VerifyApiToken - Code Metrics - Inspection of "Throws InvalidApiTokenException" - ElfSundae/laravel-api - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 6c657d...42bf74 )

by Elf

created 2017-09-13 13:20 UTC

VerifyApiToken A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	106
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	3

Test Coverage

Coverage

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	106
ccs	0
cts	42
cp	0
rs	10
wmc	15
lcom	1
cbo	3

6 Methods

Rating	Name	Size	Complexity
A	__construct()	4	1
A	handle()	13	3
A	inExceptArray()	14	4
A	verifyToken()	8	4
A	getKeyFromRequest()	4	2
A	setCurrentAppKeyForRequest()	4	1

<?php

namespace ElfSundae\Laravel\Api\Middleware;

use Closure;
use ElfSundae\Laravel\Api\Token;
use ElfSundae\Laravel\Api\Exceptions\InvalidApiTokenException;

class VerifyApiToken
{
    /**
     * The Token instance.
     *
     * @var \ElfSundae\Laravel\Api\Token
     */
    protected $token;

    /**
     * The URIs that should be excluded from token verification.
     *
     * @var array
     */
    protected $except = [];

    /**
     * Create the middleware.
     *
     * @param  \ElfSundae\Laravel\Api\Token  $token
     */
    public function __construct(Token $token)
    {
        $this->token = $token;
    }

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     *
     * @throws \ElfSundae\Laravel\Api\Exceptions\InvalidApiTokenException
     */
    public function handle($request, Closure $next)
    {
        if (
            $this->inExceptArray($request) ||
            $this->verifyToken($request)
        ) {
            $this->setCurrentAppKeyForRequest($request);

            return $next($request);
        }

        throw new InvalidApiTokenException;
    }

    /**
     * Determine if the request has a URI that should be passed through verification.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return bool
     */
    protected function inExceptArray($request)
    {
        foreach ($this->except as $except) {
            if ($except !== '/') {
                $except = trim($except, '/');
            }

            if ($request->is($except)) {
                return true;
            }
        }

        return false;
    }

    /**
     * Verify the api token from request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return bool
     */
    protected function verifyToken($request)
    {
        $time = (int) ($request->input('_time') ?: $request->header('X-API-TIME'));
        $token = $request->input('_token') ?: $request->header('X-API-TOKEN');

        return abs(time() - $time) < (int) config('api.token_duration') &&
            $this->token->verify($token, $this->getKeyFromRequest($request), $time);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
    }

    /**
     * Get the app key from the request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return string
     */
    protected function getKeyFromRequest($request)
    {
        return $request->input('_key') ?: $request->header('X-API-KEY');
    }

    /**
     * Set current app key for the request.
     *
     * @param  \Illuminate\Http\Request  $request
     */
    protected function setCurrentAppKeyForRequest($request)
    {
        $request->attributes->set('current_app_key', $this->getKeyFromRequest($request));
    }
}


1			<?php
2
3			namespace ElfSundae\Laravel\Api\Middleware;
4
5			use Closure;
6			use ElfSundae\Laravel\Api\Token;
7			use ElfSundae\Laravel\Api\Exceptions\InvalidApiTokenException;
8
9			class VerifyApiToken
10			{
11			/**
12			* The Token instance.
13			*
14			* @var \ElfSundae\Laravel\Api\Token
15			*/
16			protected $token;
17
18			/**
19			* The URIs that should be excluded from token verification.
20			*
21			* @var array
22			*/
23			protected $except = [];
24
25			/**
26			* Create the middleware.
27			*
28			* @param \ElfSundae\Laravel\Api\Token $token
29			*/
30			public function __construct(Token $token)
31			{
32			$this->token = $token;
33			}
34
35			/**
36			* Handle an incoming request.
37			*
38			* @param \Illuminate\Http\Request $request
39			* @param \Closure $next
40			* @return mixed
41			*
42			* @throws \ElfSundae\Laravel\Api\Exceptions\InvalidApiTokenException
43			*/
44			public function handle($request, Closure $next)
45			{
46			if (
47			$this->inExceptArray($request) \|\|
48			$this->verifyToken($request)
49			) {
50			$this->setCurrentAppKeyForRequest($request);
51
52			return $next($request);
53			}
54
55			throw new InvalidApiTokenException;
56			}
57
58			/**
59			* Determine if the request has a URI that should be passed through verification.
60			*
61			* @param \Illuminate\Http\Request $request
62			* @return bool
63			*/
64			protected function inExceptArray($request)
65			{
66			foreach ($this->except as $except) {
67			if ($except !== '/') {
68			$except = trim($except, '/');
69			}
70
71			if ($request->is($except)) {
72			return true;
73			}
74			}
75
76			return false;
77			}
78
79			/**
80			* Verify the api token from request.
81			*
82			* @param \Illuminate\Http\Request $request
83			* @return bool
84			*/
85			protected function verifyToken($request)
86			{
87			$time = (int) ($request->input('_time') ?: $request->header('X-API-TIME'));
88			$token = $request->input('_token') ?: $request->header('X-API-TOKEN');
89
90			return abs(time() - $time) < (int) config('api.token_duration') &&
91			$this->token->verify($token, $this->getKeyFromRequest($request), $time);
			0 ignored issues – show Bug introduced 2017-09-13 13:22 UTC by Report Bug Copy Issue Report It seems like `$token` defined by `$request->input('_token'...->header('X-API-TOKEN')` on line `88` can also be of type `array`; however, `ElfSundae\Laravel\Api\Token::verify()` does only seem to accept `string`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history... Bug introduced 2017-09-13 13:22 UTC by Report Bug Copy Issue Report It seems like `$this->getKeyFromRequest($request)` targeting `ElfSundae\Laravel\Api\Mi...en::getKeyFromRequest()` can also be of type `array`; however, `ElfSundae\Laravel\Api\Token::verify()` does only seem to accept `string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
92			}
93
94			/**
95			* Get the app key from the request.
96			*
97			* @param \Illuminate\Http\Request $request
98			* @return string
99			*/
100			protected function getKeyFromRequest($request)
101			{
102			return $request->input('_key') ?: $request->header('X-API-KEY');
103			}
104
105			/**
106			* Set current app key for the request.
107			*
108			* @param \Illuminate\Http\Request $request
109			*/
110			protected function setCurrentAppKeyForRequest($request)
111			{
112			$request->attributes->set('current_app_key', $this->getKeyFromRequest($request));
113			}
114			}
115

ElfSundae / laravel-api

Push — master ( 6c657d...42bf74 )

VerifyApiToken A

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

6 Methods

Duplication Side-by-Side

Filter issues like