {
+                    ilInitialisation::redirectToStartingPage($credentials->getRedirectionTarget());
+                } else {
+                    ilInitialisation::redirectToStartingPage();
+                }
                 return;
 
             case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:

Services/OpenIdConnect/classes/class.ilAuthFrontendCredentialsOpenIdConnect.php

@@ -20,22 +20,29 @@
 class ilAuthFrontendCredentialsOpenIdConnect extends ilAuthFrontendCredentials
 {
     private const SESSION_TARGET = 'oidc_target';
+    private const QUERY_PARAM_TARGET = 'target';
 
     private ilOpenIdConnectSettings $settings;
     private ?string $target = null;
 
     public function __construct()
     {
+        global $DIC;
+
         parent::__construct();
         $this->settings = ilOpenIdConnectSettings::getInstance();
+        $httpquery = $DIC->http()->wrapper()->query();
+        if ($httpquery->has(self::QUERY_PARAM_TARGET)) {
+            $this->target = $httpquery->retrieve(self::QUERY_PARAM_TARGET, $DIC->refinery()->to()->string());
+        }
     }
 
     protected function getSettings() : ilOpenIdConnectSettings
     {
         return $this->settings;
     }
 
-    public function getRedirectionTarget() : string
+    public function getRedirectionTarget() : ?string
     {
         return $this->target;
     }
@@ -50,8 +57,7 @@ public function initFromRequest() : void
 
     protected function parseRedirectionTarget() : void
     {
-        if (!empty($_GET['target'])) { // TODO PHP8-REVIEW Please eliminate this.
-            $this->target = $_GET['target']; // TODO PHP8-REVIEW Please eliminate this.
+        if ($this->target) {
             ilSession::set(self::SESSION_TARGET, $this->target);
         } elseif (ilSession::get(self::SESSION_TARGET)) {
             $this->target = ilSession::get(self::SESSION_TARGET);

Services/OpenIdConnect/classes/class.ilAuthProviderOpenIdConnect.php

@@ -23,11 +23,18 @@
 class ilAuthProviderOpenIdConnect extends ilAuthProvider
 {
     private ilOpenIdConnectSettings $settings;
+    /** @var array $body */
+    private $body;
+    private ilLogger $logger;
 
     public function __construct(ilAuthCredentials $credentials)
     {
+        global $DIC;
         parent::__construct($credentials);
+
+        $this->logger = $DIC->logger()->auth();
         $this->settings = ilOpenIdConnectSettings::getInstance();
+        $this->body = $DIC->http()->request()->getParsedBody();
     }
 
     public function handleLogout() : void
@@ -37,7 +44,7 @@ public function handleLogout() : void
         }
 
         $auth_token = ilSession::get('oidc_auth_token');
-        $this->getLogger()->debug('Using token: ' . $auth_token);
+        $this->logger->debug('Using token: ' . $auth_token);
 
         if (isset($auth_token) && $auth_token !== '') {
             ilSession::set('oidc_auth_token', '');
@@ -65,7 +72,7 @@ public function doAuthentication(ilAuthStatus $status) : bool
                 $oidc->setHttpProxy($host);
             }
 
-            $this->getLogger()->debug(
+            $this->logger->debug(
                 'Redirect url is: ' .
                 $oidc->getRedirectURL()
             );
@@ -79,32 +86,31 @@ public function doAuthentication(ilAuthStatus $status) : bool
 
             $oidc->addScope($this->settings->getAllScopes());
             $oidc->addAuthParam(['response_mode' => 'form_post']);
-            switch ($this->settings->getLoginPromptType()) {
-                case ilOpenIdConnectSettings::LOGIN_ENFORCE:
-                    $oidc->addAuthParam(['prompt' => 'login']);
-                    break;
+            if ($this->settings->getLoginPromptType() === ilOpenIdConnectSettings::LOGIN_ENFORCE) {
+                $oidc->addAuthParam(['prompt' => 'login']);
             }
             $oidc->setAllowImplicitFlow(true);
 
             $oidc->authenticate();
             // user is authenticated, otherwise redirected to authorization endpoint or exception
-            $this->getLogger()->dump($_REQUEST, ilLogLevel::DEBUG);
+            $this->logger->dump($this->body, ilLogLevel::DEBUG);
 
             $claims = $oidc->getVerifiedClaims(null);
-            $this->getLogger()->dump($claims, ilLogLevel::DEBUG);
+            $this->logger->dump($claims, ilLogLevel::DEBUG);
             $status = $this->handleUpdate($status, $claims);
 
             // @todo : provide a general solution for all authentication methods
-            $_GET['target'] = (string) $this->getCredentials()->getRedirectionTarget();// TODO PHP8-REVIEW Please eliminate this. Mutating the request is not allowed and will not work in ILIAS 8.
+            //$_GET['target'] = $this->getCredentials()->getRedirectionTarget();// TODO PHP8-REVIEW Please eliminate this. Mutating the request is not allowed and will not work in ILIAS 8.
 
-            if ($this->settings->getLogoutScope() === ilOpenIdConnectSettings::LOGOUT_SCOPE_GLOBAL) {
-                $token = $oidc->requestClientCredentialsToken();
-                ilSession::set('oidc_auth_token', $token->access_token);
-            }
+            //TODO fix this. There is a PR and it is broken in 7 as well
+            //if ($this->settings->getLogoutScope() === ilOpenIdConnectSettings::LOGOUT_SCOPE_GLOBAL) {
+            //$token = $oidc->requestClientCredentialsToken();
+            //ilSession::set('oidc_auth_token', $token->access_token);
+            //}
             return true;
         } catch (Exception $e) {
-            $this->getLogger()->warning($e->getMessage());
-            $this->getLogger()->warning($e->getCode());
+            $this->logger->warning($e->getMessage());
+            $this->logger->warning((string) $e->getCode());
             $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
             $status->setTranslatedReason($e->getMessage());
             return false;
@@ -120,17 +126,17 @@ public function doAuthentication(ilAuthStatus $status) : bool
     private function handleUpdate(ilAuthStatus $status, $user_info) : ilAuthStatus
     {
         if (!is_object($user_info)) {
-            $this->getLogger()->error('Received invalid user credentials: ');
-            $this->getLogger()->dump($user_info, ilLogLevel::ERROR);
+            $this->logger->error('Received invalid user credentials: ');
+            $this->logger->dump($user_info, ilLogLevel::ERROR);
             $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
             $status->setReason('err_wrong_login');
             return $status;
         }
 
         $uid_field = $this->settings->getUidField();
-        $ext_account = $user_info->$uid_field;
+        $ext_account = $user_info->{$uid_field};
 
-        $this->getLogger()->debug('Authenticated external account: ' . $ext_account);
+        $this->logger->debug('Authenticated external account: ' . $ext_account);
 
 
         $int_account = ilObjUser::_checkExternalAuthAccount(
@@ -154,7 +160,7 @@ private function handleUpdate(ilAuthStatus $status, $user_info) : ilAuthStatus
             $status->setAuthenticatedUserId($user_id);
             $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
 
-            $_GET['target'] = (string) $this->getCredentials()->getRedirectionTarget();// TODO PHP8-REVIEW Please eliminate this. Mutating the request is not allowed and will not work in ILIAS 8.
+            //$_GET['target'] = $this->getCredentials()->getRedirectionTarget();// TODO PHP8-REVIEW Please eliminate this. Mutating the request is not allowed and will not work in ILIAS 8.
         } catch (ilOpenIdConnectSyncForbiddenException $e) {
             $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
             $status->setReason('err_wrong_login');

Services/OpenIdConnect/classes/class.ilOpenIdConnectAppEventListener.php

@@ -32,14 +32,11 @@ protected function handleLogoutFor(int $user_id) : void
      */
     public static function handleEvent(string $a_component, string $a_event, array $a_parameter) : void
     {
-        ilLoggerFactory::getLogger('root')->info($a_component . ' : ' . $a_event);
-        if ($a_component === 'Services/Authentication') {
-            ilLoggerFactory::getLogger('root')->info($a_component . ' : ' . $a_event);
-            if ($a_event === 'beforeLogout') {
-                ilLoggerFactory::getLogger('root')->info($a_component . ' : ' . $a_event);
-                $listener = new self();
-                $listener->handleLogoutFor($a_parameter['user_id']);
-            }
+        global $DIC;
+        $DIC->logger()->auth()->debug($a_component . ' : ' . $a_event);
+        if (($a_component === 'Services/Authentication') && $a_event === 'beforeLogout') {
+            $listener = new self();
+            $listener->handleLogoutFor($a_parameter['user_id']);
         }
     }
 }

Services/OpenIdConnect/classes/class.ilOpenIdConnectSettings.php

@@ -312,6 +312,7 @@ public function getRoleMappingUpdateForId(int $a_role_id) : bool
 
     public function validateScopes(string $provider, array $custom_scopes) : array
     {
+        $result = [];
         try {
             $curl = new ilCurlConnection($provider . '/.well-known/openid-configuration');
             $curl->init();
@@ -322,20 +323,17 @@ public function validateScopes(string $provider, array $custom_scopes) : array
 
             $response = json_decode($curl->exec(), false, 512, JSON_THROW_ON_ERROR);
 
-            if ($curl->getInfo(CURLINFO_RESPONSE_CODE) !== 200) {
-                return array();
-            }
-
-            $available_scopes = $response->scopes_supported;
-            array_unshift($custom_scopes, self::DEFAULT_SCOPE);
+            if ($curl->getInfo(CURLINFO_RESPONSE_CODE) === 200) {
+                $available_scopes = $response->scopes_supported;
+                array_unshift($custom_scopes, self::DEFAULT_SCOPE);
 
-            $result = array_diff($custom_scopes, $available_scopes);
-        } catch (ilCurlConnectionException $e) {
-            throw $e;
+                $result = array_diff($custom_scopes, $available_scopes);
+            }
         } finally {
-            $curl->close();
+            if (isset($curl)) {
+                $curl->close();
+            }
         }
-
         return $result;
     }
 
@@ -384,11 +382,11 @@ protected function load() : void
         $this->setLoginElementType((int) $this->storage->get('le_type'));
         $this->setLoginPromptType((int) $this->storage->get('prompt_type', (string) self::LOGIN_ENFORCE));
         $this->setLogoutScope((int) $this->storage->get('logout_scope', (string) self::LOGOUT_SCOPE_GLOBAL));
-        $this->useCustomSession((bool) $this->storage->get('custom_session'), '0');
+        $this->useCustomSession((bool) $this->storage->get('custom_session', '0'));
         $this->setSessionDuration((int) $this->storage->get('session_duration', '60'));
-        $this->allowSync((bool) $this->storage->get('allow_sync'), '0');
-        $this->setRole((int) $this->storage->get('role'), '0');
-        $this->setUidField((string) $this->storage->get('uid'), '');
+        $this->allowSync((bool) $this->storage->get('allow_sync', '0'));
+        $this->setRole((int) $this->storage->get('role', '0'));
+        $this->setUidField((string) $this->storage->get('uid', ''));
         $this->setRoleMappings((array) unserialize(
             $this->storage->get('role_mappings', serialize([])),
             ['allowed_classes' => false]

Services/OpenIdConnect/classes/class.ilOpenIdConnectSettingsGUI.php

@@ -27,7 +27,9 @@ class ilOpenIdConnectSettingsGUI
     private const STAB_ROLES = 'roles';
 
     private const DEFAULT_CMD = 'settings';
-    private int $ref_id = 0;
+    private int $ref_id;
+    /** @var array $body */
+    private $body;
     private ilOpenIdConnectSettings $settings;
     private ilLanguage $lng;
     private ilCtrl $ctrl;
@@ -57,7 +59,7 @@ public function __construct(int $a_ref_id)
         $this->review = $DIC->rbac()->review();
         $this->error = $DIC['ilErr'];
         $this->upload = $DIC->upload();
-
+        $this->body = $DIC->http()->request()->getParsedBody();
         $this->settings = ilOpenIdConnectSettings::getInstance();
     }
 
@@ -540,7 +542,7 @@ protected function saveRoles() : void
         $this->checkAccess('write');
         $form = $this->initRolesForm();
         if ($form->checkInput()) {
-            $this->logger->dump($_POST, ilLogLevel::DEBUG); // TODO PHP8-REVIEW Please Use the `getParsedBody()` method of the HTTP request instead
+            $this->logger->dump($this->body, ilLogLevel::DEBUG);
 
 
             $role_settings = [];
@@ -554,11 +556,13 @@ protected function saveRoles() : void
                 $this->logger->dump($role_params, ilLogLevel::DEBUG);
 
                 if (count($role_params) !== 2) {
-                    $form->getItemByPostVar('role_map_' . $role_id)->setAlert($this->lng->txt('msg_wrong_format'));
+                    if ($form->getItemByPostVar('role_map_' . $role_id)) {
+                        $form->getItemByPostVar('role_map_' . $role_id)->setAlert($this->lng->txt('msg_wrong_format'));
+                    }
                     $role_valid = false;
                     continue;
                 }
-                $role_settings[(int) $role_id]['update'] = (bool) !$form->getInput('role_map_update_' . $role_id);
+                $role_settings[(int) $role_id]['update'] = !$form->getInput('role_map_update_' . $role_id);
                 $role_settings[(int) $role_id]['value'] = (string) $form->getInput('role_map_' . $role_id);
             }
 

Services/OpenIdConnect/classes/class.ilOpenIdConnectUserSync.php

@@ -204,7 +204,7 @@ protected function parseRoleAssignments() : array
             }
 
             if (is_array($this->user_info->{$role_attribute})) {
-                if (!in_array($role_value, $this->user_info->{$role_attribute})) {
+                if (!in_array($role_value, $this->user_info->{$role_attribute}, true)) {
                     $this->logger->debug('User account has no ' . $role_value);
                     continue;
                 }
@@ -256,7 +256,6 @@ protected function valueFrom(string $connect_name) : string
             return '';
         }
 
-        $val = $this->user_info->{$connect_name};
-        return $val;
+        return $this->user_info->{$connect_name};
     }
 }

composer.json

@@ -58,7 +58,7 @@
 		"league/flysystem": "^1.0",
 		"james-heinrich/getid3": "^1.9",
 		"phpoffice/phpspreadsheet": "^1.18.0",
-		"jumbojett/openid-connect-php": "^0.9.2",
+		"jumbojett/openid-connect-php": "^0.9.5",
 		"sabre/dav": "^4.1",
 		"symfony/console" : "^5.0",
 		"slim/slim": "^3.11",

openidconnect.php

@@ -1,11 +1,25 @@
 <?php
-include_once './Services/Context/classes/class.ilContext.php';
+/******************************************************************************
+ *
+ * This file is part of ILIAS, a powerful learning management system.
+ *
+ * ILIAS is licensed with the GPL-3.0, you should have received a copy
+ * of said license along with the source code.
+ *
+ * If this is not the case or you just want to try ILIAS, you'll find
+ * us at:
+ * https://www.ilias.de
+ * https://github.com/ILIAS-eLearning
+ *
+ *****************************************************************************/
+/** @noRector */
+require_once("libs/composer/vendor/autoload.php");
 ilContext::init(ilContext::CONTEXT_SHIBBOLETH);
-
-require_once("Services/Init/classes/class.ilInitialisation.php");
 ilInitialisation::initILIAS();
+global $DIC;
+
 
 // authentication is done here ->
-$ilCtrl->setCmd('doOpenIdConnectAuthentication');
-$ilCtrl->setTargetScript('ilias.php');
-$ilCtrl->callBaseClass('ilStartUpGUI');
+$DIC->ctrl()->setCmd('doOpenIdConnectAuthentication');
+$DIC->ctrl()->setTargetScript('ilias.php');
+$DIC->ctrl()->callBaseClass(ilStartUpGUI::class);