Issues in AuthorizationEndpoint.php - Fixed Issues - Inspection of "WIP" - OAuth2-Framework/oauth2-framework - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — master ( 1bae70...6a9de1 )

by Florent

created 2018-10-28 22:26 UTC

AuthorizationEndpoint/AuthorizationEndpoint.php (1 issue)

Labels

Unused Code 1

Severity

Major 1

Spomky 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2018 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace OAuth2Framework\Component\AuthorizationEndpoint;

use Base64Url\Base64Url;
use Http\Message\ResponseFactory;
use OAuth2Framework\Component\AuthorizationEndpoint\AuthorizationRequest\AuthorizationRequest;
use OAuth2Framework\Component\AuthorizationEndpoint\AuthorizationRequest\AuthorizationRequestLoader;
use OAuth2Framework\Component\AuthorizationEndpoint\Consent\ConsentRepository;
use OAuth2Framework\Component\AuthorizationEndpoint\Exception\OAuth2AuthorizationException;
use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\ParameterCheckerManager;
use OAuth2Framework\Component\AuthorizationEndpoint\User\UserAuthenticationCheckerManager;
use OAuth2Framework\Component\AuthorizationEndpoint\User\UserDiscovery;
use OAuth2Framework\Component\Core\Message\OAuth2Error;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Symfony\Component\HttpFoundation\Session\SessionInterface;

abstract class AuthorizationEndpoint extends AbstractEndpoint
{
    private $authorizationRequestLoader;

    private $parameterCheckerManager;

    private $userManager;

    private $userCheckerManager;

    private $consentRepository;

    public function __construct(ResponseFactory $responseFactory, AuthorizationRequestLoader $authorizationRequestLoader, ParameterCheckerManager $parameterCheckerManager, UserDiscovery $userManager, UserAuthenticationCheckerManager $userCheckerManager, SessionInterface $session, ?ConsentRepository $consentRepository)
    {
        parent::__construct($responseFactory, $session);
        $this->authorizationRequestLoader = $authorizationRequestLoader;
        $this->parameterCheckerManager = $parameterCheckerManager;
        $this->userManager = $userManager;
        $this->userCheckerManager = $userCheckerManager;
        $this->consentRepository = $consentRepository;
    }

    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        $authorization = $this->loadAuthorization($request);

        try {
            $user = $this->userManager->getCurrentUser();

            if (null !== $user) {
                $authorization->setUser($user);
                $userAccount = $this->userManager->getCurrentAccount();
                if ($userAccount) {
                    $authorization->setUserAccount($userAccount);
                    $isAccountSelectionNeeded = false;
                } else {
                    $isAccountSelectionNeeded = true;
                }
                $isAuthenticationNeeded = $this->userCheckerManager->isAuthenticationNeeded($authorization);
                $isConsentNeeded = !$this->consentRepository || !$this->consentRepository->hasConsentBeenGiven($authorization);

                switch (true) {
                    case $authorization->hasPrompt('none'):
                        if ($isConsentNeeded) {
                            throw new OAuth2AuthorizationException(OAuth2Error::ERROR_INTERACTION_REQUIRED, 'The resource owner consent is required.', $authorization);
                        }
                        $authorization->allow();
                        $routeName = 'oauth2_server_process_endpoint';
                        break;
                    case $authorization->hasPrompt('login') || $isAuthenticationNeeded:
                        $routeName = 'oauth2_server_login_endpoint';
                        break;
                    case $authorization->hasPrompt('select_account') || $isAccountSelectionNeeded:
                        $routeName = 'oauth2_server_select_account_endpoint';
                        break;
                    case $authorization->hasPrompt('consent') || $isConsentNeeded:
                        $routeName = 'oauth2_server_consent_endpoint';
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
                        // no break
                    case !$authorization->hasPrompt('consent') && !$isConsentNeeded:
                        $authorization->allow();
                        $routeName = 'oauth2_server_process_endpoint';
                        break;
                    default:
                        $routeName = 'oauth2_server_consent_endpoint';
                        break;
                }

                $authorizationId = Base64Url::encode(random_bytes(64));
                $this->saveAuthorization($authorizationId, $authorization);
                $redirectTo = $this->getRouteFor($routeName, $authorizationId);

                return $this->createRedirectResponse($redirectTo);
            } else {
                if ($authorization->hasPrompt('none')) {
                    $isConsentNeeded = !$this->consentRepository || !$this->consentRepository->hasConsentBeenGiven($authorization);
                    if ($isConsentNeeded) {
                        throw new OAuth2AuthorizationException(OAuth2Error::ERROR_LOGIN_REQUIRED, 'The resource owner is not logged in.', $authorization);
                    }
                    $authorization->allow();
                    $routeName = 'oauth2_server_process_endpoint';
                } else {
                    $routeName = 'oauth2_server_login_endpoint';
                }

                $authorizationId = Base64Url::encode(random_bytes(64));
                $this->saveAuthorization($authorizationId, $authorization);
                $redirectTo = $this->getRouteFor($routeName, $authorizationId);

                return $this->createRedirectResponse($redirectTo);
            }
        } catch (OAuth2AuthorizationException $e) {
            throw $e;
        } catch (OAuth2Error $e) {
            throw new OAuth2AuthorizationException($e->getMessage(), $e->getErrorDescription(), $authorization, $e);
        } catch (\Exception $e) {
            throw new OAuth2AuthorizationException(OAuth2Error::ERROR_INVALID_REQUEST, $e->getMessage(), $authorization, $e);
        }
    }

    private function loadAuthorization(ServerRequestInterface $request): AuthorizationRequest
    {
        try {
            $authorization = $this->authorizationRequestLoader->load($request);
            $this->parameterCheckerManager->check($authorization);

            return $authorization;
        } catch (OAuth2AuthorizationException $e) {
            throw $e;
        } catch (OAuth2Error $e) {
            throw $e;
        } catch (\Exception $e) {
            throw new OAuth2Error(400, OAuth2Error::ERROR_INVALID_REQUEST, $e->getMessage());
        }
    }

    abstract protected function getRouteFor(string $action, string $authorizationId): string;
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2018 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace OAuth2Framework\Component\AuthorizationEndpoint;
15
16			use Base64Url\Base64Url;
17			use Http\Message\ResponseFactory;
18			use OAuth2Framework\Component\AuthorizationEndpoint\AuthorizationRequest\AuthorizationRequest;
19			use OAuth2Framework\Component\AuthorizationEndpoint\AuthorizationRequest\AuthorizationRequestLoader;
20			use OAuth2Framework\Component\AuthorizationEndpoint\Consent\ConsentRepository;
21			use OAuth2Framework\Component\AuthorizationEndpoint\Exception\OAuth2AuthorizationException;
22			use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\ParameterCheckerManager;
23			use OAuth2Framework\Component\AuthorizationEndpoint\User\UserAuthenticationCheckerManager;
24			use OAuth2Framework\Component\AuthorizationEndpoint\User\UserDiscovery;
25			use OAuth2Framework\Component\Core\Message\OAuth2Error;
26			use Psr\Http\Message\ResponseInterface;
27			use Psr\Http\Message\ServerRequestInterface;
28			use Psr\Http\Server\RequestHandlerInterface;
29			use Symfony\Component\HttpFoundation\Session\SessionInterface;
30
31			abstract class AuthorizationEndpoint extends AbstractEndpoint
32			{
33			private $authorizationRequestLoader;
34
35			private $parameterCheckerManager;
36
37			private $userManager;
38
39			private $userCheckerManager;
40
41			private $consentRepository;
42
43			public function __construct(ResponseFactory $responseFactory, AuthorizationRequestLoader $authorizationRequestLoader, ParameterCheckerManager $parameterCheckerManager, UserDiscovery $userManager, UserAuthenticationCheckerManager $userCheckerManager, SessionInterface $session, ?ConsentRepository $consentRepository)
44			{
45			parent::__construct($responseFactory, $session);
46			$this->authorizationRequestLoader = $authorizationRequestLoader;
47			$this->parameterCheckerManager = $parameterCheckerManager;
48			$this->userManager = $userManager;
49			$this->userCheckerManager = $userCheckerManager;
50			$this->consentRepository = $consentRepository;
51			}
52
53			public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
54			{
55			$authorization = $this->loadAuthorization($request);
56
57			try {
58			$user = $this->userManager->getCurrentUser();
59
60			if (null !== $user) {
61			$authorization->setUser($user);
62			$userAccount = $this->userManager->getCurrentAccount();
63			if ($userAccount) {
64			$authorization->setUserAccount($userAccount);
65			$isAccountSelectionNeeded = false;
66			} else {
67			$isAccountSelectionNeeded = true;
68			}
69			$isAuthenticationNeeded = $this->userCheckerManager->isAuthenticationNeeded($authorization);
70			$isConsentNeeded = !$this->consentRepository \|\| !$this->consentRepository->hasConsentBeenGiven($authorization);
71
72			switch (true) {
73			case $authorization->hasPrompt('none'):
74			if ($isConsentNeeded) {
75			throw new OAuth2AuthorizationException(OAuth2Error::ERROR_INTERACTION_REQUIRED, 'The resource owner consent is required.', $authorization);
76			}
77			$authorization->allow();
78			$routeName = 'oauth2_server_process_endpoint';
79			break;
80			case $authorization->hasPrompt('login') \|\| $isAuthenticationNeeded:
81			$routeName = 'oauth2_server_login_endpoint';
82			break;
83			case $authorization->hasPrompt('select_account') \|\| $isAccountSelectionNeeded:
84			$routeName = 'oauth2_server_select_account_endpoint';
85			break;
86			case $authorization->hasPrompt('consent') \|\| $isConsentNeeded:
87			$routeName = 'oauth2_server_consent_endpoint';
			0 ignored issues – show Unused Code introduced 2018-10-03 11:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$routeName` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
88			// no break
89			case !$authorization->hasPrompt('consent') && !$isConsentNeeded:
90			$authorization->allow();
91			$routeName = 'oauth2_server_process_endpoint';
92			break;
93			default:
94			$routeName = 'oauth2_server_consent_endpoint';
95			break;
96			}
97
98			$authorizationId = Base64Url::encode(random_bytes(64));
99			$this->saveAuthorization($authorizationId, $authorization);
100			$redirectTo = $this->getRouteFor($routeName, $authorizationId);
101
102			return $this->createRedirectResponse($redirectTo);
103			} else {
104			if ($authorization->hasPrompt('none')) {
105			$isConsentNeeded = !$this->consentRepository \|\| !$this->consentRepository->hasConsentBeenGiven($authorization);
106			if ($isConsentNeeded) {
107			throw new OAuth2AuthorizationException(OAuth2Error::ERROR_LOGIN_REQUIRED, 'The resource owner is not logged in.', $authorization);
108			}
109			$authorization->allow();
110			$routeName = 'oauth2_server_process_endpoint';
111			} else {
112			$routeName = 'oauth2_server_login_endpoint';
113			}
114
115			$authorizationId = Base64Url::encode(random_bytes(64));
116			$this->saveAuthorization($authorizationId, $authorization);
117			$redirectTo = $this->getRouteFor($routeName, $authorizationId);
118
119			return $this->createRedirectResponse($redirectTo);
120			}
121			} catch (OAuth2AuthorizationException $e) {
122			throw $e;
123			} catch (OAuth2Error $e) {
124			throw new OAuth2AuthorizationException($e->getMessage(), $e->getErrorDescription(), $authorization, $e);
125			} catch (\Exception $e) {
126			throw new OAuth2AuthorizationException(OAuth2Error::ERROR_INVALID_REQUEST, $e->getMessage(), $authorization, $e);
127			}
128			}
129
130			private function loadAuthorization(ServerRequestInterface $request): AuthorizationRequest
131			{
132			try {
133			$authorization = $this->authorizationRequestLoader->load($request);
134			$this->parameterCheckerManager->check($authorization);
135
136			return $authorization;
137			} catch (OAuth2AuthorizationException $e) {
138			throw $e;
139			} catch (OAuth2Error $e) {
140			throw $e;
141			} catch (\Exception $e) {
142			throw new OAuth2Error(400, OAuth2Error::ERROR_INVALID_REQUEST, $e->getMessage());
143			}
144			}
145
146			abstract protected function getRouteFor(string $action, string $authorizationId): string;
147			}
148

OAuth2-Framework / oauth2-framework

Push — master ( 1bae70...6a9de1 )

AuthorizationEndpoint/AuthorizationEndpoint.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like