AuthorizationEndpoint::createAuthorizationFromRequest() - Code Metrics - Inspection of "Merge branch 'ng' of https://github.com/OAuth2-Fra..." - OAuth2-Framework/oauth2-framework - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — ng ( 6dd952...0976bc )

by Florent

created 2018-04-13 13:02 UTC

createAuthorizationFromRequest() A

↳ Parent: AuthorizationEndpoint

Complexity

Conditions	1
Paths	1

Size

Total Lines	7
Code Lines	4

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	7
rs	9.4285
c	0
b	0
f	0
cc	1
eloc	4
nc	1
nop	1

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2018 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace OAuth2Framework\Component\AuthorizationEndpoint;

use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\ParameterCheckerManager;
use OAuth2Framework\Component\AuthorizationEndpoint\UserAccount\UserAccountCheckerManager;
use Psr\Http\Server\RequestHandlerInterface;
use Psr\Http\Server\MiddlewareInterface;
use OAuth2Framework\Component\AuthorizationEndpoint\ConsentScreen\ExtensionManager;
use OAuth2Framework\Component\AuthorizationEndpoint\Exception\OAuth2AuthorizationException;
use OAuth2Framework\Component\AuthorizationEndpoint\UserAccount\UserAccountDiscovery;
use OAuth2Framework\Component\Core\Exception\OAuth2Exception;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;

abstract class AuthorizationEndpoint implements MiddlewareInterface
{
    /**
     * @var UserAccountDiscovery
     */
    private $userAccountDiscovery;

    /**
     * @var UserAccountCheckerManager
     */
    private $userAccountCheckerManager;

    /**
     * @var ExtensionManager
     */
    private $consentScreenExtensionManager;

    /**
     * @var AuthorizationRequestLoader
     */
    private $authorizationRequestLoader;

    /**
     * @var ParameterCheckerManager
     */
    private $parameterCheckerManager;

    /**
     * AuthorizationEndpoint constructor.
     *
     * @param AuthorizationRequestLoader $authorizationRequestLoader
     * @param ParameterCheckerManager $parameterCheckerManager
     * @param UserAccountDiscovery $userAccountDiscovery
     * @param UserAccountCheckerManager $userAccountCheckerManager
     * @param ExtensionManager $consentScreenExtensionManager
     */
    public function __construct(AuthorizationRequestLoader $authorizationRequestLoader, ParameterCheckerManager $parameterCheckerManager, UserAccountDiscovery $userAccountDiscovery, UserAccountCheckerManager $userAccountCheckerManager, ExtensionManager $consentScreenExtensionManager)
    {
        $this->authorizationRequestLoader = $authorizationRequestLoader;
        $this->parameterCheckerManager = $parameterCheckerManager;
        $this->userAccountDiscovery = $userAccountDiscovery;
        $this->userAccountCheckerManager = $userAccountCheckerManager;
        $this->consentScreenExtensionManager = $consentScreenExtensionManager;
    }

    /**
     * @param ServerRequestInterface $request
     * @param Authorization          $authorization
     *
     * @return ResponseInterface
     */
    abstract protected function redirectToLoginPage(ServerRequestInterface $request, Authorization $authorization): ResponseInterface;

    /**
     * @param ServerRequestInterface $request
     * @param Authorization          $authorization
     *
     * @return ResponseInterface
     */
    abstract protected function processConsentScreen(ServerRequestInterface $request, Authorization $authorization): ResponseInterface;

    /**
     * {@inheritdoc}
     */
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        try {
            $authorization = $this->createAuthorizationFromRequest($request);
            $isFullyAuthenticated = null;
            $userAccount = $this->userAccountDiscovery->find($isFullyAuthenticated);
            if (null === $authorization->getUserAccount()) {
                return $this->redirectToLoginPage($request, $authorization);
            }
            $authorization = $authorization->withUserAccount($userAccount, $isFullyAuthenticated);
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}
            $this->userAccountCheckerManager->check($authorization);
            $authorization = $this->consentScreenExtensionManager->processBefore($request, $authorization);

            return $this->processConsentScreen($request, $authorization);
        } catch (OAuth2AuthorizationException $e) {
            $data = $e->getData();

            if (null !== $e->getAuthorization()) {
                $redirectUri = $e->getAuthorization()->getRedirectUri();
                $responseMode = $e->getAuthorization()->getResponseMode();
                if (null !== $redirectUri && null !== $responseMode) {
                    $data['redirect_uri'] = $redirectUri;
                    $data['response_mode'] = $responseMode;

                    throw new OAuth2AuthorizationException(302, $data, $e->getAuthorization(), $e);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
                }
            }

            throw $e;
        } catch (Exception\ProcessAuthorizationException $e) {
            $authorization = $e->getAuthorization();
            $authorization = $this->consentScreenExtensionManager->processAfter($request, $authorization);
            if (false === $authorization->isAuthorized()) {
                $this->throwRedirectionException($authorization, OAuth2Exception::ERROR_ACCESS_DENIED, 'The resource owner denied access to your client.');
            }

            $responseType = $authorization->getResponseType();

            try {
                $authorization = $responseType->process($authorization);
            } catch (OAuth2Exception $e) {
                $this->throwRedirectionException($authorization, $e->getMessage(), $e->getErrorDescription());
            }

            return $this->buildResponse($authorization);
        } catch (Exception\CreateRedirectionException $e) {
            $this->throwRedirectionException($e->getAuthorization(), $e->getMessage(), $e->getDescription());
        } catch (Exception\ShowConsentScreenException $e) {
            return $this->processConsentScreen($request, $e->getAuthorization());
        } catch (Exception\RedirectToLoginPageException $e) {
            return $this->redirectToLoginPage($request, $e->getAuthorization());
        }
    }

    /**
     * @param Authorization $authorization
     *
     * @throws OAuth2Exception
     *
     * @return ResponseInterface
     */
    private function buildResponse(Authorization $authorization): ResponseInterface
    {
        if (null === $authorization->getResponseMode() || null === $authorization->getRedirectUri()) {
            throw new OAuth2Exception(400, ['error' => 'EEE', 'error_description' => 'FFF']);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        }

        $response = $authorization->getResponseMode()->buildResponse(
            $authorization->getRedirectUri(),
            $authorization->getResponseParameters()
        );
        foreach ($authorization->getResponseHeaders() as $k => $v) {
            $response = $response->withHeader($k, $v);
        }

        return $response;
    }

    /**
     * @param Authorization $authorization
     * @param string        $error
     * @param string        $error_description
     *
     * @throws OAuth2Exception
     */
    private function throwRedirectionException(Authorization $authorization, string $error, string $error_description)
    {
        $params = $authorization->getResponseParameters();
        if (null === $authorization->getResponseMode() || null === $authorization->getRedirectUri()) {
            throw new OAuth2Exception(400, $error, $error_description, $params);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        }
        $params += [
            'response_mode' => $authorization->getResponseMode(),
            'redirect_uri' => $authorization->getRedirectUri(),
        ];

        throw new OAuth2Exception(302, $error, $error_description, $params);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
    }


    /**
     * @param ServerRequestInterface $request
     *
     * @return Authorization
     *
     * @throws \Http\Client\Exception
     * @throws \OAuth2Framework\Component\Core\Exception\OAuth2Exception
     */
    public function createAuthorizationFromRequest(ServerRequestInterface $request): Authorization
    {
        $authorization = $this->authorizationRequestLoader->load($request);
        $authorization = $this->parameterCheckerManager->process($authorization);

        return $authorization;
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2018 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace OAuth2Framework\Component\AuthorizationEndpoint;
15
16			use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\ParameterCheckerManager;
17			use OAuth2Framework\Component\AuthorizationEndpoint\UserAccount\UserAccountCheckerManager;
18			use Psr\Http\Server\RequestHandlerInterface;
19			use Psr\Http\Server\MiddlewareInterface;
20			use OAuth2Framework\Component\AuthorizationEndpoint\ConsentScreen\ExtensionManager;
21			use OAuth2Framework\Component\AuthorizationEndpoint\Exception\OAuth2AuthorizationException;
22			use OAuth2Framework\Component\AuthorizationEndpoint\UserAccount\UserAccountDiscovery;
23			use OAuth2Framework\Component\Core\Exception\OAuth2Exception;
24			use Psr\Http\Message\ResponseInterface;
25			use Psr\Http\Message\ServerRequestInterface;
26
27			abstract class AuthorizationEndpoint implements MiddlewareInterface
28			{
29			/**
30			* @var UserAccountDiscovery
31			*/
32			private $userAccountDiscovery;
33
34			/**
35			* @var UserAccountCheckerManager
36			*/
37			private $userAccountCheckerManager;
38
39			/**
40			* @var ExtensionManager
41			*/
42			private $consentScreenExtensionManager;
43
44			/**
45			* @var AuthorizationRequestLoader
46			*/
47			private $authorizationRequestLoader;
48
49			/**
50			* @var ParameterCheckerManager
51			*/
52			private $parameterCheckerManager;
53
54			/**
55			* AuthorizationEndpoint constructor.
56			*
57			* @param AuthorizationRequestLoader $authorizationRequestLoader
58			* @param ParameterCheckerManager $parameterCheckerManager
59			* @param UserAccountDiscovery $userAccountDiscovery
60			* @param UserAccountCheckerManager $userAccountCheckerManager
61			* @param ExtensionManager $consentScreenExtensionManager
62			*/
63			public function __construct(AuthorizationRequestLoader $authorizationRequestLoader, ParameterCheckerManager $parameterCheckerManager, UserAccountDiscovery $userAccountDiscovery, UserAccountCheckerManager $userAccountCheckerManager, ExtensionManager $consentScreenExtensionManager)
64			{
65			$this->authorizationRequestLoader = $authorizationRequestLoader;
66			$this->parameterCheckerManager = $parameterCheckerManager;
67			$this->userAccountDiscovery = $userAccountDiscovery;
68			$this->userAccountCheckerManager = $userAccountCheckerManager;
69			$this->consentScreenExtensionManager = $consentScreenExtensionManager;
70			}
71
72			/**
73			* @param ServerRequestInterface $request
74			* @param Authorization $authorization
75			*
76			* @return ResponseInterface
77			*/
78			abstract protected function redirectToLoginPage(ServerRequestInterface $request, Authorization $authorization): ResponseInterface;
79
80			/**
81			* @param ServerRequestInterface $request
82			* @param Authorization $authorization
83			*
84			* @return ResponseInterface
85			*/
86			abstract protected function processConsentScreen(ServerRequestInterface $request, Authorization $authorization): ResponseInterface;
87
88			/**
89			* {@inheritdoc}
90			*/
91			public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
92			{
93			try {
94			$authorization = $this->createAuthorizationFromRequest($request);
95			$isFullyAuthenticated = null;
96			$userAccount = $this->userAccountDiscovery->find($isFullyAuthenticated);
97			if (null === $authorization->getUserAccount()) {
98			return $this->redirectToLoginPage($request, $authorization);
99			}
100			$authorization = $authorization->withUserAccount($userAccount, $isFullyAuthenticated);
			0 ignored issues – show Bug introduced 2018-04-13 13:18 UTC by Report Bug Copy Issue Report It seems like `$userAccount` defined by `$this->userAccountDiscov...($isFullyAuthenticated)` on line `96` can be `null`; however, `OAuth2Framework\Componen...tion::withUserAccount()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null / function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history... Bug introduced 2018-04-13 13:18 UTC by Report Bug Copy Issue Report It seems like `$isFullyAuthenticated` defined by `null` on line `95` can also be of type `null`; however, `OAuth2Framework\Componen...tion::withUserAccount()` does only seem to accept `boolean`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /* * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
101			$this->userAccountCheckerManager->check($authorization);
102			$authorization = $this->consentScreenExtensionManager->processBefore($request, $authorization);
103
104			return $this->processConsentScreen($request, $authorization);
105			} catch (OAuth2AuthorizationException $e) {
106			$data = $e->getData();
			0 ignored issues – show Bug introduced 2018-01-30 12:08 UTC by Report Bug Copy Issue Report The method `getData()` does not seem to exist on `object<OAuth2Framework\C...AuthorizationException>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
107			if (null !== $e->getAuthorization()) {
108			$redirectUri = $e->getAuthorization()->getRedirectUri();
109			$responseMode = $e->getAuthorization()->getResponseMode();
110			if (null !== $redirectUri && null !== $responseMode) {
111			$data['redirect_uri'] = $redirectUri;
112			$data['response_mode'] = $responseMode;
113
114			throw new OAuth2AuthorizationException(302, $data, $e->getAuthorization(), $e);
			0 ignored issues – show Documentation introduced 2018-01-30 12:08 UTC by Report Bug Copy Issue Report `$data` is of type `array<string,string\|obje...eMode\\ResponseMode>"}>`, but the function expects a `string`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history... Documentation introduced 2018-01-30 12:08 UTC by Report Bug Copy Issue Report `$e->getAuthorization()` is of type `object<OAuth2Framework\C...Endpoint\Authorization>`, but the function expects a `null\|string`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history... Documentation introduced 2018-01-30 12:08 UTC by Report Bug Copy Issue Report `$e` is of type `object<OAuth2Framework\C...AuthorizationException>`, but the function expects a `object<OAuth2Framework\C...Endpoint\Authorization>`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
115			}
116			}
117
118			throw $e;
119			} catch (Exception\ProcessAuthorizationException $e) {
120			$authorization = $e->getAuthorization();
121			$authorization = $this->consentScreenExtensionManager->processAfter($request, $authorization);
122			if (false === $authorization->isAuthorized()) {
123			$this->throwRedirectionException($authorization, OAuth2Exception::ERROR_ACCESS_DENIED, 'The resource owner denied access to your client.');
124			}
125
126			$responseType = $authorization->getResponseType();
127
128			try {
129			$authorization = $responseType->process($authorization);
130			} catch (OAuth2Exception $e) {
131			$this->throwRedirectionException($authorization, $e->getMessage(), $e->getErrorDescription());
132			}
133
134			return $this->buildResponse($authorization);
135			} catch (Exception\CreateRedirectionException $e) {
136			$this->throwRedirectionException($e->getAuthorization(), $e->getMessage(), $e->getDescription());
137			} catch (Exception\ShowConsentScreenException $e) {
138			return $this->processConsentScreen($request, $e->getAuthorization());
139			} catch (Exception\RedirectToLoginPageException $e) {
140			return $this->redirectToLoginPage($request, $e->getAuthorization());
141			}
142			}
143
144			/**
145			* @param Authorization $authorization
146			*
147			* @throws OAuth2Exception
148			*
149			* @return ResponseInterface
150			*/
151			private function buildResponse(Authorization $authorization): ResponseInterface
152			{
153			if (null === $authorization->getResponseMode() \|\| null === $authorization->getRedirectUri()) {
154			throw new OAuth2Exception(400, ['error' => 'EEE', 'error_description' => 'FFF']);
			0 ignored issues – show Bug introduced 2018-01-05 14:16 UTC by Report Bug Copy Issue Report The call to `OAuth2Exception::__construct()` misses a required argument `$errorDescription`. This check looks for function calls that miss required arguments. Loading history... Documentation introduced 2018-01-05 14:16 UTC by Report Bug Copy Issue Report `array('error' => 'EEE', ..._description' => 'FFF')` is of type `array<string,string,{"er...description":"string"}>`, but the function expects a `string`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
155			}
156
157			$response = $authorization->getResponseMode()->buildResponse(
158			$authorization->getRedirectUri(),
159			$authorization->getResponseParameters()
160			);
161			foreach ($authorization->getResponseHeaders() as $k => $v) {
162			$response = $response->withHeader($k, $v);
163			}
164
165			return $response;
166			}
167
168			/**
169			* @param Authorization $authorization
170			* @param string $error
171			* @param string $error_description
172			*
173			* @throws OAuth2Exception
174			*/
175			private function throwRedirectionException(Authorization $authorization, string $error, string $error_description)
176			{
177			$params = $authorization->getResponseParameters();
178			if (null === $authorization->getResponseMode() \|\| null === $authorization->getRedirectUri()) {
179			throw new OAuth2Exception(400, $error, $error_description, $params);
			0 ignored issues – show Documentation introduced 2018-01-23 13:47 UTC by Report Bug Copy Issue Report `$params` is of type `array`, but the function expects a `object<Exception>\|null`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
180			}
181			$params += [
182			'response_mode' => $authorization->getResponseMode(),
183			'redirect_uri' => $authorization->getRedirectUri(),
184			];
185
186			throw new OAuth2Exception(302, $error, $error_description, $params);
			0 ignored issues – show Documentation introduced 2018-01-23 13:47 UTC by Report Bug Copy Issue Report `$params` is of type `array`, but the function expects a `object<Exception>\|null`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
187			}
188
189
190			/**
191			* @param ServerRequestInterface $request
192			*
193			* @return Authorization
194			*
195			* @throws \Http\Client\Exception
196			* @throws \OAuth2Framework\Component\Core\Exception\OAuth2Exception
197			*/
198			public function createAuthorizationFromRequest(ServerRequestInterface $request): Authorization
199			{
200			$authorization = $this->authorizationRequestLoader->load($request);
201			$authorization = $this->parameterCheckerManager->process($authorization);
202
203			return $authorization;
204			}
205			}
206

OAuth2-Framework / oauth2-framework

Push — ng ( 6dd952...0976bc )

createAuthorizationFromRequest() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like