Merge pull request #51 from WP-API/fix-coding-standards

Fix coding standards

Author: rmccue

.travis.yml

@@ -5,5 +5,5 @@ install:
   - composer install
   - bash tests/install-tests.sh wordpress_test root '' 127.0.0.1 latest
 script:
-  - vendor/bin/phpcs --standard=vendor/humanmade/coding-standards .
+  - vendor/bin/phpcs --standard=phpcs.ruleset.xml .
   - phpunit

inc/admin/class-listtable.php

@@ -56,10 +56,10 @@ public function get_columns() {
 	public function column_cb( $item ) {
 		?>
 		<label class="screen-reader-text"
-			   for="cb-select-<?php echo esc_attr( $item->ID ) ?>"><?php esc_html_e( 'Select consumer', 'oauth2' ); ?></label>
+			for="cb-select-<?php echo esc_attr( $item->ID ); ?>"><?php esc_html_e( 'Select consumer', 'oauth2' ); ?></label>
 
 		<input id="cb-select-<?php echo esc_attr( $item->ID ) ?>" type="checkbox"
-			   name="consumers[]" value="<?php echo esc_attr( $item->ID ) ?>"/>
+			name="consumers[]" value="<?php echo esc_attr( $item->ID ); ?>"/>
 
 		<?php
 	}
@@ -92,7 +92,7 @@ protected function column_name( $item ) {
 		);
 		$delete_link = wp_nonce_url( $delete_link, 'rest-oauth2-delete:' . $item->ID );
 
-		$actions     = [
+		$actions = [
 			'edit'   => sprintf( '<a href="%s">%s</a>', esc_url( $edit_link ), esc_html__( 'Edit', 'oauth2' ) ),
 			'delete' => sprintf( '<a href="%s">%s</a>', esc_url( $delete_link ), esc_html__( 'Delete', 'oauth2' ) ),
 		];
@@ -101,13 +101,14 @@ protected function column_name( $item ) {
 		if ( current_user_can( $post_type_object->cap->publish_posts ) && $item->post_status !== 'publish' ) {
 			$publish_link = add_query_arg(
 				[
-					'page' => 'rest-oauth2-apps',
+					'page'   => 'rest-oauth2-apps',
 					'action' => 'approve',
-					'id' => $item->ID,
+					'id'     => $item->ID,
 				],
 				admin_url( 'users.php' )
 			);
-			$publish_link = wp_nonce_url( $publish_link, 'rest-oauth2-approve:' . $item->ID );
+
+			$publish_link           = wp_nonce_url( $publish_link, 'rest-oauth2-approve:' . $item->ID );
 			$actions['app-approve'] = sprintf(
 				'<a href="%s">%s</a>',
 				esc_url( $publish_link ),

inc/admin/namespace.php

@@ -47,7 +47,7 @@ function get_url( $params = [] ) {
  * @return string One of 'add', 'edit', 'delete', or '' for default (list)
  */
 function get_page_action() {
-	return isset( $_GET['action'] ) ? $_GET['action'] : '';
+	return isset( $_GET['action'] ) ? $_GET['action'] : ''; // WPCS: CSRF OK
 }
 
 /**
@@ -110,17 +110,18 @@ function render() {
 			<?php
 			esc_html_e( 'Registered Applications', 'oauth2' );
 
-			if ( current_user_can( 'create_users' ) ) : ?>
+			if ( current_user_can( 'create_users' ) ) :
+				?>
 				<a href="<?php echo esc_url( get_url( 'action=add' ) ) ?>"
-				   class="add-new-h2"><?php echo esc_html_x( 'Add New', 'application', 'oauth2' ); ?></a>
+					class="add-new-h2"><?php echo esc_html_x( 'Add New', 'application', 'oauth2' ); ?></a>
 				<?php
 			endif;
 			?>
 		</h2>
 		<?php
-		if ( ! empty( $_GET['deleted'] ) ) {
+		if ( ! empty( $_GET['deleted'] ) ) { // WPCS: CSRF OK
 			echo '<div id="message" class="updated"><p>' . esc_html__( 'Deleted application.', 'oauth2' ) . '</p></div>';
-		} elseif ( ! empty( $_GET['approved'] ) ) {
+		} elseif ( ! empty( $_GET['approved'] ) ) { // WPCS: CSRF OK
 			echo '<div id="message" class="updated"><p>' . esc_html__( 'Approved application.', 'oauth2' ) . '</p></div>';
 		}
 		?>
@@ -203,7 +204,7 @@ function handle_edit_submit( Client $consumer = null ) {
 
 	if ( empty( $consumer ) ) {
 		// Create the consumer
-		$data     = [
+		$data = [
 			'name'        => $params['name'],
 			'description' => $params['description'],
 			'meta'        => [
@@ -212,10 +213,11 @@ function handle_edit_submit( Client $consumer = null ) {
 			],
 		];
 
-		$consumer = $result = Client::create( $data );
+		$consumer = Client::create( $data );
+		$result   = $consumer;
 	} else {
 		// Update the existing consumer post
-		$data   = [
+		$data = [
 			'name'        => $params['name'],
 			'description' => $params['description'],
 			'meta'        => [
@@ -264,12 +266,18 @@ function render_edit_page() {
 			wp_die( __( 'Invalid client ID.', 'oauth2' ) );
 		}
 
-		$form_action       = get_url( [ 'action' => 'edit', 'id' => $id ] );
-		$regenerate_action = get_url( [ 'action' => 'regenerate', 'id' => $id ] );
+		$form_action       = get_url( [
+			'action' => 'edit',
+			'id'     => $id,
+		] );
+		$regenerate_action = get_url( [
+			'action' => 'regenerate',
+			'id'     => $id,
+		] );
 	}
 
 	// Handle form submission
-	$messages = [];
+	$messages  = [];
 	$form_data = [];
 	if ( ! empty( $_POST['_wpnonce'] ) ) {
 		if ( empty( $consumer ) ) {
@@ -278,7 +286,7 @@ function render_edit_page() {
 			check_admin_referer( 'rest-oauth2-edit-' . $consumer->get_post_id() );
 		}
 
-		$messages = handle_edit_submit( $consumer );
+		$messages  = handle_edit_submit( $consumer );
 		$form_data = wp_unslash( $_POST );
 	}
 	if ( ! empty( $_GET['did_action'] ) ) {
@@ -371,10 +379,12 @@ function render_edit_page() {
 									<?php echo esc_html_x( 'Private', 'Client type select option', 'oauth2' ); ?>
 								</label>
 								<p class="description">
-									<?php esc_html_e(
+									<?php
+									esc_html_e(
 										'Clients capable of maintaining confidentiality of credentials, such as server-side applications',
 										'oauth2'
-									) ?>
+									);
+									?>
 								</p>
 							</li>
 							<li>
@@ -389,10 +399,12 @@ function render_edit_page() {
 									<?php echo esc_html_x( 'Public', 'Client type select option', 'oauth2' ); ?>
 								</label>
 								<p class="description">
-									<?php esc_html_e(
+									<?php
+									esc_html_e(
 										'Clients incapable of keeping credentials secret, such as browser-based applications or desktop and mobile apps',
 										'oauth2'
-									) ?>
+									);
+									?>
 								</p>
 							</li>
 						</ul>
@@ -552,6 +564,10 @@ function handle_regenerate() {
 		wp_die( $result->get_error_message() );
 	}
 
-	wp_safe_redirect( get_url( [ 'action' => 'edit', 'id' => $id, 'did_action' => 'regenerate' ] ) );
+	wp_safe_redirect( get_url( [
+		'action'     => 'edit',
+		'id'         => $id,
+		'did_action' => 'regenerate',
+	] ) );
 	exit;
 }

inc/admin/profile/namespace.php

@@ -15,7 +15,7 @@ function bootstrap() {
 	add_action( 'show_user_profile', __NAMESPACE__ . '\\render_profile_section' );
 	add_action( 'edit_user_profile', __NAMESPACE__ . '\\render_profile_section' );
 	add_action( 'all_admin_notices', __NAMESPACE__ . '\\output_profile_messages' );
-	add_action( 'personal_options_update',  __NAMESPACE__ . '\\handle_revocation', 10, 1 );
+	add_action( 'personal_options_update', __NAMESPACE__ . '\\handle_revocation', 10, 1 );
 	add_action( 'edit_user_profile_update', __NAMESPACE__ . '\\handle_revocation', 10, 1 );
 }
 
@@ -61,7 +61,7 @@ function render_token_row( WP_User $user, Access_Token $token ) {
 	$client = $token->get_client();
 
 	$creation_time = $token->get_creation_time();
-	$details = [
+	$details       = [
 		sprintf(
 			/* translators: %1$s: formatted date, %2$s: formatted time */
 			esc_html__( 'Authorized %1$s at %2$s', 'oauth2' ),
@@ -124,10 +124,10 @@ function output_profile_messages() {
 		return;
 	}
 
-	if ( ! empty( $_GET['oauth2_revoked'] ) ) {
+	if ( ! empty( $_GET['oauth2_revoked'] ) ) { // WPCS: CSRF OK
 		echo '<div id="message" class="updated"><p>' . __( 'Token revoked.', 'oauth2' ) . '</p></div>';
 	}
-	if ( ! empty( $_GET['oauth2_revocation_failed'] ) ) {
+	if ( ! empty( $_GET['oauth2_revocation_failed'] ) ) { // WPCS: CSRF OK
 		echo '<div id="message" class="updated"><p>' . __( 'Unable to revoke token.', 'oauth2' ) . '</p></div>';
 	}
 }
@@ -156,7 +156,6 @@ function handle_revocation( $user_id ) {
 
 	$token = Access_Token::get_by_id( $key );
 	if ( empty( $token ) ) {
-		var_dump( $key, $token );
 		wp_safe_redirect( add_query_arg( 'oauth2_revocation_failed', true, get_edit_user_link( $user_id ) ) );
 		exit;
 	}

inc/authentication/namespace.php

@@ -75,11 +75,11 @@ function get_token_from_bearer_header( $header ) {
  * @return string|null Token on succes, null on failure.
  */
 function get_token_from_request() {
-	if ( empty( $_GET['access_token'] ) ) {
+	if ( empty( $_GET['access_token'] ) ) { // WPCS: CSRF OK
 		return null;
 	}
 
-	$token = $_GET['access_token'];
+	$token = $_GET['access_token']; // WPCS: CSRF OK
 	if ( is_string( $token ) ) {
 		return $token;
 	}
@@ -116,8 +116,8 @@ function attempt_authentication( $user = null ) {
 
 	// Attempt to find the token.
 	$is_querying_token = true;
-	$token = Tokens\get_by_id( $token_value );
-	$client = $token->get_client();
+	$token             = Tokens\get_by_id( $token_value );
+	$client            = $token->get_client();
 	$is_querying_token = false;
 
 	if ( empty( $token ) || empty( $client ) ) {

inc/class-client.php

@@ -73,7 +73,7 @@ public function get_description( $raw = false ) {
 		// Replicate the_content()'s filters.
 		global $post;
 		$current_post = $post;
-		$the_post = get_post( $this->get_post_id() );
+		$the_post     = get_post( $this->get_post_id() );
 		if ( $raw ) {
 			// Skip the filtering and globals.
 			return $the_post->post_content;
@@ -168,7 +168,7 @@ public function check_redirect_uri( $uri ) {
 			return false;
 		}
 
-		$supplied = wp_parse_url( $uri );
+		$supplied       = wp_parse_url( $uri );
 		$all_registered = $this->get_redirect_uris();
 
 		foreach ( $all_registered as $registered_uri ) {
@@ -273,7 +273,7 @@ public function issue_token( WP_User $user ) {
 	 * @return static|null Token if ID is found, null otherwise.
 	 */
 	public static function get_by_id( $id ) {
-		$args = [
+		$args  = [
 			'post_type'      => static::POST_TYPE,
 			'post_status'    => 'publish',
 			'posts_per_page' => 1,
@@ -366,8 +366,8 @@ public function update( $data ) {
 		}
 
 		$meta = [
-			static::REDIRECT_URI_KEY  => $data['meta']['callback'],
-			static::TYPE_KEY          => $data['meta']['type'],
+			static::REDIRECT_URI_KEY => $data['meta']['callback'],
+			static::TYPE_KEY         => $data['meta']['type'],
 		];
 
 		foreach ( $meta as $key => $value ) {
@@ -394,8 +394,8 @@ public function delete() {
 	 * @return bool|WP_Error True if client was updated, error otherwise.
 	 */
 	public function approve() {
-		$data = [
-			'ID' => $this->get_post_id(),
+		$data   = [
+			'ID'          => $this->get_post_id(),
 			'post_status' => 'publish',
 		];
 		$result = wp_update_post( wp_slash( $data ), true );

inc/endpoints/class-authorization.php

@@ -18,8 +18,8 @@ public function register_hooks() {
 
 	public function handle_request() {
 		// If the form hasn't been submitted, show it.
-		if ( isset( $_GET['response_type'] ) ) {
-			$type = wp_unslash( $_GET['response_type'] );
+		if ( isset( $_GET['response_type'] ) ) { // WPCS: CSRF OK
+			$type = wp_unslash( $_GET['response_type'] ); // WPCS: CSRF OK
 		} else {
 			$type = null;
 		}

inc/endpoints/class-token.php

@@ -13,22 +13,22 @@
 class Token {
 	public function register_routes() {
 		register_rest_route( 'oauth2', '/access_token', [
-			'methods' => 'POST',
+			'methods'  => 'POST',
 			'callback' => [ $this, 'exchange_token' ],
-			'args' => [
+			'args'     => [
 				'grant_type' => [
-					'required' => true,
-					'type' => 'string',
+					'required'          => true,
+					'type'              => 'string',
 					'validate_callback' => [ $this, 'validate_grant_type' ],
 				],
-				'client_id' => [
-					'required' => true,
-					'type' => 'string',
+				'client_id'  => [
+					'required'          => true,
+					'type'              => 'string',
 					'validate_callback' => 'rest_validate_request_arg',
 				],
-				'code' => [
-					'required' => true,
-					'type' => 'string',
+				'code'       => [
+					'required'          => true,
+					'type'              => 'string',
 					'validate_callback' => 'rest_validate_request_arg',
 				],
 			],
@@ -58,9 +58,10 @@ public function exchange_token( WP_REST_Request $request ) {
 		if ( empty( $client ) ) {
 			return new WP_Error(
 				'oauth2.endpoints.token.exchange_token.invalid_client',
+				/* translators: %s: client ID */
 				sprintf( __( 'Client ID %s is invalid.', 'oauth2' ), $request['client_id'] ),
 				[
-					'status' => WP_Http::BAD_REQUEST,
+					'status'    => WP_Http::BAD_REQUEST,
 					'client_id' => $request['client_id'],
 				]
 			);

inc/endpoints/namespace.php

@@ -15,7 +15,7 @@ function register() {
 
 	// Register convenience URL.
 	register_rest_route( 'oauth2', '/authorize', [
-		'methods' => 'GET',
+		'methods'  => 'GET',
 		'callback' => __NAMESPACE__ . '\\redirect_to_authorize',
 	]);
 }

inc/namespace.php

@@ -73,7 +73,7 @@ function get_grant_types() {
  */
 function register_grant_types( $types ) {
 	$types['authorization_code'] = new Types\Authorization_Code();
-	$types['implicit'] = new Types\Implicit();
+	$types['implicit']           = new Types\Implicit();
 
 	return $types;
 }
@@ -88,9 +88,9 @@ function register_in_index( WP_REST_Response $response ) {
 	$data = $response->get_data();
 
 	$data['authentication']['oauth2'] = [
-		'endpoints' => [
+		'endpoints'   => [
 			'authorization' => get_authorization_url(),
-			'token' => get_token_url(),
+			'token'         => get_token_url(),
 		],
 		'grant_types' => array_keys( get_grant_types() ),
 	];