Fix PHPCS and PHPStan issues across multiple files

class-two-factor-core.php

@@ -922,7 +922,7 @@ public static function is_api_request() {
 	 *
 	 * @since 0.2.0
 	 *
-	 * @param WP_User $user WP_User object of the logged-in user.
+	 * @param WP_User|false $user WP_User object of the logged-in user.
 	 */
 	public static function show_two_factor_login( $user ) {
 		if ( ! $user ) {
@@ -1754,9 +1754,9 @@ public static function _login_form_revalidate_2fa( $nonce = '', $provider = '',
 	 *
 	 * @since 0.9.0
 	 *
-	 * @param object  $provider        The Two Factor Provider.
-	 * @param WP_User $user            The user being authenticated.
-	 * @param bool    $is_post_request Whether the request is a POST request.
+	 * @param object|null $provider        The Two Factor Provider.
+	 * @param WP_User    $user            The user being authenticated.
+	 * @param bool       $is_post_request Whether the request is a POST request.
 	 * @return false|WP_Error|true WP_Error when an error occurs, true when the user is authenticated, false if no action occurred.
 	 */
 	public static function process_provider( $provider, $user, $is_post_request ) {
@@ -2069,7 +2069,7 @@ public static function user_two_factor_options( $user ) {
 		<h2><?php esc_html_e( 'Two-Factor Options', 'two-factor' ); ?></h2>
 
 		<?php foreach ( $notices as $notice_type => $notice ) : ?>
-		<div class="<?php echo esc_attr( $notice_type ? 'notice inline notice-' . $notice_type : '' ); ?>">
+		<div class="<?php echo esc_attr( 'notice inline notice-' . $notice_type ); ?>">
 			<p><?php echo wp_kses_post( $notice ); ?></p>
 		</div>
 		<?php endforeach; ?>

providers/class-two-factor-email.php

@@ -337,7 +337,7 @@ public function generate_and_email_token( $user ) {
 	 *
 	 * @since 0.1-dev
 	 *
-	 * @param WP_User $user WP_User object of the logged-in user.
+	 * @param WP_User|false $user WP_User object of the logged-in user.
 	 */
 	public function authentication_page( $user ) {
 		if ( ! $user ) {
@@ -384,11 +384,15 @@ public function authentication_page( $user ) {
 	 *
 	 * @since 0.2.0
 	 *
-	 * @param  WP_User $user WP_User object of the logged-in user.
+	 * @param WP_User|false $user WP_User object of the logged-in user.
 	 * @return boolean
 	 */
 	public function pre_process_authentication( $user ) {
-		if ( isset( $user->ID ) && isset( $_REQUEST[ self::INPUT_NAME_RESEND_CODE ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- non-distructive option that relies on user state.
+		if ( ! $user ) {
+			return false;
+		}
+
+		if ( isset( $_REQUEST[ self::INPUT_NAME_RESEND_CODE ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- non-destructive option that relies on user state.
 			$this->generate_and_email_token( $user );
 			return true;
 		}
@@ -401,12 +405,16 @@ public function pre_process_authentication( $user ) {
 	 *
 	 * @since 0.1-dev
 	 *
-	 * @param WP_User $user WP_User object of the logged-in user.
+	 * @param WP_User|false $user WP_User object of the logged-in user.
 	 * @return boolean
 	 */
 	public function validate_authentication( $user ) {
+		if ( ! $user ) {
+			return false;
+		}
+
 		$code = $this->sanitize_code_from_request( 'two-factor-email-code' );
-		if ( ! isset( $user->ID ) || ! $code ) {
+		if ( ! $code ) {
 			return false;
 		}
 

providers/class-two-factor-totp.php

@@ -342,9 +342,9 @@ public static function generate_qr_code_url( $user, $secret_key ) {
 	 * @codeCoverageIgnore
 	 */
 	public function user_two_factor_options( $user ) {
-		if ( ! isset( $user->ID ) ) {
-			return;
-		}
+		if ( ! ( $user instanceof WP_User ) ) {
+ 			return;
+ 		}
 
 		$key = $this->get_user_totp_key( $user->ID );
 
@@ -662,11 +662,11 @@ public static function pack64( int $value ): string {
 		if ( 8 === PHP_INT_SIZE ) {
 			return pack( 'J', $value );
 		}
-	
+
 		// 32-bit PHP fallback
 		$higher = ( $value >> 32 ) & 0xFFFFFFFF;
 		$lower  = $value & 0xFFFFFFFF;
-	
+
 		return pack( 'NN', $higher, $lower );
 	}
 
@@ -825,7 +825,7 @@ public static function base32_encode( $string ) {
 		$base32_string     = '';
 
 		foreach ( $five_bit_sections as $five_bit_section ) {
-			$base32_string .= self::$base_32_chars[ base_convert( str_pad( $five_bit_section, 5, '0' ), 2, 10 ) ];
+			$base32_string .= self::$base_32_chars[ (int) base_convert( str_pad( $five_bit_section, 5, '0' ), 2, 10 ) ];
 		}
 
 		return $base32_string;

two-factor.php

@@ -22,19 +22,17 @@
  * Network:           True
  */
 
-if ( ! defined( 'ABSPATH' ) ) {
-	exit; // Exit if accessed directly.
+if ( ! defined( 'TWO_FACTOR_DIR' ) ) {
+	define( 'TWO_FACTOR_DIR', __DIR__ . '/' );
 }
 
-/**
- * Shortcut constant to the path of this file.
- */
-define( 'TWO_FACTOR_DIR', plugin_dir_path( __FILE__ ) );
+if ( ! defined( 'TWO_FACTOR_VERSION' ) ) {
+	define( 'TWO_FACTOR_VERSION', '0.15.0' );
+}
 
-/**
- * Version of the plugin.
- */
-define( 'TWO_FACTOR_VERSION', '0.15.0' );
+if ( ! defined( 'ABSPATH' ) ) {
+	exit; // Exit if accessed directly.
+}
 
 /**
  * Include the base class here, so that other plugins can also extend it.