Issues in JWTAuthenticationHandler.php (master) - Issues in master - Firesphere/silverstripe-graphql-jwt - Measure and Improve Code Quality continuously with Scrutinizer

Issues (35)

src/Authentication/JWTAuthenticationHandler.php (1 issue)

Severity

Unknown 1

<?php declare(strict_types=1);

namespace Firesphere\GraphQLJWT\Authentication;

use BadMethodCallException;
use Exception;
use Firesphere\GraphQLJWT\Extensions\MemberExtension;
use Firesphere\GraphQLJWT\Helpers\HeaderExtractor;
use Firesphere\GraphQLJWT\Helpers\RequiresAuthenticator;
use OutOfBoundsException;
use SilverStripe\Control\HTTPRequest;
use SilverStripe\Core\Injector\Injectable;
use SilverStripe\Security\AuthenticationHandler;
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;

/**
 * Class JWTAuthenticationHandler
 *
 * @package Firesphere\GraphQLJWT
 */
class JWTAuthenticationHandler implements AuthenticationHandler
{
    use HeaderExtractor;
    use RequiresAuthenticator;
    use Injectable;

    /**
     * @param HTTPRequest $request
     * @return null|Member
     * @throws OutOfBoundsException
     * @throws BadMethodCallException
     * @throws Exception
     */
    public function authenticateRequest(HTTPRequest $request): ?Member
    {
        // Check token
        $token = $this->getAuthorizationHeader($request);
        if (!$token) {
            return null;
        }

        // Validate the token. This is critical for security
        $member = $this
            ->getJWTAuthenticator()
            ->authenticate(['token' => $token], $request);

        if ($member) {
            $this->logIn($member);
        }

        return $member;
    }

    /**
     * Authenticate on every run, based on the header, not relying on sessions or cookies
     * JSON Web Tokens are stateless
     *
     * @param Member $member
     * @param bool $persistent
     * @param HTTPRequest|null $request
     */
    public function logIn(Member $member, $persistent = false, HTTPRequest $request = null): void
    {
        Security::setCurrentUser($member);
    }

    /**
     * @param HTTPRequest|null $request
     */
    public function logOut(HTTPRequest $request = null): void
    {
        // A token can actually not be invalidated, but let's flush all valid tokens from the DB.
        // Note that log-out acts as a global logout (all devices)
        /** @var Member|MemberExtension $member */
        $member = Security::getCurrentUser();
        if ($member) {

            $member->destroyAuthTokens();
        }

        Security::setCurrentUser(null);
    }
}


1			<?php declare(strict_types=1);
2
3			namespace Firesphere\GraphQLJWT\Authentication;
4
5			use BadMethodCallException;
6			use Exception;
7			use Firesphere\GraphQLJWT\Extensions\MemberExtension;
8			use Firesphere\GraphQLJWT\Helpers\HeaderExtractor;
9			use Firesphere\GraphQLJWT\Helpers\RequiresAuthenticator;
10			use OutOfBoundsException;
11			use SilverStripe\Control\HTTPRequest;
12			use SilverStripe\Core\Injector\Injectable;
13			use SilverStripe\Security\AuthenticationHandler;
14			use SilverStripe\Security\Member;
15			use SilverStripe\Security\Security;
16
17			/**
18			* Class JWTAuthenticationHandler
19			*
20			* @package Firesphere\GraphQLJWT
21			*/
22			class JWTAuthenticationHandler implements AuthenticationHandler
23			{
24			use HeaderExtractor;
25			use RequiresAuthenticator;
26			use Injectable;
27
28			/**
29			* @param HTTPRequest $request
30			* @return null\|Member
31			* @throws OutOfBoundsException
32			* @throws BadMethodCallException
33			* @throws Exception
34			*/
35			public function authenticateRequest(HTTPRequest $request): ?Member
36			{
37			// Check token
38			$token = $this->getAuthorizationHeader($request);
39			if (!$token) {
40			return null;
41			}
42
43			// Validate the token. This is critical for security
44			$member = $this
45			->getJWTAuthenticator()
46			->authenticate(['token' => $token], $request);
47
48			if ($member) {
49			$this->logIn($member);
50			}
51
52			return $member;
53			}
54
55			/**
56			* Authenticate on every run, based on the header, not relying on sessions or cookies
57			* JSON Web Tokens are stateless
58			*
59			* @param Member $member
60			* @param bool $persistent
61			* @param HTTPRequest\|null $request
62			*/
63			public function logIn(Member $member, $persistent = false, HTTPRequest $request = null): void
64			{
65			Security::setCurrentUser($member);
66			}
67
68			/**
69			* @param HTTPRequest\|null $request
70			*/
71			public function logOut(HTTPRequest $request = null): void
72			{
73			// A token can actually not be invalidated, but let's flush all valid tokens from the DB.
74			// Note that log-out acts as a global logout (all devices)
75			/** @var Member\|MemberExtension $member */
76			$member = Security::getCurrentUser();
77			if ($member) {
			0 ignored issues – show introduced 2019-04-18 06:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$member` is of type `SilverStripe\Security\Member`, thus it always evaluated to `true`. Loading history...
78			$member->destroyAuthTokens();
79			}
80
81			Security::setCurrentUser(null);
82			}
83			}
84

Firesphere / silverstripe-graphql-jwt

Issues (35)

src/Authentication/JWTAuthenticationHandler.php (1 issue)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like