TokenEndpointScopeExtension - Code Metrics - Inspection of "Tests added and Token Endpoint Scope Extension fix..." - OAuth2-Framework/oauth2-framework - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — ng ( 935f22...b3431d )

by Florent

created 2018-01-21 08:37 UTC

TokenEndpointScopeExtension A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	114
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	6

Importance

Changes

Metric	Value
wmc	15
lcom	1
cbo	6
dl	0
loc	114
rs	10
c	0
b	0
f	0

7 Methods

Rating	Name	Size	Complexity
A	__construct()	5	1
A	beforeAccessTokenIssuance()	14	2
A	afterAccessTokenIssuance()	4	1
A	getScope()	9	3
A	applyScopePolicy()	8	2
A	checkRequestedScopeIsAvailable()	14	4
A	getAvailableScopesForClient()	4	2

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2018 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace OAuth2Framework\Component\Server\Scope;

use OAuth2Framework\Component\Server\Core\AccessToken\AccessToken;
use OAuth2Framework\Component\Server\Core\Client\Client;
use OAuth2Framework\Component\Server\Core\ResourceOwner\ResourceOwner;
use OAuth2Framework\Component\Server\TokenEndpoint\Extension\TokenEndpointExtension;
use OAuth2Framework\Component\Server\TokenEndpoint\GrantTypeData;
use OAuth2Framework\Component\Server\TokenEndpoint\GrantType;
use OAuth2Framework\Component\Server\Scope\Policy\ScopePolicyManager;
use OAuth2Framework\Component\Server\Core\Response\OAuth2Exception;
use Psr\Http\Message\ServerRequestInterface;

final class TokenEndpointScopeExtension implements TokenEndpointExtension
{
    /**
     * @var ScopeRepository
     */
    private $scopeRepository;

    /**
     * @var ScopePolicyManager
     */
    private $scopePolicyManager;

    /**
     * ScopeProcessor constructor.
     *
     * @param ScopeRepository         $scopeRepository
     * @param ScopePolicyManager $scopePolicyManager
     */
    public function __construct(ScopeRepository $scopeRepository, ScopePolicyManager $scopePolicyManager)
    {
        $this->scopeRepository = $scopeRepository;
        $this->scopePolicyManager = $scopePolicyManager;
    }

    /**
     * {@inheritdoc}
     */
    public function beforeAccessTokenIssuance(ServerRequestInterface $request, GrantTypeData $grantTypeData, GrantType $grantType, callable $next): GrantTypeData
    {
        /** @var GrantTypeData $grantTypeData */
        $grantTypeData = $next($request, $grantTypeData, $grantType);
        $scope = $this->getScope($request, $grantTypeData);
        $scope = $this->applyScopePolicy($scope, $grantTypeData->getClient());
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}
        $this->checkRequestedScopeIsAvailable($scope, $grantTypeData);

        if (!empty($scope)) {
            $grantTypeData = $grantTypeData->withParameter('scope', $scope);
        }

        return $grantTypeData;
    }

    /**
     * {@inheritdoc}
     */
    public function afterAccessTokenIssuance(Client $client, ResourceOwner $resourceOwner, AccessToken $accessToken, callable $next): array
    {
        return $next($client, $resourceOwner, $accessToken);
    }

    /**
     * @param ServerRequestInterface $request
     * @param GrantTypeData          $grantTypeData
     *
     * @return string
     */
    private function getScope(ServerRequestInterface $request, GrantTypeData $grantTypeData): string
    {
        $params = $request->getParsedBody() ?? [];
        if (!array_key_exists('scope', $params)) {
            return $grantTypeData->hasParameter('scope') ? $grantTypeData->getParameter('scope') : '';
        }

        return $params['scope'];
    }

    /**
     * @param string $scope
     * @param Client $client
     *
     * @return string
     *
     * @throws OAuth2Exception
     */
    private function applyScopePolicy(string $scope, Client $client): string
    {
        try {
            return $this->scopePolicyManager->apply($scope, $client);
        } catch (\InvalidArgumentException $e) {
            throw new OAuth2Exception(400, OAuth2Exception::ERROR_INVALID_SCOPE, $e->getMessage(), [], $e);
        }
    }

    /**
     * @param string        $scope
     * @param GrantTypeData $grantTypeData
     *
     * @throws OAuth2Exception
     */
    private function checkRequestedScopeIsAvailable(string $scope, GrantTypeData $grantTypeData)
    {
        // The available scope can be limited by (in this order):
        // * the grant type (e.g. refresh token, authorization code parameter)
        // * the client configuration
        // * the scope repository
        $availableScope = $grantTypeData->hasParameter('scope') ? $grantTypeData->getParameter('scope') : $this->getAvailableScopesForClient($grantTypeData->getClient());
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}
        $availableScopes = explode(' ', $availableScope);
        $requestedScopes = empty($scope) ? [] : explode(' ', $scope);
        $diff = array_diff($requestedScopes, $availableScopes);
        if (0 !== count($diff)) {
            throw new OAuth2Exception(400, OAuth2Exception::ERROR_INVALID_SCOPE, sprintf('An unsupported scope was requested. Available scope is/are: %s.', implode(' ,', $availableScopes)));
        }
    }

    /**
     * @param Client $client
     *
     * @return string
     */
    private function getAvailableScopesForClient(Client $client): string
    {
        return ($client->has('scope')) ? $client->get('scope') : implode(' ', $this->scopeRepository->all());
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2018 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace OAuth2Framework\Component\Server\Scope;
15
16			use OAuth2Framework\Component\Server\Core\AccessToken\AccessToken;
17			use OAuth2Framework\Component\Server\Core\Client\Client;
18			use OAuth2Framework\Component\Server\Core\ResourceOwner\ResourceOwner;
19			use OAuth2Framework\Component\Server\TokenEndpoint\Extension\TokenEndpointExtension;
20			use OAuth2Framework\Component\Server\TokenEndpoint\GrantTypeData;
21			use OAuth2Framework\Component\Server\TokenEndpoint\GrantType;
22			use OAuth2Framework\Component\Server\Scope\Policy\ScopePolicyManager;
23			use OAuth2Framework\Component\Server\Core\Response\OAuth2Exception;
24			use Psr\Http\Message\ServerRequestInterface;
25
26			final class TokenEndpointScopeExtension implements TokenEndpointExtension
27			{
28			/**
29			* @var ScopeRepository
30			*/
31			private $scopeRepository;
32
33			/**
34			* @var ScopePolicyManager
35			*/
36			private $scopePolicyManager;
37
38			/**
39			* ScopeProcessor constructor.
40			*
41			* @param ScopeRepository $scopeRepository
42			* @param ScopePolicyManager $scopePolicyManager
43			*/
44			public function __construct(ScopeRepository $scopeRepository, ScopePolicyManager $scopePolicyManager)
45			{
46			$this->scopeRepository = $scopeRepository;
47			$this->scopePolicyManager = $scopePolicyManager;
48			}
49
50			/**
51			* {@inheritdoc}
52			*/
53			public function beforeAccessTokenIssuance(ServerRequestInterface $request, GrantTypeData $grantTypeData, GrantType $grantType, callable $next): GrantTypeData
54			{
55			/** @var GrantTypeData $grantTypeData */
56			$grantTypeData = $next($request, $grantTypeData, $grantType);
57			$scope = $this->getScope($request, $grantTypeData);
58			$scope = $this->applyScopePolicy($scope, $grantTypeData->getClient());
			0 ignored issues – show Bug introduced 2018-01-21 08:41 UTC by Report Bug Copy Issue Report It seems like `$grantTypeData->getClient()` can be `null`; however, `applyScopePolicy()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
59			$this->checkRequestedScopeIsAvailable($scope, $grantTypeData);
60
61			if (!empty($scope)) {
62			$grantTypeData = $grantTypeData->withParameter('scope', $scope);
63			}
64
65			return $grantTypeData;
66			}
67
68			/**
69			* {@inheritdoc}
70			*/
71			public function afterAccessTokenIssuance(Client $client, ResourceOwner $resourceOwner, AccessToken $accessToken, callable $next): array
72			{
73			return $next($client, $resourceOwner, $accessToken);
74			}
75
76			/**
77			* @param ServerRequestInterface $request
78			* @param GrantTypeData $grantTypeData
79			*
80			* @return string
81			*/
82			private function getScope(ServerRequestInterface $request, GrantTypeData $grantTypeData): string
83			{
84			$params = $request->getParsedBody() ?? [];
85			if (!array_key_exists('scope', $params)) {
86			return $grantTypeData->hasParameter('scope') ? $grantTypeData->getParameter('scope') : '';
87			}
88
89			return $params['scope'];
90			}
91
92			/**
93			* @param string $scope
94			* @param Client $client
95			*
96			* @return string
97			*
98			* @throws OAuth2Exception
99			*/
100			private function applyScopePolicy(string $scope, Client $client): string
101			{
102			try {
103			return $this->scopePolicyManager->apply($scope, $client);
104			} catch (\InvalidArgumentException $e) {
105			throw new OAuth2Exception(400, OAuth2Exception::ERROR_INVALID_SCOPE, $e->getMessage(), [], $e);
106			}
107			}
108
109			/**
110			* @param string $scope
111			* @param GrantTypeData $grantTypeData
112			*
113			* @throws OAuth2Exception
114			*/
115			private function checkRequestedScopeIsAvailable(string $scope, GrantTypeData $grantTypeData)
116			{
117			// The available scope can be limited by (in this order):
118			// * the grant type (e.g. refresh token, authorization code parameter)
119			// * the client configuration
120			// * the scope repository
121			$availableScope = $grantTypeData->hasParameter('scope') ? $grantTypeData->getParameter('scope') : $this->getAvailableScopesForClient($grantTypeData->getClient());
			0 ignored issues – show Bug introduced 2018-01-21 08:41 UTC by Report Bug Copy Issue Report It seems like `$grantTypeData->getClient()` can be `null`; however, `getAvailableScopesForClient()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
122			$availableScopes = explode(' ', $availableScope);
123			$requestedScopes = empty($scope) ? [] : explode(' ', $scope);
124			$diff = array_diff($requestedScopes, $availableScopes);
125			if (0 !== count($diff)) {
126			throw new OAuth2Exception(400, OAuth2Exception::ERROR_INVALID_SCOPE, sprintf('An unsupported scope was requested. Available scope is/are: %s.', implode(' ,', $availableScopes)));
127			}
128			}
129
130			/**
131			* @param Client $client
132			*
133			* @return string
134			*/
135			private function getAvailableScopesForClient(Client $client): string
136			{
137			return ($client->has('scope')) ? $client->get('scope') : implode(' ', $this->scopeRepository->all());
138			}
139			}
140

OAuth2-Framework / oauth2-framework

Push — ng ( 935f22...b3431d )

TokenEndpointScopeExtension A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

7 Methods

Duplication Side-by-Side

Filter issues like