These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | declare(strict_types=1); |
||
4 | |||
5 | /* |
||
6 | * The MIT License (MIT) |
||
7 | * |
||
8 | * Copyright (c) 2014-2018 Spomky-Labs |
||
9 | * |
||
10 | * This software may be modified and distributed under the terms |
||
11 | * of the MIT license. See the LICENSE file for details. |
||
12 | */ |
||
13 | |||
14 | namespace OAuth2Framework\Component\AuthorizationEndpoint; |
||
15 | |||
16 | use Base64Url\Base64Url; |
||
17 | use Http\Message\ResponseFactory; |
||
18 | use OAuth2Framework\Component\AuthorizationEndpoint\AuthorizationRequest\AuthorizationRequest; |
||
19 | use OAuth2Framework\Component\AuthorizationEndpoint\AuthorizationRequest\AuthorizationRequestLoader; |
||
20 | use OAuth2Framework\Component\AuthorizationEndpoint\Consent\ConsentRepository; |
||
21 | use OAuth2Framework\Component\AuthorizationEndpoint\Exception\OAuth2AuthorizationException; |
||
22 | use OAuth2Framework\Component\AuthorizationEndpoint\ParameterChecker\ParameterCheckerManager; |
||
23 | use OAuth2Framework\Component\AuthorizationEndpoint\User\UserAuthenticationCheckerManager; |
||
24 | use OAuth2Framework\Component\AuthorizationEndpoint\User\UserDiscovery; |
||
25 | use OAuth2Framework\Component\Core\Message\OAuth2Error; |
||
26 | use Psr\Http\Message\ResponseInterface; |
||
27 | use Psr\Http\Message\ServerRequestInterface; |
||
28 | use Psr\Http\Server\RequestHandlerInterface; |
||
29 | use Symfony\Component\HttpFoundation\Session\SessionInterface; |
||
30 | |||
31 | abstract class AuthorizationEndpoint extends AbstractEndpoint |
||
32 | { |
||
33 | private $authorizationRequestLoader; |
||
34 | |||
35 | private $parameterCheckerManager; |
||
36 | |||
37 | private $userManager; |
||
38 | |||
39 | private $userCheckerManager; |
||
40 | |||
41 | private $consentRepository; |
||
42 | |||
43 | public function __construct(ResponseFactory $responseFactory, AuthorizationRequestLoader $authorizationRequestLoader, ParameterCheckerManager $parameterCheckerManager, UserDiscovery $userManager, UserAuthenticationCheckerManager $userCheckerManager, SessionInterface $session, ?ConsentRepository $consentRepository) |
||
44 | { |
||
45 | parent::__construct($responseFactory, $session); |
||
46 | $this->authorizationRequestLoader = $authorizationRequestLoader; |
||
47 | $this->parameterCheckerManager = $parameterCheckerManager; |
||
48 | $this->userManager = $userManager; |
||
49 | $this->userCheckerManager = $userCheckerManager; |
||
50 | $this->consentRepository = $consentRepository; |
||
51 | } |
||
52 | |||
53 | public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface |
||
54 | { |
||
55 | $authorization = $this->loadAuthorization($request); |
||
56 | |||
57 | try { |
||
58 | $user = $this->userManager->getCurrentUser(); |
||
59 | |||
60 | if (null !== $user) { |
||
61 | $authorization->setUser($user); |
||
62 | $userAccount = $this->userManager->getCurrentAccount(); |
||
63 | if ($userAccount) { |
||
64 | $authorization->setUserAccount($userAccount); |
||
65 | $isAccountSelectionNeeded = false; |
||
66 | } else { |
||
67 | $isAccountSelectionNeeded = true; |
||
68 | } |
||
69 | $isAuthenticationNeeded = $this->userCheckerManager->isAuthenticationNeeded($authorization); |
||
70 | $isConsentNeeded = !$this->consentRepository || !$this->consentRepository->hasConsentBeenGiven($authorization); |
||
71 | |||
72 | switch (true) { |
||
73 | case $authorization->hasPrompt('none'): |
||
74 | if ($isConsentNeeded) { |
||
75 | throw new OAuth2AuthorizationException(OAuth2Error::ERROR_INTERACTION_REQUIRED, 'The resource owner consent is required.', $authorization); |
||
76 | } |
||
77 | $authorization->allow(); |
||
78 | $routeName = 'oauth2_server_process_endpoint'; |
||
79 | break; |
||
80 | case $authorization->hasPrompt('login') || $isAuthenticationNeeded: |
||
81 | $routeName = 'oauth2_server_login_endpoint'; |
||
82 | break; |
||
83 | case $authorization->hasPrompt('select_account') || $isAccountSelectionNeeded: |
||
84 | $routeName = 'oauth2_server_select_account_endpoint'; |
||
85 | break; |
||
86 | case $authorization->hasPrompt('consent') || $isConsentNeeded: |
||
87 | $routeName = 'oauth2_server_consent_endpoint'; |
||
0 ignored issues
–
show
|
|||
88 | // no break |
||
89 | case !$authorization->hasPrompt('consent') && !$isConsentNeeded: |
||
90 | $authorization->allow(); |
||
91 | $routeName = 'oauth2_server_process_endpoint'; |
||
92 | break; |
||
93 | default: |
||
94 | $routeName = 'oauth2_server_consent_endpoint'; |
||
95 | break; |
||
96 | } |
||
97 | |||
98 | $authorizationId = Base64Url::encode(random_bytes(64)); |
||
99 | $this->saveAuthorization($authorizationId, $authorization); |
||
100 | $redirectTo = $this->getRouteFor($routeName, $authorizationId); |
||
101 | |||
102 | return $this->createRedirectResponse($redirectTo); |
||
103 | } else { |
||
104 | if ($authorization->hasPrompt('none')) { |
||
105 | $isConsentNeeded = !$this->consentRepository || !$this->consentRepository->hasConsentBeenGiven($authorization); |
||
106 | if ($isConsentNeeded) { |
||
107 | throw new OAuth2AuthorizationException(OAuth2Error::ERROR_LOGIN_REQUIRED, 'The resource owner is not logged in.', $authorization); |
||
108 | } |
||
109 | $authorization->allow(); |
||
110 | $routeName = 'oauth2_server_process_endpoint'; |
||
111 | } else { |
||
112 | $routeName = 'oauth2_server_login_endpoint'; |
||
113 | } |
||
114 | |||
115 | $authorizationId = Base64Url::encode(random_bytes(64)); |
||
116 | $this->saveAuthorization($authorizationId, $authorization); |
||
117 | $redirectTo = $this->getRouteFor($routeName, $authorizationId); |
||
118 | |||
119 | return $this->createRedirectResponse($redirectTo); |
||
120 | } |
||
121 | } catch (OAuth2AuthorizationException $e) { |
||
122 | throw $e; |
||
123 | } catch (OAuth2Error $e) { |
||
124 | throw new OAuth2AuthorizationException($e->getMessage(), $e->getErrorDescription(), $authorization, $e); |
||
125 | } catch (\Exception $e) { |
||
126 | throw new OAuth2AuthorizationException(OAuth2Error::ERROR_INVALID_REQUEST, $e->getMessage(), $authorization, $e); |
||
127 | } |
||
128 | } |
||
129 | |||
130 | private function loadAuthorization(ServerRequestInterface $request): AuthorizationRequest |
||
131 | { |
||
132 | try { |
||
133 | $authorization = $this->authorizationRequestLoader->load($request); |
||
134 | $this->parameterCheckerManager->check($authorization); |
||
135 | |||
136 | return $authorization; |
||
137 | } catch (OAuth2AuthorizationException $e) { |
||
138 | throw $e; |
||
139 | } catch (OAuth2Error $e) { |
||
140 | throw $e; |
||
141 | } catch (\Exception $e) { |
||
142 | throw new OAuth2Error(400, OAuth2Error::ERROR_INVALID_REQUEST, $e->getMessage()); |
||
143 | } |
||
144 | } |
||
145 | |||
146 | abstract protected function getRouteFor(string $action, string $authorizationId): string; |
||
147 | } |
||
148 |
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.
Both the
$myVar
assignment in line 1 and the$higher
assignment in line 2 are dead. The first because$myVar
is never used and the second because$higher
is always overwritten for every possible time line.