Sécurité et qualité : headers HTTP, permissions .env, lint PHPStan + PHP-CS-Fixer, réorganisation dossiers, scripts de déploiement

public/oidc/callback.php

@@ -1,19 +1,27 @@
 <?php
+
 declare(strict_types=1);
 
 use App\Infrastructure\Database;
 
-if (session_status() !== PHP_SESSION_ACTIVE) session_start();
+if (session_status() !== PHP_SESSION_ACTIVE) {
+    session_start();
+}
 
 require_once dirname(__DIR__, 2) . '/vendor/autoload.php';
 require_once dirname(__DIR__, 2) . '/app/bootstrap.php';
 require_once dirname(__DIR__, 2) . '/config/config.php';
 
 if (!function_exists('env')) {
-    function env(string $key, ?string $default = null): ?string {
-        if (array_key_exists($key, $_ENV) && $_ENV[$key] !== '') return (string)$_ENV[$key];
+    function env(string $key, ?string $default = null): ?string
+    {
+        if (array_key_exists($key, $_ENV) && $_ENV[$key] !== '') {
+            return (string)$_ENV[$key];
+        }
         $v = getenv($key);
-        if ($v !== false && $v !== '') return (string)$v;
+        if ($v !== false && $v !== '') {
+            return (string)$v;
+        }
         return $default;
     }
 }
@@ -68,7 +76,9 @@ $post = [
     'client_id'     => $OIDC_CLIENT_ID,
     'code_verifier' => $codeVerifier,
 ];
-if ($OIDC_CLIENT_SECRET !== '') $post['client_secret'] = $OIDC_CLIENT_SECRET;
+if ($OIDC_CLIENT_SECRET !== '') {
+    $post['client_secret'] = $OIDC_CLIENT_SECRET;
+}
 
 $ch = curl_init($tokenEndpoint);
 curl_setopt_array($ch, [
@@ -127,7 +137,9 @@ if (!$email && $idToken && substr_count($idToken, '.') === 2) {
     [, $p, ] = explode('.', $idToken, 3);
     $payloadJson = base64_decode(strtr($p, '-_', '+/'), true);
     $payload = $payloadJson ? json_decode($payloadJson, true) : null;
-    if (is_array($payload) && !empty($payload['email'])) $email = $payload['email'];
+    if (is_array($payload) && !empty($payload['email'])) {
+        $email = $payload['email'];
+    }
 }
 
 if (!$email) {
@@ -159,7 +171,9 @@ if ($flow === 'login' && $existingId) {
     ];
     $target = $_SESSION['oidc_return_to'] ?? '/';
     unset($_SESSION['oidc_return_to'], $_SESSION['oidc_flow']);
-    if (!is_string($target) || $target === '' || $target[0] !== '/') $target = '/';
+    if (!is_string($target) || $target === '' || $target[0] !== '/') {
+        $target = '/';
+    }
     header('Location: ' . $target, true, 303);
     exit;
 }
@@ -176,4 +190,4 @@ $_SESSION['pending_oidc'] = [
 unset($_SESSION['oidc_flow']);
 
 header('Location: ' . url('register/from-oidc'), true, 303);
-exit;
+exit;