Authenticator - Code Metrics - Inspection of "Implementing use of PSR7" - Happyr/LinkedIn-API-client - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#73)

by Tobias

created 2015-12-22 17:10 UTC

Authenticator A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	276
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	8

Importance

Changes	4
Bugs	0	Features	0

Metric	Value
wmc	28
c	4
b	0
f	0
lcom	1
cbo	8
dl	0
loc	276
rs	10

10 Methods

Rating	Name	Size	Complexity
A	__construct()	6	1
B	fetchNewAccessToken()	27	3
B	getAccessTokenFromCode()	40	5
B	getCode()	33	6
A	establishCSRFTokenState()	7	2
A	clearStorage()	6	1
A	getStorage()	8	2
A	setStorage()	6	1
A	getRequestManager()	4	1
B	getLoginUrl()	36	6

<?php

namespace Happyr\LinkedIn;

use Happyr\LinkedIn\Exception\LinkedInTransferException;
use Happyr\LinkedIn\Exception\LinkedInException;
use Happyr\LinkedIn\Http\GlobalVariableGetter;
use Happyr\LinkedIn\Http\RequestManager;
use Happyr\LinkedIn\Http\ResponseConverter;
use Happyr\LinkedIn\Http\UrlGeneratorInterface;
use Happyr\LinkedIn\Storage\DataStorageInterface;
use Happyr\LinkedIn\Storage\SessionStorage;

/**
 * This class is responseble for the authentication process with LinkedIn.
 *
 * @author Tobias Nyholm <[email protected]>
 */
class Authenticator
{
    /**
     * The application ID.
     *
     * @var string
     */
    protected $appId;

    /**
     * The application secret.
     *
     * @var string
     */
    protected $appSecret;

    /**
     * A storage to use to store data between requests.
     *
     * @var DataStorageInterface storage
     */
    private $storage;

    /**
     * @var RequestManager
     */
    private $requestManager;

    /**
     * @param RequestManager $requestManager
     * @param string         $appId
     * @param string         $appSecret
     */
    public function __construct(RequestManager $requestManager, $appId, $appSecret)
    {
        $this->appId = $appId;
        $this->appSecret = $appSecret;
        $this->requestManager = $requestManager;
    }

    /**
     * Tries to get a new access token from data storage or code. If it fails, it will return null.
     *
     * @param UrlGeneratorInterface $urlGenerator
     *
     * @return AccessToken|null A valid user access token, or null if one could not be fetched.
     *
     * @throws LinkedInException
     */
    public function fetchNewAccessToken(UrlGeneratorInterface $urlGenerator)
    {
        $storage = $this->getStorage();
        $code = $this->getCode();

        if ($code === null) {
            /*
             * As a fallback, just return whatever is in the persistent
             * store, knowing nothing explicit (signed request, authorization
             *  code, etc.) was present to shadow it.
             */
            return $storage->get('access_token');
        }

        try {
            $accessToken = $this->getAccessTokenFromCode($urlGenerator, $code);
        } catch (LinkedInException $e) {
            // code was bogus, so everything based on it should be invalidated.
            $storage->clearAll();
            throw $e;
        }

        $storage->set('code', $code);
        $storage->set('access_token', $accessToken);

        return $accessToken;
    }

    /**
     * Retrieves an access token for the given authorization code
     * (previously generated from www.linkedin.com on behalf of
     * a specific user). The authorization code is sent to www.linkedin.com
     * and a legitimate access token is generated provided the access token
     * and the user for which it was generated all match, and the user is
     * either logged in to LinkedIn or has granted an offline access permission.
     *
     * @param UrlGeneratorInterface $urlGenerator
     * @param string                $code         An authorization code.
     *
     * @return AccessToken An access token exchanged for the authorization code.
     *
     * @throws LinkedInException
     */
    protected function getAccessTokenFromCode(UrlGeneratorInterface $urlGenerator, $code)
    {
        if (empty($code)) {
            throw new LinkedInException('Could not get access token: The code was empty.');
        }

        $redirectUri = $this->getStorage()->get('redirect_url');
        try {
            $url = $urlGenerator->getUrl('www', 'uas/oauth2/accessToken');
            $headers = ['Content-Type' => 'application/x-www-form-urlencoded'];
            $body = http_build_query(
                [
                    'grant_type' => 'authorization_code',
                    'code' => $code,
                    'redirect_uri' => $redirectUri,
                    'client_id' => $this->appId,
                    'client_secret' => $this->appSecret,
                ]
            );

            $response = ResponseConverter::convertToArray($this->getRequestManager()->sendRequest('POST', $url, $headers, $body));
        } catch (LinkedInTransferException $e) {
            // most likely that user very recently revoked authorization.
            // In any event, we don't have an access token, so throw an exception.
            throw new LinkedInException('Could not get access token: The user may have revoked the authorization response from LinkedIn.com was empty.', $e->getCode(), $e);
        }

        if (empty($response)) {
            throw new LinkedInException('Could not get access token: The response from LinkedIn.com was empty.');
        }

        $tokenData = array_merge(array('access_token' => null, 'expires_in' => null), $response);
        $token = new AccessToken($tokenData['access_token'], $tokenData['expires_in']);

        if (!$token->hasToken()) {
            throw new LinkedInException('Could not get access token: The response from LinkedIn.com did not contain a token.');
        }

        return $token;
    }

    /**
     * Generate a login url.
     *
     * @param UrlGeneratorInterface $urlGenerator
     * @param array                 $options
     *
     * @return string
     */
    public function getLoginUrl(UrlGeneratorInterface $urlGenerator, $options = array())
    {
        // Generate a state
        $this->establishCSRFTokenState();

        // Build request params
        $requestParams = array_merge(array(
            'response_type' => 'code',
            'client_id' => $this->appId,
            'state' => $this->getStorage()->get('state'),
        ), $options);

        // Look for the redirect URL
        if (isset($options['redirect_uri'])) {
            $requestParams['redirect_uri'] = $options['redirect_uri'];
        } else {
            $requestParams['redirect_uri'] = $urlGenerator->getCurrentUrl();
        }

        // Save the redirect url for later
        $this->getStorage()->set('redirect_url', $requestParams['redirect_uri']);

        // if 'scope' is passed as an array, convert to space separated list
        $scopeParams = isset($options['scope']) ? $options['scope'] : null;
        if ($scopeParams) {
            //if scope is an array
            if (is_array($scopeParams)) {
                $requestParams['scope'] = implode(' ', $scopeParams);
            } elseif (is_string($scopeParams)) {
                //if scope is a string with ',' => make it to an array
                $requestParams['scope'] = str_replace(',', ' ', $scopeParams);
            }
        }

        return $urlGenerator->getUrl('www', 'uas/oauth2/authorization', $requestParams);
    }

    /**
     * Get the authorization code from the query parameters, if it exists,
     * and otherwise return null to signal no authorization code was
     * discovered.
     *
     * @return string|null The authorization code, or null if the authorization code not exists.
     *
     * @throws LinkedInException on invalid CSRF tokens
     */
    protected function getCode()
    {
        $storage = $this->getStorage();

        if (!GlobalVariableGetter::has('code')) {
            return;
        }

        if ($storage->get('code') === GlobalVariableGetter::get('code')) {
            //we have already validated this code
            return;
        }

        // if stored state does not exists
        if (null === $state = $storage->get('state')) {
            throw new LinkedInException('Could not find a stored CSRF state token.');
        }

        // if state not exists in the request
        if (!GlobalVariableGetter::has('state')) {
            throw new LinkedInException('Could not find a CSRF state token in the request.');
        }

        // if state exists in session and in request and if they are not equal
        if ($state !== GlobalVariableGetter::get('state')) {
            throw new LinkedInException('The CSRF state token from the request does not match the stored token.');
        }

        // CSRF state has done its job, so clear it
        $storage->clear('state');

        return GlobalVariableGetter::get('code');
    }

    /**
     * Lays down a CSRF state token for this process.
     */
    protected function establishCSRFTokenState()
    {
        $storage = $this->getStorage();
        if ($storage->get('state') === null) {
            $storage->set('state', md5(uniqid(mt_rand(), true)));
        }
    }

    /**
     * Clear the storage.
     *
     * @return $this
     */
    public function clearStorage()
    {
        $this->getStorage()->clearAll();

        return $this;
    }

    /**
     * @return DataStorageInterface
     */
    protected function getStorage()
    {
        if ($this->storage === null) {
            $this->storage = new SessionStorage();
        }

        return $this->storage;
    }

    /**
     * @param DataStorageInterface $storage
     *
     * @return $this
     */
    public function setStorage(DataStorageInterface $storage)
    {
        $this->storage = $storage;

        return $this;
    }

    /**
     * @return RequestManager
     */
    protected function getRequestManager()
    {
        return $this->requestManager;
    }
}


1			<?php
2
3			namespace Happyr\LinkedIn;
4
5			use Happyr\LinkedIn\Exception\LinkedInTransferException;
6			use Happyr\LinkedIn\Exception\LinkedInException;
7			use Happyr\LinkedIn\Http\GlobalVariableGetter;
8			use Happyr\LinkedIn\Http\RequestManager;
9			use Happyr\LinkedIn\Http\ResponseConverter;
10			use Happyr\LinkedIn\Http\UrlGeneratorInterface;
11			use Happyr\LinkedIn\Storage\DataStorageInterface;
12			use Happyr\LinkedIn\Storage\SessionStorage;
13
14			/**
15			* This class is responseble for the authentication process with LinkedIn.
16			*
17			* @author Tobias Nyholm <[email protected]>
18			*/
19			class Authenticator
20			{
21			/**
22			* The application ID.
23			*
24			* @var string
25			*/
26			protected $appId;
27
28			/**
29			* The application secret.
30			*
31			* @var string
32			*/
33			protected $appSecret;
34
35			/**
36			* A storage to use to store data between requests.
37			*
38			* @var DataStorageInterface storage
39			*/
40			private $storage;
41
42			/**
43			* @var RequestManager
44			*/
45			private $requestManager;
46
47			/**
48			* @param RequestManager $requestManager
49			* @param string $appId
50			* @param string $appSecret
51			*/
52			public function __construct(RequestManager $requestManager, $appId, $appSecret)
53			{
54			$this->appId = $appId;
55			$this->appSecret = $appSecret;
56			$this->requestManager = $requestManager;
57			}
58
59			/**
60			* Tries to get a new access token from data storage or code. If it fails, it will return null.
61			*
62			* @param UrlGeneratorInterface $urlGenerator
63			*
64			* @return AccessToken\|null A valid user access token, or null if one could not be fetched.
65			*
66			* @throws LinkedInException
67			*/
68			public function fetchNewAccessToken(UrlGeneratorInterface $urlGenerator)
69			{
70			$storage = $this->getStorage();
71			$code = $this->getCode();
72
73			if ($code === null) {
74			/*
75			* As a fallback, just return whatever is in the persistent
76			* store, knowing nothing explicit (signed request, authorization
77			* code, etc.) was present to shadow it.
78			*/
79			return $storage->get('access_token');
80			}
81
82			try {
83			$accessToken = $this->getAccessTokenFromCode($urlGenerator, $code);
84			} catch (LinkedInException $e) {
85			// code was bogus, so everything based on it should be invalidated.
86			$storage->clearAll();
87			throw $e;
88			}
89
90			$storage->set('code', $code);
91			$storage->set('access_token', $accessToken);
92
93			return $accessToken;
94			}
95
96			/**
97			* Retrieves an access token for the given authorization code
98			* (previously generated from www.linkedin.com on behalf of
99			* a specific user). The authorization code is sent to www.linkedin.com
100			* and a legitimate access token is generated provided the access token
101			* and the user for which it was generated all match, and the user is
102			* either logged in to LinkedIn or has granted an offline access permission.
103			*
104			* @param UrlGeneratorInterface $urlGenerator
105			* @param string $code An authorization code.
106			*
107			* @return AccessToken An access token exchanged for the authorization code.
108			*
109			* @throws LinkedInException
110			*/
111			protected function getAccessTokenFromCode(UrlGeneratorInterface $urlGenerator, $code)
112			{
113			if (empty($code)) {
114			throw new LinkedInException('Could not get access token: The code was empty.');
115			}
116
117			$redirectUri = $this->getStorage()->get('redirect_url');
118			try {
119			$url = $urlGenerator->getUrl('www', 'uas/oauth2/accessToken');
120			$headers = ['Content-Type' => 'application/x-www-form-urlencoded'];
121			$body = http_build_query(
122			[
123			'grant_type' => 'authorization_code',
124			'code' => $code,
125			'redirect_uri' => $redirectUri,
126			'client_id' => $this->appId,
127			'client_secret' => $this->appSecret,
128			]
129			);
130
131			$response = ResponseConverter::convertToArray($this->getRequestManager()->sendRequest('POST', $url, $headers, $body));
132			} catch (LinkedInTransferException $e) {
133			// most likely that user very recently revoked authorization.
134			// In any event, we don't have an access token, so throw an exception.
135			throw new LinkedInException('Could not get access token: The user may have revoked the authorization response from LinkedIn.com was empty.', $e->getCode(), $e);
136			}
137
138			if (empty($response)) {
139			throw new LinkedInException('Could not get access token: The response from LinkedIn.com was empty.');
140			}
141
142			$tokenData = array_merge(array('access_token' => null, 'expires_in' => null), $response);
143			$token = new AccessToken($tokenData['access_token'], $tokenData['expires_in']);
144
145			if (!$token->hasToken()) {
146			throw new LinkedInException('Could not get access token: The response from LinkedIn.com did not contain a token.');
147			}
148
149			return $token;
150			}
151
152			/**
153			* Generate a login url.
154			*
155			* @param UrlGeneratorInterface $urlGenerator
156			* @param array $options
157			*
158			* @return string
159			*/
160			public function getLoginUrl(UrlGeneratorInterface $urlGenerator, $options = array())
161			{
162			// Generate a state
163			$this->establishCSRFTokenState();
164
165			// Build request params
166			$requestParams = array_merge(array(
167			'response_type' => 'code',
168			'client_id' => $this->appId,
169			'state' => $this->getStorage()->get('state'),
170			), $options);
171
172			// Look for the redirect URL
173			if (isset($options['redirect_uri'])) {
174			$requestParams['redirect_uri'] = $options['redirect_uri'];
175			} else {
176			$requestParams['redirect_uri'] = $urlGenerator->getCurrentUrl();
177			}
178
179			// Save the redirect url for later
180			$this->getStorage()->set('redirect_url', $requestParams['redirect_uri']);
181
182			// if 'scope' is passed as an array, convert to space separated list
183			$scopeParams = isset($options['scope']) ? $options['scope'] : null;
184			if ($scopeParams) {
185			//if scope is an array
186			if (is_array($scopeParams)) {
187			$requestParams['scope'] = implode(' ', $scopeParams);
188			} elseif (is_string($scopeParams)) {
189			//if scope is a string with ',' => make it to an array
190			$requestParams['scope'] = str_replace(',', ' ', $scopeParams);
191			}
192			}
193
194			return $urlGenerator->getUrl('www', 'uas/oauth2/authorization', $requestParams);
195			}
196
197			/**
198			* Get the authorization code from the query parameters, if it exists,
199			* and otherwise return null to signal no authorization code was
200			* discovered.
201			*
202			* @return string\|null The authorization code, or null if the authorization code not exists.
203			*
204			* @throws LinkedInException on invalid CSRF tokens
205			*/
206			protected function getCode()
207			{
208			$storage = $this->getStorage();
209
210			if (!GlobalVariableGetter::has('code')) {
211			return;
212			}
213
214			if ($storage->get('code') === GlobalVariableGetter::get('code')) {
215			//we have already validated this code
216			return;
217			}
218
219			// if stored state does not exists
220			if (null === $state = $storage->get('state')) {
221			throw new LinkedInException('Could not find a stored CSRF state token.');
222			}
223
224			// if state not exists in the request
225			if (!GlobalVariableGetter::has('state')) {
226			throw new LinkedInException('Could not find a CSRF state token in the request.');
227			}
228
229			// if state exists in session and in request and if they are not equal
230			if ($state !== GlobalVariableGetter::get('state')) {
231			throw new LinkedInException('The CSRF state token from the request does not match the stored token.');
232			}
233
234			// CSRF state has done its job, so clear it
235			$storage->clear('state');
236
237			return GlobalVariableGetter::get('code');
238			}
239
240			/**
241			* Lays down a CSRF state token for this process.
242			*/
243			protected function establishCSRFTokenState()
244			{
245			$storage = $this->getStorage();
246			if ($storage->get('state') === null) {
247			$storage->set('state', md5(uniqid(mt_rand(), true)));
248			}
249			}
250
251			/**
252			* Clear the storage.
253			*
254			* @return $this
255			*/
256			public function clearStorage()
257			{
258			$this->getStorage()->clearAll();
259
260			return $this;
261			}
262
263			/**
264			* @return DataStorageInterface
265			*/
266			protected function getStorage()
267			{
268			if ($this->storage === null) {
269			$this->storage = new SessionStorage();
270			}
271
272			return $this->storage;
273			}
274
275			/**
276			* @param DataStorageInterface $storage
277			*
278			* @return $this
279			*/
280			public function setStorage(DataStorageInterface $storage)
281			{
282			$this->storage = $storage;
283
284			return $this;
285			}
286
287			/**
288			* @return RequestManager
289			*/
290			protected function getRequestManager()
291			{
292			return $this->requestManager;
293			}
294			}
295

Happyr / LinkedIn-API-client

Pull Request — master (#73)

Authenticator A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

10 Methods

Duplication Side-by-Side

Filter issues like