This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Audiens\AdobeClient; |
||
4 | |||
5 | use Audiens\AdobeClient\Authentication\AuthStrategyInterface; |
||
6 | use Doctrine\Common\Cache\Cache; |
||
7 | use GuzzleHttp\Client; |
||
8 | use GuzzleHttp\ClientInterface; |
||
9 | use GuzzleHttp\Psr7\Response; |
||
10 | use Psr\Http\Message\RequestInterface; |
||
11 | |||
12 | /** |
||
13 | * Class Auth |
||
14 | * |
||
15 | */ |
||
16 | class Auth implements ClientInterface |
||
17 | { |
||
18 | |||
19 | /** @var Cache */ |
||
20 | protected $cache; |
||
21 | |||
22 | /** @var Client */ |
||
23 | protected $client; |
||
24 | |||
25 | /** @var string */ |
||
26 | protected $token; |
||
27 | |||
28 | /** @var string */ |
||
29 | protected $username; |
||
30 | |||
31 | /** @var string */ |
||
32 | protected $password; |
||
33 | |||
34 | /** @var string */ |
||
35 | protected $clientId; |
||
36 | |||
37 | /** @var string */ |
||
38 | protected $secretKey; |
||
39 | |||
40 | protected $authStrategy; |
||
41 | |||
42 | /** |
||
43 | * Auth constructor. |
||
44 | * @param $clientId |
||
45 | * @param $secretKey |
||
46 | * @param $username |
||
47 | * @param $password |
||
48 | * @param ClientInterface $clientInterface |
||
49 | * @param AuthStrategyInterface $authStrategy |
||
50 | */ |
||
51 | View Code Duplication | public function __construct( |
|
0 ignored issues
–
show
|
|||
52 | $clientId, |
||
53 | $secretKey, |
||
54 | $username, |
||
55 | $password, |
||
56 | ClientInterface $clientInterface, |
||
57 | AuthStrategyInterface $authStrategy |
||
58 | ) { |
||
59 | $this->clientId = $clientId; |
||
60 | $this->secretKey = $secretKey; |
||
61 | $this->username = $username; |
||
62 | $this->password = $password; |
||
63 | |||
64 | $this->client = $clientInterface; |
||
0 ignored issues
–
show
$clientInterface is of type object<GuzzleHttp\ClientInterface> , but the property $client was declared to be of type object<GuzzleHttp\Client> . Are you sure that you always receive this specific sub-class here, or does it make sense to add an instanceof check?
Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a given class or a super-class is assigned to a property that is type hinted more strictly. Either this assignment is in error or an instanceof check should be added for that assignment. class Alien {}
class Dalek extends Alien {}
class Plot
{
/** @var Dalek */
public $villain;
}
$alien = new Alien();
$plot = new Plot();
if ($alien instanceof Dalek) {
$plot->villain = $alien;
}
Loading history...
|
|||
65 | $this->authStrategy = $authStrategy; |
||
66 | } |
||
67 | |||
68 | /** |
||
69 | * @param string $method |
||
70 | * @param null $uri |
||
71 | * @param array $options |
||
72 | * |
||
73 | * @return mixed|\Psr\Http\Message\ResponseInterface |
||
74 | * @throws \Exception |
||
75 | */ |
||
76 | public function request($method, $uri = null, array $options = []) |
||
77 | { |
||
78 | |||
79 | $optionForToken = [ |
||
80 | 'headers' => [ |
||
81 | 'Authorization' => ['Bearer '.$this->authStrategy->authenticate($this->clientId, $this->secretKey, $this->username, $this->password)], |
||
82 | ], |
||
83 | ]; |
||
84 | |||
85 | |||
86 | $options = array_merge_recursive($options, $optionForToken); |
||
87 | |||
88 | $response = $this->client->request($method, $uri, $options); |
||
89 | |||
90 | if (!$this->needToRevalidate($response)) { |
||
0 ignored issues
–
show
$response of type object<Psr\Http\Message\ResponseInterface> is not a sub-type of object<GuzzleHttp\Psr7\Response> . It seems like you assume a concrete implementation of the interface Psr\Http\Message\ResponseInterface to be always present.
This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type.
Loading history...
|
|||
91 | return $response; |
||
92 | } |
||
93 | |||
94 | $optionForToken = [ |
||
95 | 'headers' => [ |
||
96 | 'Authorization' => ['Bearer '.$this->authStrategy->authenticate($this->clientId, $this->secretKey, $this->username, $this->password, true, true)], |
||
97 | ], |
||
98 | ]; |
||
99 | |||
100 | $options = array_merge_recursive($options, $optionForToken); |
||
101 | |||
102 | return $this->client->request($method, $uri, $options); |
||
103 | } |
||
104 | |||
105 | |||
106 | /** |
||
107 | * @inheritDoc |
||
108 | */ |
||
109 | public function send(RequestInterface $request, array $options = []) |
||
110 | { |
||
111 | return $this->client->send($request, $options); |
||
112 | } |
||
113 | |||
114 | /** |
||
115 | * @inheritDoc |
||
116 | */ |
||
117 | public function sendAsync(RequestInterface $request, array $options = []) |
||
118 | { |
||
119 | return $this->client->sendAsync($request, $options); |
||
120 | } |
||
121 | |||
122 | /** |
||
123 | * @inheritDoc |
||
124 | */ |
||
125 | public function requestAsync($method, $uri, array $options = []) |
||
126 | { |
||
127 | return $this->client->requestAsync($method, $uri, $options); |
||
0 ignored issues
–
show
It seems like
$uri defined by parameter $uri on line 125 can also be of type object<Psr\Http\Message\UriInterface> ; however, GuzzleHttp\Client::requestAsync() does only seem to accept string , maybe add an additional type check?
This check looks at variables that have been passed in as parameters and are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble.
Loading history...
|
|||
128 | } |
||
129 | |||
130 | /** |
||
131 | * @inheritDoc |
||
132 | */ |
||
133 | public function getConfig($option = null) |
||
134 | { |
||
135 | return $this->client->getConfig($option); |
||
136 | } |
||
137 | |||
138 | |||
139 | /** |
||
140 | * @param Response $response |
||
141 | * |
||
142 | * @return bool |
||
143 | */ |
||
144 | protected function needToRevalidate(Response $response) |
||
145 | { |
||
146 | if ($response->getStatusCode() == 401) { |
||
147 | $headers = $response->getHeaders(); |
||
148 | |||
149 | if (!empty($headers['WWW-Authenticate'])) { |
||
150 | return strpos($headers['WWW-Authenticate'], 'invalid_token') === false; |
||
151 | } |
||
152 | } |
||
153 | |||
154 | return false; |
||
155 | } |
||
156 | } |
||
157 |
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.