Authenticator - Code Metrics - Inspection of "Issue 133" - Happyr/LinkedIn-API-client - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#134)

by Tobias

created 2016-12-07 10:13 UTC

Authenticator A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	258
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	8

Test Coverage

Coverage

91.49%

Importance

Changes

Metric	Value
wmc	29
lcom	1
cbo	8
dl	0
loc	258
ccs	86
cts	94
cp	0.9149
rs	10
c	0
b	0
f	0

10 Methods

Rating	Name	Size	Complexity
A	__construct()	6	1
B	fetchNewAccessToken()	27	3
B	getAccessTokenFromCode()	40	5
B	getCode()	33	6
B	getLoginUrl()	30	6
A	establishCSRFTokenState()	10	3
A	clearStorage()	6	1
A	getStorage()	8	2
A	setStorage()	6	1
A	getRequestManager()	4	1

<?php

namespace Happyr\LinkedIn;

use Happyr\LinkedIn\Exception\LinkedInTransferException;
use Happyr\LinkedIn\Exception\LinkedInException;
use Happyr\LinkedIn\Http\GlobalVariableGetter;
use Happyr\LinkedIn\Http\LinkedInUrlGeneratorInterface;
use Happyr\LinkedIn\Http\RequestManager;
use Happyr\LinkedIn\Http\RequestManagerInterface;
use Happyr\LinkedIn\Http\ResponseConverter;
use Happyr\LinkedIn\Storage\DataStorageInterface;
use Happyr\LinkedIn\Storage\SessionStorage;

/**
 * @author Tobias Nyholm <[email protected]>
 */
class Authenticator implements AuthenticatorInterface
{
    /**
     * The application ID.
     *
     * @var string
     */
    protected $appId;

    /**
     * The application secret.
     *
     * @var string
     */
    protected $appSecret;

    /**
     * A storage to use to store data between requests.
     *
     * @var DataStorageInterface storage
     */
    private $storage;

    /**
     * @var RequestManagerInterface
     */
    private $requestManager;

    /**
     * @param RequestManagerInterface $requestManager
     * @param string                  $appId
     * @param string                  $appSecret
     */
    public function __construct(RequestManagerInterface $requestManager, $appId, $appSecret)
    {
        $this->appId = $appId;
        $this->appSecret = $appSecret;
        $this->requestManager = $requestManager;
    }

    /**
     * {@inheritdoc}
     */
    public function fetchNewAccessToken(LinkedInUrlGeneratorInterface $urlGenerator)
    {
        $storage = $this->getStorage();
        $code = $this->getCode();

        if ($code === null) {
            /*
             * As a fallback, just return whatever is in the persistent
             * store, knowing nothing explicit (signed request, authorization
             *  code, etc.) was present to shadow it.
             */
            return $storage->get('access_token');
        }

        try {
            $accessToken = $this->getAccessTokenFromCode($urlGenerator, $code);
        } catch (LinkedInException $e) {
            // code was bogus, so everything based on it should be invalidated.
            $storage->clearAll();
            throw $e;
        }

        $storage->set('code', $code);
        $storage->set('access_token', $accessToken);

        return $accessToken;
    }

    /**
     * Retrieves an access token for the given authorization code
     * (previously generated from www.linkedin.com on behalf of
     * a specific user). The authorization code is sent to www.linkedin.com
     * and a legitimate access token is generated provided the access token
     * and the user for which it was generated all match, and the user is
     * either logged in to LinkedIn or has granted an offline access permission.
     *
     * @param LinkedInUrlGeneratorInterface $urlGenerator
     * @param string                        $code         An authorization code.
     *
     * @return AccessToken An access token exchanged for the authorization code.
     *
     * @throws LinkedInException
     */
    protected function getAccessTokenFromCode(LinkedInUrlGeneratorInterface $urlGenerator, $code)
    {
        if (empty($code)) {
            throw new LinkedInException('Could not get access token: The code was empty.');
        }

        $redirectUri = $this->getStorage()->get('redirect_uri');
        try {
            $url = $urlGenerator->getUrl('www', 'oauth/v2/accessToken');
            $headers = ['Content-Type' => 'application/x-www-form-urlencoded'];
            $body = http_build_query(
                [
                    'grant_type' => 'authorization_code',
                    'code' => $code,
                    'redirect_uri' => $redirectUri,
                    'client_id' => $this->appId,
                    'client_secret' => $this->appSecret,
                ]
            );

            $response = ResponseConverter::convertToArray($this->getRequestManager()->sendRequest('POST', $url, $headers, $body));
        } catch (LinkedInTransferException $e) {
            // most likely that user very recently revoked authorization.
            // In any event, we don't have an access token, so throw an exception.
            throw new LinkedInException('Could not get access token: The user may have revoked the authorization response from LinkedIn.com was empty.', $e->getCode(), $e);
        }

        if (empty($response)) {
            throw new LinkedInException('Could not get access token: The response from LinkedIn.com was empty.');
        }

        $tokenData = array_merge(['access_token' => null, 'expires_in' => null], $response);
        $token = new AccessToken($tokenData['access_token'], $tokenData['expires_in']);

        if (!$token->hasToken()) {
            throw new LinkedInException('Could not get access token: The response from LinkedIn.com did not contain a token.');
        }

        return $token;
    }

    /**
     * {@inheritdoc}
     */
    public function getLoginUrl(LinkedInUrlGeneratorInterface $urlGenerator, $options = [])
    {
        // Generate a state
        $this->establishCSRFTokenState(isset($options['state'])?$options['state']:null);

        // Build request params
        $requestParams = array_merge([
            'response_type' => 'code',
            'client_id' => $this->appId,
            'state' => $this->getStorage()->get('state'),
            'redirect_uri' => null,
        ], $options);

        // Save the redirect url for later
        $this->getStorage()->set('redirect_uri', $requestParams['redirect_uri']);

        // if 'scope' is passed as an array, convert to space separated list
        $scopeParams = isset($options['scope']) ? $options['scope'] : null;
        if ($scopeParams) {
            //if scope is an array
            if (is_array($scopeParams)) {
                $requestParams['scope'] = implode(' ', $scopeParams);
            } elseif (is_string($scopeParams)) {
                //if scope is a string with ',' => make it to an array
                $requestParams['scope'] = str_replace(',', ' ', $scopeParams);
            }
        }

        return $urlGenerator->getUrl('www', 'oauth/v2/authorization', $requestParams);
    }

    /**
     * Get the authorization code from the query parameters, if it exists,
     * and otherwise return null to signal no authorization code was
     * discovered.
     *
     * @return string|null The authorization code, or null if the authorization code not exists.
     *
     * @throws LinkedInException on invalid CSRF tokens
     */
    protected function getCode()
    {
        $storage = $this->getStorage();

        if (!GlobalVariableGetter::has('code')) {
            return;
        }

        if ($storage->get('code') === GlobalVariableGetter::get('code')) {
            //we have already validated this code
            return;
        }

        // if stored state does not exists
        if (null === $state = $storage->get('state')) {
            throw new LinkedInException('Could not find a stored CSRF state token.');
        }

        // if state not exists in the request
        if (!GlobalVariableGetter::has('state')) {
            throw new LinkedInException('Could not find a CSRF state token in the request.');
        }

        // if state exists in session and in request and if they are not equal
        if ($state !== GlobalVariableGetter::get('state')) {
            throw new LinkedInException('The CSRF state token from the request does not match the stored token.');
        }

        // CSRF state has done its job, so clear it
        $storage->clear('state');

        return GlobalVariableGetter::get('code');
    }

    /**
     * Lays down a CSRF state token for this process.
     */
    protected function establishCSRFTokenState($predefinedState = null)
    {
        $storage = $this->getStorage();
        if ($storage->get('state') === null) {
            if ($predefinedState === null) {
                $predefinedState = md5(uniqid(mt_rand(), true));
            }
            $storage->set('state', $predefinedState);
        }
    }

    /**
     * {@inheritdoc}
     */
    public function clearStorage()
    {
        $this->getStorage()->clearAll();

        return $this;
    }

    /**
     * @return DataStorageInterface
     */
    protected function getStorage()
    {
        if ($this->storage === null) {
            $this->storage = new SessionStorage();
        }

        return $this->storage;
    }

    /**
     * {@inheritdoc}
     */
    public function setStorage(DataStorageInterface $storage)
    {
        $this->storage = $storage;

        return $this;
    }

    /**
     * @return RequestManager
     */
    protected function getRequestManager()
    {
        return $this->requestManager;
    }
}


1		<?php
2
3		namespace Happyr\LinkedIn;
4
5		use Happyr\LinkedIn\Exception\LinkedInTransferException;
6		use Happyr\LinkedIn\Exception\LinkedInException;
7		use Happyr\LinkedIn\Http\GlobalVariableGetter;
8		use Happyr\LinkedIn\Http\LinkedInUrlGeneratorInterface;
9		use Happyr\LinkedIn\Http\RequestManager;
10		use Happyr\LinkedIn\Http\RequestManagerInterface;
11		use Happyr\LinkedIn\Http\ResponseConverter;
12		use Happyr\LinkedIn\Storage\DataStorageInterface;
13		use Happyr\LinkedIn\Storage\SessionStorage;
14
15		/**
16		* @author Tobias Nyholm <[email protected]>
17		*/
18		class Authenticator implements AuthenticatorInterface
19		{
20		/**
21		* The application ID.
22		*
23		* @var string
24		*/
25		protected $appId;
26
27		/**
28		* The application secret.
29		*
30		* @var string
31		*/
32		protected $appSecret;
33
34		/**
35		* A storage to use to store data between requests.
36		*
37		* @var DataStorageInterface storage
38		*/
39		private $storage;
40
41		/**
42		* @var RequestManagerInterface
43		*/
44		private $requestManager;
45
46		/**
47		* @param RequestManagerInterface $requestManager
48		* @param string $appId
49		* @param string $appSecret
50		*/
51	14	public function __construct(RequestManagerInterface $requestManager, $appId, $appSecret)
52		{
53	14	$this->appId = $appId;
54	14	$this->appSecret = $appSecret;
55	14	$this->requestManager = $requestManager;
56	14	}
57
58		/**
59		* {@inheritdoc}
60		*/
61	3	public function fetchNewAccessToken(LinkedInUrlGeneratorInterface $urlGenerator)
62		{
63	3	$storage = $this->getStorage();
64	3	$code = $this->getCode();
65
66	3	if ($code === null) {
67		/*
68		* As a fallback, just return whatever is in the persistent
69		* store, knowing nothing explicit (signed request, authorization
70		* code, etc.) was present to shadow it.
71		*/
72	1	return $storage->get('access_token');
73		}
74
75		try {
76	2	$accessToken = $this->getAccessTokenFromCode($urlGenerator, $code);
77	2	} catch (LinkedInException $e) {
78		// code was bogus, so everything based on it should be invalidated.
79	1	$storage->clearAll();
80	1	throw $e;
81		}
82
83	1	$storage->set('code', $code);
84	1	$storage->set('access_token', $accessToken);
85
86	1	return $accessToken;
87		}
88
89		/**
90		* Retrieves an access token for the given authorization code
91		* (previously generated from www.linkedin.com on behalf of
92		* a specific user). The authorization code is sent to www.linkedin.com
93		* and a legitimate access token is generated provided the access token
94		* and the user for which it was generated all match, and the user is
95		* either logged in to LinkedIn or has granted an offline access permission.
96		*
97		* @param LinkedInUrlGeneratorInterface $urlGenerator
98		* @param string $code An authorization code.
99		*
100		* @return AccessToken An access token exchanged for the authorization code.
101		*
102		* @throws LinkedInException
103		*/
104	6	protected function getAccessTokenFromCode(LinkedInUrlGeneratorInterface $urlGenerator, $code)
105		{
106	6	if (empty($code)) {
107	3	throw new LinkedInException('Could not get access token: The code was empty.');
108		}
109
110	3	$redirectUri = $this->getStorage()->get('redirect_uri');
111		try {
112	3	$url = $urlGenerator->getUrl('www', 'oauth/v2/accessToken');
113	3	$headers = ['Content-Type' => 'application/x-www-form-urlencoded'];
114	3	$body = http_build_query(
115		[
116	3	'grant_type' => 'authorization_code',
117	3	'code' => $code,
118	3	'redirect_uri' => $redirectUri,
119	3	'client_id' => $this->appId,
120	3	'client_secret' => $this->appSecret,
121		]
122	3	);
123
124	3	$response = ResponseConverter::convertToArray($this->getRequestManager()->sendRequest('POST', $url, $headers, $body));
125	3	} catch (LinkedInTransferException $e) {
126		// most likely that user very recently revoked authorization.
127		// In any event, we don't have an access token, so throw an exception.
128		throw new LinkedInException('Could not get access token: The user may have revoked the authorization response from LinkedIn.com was empty.', $e->getCode(), $e);
129		}
130
131	3	if (empty($response)) {
132	1	throw new LinkedInException('Could not get access token: The response from LinkedIn.com was empty.');
133		}
134
135	2	$tokenData = array_merge(['access_token' => null, 'expires_in' => null], $response);
136	2	$token = new AccessToken($tokenData['access_token'], $tokenData['expires_in']);
137
138	2	if (!$token->hasToken()) {
139	1	throw new LinkedInException('Could not get access token: The response from LinkedIn.com did not contain a token.');
140		}
141
142	1	return $token;
143		}
144
145		/**
146		* {@inheritdoc}
147		*/
148	1	public function getLoginUrl(LinkedInUrlGeneratorInterface $urlGenerator, $options = [])
149		{
150		// Generate a state
151	1	$this->establishCSRFTokenState(isset($options['state'])?$options['state']:null);
152
153		// Build request params
154	1	$requestParams = array_merge([
155	1	'response_type' => 'code',
156	1	'client_id' => $this->appId,
157	1	'state' => $this->getStorage()->get('state'),
158	1	'redirect_uri' => null,
159	1	], $options);
160
161		// Save the redirect url for later
162	1	$this->getStorage()->set('redirect_uri', $requestParams['redirect_uri']);
163
164		// if 'scope' is passed as an array, convert to space separated list
165	1	$scopeParams = isset($options['scope']) ? $options['scope'] : null;
166	1	if ($scopeParams) {
167		//if scope is an array
168	1	if (is_array($scopeParams)) {
169	1	$requestParams['scope'] = implode(' ', $scopeParams);
170	1	} elseif (is_string($scopeParams)) {
171		//if scope is a string with ',' => make it to an array
172		$requestParams['scope'] = str_replace(',', ' ', $scopeParams);
173		}
174	1	}
175
176	1	return $urlGenerator->getUrl('www', 'oauth/v2/authorization', $requestParams);
177		}
178
179		/**
180		* Get the authorization code from the query parameters, if it exists,
181		* and otherwise return null to signal no authorization code was
182		* discovered.
183		*
184		* @return string\|null The authorization code, or null if the authorization code not exists.
185		*
186		* @throws LinkedInException on invalid CSRF tokens
187		*/
188	4	protected function getCode()
189		{
190	4	$storage = $this->getStorage();
191
192	4	if (!GlobalVariableGetter::has('code')) {
193	1	return;
194		}
195
196	3	if ($storage->get('code') === GlobalVariableGetter::get('code')) {
197		//we have already validated this code
198	1	return;
199		}
200
201		// if stored state does not exists
202	2	if (null === $state = $storage->get('state')) {
203		throw new LinkedInException('Could not find a stored CSRF state token.');
204		}
205
206		// if state not exists in the request
207	2	if (!GlobalVariableGetter::has('state')) {
208		throw new LinkedInException('Could not find a CSRF state token in the request.');
209		}
210
211		// if state exists in session and in request and if they are not equal
212	2	if ($state !== GlobalVariableGetter::get('state')) {
213	1	throw new LinkedInException('The CSRF state token from the request does not match the stored token.');
214		}
215
216		// CSRF state has done its job, so clear it
217	1	$storage->clear('state');
218
219	1	return GlobalVariableGetter::get('code');
220		}
221
222		/**
223		* Lays down a CSRF state token for this process.
224		*/
225	1	protected function establishCSRFTokenState($predefinedState = null)
226		{
227	1	$storage = $this->getStorage();
228	1	if ($storage->get('state') === null) {
229	1	if ($predefinedState === null) {
230	1	$predefinedState = md5(uniqid(mt_rand(), true));
231	1	}
232	1	$storage->set('state', $predefinedState);
233	1	}
234	1	}
235
236		/**
237		* {@inheritdoc}
238		*/
239		public function clearStorage()
240		{
241		$this->getStorage()->clearAll();
242
243		return $this;
244		}
245
246		/**
247		* @return DataStorageInterface
248		*/
249	2	protected function getStorage()
250		{
251	2	if ($this->storage === null) {
252	2	$this->storage = new SessionStorage();
253	2	}
254
255	2	return $this->storage;
256		}
257
258		/**
259		* {@inheritdoc}
260		*/
261	1	public function setStorage(DataStorageInterface $storage)
262		{
263	1	$this->storage = $storage;
264
265	1	return $this;
266		}
267
268		/**
269		* @return RequestManager
270		*/
271	3	protected function getRequestManager()
272		{
273	3	return $this->requestManager;
274		}
275		}
276

Happyr / LinkedIn-API-client

Pull Request — master (#134)

Authenticator A

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

10 Methods

Duplication Side-by-Side

Filter issues like