Merge pull request #326 from jumbojett/fix/cleanup-back-channel

DeepDiver1975 · web-flow · commit 4046c223832b · 2022-09-28T09:10:50.000+02:00
chore: code cleanup of back-channel PR #302
diff --git a/src/OpenIDConnectClient.php b/src/OpenIDConnectClient.php
@@ -378,7 +378,6 @@ public function authenticate() {
 
                 // Success!
                 return true;
-
             }
 
             throw new OpenIDConnectClientException ('Unable to verify JWT claims');
@@ -479,8 +478,8 @@ public function signOut($idToken, $redirect) {
      * back-channel logout flows.
      *
      * This function should be evaluated as a boolean check
-     * in your route that receives the POST request for back-
-     * channel logout executed from the OP.
+     * in your route that receives the POST request for back-channel
+     * logout executed from the OP.
      *
      * @return bool
      * @throws OpenIDConnectClientException
@@ -506,18 +505,15 @@ public function verifyLogoutToken()
             }
 
             // Verify Logout Token Claims
-            if ($this->verifyLogoutTokenClaims($claims, $logout_token)) {
-                $this->logoutToken = $logout_token;
+            if ($this->verifyLogoutTokenClaims($claims)) {
                 $this->verifiedClaims = $claims;
                 return true;
             }
-            else {
-                return false;
-            }
-        }
-        else {
-            throw new OpenIDConnectClientException('Back-channel logout: There was no logout_token in the request');
+
+            return false;
         }
+
+        throw new OpenIDConnectClientException('Back-channel logout: There was no logout_token in the request');
     }
 
     /**
@@ -526,6 +522,7 @@ public function verifyLogoutToken()
      *
      * @param object $claims
      * @return bool
+     * @throws OpenIDConnectClientException
      */
     public function verifyLogoutTokenClaims($claims)
     {
@@ -572,11 +569,11 @@ public function verifyLogoutTokenClaims($claims)
             return false;
         }
         // Validate the iat. At this point we can return true if it is ok
-        if (isset($claims->iat) && ((gettype($claims->iat) === 'integer') && ($claims->iat <= time() + $this->leeway))) {
+        if (isset($claims->iat) && ((is_int($claims->iat)) && ($claims->iat <= time() + $this->leeway))) {
             return true;
-        } else {
-            return false;
         }
+
+        return false;
     }
 
     /**
@@ -770,6 +767,7 @@ protected function generateRandString() {
      * Start Here
      * @return void
      * @throws OpenIDConnectClientException
+     * @throws \Exception
      */
     private function requestAuthorization() {
 

Original file line number	Diff line number	Diff line change
`@@ -378,7 +378,6 @@ public function authenticate() {`
`378`	`378`
`379`	`379`	`// Success!`
`380`	`380`	`return true;`
`381`		`-`
`382`	`381`	`}`
`383`	`382`
`384`	`383`	`throw new OpenIDConnectClientException ('Unable to verify JWT claims');`
`@@ -479,8 +478,8 @@ public function signOut($idToken, $redirect) {`
`479`	`478`	`* back-channel logout flows.`
`480`	`479`	`*`
`481`	`480`	`* This function should be evaluated as a boolean check`
`482`		`- * in your route that receives the POST request for back-`
`483`		`- * channel logout executed from the OP.`
	`481`	`+ * in your route that receives the POST request for back-channel`
	`482`	`+ * logout executed from the OP.`
`484`	`483`	`*`
`485`	`484`	`* @return bool`
`486`	`485`	`* @throws OpenIDConnectClientException`
`@@ -506,18 +505,15 @@ public function verifyLogoutToken()`
`506`	`505`	`}`
`507`	`506`
`508`	`507`	`// Verify Logout Token Claims`
`509`		`- if ($this->verifyLogoutTokenClaims($claims, $logout_token)) {`
`510`		`- $this->logoutToken = $logout_token;`
	`508`	`+ if ($this->verifyLogoutTokenClaims($claims)) {`
`511`	`509`	`$this->verifiedClaims = $claims;`
`512`	`510`	`return true;`
`513`	`511`	`}`
`514`		`- else {`
`515`		`- return false;`
`516`		`- }`
`517`		`- }`
`518`		`- else {`
`519`		`- throw new OpenIDConnectClientException('Back-channel logout: There was no logout_token in the request');`
	`512`	`+`
	`513`	`+ return false;`
`520`	`514`	`}`
	`515`	`+`
	`516`	`+ throw new OpenIDConnectClientException('Back-channel logout: There was no logout_token in the request');`
`521`	`517`	`}`
`522`	`518`
`523`	`519`	`/**`
`@@ -526,6 +522,7 @@ public function verifyLogoutToken()`
`526`	`522`	`*`
`527`	`523`	`* @param object $claims`
`528`	`524`	`* @return bool`
	`525`	`+ * @throws OpenIDConnectClientException`
`529`	`526`	`*/`
`530`	`527`	`public function verifyLogoutTokenClaims($claims)`
`531`	`528`	`{`
`@@ -572,11 +569,11 @@ public function verifyLogoutTokenClaims($claims)`
`572`	`569`	`return false;`
`573`	`570`	`}`
`574`	`571`	`// Validate the iat. At this point we can return true if it is ok`
`575`		`- if (isset($claims->iat) && ((gettype($claims->iat) === 'integer') && ($claims->iat <= time() + $this->leeway))) {`
	`572`	`+ if (isset($claims->iat) && ((is_int($claims->iat)) && ($claims->iat <= time() + $this->leeway))) {`
`576`	`573`	`return true;`
`577`		`- } else {`
`578`		`- return false;`
`579`	`574`	`}`
	`575`	`+`
	`576`	`+ return false;`
`580`	`577`	`}`
`581`	`578`
`582`	`579`	`/**`
`@@ -770,6 +767,7 @@ protected function generateRandString() {`
`770`	`767`	`* Start Here`
`771`	`768`	`* @return void`
`772`	`769`	`* @throws OpenIDConnectClientException`
	`770`	`+ * @throws \Exception`
`773`	`771`	`*/`
`774`	`772`	`private function requestAuthorization() {`
`775`	`773`