updating env checks

Author: adl-trey

auth.php

@@ -120,8 +120,7 @@ private function attempt_jwt_login() {
          * For some environments, this will be necessary, but for ADL's P1 deployment
          * this doesn't add any extra security.
          */
-        $checkIssuer = getenv("MOODLE_JWT_CHECK_ISSUER");
-        if (isset($checkIssuer) && $checkIssuer) {
+        if ($this->has_env_bool("MOODLE_JWT_CHECK_ISSUER")) {
 
             $issuer = $payload->iss;
             $issuerExpected = getenv("MOODLE_JWT_ISSUER");
@@ -136,8 +135,7 @@ private function attempt_jwt_login() {
          * For Client, this is a bit less obvious as these can be auto-generated by the
          * deployment environment and should be provided by the Ops / Hosting team.
          */
-        $checkClient = getenv("MOODLE_JWT_CHECK_CLIENT");
-        if (isset($checkClient) && $checkClient) {
+        if ($this->has_env_bool("MOODLE_JWT_CHECK_CLIENT")) {
 
             $client = $payload->azp;
             $clientExpected = getenv("MOODLE_JWT_CLIENT_ID");
@@ -160,8 +158,7 @@ private function attempt_jwt_login() {
              * approach will be to simply create a pseudo-randomized password
              * for this account, which will be blocked from manual entry anyway.
              */
-            $assignRandomPassword = getenv("MOODLE_JWT_ASSIGN_RANDOM_PASSWORD");
-            if (isset($assignRandomPassword) && $assignRandomPassword) {
+            if ($this->has_env_bool("MOODLE_JWT_ASSIGN_RANDOM_PASSWORD")) {
 
                 /**
                  * The "salt" here will simply be a character block to satisfy password reqs.
@@ -178,12 +175,16 @@ private function attempt_jwt_login() {
                 $firstChunk = $payload->sub;
                 $secondChunk = $payload->iss;
 
-                if (isset($envPropertyFirst) && $envPropertyFirst) {
-                    $firstChunk = $payload->$envPropertyFirst;
+                if ($envPropertyFirst != false) {
+                    if (property_exists($payload, $envPropertyFirst)) {
+                        $firstChunk = $payload->$envPropertyFirst;
+                    }
                 }
 
-                if (isset($envPropertySecond) && $envPropertySecond) {
-                    $secondChunk = $payload->$envPropertySecond;
+                if ($envPropertySecond != false) {
+                    if (property_exists($payload, $envPropertySecond)) {
+                        $secondChunk = $payload->$envPropertySecond;
+                    }
                 }
 
 
@@ -231,11 +232,10 @@ private function attempt_jwt_login() {
      */
     private function get_expected_username($cert) {
 
-        $envUseEDIPI = getenv("MOODLE_JWT_USE_EDIPI");
         $envEDIPIProperty = getenv("MOODLE_JWT_EDIPI_PROPERTY");
 
-        $useEDIPI = isset($envUseEDIPI) && strcasecmp($envUseEDIPI, "true");
-        $configuredForEDIPI =  isset($envEDIPIProperty);
+        $useEDIPI = $this->has_env_bool("MOODLE_JWT_USE_EDIPI");
+        $configuredForEDIPI =  $envEDIPIProperty != false;
 
         if ($useEDIPI && $configuredForEDIPI) {
             $edipiNumber = $this->get_edipi_number($cert, $envEDIPIProperty);
@@ -248,7 +248,7 @@ private function get_expected_username($cert) {
 
         $envCustomProperty = getenv("MOODLE_JWT_USERNAME_PROPERTY");
 
-        $useCustomProperty = isset($envCustomProperty);
+        $useCustomProperty = $envCustomProperty != false;
         $hasCustomProperty = property_exists($cert, $envCustomProperty);
 
         if ($useCustomProperty && $hasCustomProperty) {
@@ -304,6 +304,13 @@ private function decode_base_64($encodedStr) {
         return base64_decode($b);
     }
 
+    private function has_env_bool($variableName) {
+        $value = getenv($variableName);
+        $exists = $value != false;
+
+        return $exists && strcasecmp($value, "true");
+    }
+
     /**
      * Unused atm.
      */