ClientAuthenticationMiddleware - Code Metrics - Inspection of "Merge branch 'ng' of https://github.com/OAuth2-Fra..." - OAuth2-Framework/oauth2-framework - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — ng ( ca946d...fcb055 )

by Florent

created 2018-02-06 20:26 UTC

ClientAuthenticationMiddleware A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	75
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	7

Importance

Changes

Metric	Value
wmc	12
lcom	1
cbo	7
dl	0
loc	75
rs	10
c	0
b	0
f	0

4 Methods

Rating	Name	Size	Complexity
A	__construct()	5	1
A	process()	18	3
A	checkClient()	9	4
A	checkAuthenticationMethod()	9	4

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2018 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace OAuth2Framework\Component\ClientAuthentication;

use Psr\Http\Server\RequestHandlerInterface;
use Psr\Http\Server\MiddlewareInterface;
use OAuth2Framework\Component\Core\Client\Client;
use OAuth2Framework\Component\Core\Client\ClientRepository;
use OAuth2Framework\Component\Core\Exception\OAuth2Exception;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;

class ClientAuthenticationMiddleware implements MiddlewareInterface
{
    /**
     * @var AuthenticationMethodManager
     */
    private $authenticationMethodManager;

    /**
     * @var ClientRepository
     */
    private $clientRepository;

    /**
     * ClientAuthenticationMiddleware constructor.
     *
     * @param ClientRepository            $clientRepository
     * @param AuthenticationMethodManager $authenticationMethodManager
     */
    public function __construct(ClientRepository $clientRepository, AuthenticationMethodManager $authenticationMethodManager)
    {
        $this->clientRepository = $clientRepository;
        $this->authenticationMethodManager = $authenticationMethodManager;
    }

    /**
     * {@inheritdoc}
     */
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        try {
            $clientId = $this->authenticationMethodManager->findClientIdAndCredentials($request, $authentication_method, $client_credentials);
            if (null !== $clientId) {
                $client = $this->clientRepository->find($clientId);
                $this->checkClient($client);
                $this->checkAuthenticationMethod($request, $client, $authentication_method, $client_credentials);
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}
                $request = $request->withAttribute('client', $client);
                $request = $request->withAttribute('client_authentication_method', $authentication_method);
                $request = $request->withAttribute('client_credentials', $client_credentials);
            }
        } catch (\Exception $e) {
            throw new OAuth2Exception(401, OAuth2Exception::ERROR_INVALID_CLIENT, $e->getMessage(), $e);
        }

        return $handler->handle($request);
    }

    /**
     * @param null|Client $client
     */
    private function checkClient(?Client $client)
    {
        if (null === $client || $client->isDeleted()) {
            throw new \InvalidArgumentException('Unknown client or client not authenticated.');
        }
        if ($client->areClientCredentialsExpired()) {
            throw new \InvalidArgumentException('Client credentials expired.');
        }
    }

    /**
     * @param ServerRequestInterface $request
     * @param Client                 $client
     * @param AuthenticationMethod   $authenticationMethod
     * @param mixed                  $client_credentials
     */
    private function checkAuthenticationMethod(ServerRequestInterface $request, Client $client, AuthenticationMethod $authenticationMethod, $client_credentials)
    {
        if (!$client->has('token_endpoint_auth_method') || !in_array($client->get('token_endpoint_auth_method'), $authenticationMethod->getSupportedMethods())) {
            throw new \InvalidArgumentException('Unknown client or client not authenticated.');
        }
        if (!$authenticationMethod->isClientAuthenticated($client, $client_credentials, $request)) {
            throw new \InvalidArgumentException('Unknown client or client not authenticated.');
        }
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2018 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace OAuth2Framework\Component\ClientAuthentication;
15
16			use Psr\Http\Server\RequestHandlerInterface;
17			use Psr\Http\Server\MiddlewareInterface;
18			use OAuth2Framework\Component\Core\Client\Client;
19			use OAuth2Framework\Component\Core\Client\ClientRepository;
20			use OAuth2Framework\Component\Core\Exception\OAuth2Exception;
21			use Psr\Http\Message\ResponseInterface;
22			use Psr\Http\Message\ServerRequestInterface;
23
24			class ClientAuthenticationMiddleware implements MiddlewareInterface
25			{
26			/**
27			* @var AuthenticationMethodManager
28			*/
29			private $authenticationMethodManager;
30
31			/**
32			* @var ClientRepository
33			*/
34			private $clientRepository;
35
36			/**
37			* ClientAuthenticationMiddleware constructor.
38			*
39			* @param ClientRepository $clientRepository
40			* @param AuthenticationMethodManager $authenticationMethodManager
41			*/
42			public function __construct(ClientRepository $clientRepository, AuthenticationMethodManager $authenticationMethodManager)
43			{
44			$this->clientRepository = $clientRepository;
45			$this->authenticationMethodManager = $authenticationMethodManager;
46			}
47
48			/**
49			* {@inheritdoc}
50			*/
51			public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
52			{
53			try {
54			$clientId = $this->authenticationMethodManager->findClientIdAndCredentials($request, $authentication_method, $client_credentials);
55			if (null !== $clientId) {
56			$client = $this->clientRepository->find($clientId);
57			$this->checkClient($client);
58			$this->checkAuthenticationMethod($request, $client, $authentication_method, $client_credentials);
			0 ignored issues – show Bug introduced 2018-02-06 20:36 UTC by Report Bug Copy Issue Report It seems like `$client` defined by `$this->clientRepository->find($clientId)` on line `56` can be `null`; however, `OAuth2Framework\Componen...kAuthenticationMethod()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null / function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history... Bug introduced 2018-01-21 16:38 UTC by Report Bug Copy Issue Report It seems like `$authentication_method` can be `null`; however, `checkAuthenticationMethod()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /* @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
59			$request = $request->withAttribute('client', $client);
60			$request = $request->withAttribute('client_authentication_method', $authentication_method);
61			$request = $request->withAttribute('client_credentials', $client_credentials);
62			}
63			} catch (\Exception $e) {
64			throw new OAuth2Exception(401, OAuth2Exception::ERROR_INVALID_CLIENT, $e->getMessage(), $e);
65			}
66
67			return $handler->handle($request);
68			}
69
70			/**
71			* @param null\|Client $client
72			*/
73			private function checkClient(?Client $client)
74			{
75			if (null === $client \|\| $client->isDeleted()) {
76			throw new \InvalidArgumentException('Unknown client or client not authenticated.');
77			}
78			if ($client->areClientCredentialsExpired()) {
79			throw new \InvalidArgumentException('Client credentials expired.');
80			}
81			}
82
83			/**
84			* @param ServerRequestInterface $request
85			* @param Client $client
86			* @param AuthenticationMethod $authenticationMethod
87			* @param mixed $client_credentials
88			*/
89			private function checkAuthenticationMethod(ServerRequestInterface $request, Client $client, AuthenticationMethod $authenticationMethod, $client_credentials)
90			{
91			if (!$client->has('token_endpoint_auth_method') \|\| !in_array($client->get('token_endpoint_auth_method'), $authenticationMethod->getSupportedMethods())) {
92			throw new \InvalidArgumentException('Unknown client or client not authenticated.');
93			}
94			if (!$authenticationMethod->isClientAuthenticated($client, $client_credentials, $request)) {
95			throw new \InvalidArgumentException('Unknown client or client not authenticated.');
96			}
97			}
98			}
99

OAuth2-Framework / oauth2-framework

Push — ng ( ca946d...fcb055 )

ClientAuthenticationMiddleware A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

4 Methods

Duplication Side-by-Side

Filter issues like