UserinfoEndpointAlgorithmsRule - Code Metrics - Inspection of "Bugs fixed, Security Bundle added" - OAuth2-Framework/oauth2-framework - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — master ( cccd95...989cb2 )

by Florent

created 2018-04-17 23:13 UTC

UserinfoEndpointAlgorithmsRule A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	57
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	1

Importance

Changes

Metric	Value
dl	0
loc	57
c	0
b	0
f	0
wmc	10
lcom	1
cbo	1
rs	10

3 Methods

Rating	Name	Size	Complexity
A	__construct()	5	1
B	handle()	16	6
A	checkAlgorithms()	7	3

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2018 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace OAuth2Framework\Component\OpenIdConnect\Rule;

use Jose\Component\Encryption\JWEBuilder;
use Jose\Component\Signature\JWSBuilder;
use OAuth2Framework\Component\ClientRule\Rule;
use OAuth2Framework\Component\Core\Client\ClientId;
use OAuth2Framework\Component\Core\DataBag\DataBag;

class UserinfoEndpointAlgorithmsRule implements Rule
{
    /**
     * @var JWSBuilder|null
     */
    private $jwsBuilder;

    /**
     * @var JWEBuilder|null
     */
    private $jweBuilder;

    /**
     * UserinfoEndpointAlgorithmsRule constructor.
     *
     * @param JWSBuilder|null $jwsBuilder
     * @param JWEBuilder|null $jweBuilder
     */
    public function __construct(?JWSBuilder $jwsBuilder, ?JWEBuilder $jweBuilder)
    {
        $this->jwsBuilder = $jwsBuilder;
        $this->jweBuilder = $jweBuilder;
    }

    /**
     * {@inheritdoc}
     */
    public function handle(ClientId $clientId, DataBag $commandParameters, DataBag $validatedParameters, callable $next): DataBag
    {
        if ($commandParameters->has('userinfo_signed_response_alg') && null !== $this->jwsBuilder) {
            $this->checkAlgorithms('userinfo_signed_response_alg', $commandParameters, $this->jwsBuilder->getSignatureAlgorithmManager()->list());
            $validatedParameters = $validatedParameters->with('userinfo_signed_response_alg', $commandParameters->get('userinfo_signed_response_alg'));
        }

        if ($commandParameters->has('userinfo_encrypted_response_alg') && $commandParameters->has('userinfo_encrypted_response_enc') && null !== $this->jweBuilder) {
            $this->checkAlgorithms('userinfo_encrypted_response_alg', $commandParameters, $this->jwsBuilder->getSignatureAlgorithmManager()->list());
            $validatedParameters = $validatedParameters->with('userinfo_encrypted_response_alg', $commandParameters->get('userinfo_encrypted_response_alg'));
            $this->checkAlgorithms('userinfo_encrypted_response_enc', $commandParameters, $this->jwsBuilder->getSignatureAlgorithmManager()->list());
            $validatedParameters = $validatedParameters->with('userinfo_encrypted_response_enc', $commandParameters->get('userinfo_encrypted_response_enc'));
        }

        return $next($clientId, $commandParameters, $validatedParameters);
    }

    /**
     * @param string  $parameter
     * @param DataBag $commandParameters
     * @param array   $allowedAlgorithms
     */
    private function checkAlgorithms(string $parameter, DataBag $commandParameters, array $allowedAlgorithms)
    {
        $algorithm = $commandParameters->get($parameter);
        if (!is_string($algorithm) || !in_array($algorithm, $allowedAlgorithms)) {
            throw new \InvalidArgumentException(sprintf('The parameter "%s" must be an algorithm supported by this server. Please choose one of the following value(s): %s', $parameter, implode(', ', $allowedAlgorithms)));
        }
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2018 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace OAuth2Framework\Component\OpenIdConnect\Rule;
15
16			use Jose\Component\Encryption\JWEBuilder;
17			use Jose\Component\Signature\JWSBuilder;
18			use OAuth2Framework\Component\ClientRule\Rule;
19			use OAuth2Framework\Component\Core\Client\ClientId;
20			use OAuth2Framework\Component\Core\DataBag\DataBag;
21
22			class UserinfoEndpointAlgorithmsRule implements Rule
23			{
24			/**
25			* @var JWSBuilder\|null
26			*/
27			private $jwsBuilder;
28
29			/**
30			* @var JWEBuilder\|null
31			*/
32			private $jweBuilder;
33
34			/**
35			* UserinfoEndpointAlgorithmsRule constructor.
36			*
37			* @param JWSBuilder\|null $jwsBuilder
38			* @param JWEBuilder\|null $jweBuilder
39			*/
40			public function __construct(?JWSBuilder $jwsBuilder, ?JWEBuilder $jweBuilder)
41			{
42			$this->jwsBuilder = $jwsBuilder;
43			$this->jweBuilder = $jweBuilder;
44			}
45
46			/**
47			* {@inheritdoc}
48			*/
49			public function handle(ClientId $clientId, DataBag $commandParameters, DataBag $validatedParameters, callable $next): DataBag
50			{
51			if ($commandParameters->has('userinfo_signed_response_alg') && null !== $this->jwsBuilder) {
52			$this->checkAlgorithms('userinfo_signed_response_alg', $commandParameters, $this->jwsBuilder->getSignatureAlgorithmManager()->list());
53			$validatedParameters = $validatedParameters->with('userinfo_signed_response_alg', $commandParameters->get('userinfo_signed_response_alg'));
54			}
55
56			if ($commandParameters->has('userinfo_encrypted_response_alg') && $commandParameters->has('userinfo_encrypted_response_enc') && null !== $this->jweBuilder) {
57			$this->checkAlgorithms('userinfo_encrypted_response_alg', $commandParameters, $this->jwsBuilder->getSignatureAlgorithmManager()->list());
58			$validatedParameters = $validatedParameters->with('userinfo_encrypted_response_alg', $commandParameters->get('userinfo_encrypted_response_alg'));
59			$this->checkAlgorithms('userinfo_encrypted_response_enc', $commandParameters, $this->jwsBuilder->getSignatureAlgorithmManager()->list());
60			$validatedParameters = $validatedParameters->with('userinfo_encrypted_response_enc', $commandParameters->get('userinfo_encrypted_response_enc'));
61			}
62
63			return $next($clientId, $commandParameters, $validatedParameters);
64			}
65
66			/**
67			* @param string $parameter
68			* @param DataBag $commandParameters
69			* @param array $allowedAlgorithms
70			*/
71			private function checkAlgorithms(string $parameter, DataBag $commandParameters, array $allowedAlgorithms)
72			{
73			$algorithm = $commandParameters->get($parameter);
74			if (!is_string($algorithm) \|\| !in_array($algorithm, $allowedAlgorithms)) {
75			throw new \InvalidArgumentException(sprintf('The parameter "%s" must be an algorithm supported by this server. Please choose one of the following value(s): %s', $parameter, implode(', ', $allowedAlgorithms)));
76			}
77			}
78			}
79

OAuth2-Framework / oauth2-framework

Push — master ( cccd95...989cb2 )

UserinfoEndpointAlgorithmsRule A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

3 Methods

Duplication Side-by-Side

Filter issues like