SectorIdentifierUriRule::checkSectorIdentifierUri() - Code Metrics - Inspection of "Bugs fixed, Security Bundle added" - OAuth2-Framework/oauth2-framework - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — master ( cccd95...989cb2 )

by Florent

created 2018-04-17 23:13 UTC

checkSectorIdentifierUri() C

↳ Parent: SectorIdentifierUriRule

Complexity

Conditions	7
Paths	5

Size

Total Lines	25
Code Lines	13

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	25
c	0
b	0
f	0
rs	6.7272
cc	7
eloc	13
nc	5
nop	1

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2018 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace OAuth2Framework\Component\AuthorizationEndpoint\Rule;

use Http\Client\HttpClient;
use Http\Message\RequestFactory;
use function League\Uri\parse;
use OAuth2Framework\Component\ClientRule\Rule;
use OAuth2Framework\Component\Core\Client\ClientId;
use OAuth2Framework\Component\Core\DataBag\DataBag;

class SectorIdentifierUriRule implements Rule
{
    /**
     * @var HttpClient
     */
    private $client;

    /**
     * @var RequestFactory
     */
    private $requestFactory;

    /**
     * SectorIdentifierUriRule constructor.
     *
     * @param RequestFactory $requestFactory
     * @param HttpClient      $client
     */
    public function __construct(RequestFactory $requestFactory, HttpClient $client)
    {
        $this->requestFactory = $requestFactory;
        $this->client = $client;
    }

    /**
     * {@inheritdoc}
     */
    public function handle(ClientId $clientId, DataBag $commandParameters, DataBag $validatedParameters, callable $next): DataBag
    {
        if ($commandParameters->has('sector_identifier_uri')) {
            $this->checkSectorIdentifierUri($commandParameters->get('sector_identifier_uri'));
            $validatedParameters = $validatedParameters->with('sector_identifier_uri', $commandParameters->get('sector_identifier_uri'));
        }

        return $next($clientId, $commandParameters, $validatedParameters);
    }

    /**
     * @param string $url
     *
     * @throws \InvalidArgumentException
     * @throws \Http\Client\Exception
     */
    private function checkSectorIdentifierUri(string $url)
    {
        $data = parse($url);

        if ($data['scheme'] !== 'https' || $data['host'] === null) {
            throw new \InvalidArgumentException(sprintf('The sector identifier URI "%s" is not valid.', $url));
        }

        $request = $this->requestFactory->createRequest('GET', $url);
        $response = $this->client->sendRequest($request);
        if (200 !== $response->getStatusCode()) {
            throw new \InvalidArgumentException(sprintf('Unable to get Uris from the Sector Identifier Uri "%s".', $url));
        }

        $body = $response->getBody()->getContents();
        $data = json_decode($body, true);
        if (!is_array($data) || empty($data)) {
            throw new \InvalidArgumentException('The provided sector identifier URI is not valid: it must contain at least one URI.');
        }
        foreach ($data as $sector_url) {

            //FIXME
            //Assertion::url($sector_url, 'The provided sector identifier URI is not valid: it must contain only URIs.');

            //Assertion::inArray(mb_substr($sector_url, 0, mb_strpos($sector_url, '://', 0, '8bit'), '8bit'), $allowedProtocols, sprintf('An URL provided in the sector identifier URI is not valid: scheme must be one of the following: %s.', implode(', ', $allowedProtocols)));

        }
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2018 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace OAuth2Framework\Component\AuthorizationEndpoint\Rule;
15
16			use Http\Client\HttpClient;
17			use Http\Message\RequestFactory;
18			use function League\Uri\parse;
19			use OAuth2Framework\Component\ClientRule\Rule;
20			use OAuth2Framework\Component\Core\Client\ClientId;
21			use OAuth2Framework\Component\Core\DataBag\DataBag;
22
23			class SectorIdentifierUriRule implements Rule
24			{
25			/**
26			* @var HttpClient
27			*/
28			private $client;
29
30			/**
31			* @var RequestFactory
32			*/
33			private $requestFactory;
34
35			/**
36			* SectorIdentifierUriRule constructor.
37			*
38			* @param RequestFactory $requestFactory
39			* @param HttpClient $client
40			*/
41			public function __construct(RequestFactory $requestFactory, HttpClient $client)
42			{
43			$this->requestFactory = $requestFactory;
44			$this->client = $client;
45			}
46
47			/**
48			* {@inheritdoc}
49			*/
50			public function handle(ClientId $clientId, DataBag $commandParameters, DataBag $validatedParameters, callable $next): DataBag
51			{
52			if ($commandParameters->has('sector_identifier_uri')) {
53			$this->checkSectorIdentifierUri($commandParameters->get('sector_identifier_uri'));
54			$validatedParameters = $validatedParameters->with('sector_identifier_uri', $commandParameters->get('sector_identifier_uri'));
55			}
56
57			return $next($clientId, $commandParameters, $validatedParameters);
58			}
59
60			/**
61			* @param string $url
62			*
63			* @throws \InvalidArgumentException
64			* @throws \Http\Client\Exception
65			*/
66			private function checkSectorIdentifierUri(string $url)
67			{
68			$data = parse($url);
69
70			if ($data['scheme'] !== 'https' \|\| $data['host'] === null) {
71			throw new \InvalidArgumentException(sprintf('The sector identifier URI "%s" is not valid.', $url));
72			}
73
74			$request = $this->requestFactory->createRequest('GET', $url);
75			$response = $this->client->sendRequest($request);
76			if (200 !== $response->getStatusCode()) {
77			throw new \InvalidArgumentException(sprintf('Unable to get Uris from the Sector Identifier Uri "%s".', $url));
78			}
79
80			$body = $response->getBody()->getContents();
81			$data = json_decode($body, true);
82			if (!is_array($data) \|\| empty($data)) {
83			throw new \InvalidArgumentException('The provided sector identifier URI is not valid: it must contain at least one URI.');
84			}
85			foreach ($data as $sector_url) {
			0 ignored issues – show Unused Code introduced 2018-04-17 23:17 UTC by Report Bug Copy Issue Report This `foreach` statement is empty and can be removed. This check looks for `foreach` loops that have no statements or where all statements have been commented out. This may be the result of changes for debugging or the code may simply be obsolete. Consider removing the loop. Loading history...
86			//FIXME
87			//Assertion::url($sector_url, 'The provided sector identifier URI is not valid: it must contain only URIs.');
			0 ignored issues – show Unused Code Comprehensibility introduced 2018-04-17 23:17 UTC by Report Bug Copy Issue Report `70%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
88			//Assertion::inArray(mb_substr($sector_url, 0, mb_strpos($sector_url, '://', 0, '8bit'), '8bit'), $allowedProtocols, sprintf('An URL provided in the sector identifier URI is not valid: scheme must be one of the following: %s.', implode(', ', $allowedProtocols)));
			0 ignored issues – show Unused Code Comprehensibility introduced 2018-04-17 23:17 UTC by Report Bug Copy Issue Report `68%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
89			}
90			}
91			}
92

OAuth2-Framework / oauth2-framework

Push — master ( cccd95...989cb2 )

checkSectorIdentifierUri() C

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like